From sle-updates at lists.suse.com Fri Dec 1 08:04:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Dec 2023 09:04:01 +0100 (CET) Subject: SUSE-CU-2023:3924-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20231201080401.BD512F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3924-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.163 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.163 Severity : moderate Type : security References : 1216591 CVE-2023-46316 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4623-1 Released: Thu Nov 30 19:22:32 2023 Summary: Security update for traceroute Type: security Severity: moderate References: 1216591,CVE-2023-46316 This update for traceroute fixes the following issues: - CVE-2023-46316: wrapper scripts do not properly parse command lines (bsc#1216591). The following package changes have been done: - traceroute-2.0.21-150000.3.3.1 updated From sle-updates at lists.suse.com Fri Dec 1 08:05:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Dec 2023 09:05:46 +0100 (CET) Subject: SUSE-CU-2023:3929-1: Recommended update of suse/389-ds Message-ID: <20231201080546.ACD99F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3929-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.50 , suse/389-ds:latest Container Release : 16.50 Severity : moderate Type : recommended References : 1217472 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4615-1 Released: Wed Nov 29 20:33:38 2023 Summary: Recommended update for icu Type: recommended Severity: moderate References: 1217472 This update of icu fixes the following issue: - missing 32bit libraries in SLES 15 SP3 were added, required by xerces-c 32bit. The following package changes have been done: - libicu65_1-ledata-65.1-150200.4.10.1 updated - libicu-suse65_1-65.1-150200.4.10.1 updated From sle-updates at lists.suse.com Fri Dec 1 08:06:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Dec 2023 09:06:44 +0100 (CET) Subject: SUSE-CU-2023:3933-1: Recommended update of suse/postgres Message-ID: <20231201080644.729F3F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3933-1 Container Tags : suse/postgres:15 , suse/postgres:15-12.20 , suse/postgres:15.5 , suse/postgres:15.5-12.20 , suse/postgres:latest Container Release : 12.20 Severity : moderate Type : recommended References : 1217472 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4615-1 Released: Wed Nov 29 20:33:38 2023 Summary: Recommended update for icu Type: recommended Severity: moderate References: 1217472 This update of icu fixes the following issue: - missing 32bit libraries in SLES 15 SP3 were added, required by xerces-c 32bit. The following package changes have been done: - libicu65_1-ledata-65.1-150200.4.10.1 updated - libicu-suse65_1-65.1-150200.4.10.1 updated From sle-updates at lists.suse.com Fri Dec 1 08:07:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Dec 2023 09:07:12 +0100 (CET) Subject: SUSE-CU-2023:3935-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20231201080712.C691CF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3935-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.502 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.502 Severity : moderate Type : security References : 1216591 CVE-2023-46316 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4623-1 Released: Thu Nov 30 19:22:32 2023 Summary: Security update for traceroute Type: security Severity: moderate References: 1216591,CVE-2023-46316 This update for traceroute fixes the following issues: - CVE-2023-46316: wrapper scripts do not properly parse command lines (bsc#1216591). The following package changes have been done: - traceroute-2.0.21-150000.3.3.1 updated From sle-updates at lists.suse.com Fri Dec 1 12:07:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Dec 2023 13:07:25 +0100 (CET) Subject: SUSE-CU-2023:3940-1: Security update of trento/trento-web Message-ID: <20231201120725.3B022F3CA@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-web ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3940-1 Container Tags : trento/trento-web:2.2.0 , trento/trento-web:2.2.0-build4.27.1 , trento/trento-web:latest Container Release : 4.27.1 Severity : important Type : security References : 1107342 1196647 1198165 1206480 1206480 1206684 1206684 1210557 1210557 1211078 1211427 1211427 1211829 1212101 1212101 1212819 1212910 1213915 1213915 1214052 1214052 1214052 1214460 1214460 1215286 1215427 1215434 1215713 1215891 1216123 1216174 1216378 1216664 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-35945 CVE-2023-4039 CVE-2023-4039 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 CVE-2023-4813 ----------------------------------------------------------------- The container trento/trento-web was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3639-1 Released: Mon Sep 18 13:33:16 2023 Summary: Security update for libeconf Type: security Severity: moderate References: 1198165,1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following non-security bug was fixed: - Fixed parsing files correctly which have space characters AND none space characters as delimiters (bsc#1198165). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - glibc-2.31-150300.63.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libuuid1-2.37.2-150400.8.20.1 updated - libudev1-249.16-150400.8.35.5 updated - libsmartcols1-2.37.2-150400.8.20.1 updated - libeconf0-0.5.2-150400.3.6.1 updated - libblkid1-2.37.2-150400.8.20.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libfdisk1-2.37.2-150400.8.20.1 updated - libz1-1.2.11-150000.3.48.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libxml2-2-2.9.14-150400.5.25.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated - libmount1-2.37.2-150400.8.20.1 updated - krb5-1.19.2-150400.3.6.1 updated - login_defs-4.8.1-150400.10.12.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - sysuser-shadow-3.2-150400.3.5.3 updated - util-linux-2.37.2-150400.8.20.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - container:bci-nodejs-16-15.0.0-27.14.122 updated - container:sles15-image-15.0.0-27.14.122 updated From sle-updates at lists.suse.com Fri Dec 1 12:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 01 Dec 2023 12:30:01 -0000 Subject: SUSE-RU-2023:4629-1: moderate: Recommended update for trento-agent Message-ID: <170143380162.29438.6081982677329466446@smelt2.prg2.suse.org> # Recommended update for trento-agent Announcement ID: SUSE-RU-2023:4629-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.5 * SAP Applications Module 15-SP2 * SAP Applications Module 15-SP1 * SAP Applications Module 15-SP3 * SAP Applications Module 15-SP4 * SAP Applications Module 15-SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that can now be installed. ## Description: This update for trento-agent fixes the following issues: trento-agent \- Release 2.2.0 \- Use json.RawMessage type to avoid unnecessary json.Unmarshal \- Add saptune discovery \- Ignore extra output when comparing versions with zypper \- Remove not needed certificates trento-server-installer \- Release 2.2.0 \- Add namespace option \- Make pruning crobjob days variable \- Enable rolling releases for script packages in OBS trento-supportconfig-plugin \- Release 2.2.0 \- Add namespace option \- Make pruning crobjob days variable \- Enable rolling releases for script packages in OBS trento-wanda-image \- Release 1.2.0 \- Add gatherer documentation \- Add a pipeline step that checks for APIs changes compatibility \- Load fake facts config from proper location \- Fix redirection when a query string is involved \- Bump styfle/cancel-workflow-action from 0.11.0 to 0.12.0 \- Add sap_profiles gatherer documentation trento-web-image \- Release 2.2.0 \- Update tooltip texts \- Handle when no checks available in the checks results overview \- Checks catalog only first group expanded \- Fix ip address ui in host details \- Replace "SAP INSTANCES" title in Trento dashboard/home page \- Added 3 categories for Storybook structure \- Improve renderSolution function if solution is empty \- Notify user when cluster health changes \- Saptune services status icons \- Update host health state based on saptune data \- Send email notification on host health going critical \- Update outdated Agent message \- Use aggregated host health in the UI \- Add health to host read model \- Saptune details view \- Checks results overview inside host details \- Dispatch host checks execution completion command \- Exclude checks result from host's health when empty selection is saved \- Determine host health \- Set solutions to nil if not found \- Listen to saptune update broadcast messages in frontend \- Saptune status projection \- Host Check result detail \- Add tooltip above `Start Execution` button \- Handle saptune payload \- Saptune domain \- Saptune summary frontend \- Host Checks Results overview \- Make frontend listen for events when instances' presence changes \- Dispatch deregistering actions on clean up flow \- Add `absent_at` field to projectors and broadcast events \- Update deregistration modal to include instances content \- Host checks execution frontend \- Implement instance style changes on absent case \- Instance deregistration sagas \- Host checks execution api \- Bump contracts version to latest containing target type \- Allow additional classes to be specified on the clean up button \- Forbid not registered instances deregistration \- Add ability to mark instances as absent \- Instance deregistration endpoint \- Add API backward compatibility check in pipeline \- Use databasesList slice properly to get db instances \- Fix saptune domain clause \- Fix redirection when a query string is involved \- Add missing cluster type when loading checks in cluster checks selection \- Fix "no tuning" value by "not tuned" \- Downgrade remark-gfm until it gets fixed upstream \- Improve app instance present toast \- Use rowKey in sap system and database overview tables \- Node details label for ASCS/ERS cluster details \- Use ProviderLabel on sap and db detail views \- Restore a SAP system only when the database is present \- Update e2e package lock \- Restrict SUSE Dockerfile target arch to x86_64 \- Remove Check-related action buttons from Host Details page \- Normalize redux state content as snake_case \- Modify expand check e2e test to fix flakiness \- Saptune details view e2e test \- Update 27 nodes scenario to use 2.1.0 agent version \- Fix test after behaviour change \- Update storybook control type from string to text \- Port check results detail page selectors to reselect \- Uniform Target Checks Selection \- Align `primary` button style `disabled` state with UI proposal \- Enable navigation from host details to check results \- Split FE and BE tests in the CI \- Host details storybook \- Wire up clean up modal \- Application Instance Move only if clustered \- rowKey function for table rows \- Host checks execution scheduler \- Add instance absent commands to commanded router \- Clean up e2e tests from unnecessary content \- Speed up demo pipeline \- SapSystemsOverview and DatabasesOverview storybook \- Upgrade to Storybook 7.3.1 \- Sid linking from clusters \- Fix host checks selection ui \- Switch check to allow for future check groups increase trento-server-helm \- Release 2.2.0 \- Add namespace option \- Make pruning crobjob days variable \- Enable rolling releases for script packages in OBS ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4629=1 * SAP Applications Module 15-SP1 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2023-4629=1 * SAP Applications Module 15-SP2 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2023-4629=1 * SAP Applications Module 15-SP3 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2023-4629=1 * SAP Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-4629=1 * SAP Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP5-2023-4629=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * trento-agent-2.2.0-150100.3.9.3 * openSUSE Leap 15.5 (noarch) * trento-supportconfig-plugin-2.2.0-150100.3.6.3 * trento-server-installer-2.2.0-150100.3.9.3 * SAP Applications Module 15-SP1 (aarch64 ppc64le s390x x86_64) * trento-agent-2.2.0-150100.3.9.3 * SAP Applications Module 15-SP1 (noarch) * trento-server-installer-2.2.0-150100.3.9.3 * SAP Applications Module 15-SP2 (aarch64 ppc64le s390x x86_64) * trento-agent-2.2.0-150100.3.9.3 * SAP Applications Module 15-SP2 (noarch) * trento-server-installer-2.2.0-150100.3.9.3 * SAP Applications Module 15-SP3 (aarch64 ppc64le s390x x86_64) * trento-agent-2.2.0-150100.3.9.3 * SAP Applications Module 15-SP3 (noarch) * trento-server-installer-2.2.0-150100.3.9.3 * SAP Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * trento-agent-2.2.0-150100.3.9.3 * SAP Applications Module 15-SP4 (noarch) * trento-server-installer-2.2.0-150100.3.9.3 * SAP Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * trento-agent-2.2.0-150100.3.9.3 * SAP Applications Module 15-SP5 (noarch) * trento-server-installer-2.2.0-150100.3.9.3 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Dec 1 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 01 Dec 2023 12:30:04 -0000 Subject: SUSE-RU-2023:4628-1: moderate: Recommended update for podman Message-ID: <170143380433.29438.6626195511953382771@smelt2.prg2.suse.org> # Recommended update for podman Announcement ID: SUSE-RU-2023:4628-1 Rating: moderate References: * bsc#1210299 * bsc#1215807 * bsc#1215926 * jsc#PED-7287 Affected Products: * Containers Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains one feature and has three fixes can now be installed. ## Description: This update for podman fixes the following issues: This update ships podman version 4.7.2: * WSL: Fixed podman compose command. * Fixed a bug in podman compose to try all configured providers before throwing an error (#20502). * Mask /sys/devices/virtual/powercap ( GHSA-jq35-85cj-fj4p) * podman-docker: Provides docker to avoid conflicts when using podman with docker-compose (bsc#1215926) * Update to version 4.7.1: * Bugfixes * Fixed a bug involving non-English locales of Windows where machine installs using user-mode networking were rejected due to erroneous version detection (#20209). * Fixed a regression in --env-file handling (#19565). * Fixed a bug where podman inspect would fail when stat'ing a device failed. * API * The network list compat API endpoint is now much faster (#20035). * Build against latest stable Go version (bsc#1215807) * Update to version 4.7.0: * Security * Now the io.containers.capabilities LABEL in an image can be an empty string. * Features * New command set: podman farm [create,list,remove,update] has been created to "farm" out builds to machines running Podman for different architectures. * New command: podman compose as a thin wrapper around an external compose provider such as docker-compose or podman-compose. * FreeBSD: podman run --device is now supported. * Linux: Add a new --module flag for Podman. * Podmansh: Timeout is now configurable using the podmansh_timeout option in containers.conf. * SELinux: Add support for confined users to create containers but restrict them from creating privileged containers. * WSL: Registers shared socket bindings on Windows, to allow other WSL distributions easy remote access (#15190). * WSL: Enabling user-mode-networking on older WSL2 generations will now detect an error with upgrade guidance. * The podman build command now supports two new options: --layer-label and --cw. * The podman kube generate command now supports generation of k8s DaemonSet kind (#18899). * The podman kube generate and podman kube play commands now support the k8s TerminationGracePeriodSeconds field (RH BZ#2218061). * The podman kube generate and podman kube play commands now support securityContext.procMount: Unmasked (#19881). * The podman generate kube command now supports a --podman-only flag to allow podman-only reserved annotations to be used in the generated YAML file. These annotations cannot be used by Kubernetes. * The podman kube generate now supports a --no-trunc flag that supports YAML files with annotations longer than 63 characters. Warning: if an annotation is longer than 63 chars, then the generated yaml file is not Kubernetes compatible. * An infra name annotation io.podman.annotations.infra.name is added in the generated yaml when the pod create command has --infra-name set. This annotation can also be used with kube play when wanting to customize the infra container name (#18312). * The syntax of --uidmap and --gidmap has been extended to lookup the parent user namespace and to extend default mappings (#18333). * The podman kube commands now support the List kind (#19052). * The podman kube play command now supports environment variables in kube.yaml (#15983). * The podman push and podman manifest push commands now support the --force-compression optionto prevent reusing other blobs (#18860). * The podman manifest push command now supports --add-compression to push with compressed variants. * The podman manifest push command now honors the add_compression field from containers.conf if --add-compression is not set. * The podman run and podman create --mount commands now support the ramfs type (#19659). * When running under systemd (e.g., via Quadlet), Podman will extend the start timeout in 30 second steps up to a maximum of 5 minutes when pulling an image. * The --add-host option now accepts the special string host-gateway instead of an IP Address, which will be mapped to the host IP address. * The podman generate systemd command is deprecated. Use Quadlet for running containers and pods under systemd. * The podman secret rm command now supports an --ignore option. * The --env-file option now supports multiline variables (#18724). * The --read-only-tmpfs flag now affects /dev and /dev/shm as well as /run, /tmp, /var/tmp (#12937). * The Podman --mount option now supports bind mounts passed as globs. * The --mount option can now be specified in containers.conf using the mounts field. * The podman stats now has an --all option to get all containers stats (#19252). * There is now a new --sdnotify=healthy policy where Podman sends the READY message once the container turns healthy (#6160). * Temporary files created when dealing with images in /var/tmp will automatically be cleaned up on reboot. * There is now a new filter option since for podman volume ls and podman volume prune (#19228). * The podman inspect command now has tab-completion support (#18672). * The podman kube play command now has support for the use of reserved annotations in the generated YAML. * The progress bar is now displayed when decompressing a Podman machine image (#19240). * The podman secret inspect command supports a new option --showsecret which will output the actual secret. * The podman secret create now supports a --replace option, which allows you to modify secrets without replacing containers. * The podman login command can now read the secret for a registry from its secret database created with podman secret create (#18667). * The remote Podman client?s podman play kube command now works with the --userns option (#17392). * Changes * The /tmp and /var/tmp inside of a podman kube play will no longer be noexec. * The limit of inotify instances has been bumped from 128 to 524288 for podman machine (#19848). * The podman kube play has been improved to only pull a newer image for the "latest" tag (#19801). * Pulling from an oci transport will use the optional name for naming the image. * The podman info command will always display the existence of the Podman socket. * The echo server example in socket_activation.md has been rewritten to use quadlet instead of podman generate systemd. * Kubernetes support table documentation correctly show volumes support. * The podman auto-update manpage and documentation has been updated and now includes references to Quadlet. * Quadlet * Quadlet now supports setting Ulimit values. * Quadlet now supports setting the PidsLimit option in a container. * Quadlet unit files allow DNS field in Network group and DNS, DNSSearch, and DNSOption field in Container group (#19884). * Quadlet now supports ShmSize option in unit files. * Quadlet now recursively calls in user directories for unit files. * Quadlet now allows the user to set the service working directory relative to the YAML or Unit files (17177). * Quadlet now allows setting user-defined names for Volume and Network units via the VolumeName and NetworkName directives, respectively. * Kube quadlets can now support autoupdate. * Bugfixes * Fixed an issue where containers were being restarted after a podman kill. * Fixed a bug where events could report incorrect healthcheck results (#19237). * Fixed a bug where running a container in a pod didn't fail if volumes or mounts were specified in the containers.conf file. * Fixed a bug where pod cgroup limits were not being honored after a reboot (#19175). * Fixed a bug where podman rm -af could fail to remove containers under some circumstances (#18874). * Fixed a bug in rootless to clamp oom_score_adj to current value if it is too low (#19829). * Fixed a bug where --hostuser was being parsed in base 8 instead of base 10 (#19800). * Fixed a bug where kube down would error when an object did not exist (#19711). * Fixed a bug where containers created via DOCKER API without specifying StopTimeout had StopTimeout defaulting to 0 seconds (#19139). * Fixed a bug in podman exec to set umask to match the container it's execing into (#19713). * Fixed a bug where podman kube play failed to set a container's Umask to the default 0022. * Fixed a bug to automatically reassign Podman's machine ssh port on Windows when it conflicts with in-use system ports (#19554). * Fixed a bug where locales weren't passed to conmon correctly, resulting in a crash if some characters were specified over CLI (containers/common/#272). * Fixed a bug where podman top would sometimes not print the full output (#19504). * Fixed a bug were podman logs --tail could return incorrect lines when the k8s-file logger is used (#19545). * Fixed a bug where podman stop did not ignore cidfile not existing when user specified --ignore flag (#19546). * Fixed a bug where a container with an image volume and an inheri... * Update to version 4.6.2: * Changes * Fixed a performance issue when calculating diff sizes in overlay. The podman system df command should see a significant performance improvement (#19467). * Bugfixes * Fixed a bug where containers in a pod would use the pod restart policy over the set container restart policy (#19671). * API * Fixed a bug in the Compat Build endpoint where the pull query parameter did not parse 0/1 as a boolean (#17778). * Misc * Updated the containers/storage library to v1.48.1 * Update to version 4.6.1: * Quadlet * Quadlet now selects the first Quadlet file found when multiple Quadlets exist with the same name. * API * Fixed a bug in the container kill endpoint to correctly return 409 when a container is not running (#19368). * Misc * Updated Buildah to v1.31.2 * Updated the containers/common library to v0.55.3 * Recommend gvisor-tap-vsock, required for `podmand machine` * Update to version 4.6.0: * Features * The podman manifest inspect command now supports the --authfile option, for authentication purposes. * The podman wait command now supports --condition={healthy,unhealthy}, allowing waits on successful health checks. * The podman push command now supports a new option, --compression-level, which specifies the compression level to use (#18939). * The podman machine start command, when run with --log-level=debug, now creates a console window to display the virtual machine while booting. * Podman now supports a new option, --imagestore, which allows images to be stored in a different directory than the graphroot. * The --ip-range option to the podman network create command now accepts a new syntax, -, which allows more flexibility when limiting the ip range that Podman assigns. * [Tech Preview] A new command, podmansh, has been added, which executes a user shell within a container when the user logs into the system. The container that the users get added to can be defined via a Podman Quadlet file. This feature is currently a Tech Preview which means it's ready for users to try out but changes can be expected in upcoming versions. * The podman network create command supports a new --option, bclim, for the macvlan driver. * The podman network create command now supports adding static routes using the --route option. * The podman network create command supports a new --option, no_default_route for all drivers. * The podman info command now prints network information about the binary path, package version, program version and DNS information (#18443). * The podman info command now displays the number of free locks available, helping to debug lock exhaustion scenarios. * The podman info command now outputs information about pasta, if it exists in helper_binaries_dir or $PATH. * The remote Podman client?s podman build command now accepts Containerfiles that are not in the context directory (#18239). * The remote Podman client?s podman play kube command now supports the --configmap option (#17513). * The podman kube play command now supports multi-doc YAML files for configmap arguments. (#18537). * The podman pod create command now supports a new flag, --restart, which sets the restart policy for all the containers in a pod. * The --format={{.Restarts}} option to the podman ps command now shows the number of times a container has been restarted based on its restart policy. * The --format={{.Restarts}} option to the podman pod ps command now shows the total number of container restarts in a pod. * The podman machine provider can now be specified via the CONTAINERS_MACHINE_PROVIDER environment variable, as well as via the provider field in containers.conf (#17116). * A default list of pasta arguments can now be set in containers.conf via pasta_options. * The podman machine init and podman machine set commands now support a new option, --user-mode-networking, which improves interops with VPN configs that drop traffic from WSL networking, on Windows. * The remote Podman client?s podman push command now supports the --digestfile option (#18216). * Podman now supports a new option, --out, that allows redirection or suppression of STDOUT (#18120). * Changes * When looking up an image by digest, the entire repository of the specified value is now considered. This aligns with Docker's behavior since v20.10.20. Previously, both the repository and the tag was ignored and Podman looked for an image with only a matching digest. Ignoring the name, repository, and tag of the specified value can lead to security issues and is considered harmful. * The podman system service command now emits a warning when binding to a TCP socket. This is not a secure configuration and the Podman team recommends against using it. * The podman top command no longer depends on ps(1) being present in the container image and now uses the one from the host (#19001). * The --filter id=xxx option will now treat xxx as a CID prefix, and not as a regular expression (#18471). * The --filter option now requires multiple --filter flags to specify multiple filters. It will no longer support the comma syntax (--filter label=a,label=b). * The slirp4netns binary for will now be searched for in paths specified by the helper_binaries_dir option in containers.conf (#18239). * Podman machine now updates /run/docker.sock within the guest to be consistent with its rootless/rootful setting (#18480). * The podman system df command now counts files which podman generates for use with specific containers as part of the disk space used by those containers, and which can be reclaimed by removing those containers. It also counts space used by files it associates with specific images and volumes as being used by those images and volumes. * The podman build command now returns a clearer error message when the Containerfile cannot be found. (#16354). * Containers created with --pid=host will no longer print errors on podman stop (#18460). * The podman manifest push command no longer requires a destination to be specified. If a destination is not provided, the source is used as the destination (#18360). * The podman system reset command now warns the user that the graphroot and runroot directories will be deleted (#18349), (#18295). * The package and package-install targets in Makefile have now been fixed and also renamed to rpm and rpm-install respectively for clarity (#18817). * Quadlet * Quadlet now exits with a non-zero exit code when errors are found (#18778). * Rootless podman quadlet files can now be installed in /etc/containers/systemd/users directory. * Quadlet now supports the AutoUpdate option. * Quadlet now supports the Mask and Unmask options. * Quadlet now supports the WorkingDir option, which specifies the default working dir in a container. * Quadlet now supports the Sysctl option, which sets namespaced kernel parameters for containers (#18727). * Quadlet now supports the SecurityLabelNetsted=true option, which allows nested SELinux containers. * Quadlet now supports the Pull option in .container files (#18779). * Quadlet now supports the ExitCode field in .kube files, which reflects the exit codes of failed containers. * Quadlet now supports PodmanArgs field. * Quadlet now supports the HostName field, which sets the container's host name, in .container files (#18486). * Bugfixes * Fixed a bug where the podman machine start command would fail with a 255 exit code. It now waits for systemd-user sessions to be up, and for SSH to be ready, addressing the flaky machine starts (#17403). * Fixed a bug where the podman auto update command did not correctly use authentication files when contacting container registries. * Fixed a bug where --label option to the podman volume ls command would return volumes that matched any of the filters, not all of them (#19219). * Fixed a bug where the podman kube play command did not recognize containerPort names inside Kubernetes liveness probes. Now, liveness probes support both containerPort names as well as port numbers (#18645). * Fixed a bug where the --dns option to the podman run command was ignored for macvlan networks (#19169). * Fixed a bug in the podman system service command where setting LISTEN_FDS when listening on TCP would misbehave. * Fixed a bug where hostnames were not recognized as a network alias. Containers can now resolve other hostnames, in addition to their names (#17370). * Fixed a bug where the podman pod run command would error after a reboot on a non-systemd system (#19175). * Fixed a bug where the --syslog option returned a fatal error when no syslog server was found (#19075). * Fixed a bug where the --mount option would parse the readonly option incorrectly (#18995). * Fixed a bug where hook executables invoked by the podman run command set an incorrect working directory. It now sets the correct working directory pointing to the container bundle directory (#18907). * Fixed a bug where the -device-cgroup-rule option was silently ignored in rootless mode ([#18698](https://github.com/containers/podman/issu... * Don't unconditionally Obsolete podman-cni-config, ensure clean upgrade path. * Prefer Podman's new network stack (netavark) exclusively on ALP * Remove unused podman-cni-config subpackage, add systemd * Update to version 4.5.1: * Security * Do not include image annotations when building spec. These annotations can have security implications - crun, for example, allows rootless containers to preserve the user's groups through an annotation. * Quadlet * Fixed a bug in quadlet to recognize the systemd optional prefix '-'. * Bugfixes * Fixed a bug where fully resolving symlink paths included the version number, breaking the path to homebrew-installed qemu files (#18111). * Fixed a bug where Podman was splitting the filter map slightly differently compared to Docker (#18092). * Fixed a bug where running make package did not work on RHEL 8 environments (#18421). * Fixed a bug to allow comma separated dns server IP addresses in podman network create --dns and podman network update --dns-add/--dns-drop (#18663). * Fixed a bug to correctly stop containers created with --restart=always in all cases (#18259). * Fixed a bug in podman-remote logs to correctly display errors reported by the server. * Fixed a bug to correctly tear down the network stack again when an error happened during the setup. * Fixed a bug in the remote API exec inspect call to correctly display updated information, e.g. when the exec process died (#18424). * Fixed a bug so that podman save on windows can now write to stdout by default (#18147). * Fixed a bug where podman machine rm with the qemu backend now correctly removes the machine connection after the confirmation message not before (#18330). * Fixed a problem where podman machine connections would try to connect to the ipv6 localhost ipv6 (::1) (#16470). * API * Fixed a bug in the compat container create endpoint which could result in a "duplicate mount destination" error when the volume path was not "clean", e.g. included a final slash at the end. (#18454). * The compat API now correctly accepts a tag in the images/create?fromSrc endpoint (#18597). * Update to version 4.5.0: * Features * The podman kube play command now supports the hostIPC field (#17157). * The podman kube play command now supports a new flag, --wait, that keeps the workload running in foreground until killed with a sigkill or sigterm. The workloads are cleaned up and removed when killed (#14522). * The podman kube generate and podman kube play commands now support SELinux filetype labels. * The podman kube play command now supports sysctl options (#16711). * The podman kube generate command now supports generating the Deployments (#17712). * The podman machine inspect command now shows information about named pipe addresses on Windows (#16860). * The --userns=keep-id option for podman create, run, and kube play now works for root containers by copying the current mapping into a new user namespace (#17337). * A new command has been added, podman secret exists, to verify if a secret with the given name exists. * The podman kube generate and podman kube play commands now support ulimit annotations (#16404). * The podman create, run, pod create, and pod clone commands now support a new option, --shm-size-systemd, that allows limiting tmpfs sizes for systemd-specific mounts (#17037). * The podman create and run commands now support a new option, --group-entry which customizes the entry that is written to the /etc/group file within the container when the --user option is used (#14965). * The podman create and podman run commands now support a new option, --security-opt label=nested, which allows SELinux labeling within a confined container. * A new command, podman machine os apply has been added, which applies OS changes to a Podman machine, from an OCI image. * The podman search command now supports two new options: --cert-dir and --creds. * Defaults for the --cgroup-config option for podman create and podman run can now be set in containers.conf. * Podman now supports auto updates for containers running inside a pod (#17181). * Podman can now use a SQLite database as a backend for increased stability. The default remains the old database, BoltDB. The database to use is selected through the database_backend field in containers.conf. * Netavark plugin support has been added. The netavark network backend now allows users to create custom network drivers. podman network create -d can be used to create a network config for your plugin and then Podman will use it like any other config and takes care of setup/teardown on container start/stop. This requires at least Netavark version 1.6. * DHCP with macvlan and the netavark backend is now supported. * Changes * Remote builds using the podman build command no longer allows .containerignore or .dockerignore files to be symlinks outside the build context. * The podman system reset command now clears build caches. * The podman play kube command now adds ctrName as an alias to the pod network (#16544). * The podman kube generate command no longer adds hostPort to the pod spec when generating service kinds. * Using a private cgroup namespace with systemd containers on a cgroups v1 system will explicitly error (this configuration has never worked) (#17727). * The SYS_CHROOT capability has been re-added to the default set of capabilities. * Listing large quantities of images with the podman images command has seen a significant performance improvement (#17828). * Quadlet * Quadlet now supports the Rootfs= option, allowing containers to be based on rootfs in addition to image. * Quadlet now supports the Secret key in the Container group. * Quadlet now supports the Logdriver key in .container and .kube units. * Quadlet now supports the Mount key in .container files (#17632). * Quadlet now supports specifying static IPv4 and IPv6 addresses in .container files via the IP= and IP6= options. * Quadlet now supports health check configuration in .container files. * Quadlet now supports relative paths in the Volume key in .container files (#17418). * Quadlet now supports setting the UID and GID options for --userns=keep-id (#17908). * Quadlet now supports adding tmpfs filesystems through the Tmpfs key in .container files (#17907). * Quadlet now supports the UserNS option in .container files, which will replace the existing RemapGid, RemapUid, RemapUidSize and RemapUsers options in a future release (#17984). * Quadlet now includes a --version option. * Quadlet now forbids specifying SELinux label types, including disabling selinux separation. * Quadlet now does not set log-driver by default. * Fixed a bug where Quadlet did not recognize paths starting with systemd specifiers as absolute (#17906). * Bugfixes * Fixed a bug in the network list API where a race condition would cause the list to fail if a container had just been removed (#17341). * Fixed a bug in the podman image scp command to correctly use identity settings. * Fixed a bug in the remote Podman client's podman build command where building from stdin would fail. podman --remote build -f - now works correctly (#17495). * Fixed a bug in the podman volume prune command where exclusive (!=) filters would fail (#17051). * Fixed a bug in the --volume option in the podman create, run, pod create, and pod clone commands where specifying relative mappings or idmapped mounts would fail (#17517). * Fixed a bug in the podman kube play command where a secret would be created, but nothing would be printed on the terminal (#17071). * Fixed a bug in the podman kube down command where secrets were not removed. * Fixed a bug where cleaning up after an exited container could segfault on non-Linux operating systems. * Fixed a bug where the podman inspect command did not properly list the network configuration of containers created with --net=none or --net=host (#17385). * Fixed a bug where containers created with user-specified SELinux labels that created anonymous or named volumes would create those volumes with incorrect labels. * Fixed a bug where the podman checkpoint restore command could panic. * Fixed a bug in the podman events command where events could be returned more than once after a log file rotation (#17665). * Fixed a bug where errors from systemd when restarting units during a podman auto-update command were not reported. * Fixed a bug where containers created with the --health-on-failure=restart option were not restarting when the health state turned unhealthy (#17777). * Fixed a bug where containers using the slirp4netns network mode with the cidr option and a custom user namespace did not set proper DNS IPs in resolv.conf. * Fixed a bug where the podman auto-update command could fail to restart systemd units (#17607). * Fixed a bug where the podman play kube command did not properly handle secret.items in volumes (#17829). * Fixed a bug where the podman generate kube command could generate pods with invalid names and hostnames (#18054). * Fixed a bug where names of limits (such as RLIMIT_NOFILE) passed to the --ulimit option to podman create and podman run were case-sensitive (#18077). * Fixed a possible corruption issue with the configuration state of podman machine during system failures on Mac, Linux, and Windows. * API * The Compat Stats endpoint for Containers now returns the Id key as lowercase id to match Docker (#17869). * Fixed a bug where the Compat top endpoint incorrectly returned titles as a string instead of a list (#17524). * Misc * The podman version command no longer joins the rootless user namespace (#17657). * The podman-events --stream option is no longer hidden and is now documented. * Updated Buildah to v1.30.0 * Updated the containers/storage library to v1.46.1 * Updated the containers/image library to v5.25.0 * Updated the containers/common library to v0.52.0 * Don't build against EoL go versions, fixes bsc#1210299 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4628=1 openSUSE-SLE-15.5-2023-4628=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4628=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4628=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * podman-4.7.2-150500.3.3.1 * podmansh-4.7.2-150500.3.3.1 * podman-remote-debuginfo-4.7.2-150500.3.3.1 * podman-debuginfo-4.7.2-150500.3.3.1 * podman-remote-4.7.2-150500.3.3.1 * openSUSE Leap 15.5 (noarch) * podman-docker-4.7.2-150500.3.3.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * podman-4.7.2-150500.3.3.1 * podmansh-4.7.2-150500.3.3.1 * podman-remote-debuginfo-4.7.2-150500.3.3.1 * podman-debuginfo-4.7.2-150500.3.3.1 * podman-remote-4.7.2-150500.3.3.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * podman-docker-4.7.2-150500.3.3.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * podman-4.7.2-150500.3.3.1 * podmansh-4.7.2-150500.3.3.1 * podman-remote-debuginfo-4.7.2-150500.3.3.1 * podman-debuginfo-4.7.2-150500.3.3.1 * podman-remote-4.7.2-150500.3.3.1 * Containers Module 15-SP5 (noarch) * podman-docker-4.7.2-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210299 * https://bugzilla.suse.com/show_bug.cgi?id=1215807 * https://bugzilla.suse.com/show_bug.cgi?id=1215926 * https://jira.suse.com/browse/PED-7287 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Dec 1 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 01 Dec 2023 12:30:05 -0000 Subject: SUSE-RU-2023:4627-1: moderate: Recommended update for man-pages Message-ID: <170143380570.29438.18105890227509837862@smelt2.prg2.suse.org> # Recommended update for man-pages Announcement ID: SUSE-RU-2023:4627-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for man-pages ships them to SUSE Linux Enterprise Micro 5.3, 5.4 and 5.5. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4627=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4627=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4627=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4627=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4627=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4627=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4627=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4627=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4627=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4627=1 ## Package List: * Basesystem Module 15-SP4 (noarch) * man-pages-4.16-150300.13.5.1 * Basesystem Module 15-SP5 (noarch) * man-pages-4.16-150300.13.5.1 * openSUSE Leap 15.3 (noarch) * man-pages-4.16-150300.13.5.1 * openSUSE Leap 15.4 (noarch) * man-pages-4.16-150300.13.5.1 * openSUSE Leap 15.5 (noarch) * man-pages-4.16-150300.13.5.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * man-pages-4.16-150300.13.5.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * man-pages-4.16-150300.13.5.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * man-pages-4.16-150300.13.5.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * man-pages-4.16-150300.13.5.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * man-pages-4.16-150300.13.5.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Dec 1 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 01 Dec 2023 12:30:11 -0000 Subject: SUSE-SU-2023:4625-1: important: Security update for containerd, docker, runc Message-ID: <170143381148.29438.14053687363278849310@smelt2.prg2.suse.org> # Security update for containerd, docker, runc Announcement ID: SUSE-SU-2023:4625-1 Rating: important References: * bsc#1170415 * bsc#1170446 * bsc#1178760 * bsc#1217513 Cross-References: * CVE-2020-12912 * CVE-2020-8694 * CVE-2020-8695 CVSS scores: * CVE-2020-12912 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2020-12912 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2020-8694 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2020-8694 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2020-8695 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2020-8695 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Containers Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities and has one security fix can now be installed. ## Description: This update for containerd, docker, runc fixes the following issues: containerd: -Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 docker: * Update to Docker 24.0.7-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2407 (bsc#1217513) * Deny containers access to /sys/devices/virtual/powercap by default. * CVE-2020-8694 bsc#1170415 * CVE-2020-8695 bsc#1170446 * CVE-2020-12912 bsc#1178760 runc: * Update to runc v1.1.10. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.10 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 12 zypper in -t patch SUSE-SLE-Module-Containers-12-2023-4625=1 ## Package List: * Containers Module 12 (ppc64le s390x x86_64) * docker-24.0.7_ce-98.103.1 * containerd-1.7.8-16.88.1 * runc-debuginfo-1.1.10-16.40.1 * docker-debuginfo-24.0.7_ce-98.103.1 * runc-1.1.10-16.40.1 ## References: * https://www.suse.com/security/cve/CVE-2020-12912.html * https://www.suse.com/security/cve/CVE-2020-8694.html * https://www.suse.com/security/cve/CVE-2020-8695.html * https://bugzilla.suse.com/show_bug.cgi?id=1170415 * https://bugzilla.suse.com/show_bug.cgi?id=1170446 * https://bugzilla.suse.com/show_bug.cgi?id=1178760 * https://bugzilla.suse.com/show_bug.cgi?id=1217513 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Dec 1 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 01 Dec 2023 16:30:02 -0000 Subject: SUSE-RU-2023:4633-1: moderate: Recommended update for scap-security-guide Message-ID: <170144820273.464.4639004894673279801@smelt2.prg2.suse.org> # Recommended update for scap-security-guide Announcement ID: SUSE-RU-2023:4633-1 Rating: moderate References: * jsc#ECO-3319 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for scap-security-guide fixes the following issues: scap-security-guide was updated to 0.1.70 (jsc#ECO-3319) * Add openembedded distro support * Remove DRAFT wording for OpenShift STIG * Remove test-function-check_playbook_file_removed_and_added test * scap-security-guide: Add Poky support Also various SUSE profile bug fixes have been applied. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4633=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4633=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4633=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4633=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4633=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4633=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2023-4633=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4633=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4633=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4633=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4633=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4633=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4633=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4633=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4633=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4633=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4633=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4633=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4633=1 ## Package List: * SUSE Manager Proxy 4.2 (noarch) * scap-security-guide-redhat-0.1.70-150000.1.69.1 * scap-security-guide-debian-0.1.70-150000.1.69.1 * scap-security-guide-0.1.70-150000.1.69.1 * scap-security-guide-ubuntu-0.1.70-150000.1.69.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * scap-security-guide-redhat-0.1.70-150000.1.69.1 * scap-security-guide-debian-0.1.70-150000.1.69.1 * scap-security-guide-0.1.70-150000.1.69.1 * scap-security-guide-ubuntu-0.1.70-150000.1.69.1 * SUSE Manager Server 4.2 (noarch) * scap-security-guide-redhat-0.1.70-150000.1.69.1 * scap-security-guide-debian-0.1.70-150000.1.69.1 * scap-security-guide-0.1.70-150000.1.69.1 * scap-security-guide-ubuntu-0.1.70-150000.1.69.1 * SUSE Enterprise Storage 7.1 (noarch) * scap-security-guide-redhat-0.1.70-150000.1.69.1 * scap-security-guide-debian-0.1.70-150000.1.69.1 * scap-security-guide-0.1.70-150000.1.69.1 * scap-security-guide-ubuntu-0.1.70-150000.1.69.1 * SUSE CaaS Platform 4.0 (noarch) * scap-security-guide-redhat-0.1.70-150000.1.69.1 * scap-security-guide-debian-0.1.70-150000.1.69.1 * scap-security-guide-0.1.70-150000.1.69.1 * scap-security-guide-ubuntu-0.1.70-150000.1.69.1 * openSUSE Leap 15.4 (noarch) * scap-security-guide-redhat-0.1.70-150000.1.69.1 * scap-security-guide-debian-0.1.70-150000.1.69.1 * scap-security-guide-0.1.70-150000.1.69.1 * scap-security-guide-ubuntu-0.1.70-150000.1.69.1 * openSUSE Leap 15.5 (noarch) * scap-security-guide-redhat-0.1.70-150000.1.69.1 * scap-security-guide-debian-0.1.70-150000.1.69.1 * scap-security-guide-0.1.70-150000.1.69.1 * scap-security-guide-ubuntu-0.1.70-150000.1.69.1 * SUSE Manager Client Tools for SLE Micro 5 (noarch) * scap-security-guide-0.1.70-150000.1.69.1 * Basesystem Module 15-SP4 (noarch) * scap-security-guide-redhat-0.1.70-150000.1.69.1 * scap-security-guide-debian-0.1.70-150000.1.69.1 * scap-security-guide-0.1.70-150000.1.69.1 * scap-security-guide-ubuntu-0.1.70-150000.1.69.1 * Basesystem Module 15-SP5 (noarch) * scap-security-guide-redhat-0.1.70-150000.1.69.1 * scap-security-guide-debian-0.1.70-150000.1.69.1 * scap-security-guide-0.1.70-150000.1.69.1 * scap-security-guide-ubuntu-0.1.70-150000.1.69.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * scap-security-guide-redhat-0.1.70-150000.1.69.1 * scap-security-guide-debian-0.1.70-150000.1.69.1 * scap-security-guide-0.1.70-150000.1.69.1 * scap-security-guide-ubuntu-0.1.70-150000.1.69.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * scap-security-guide-redhat-0.1.70-150000.1.69.1 * scap-security-guide-debian-0.1.70-150000.1.69.1 * scap-security-guide-0.1.70-150000.1.69.1 * scap-security-guide-ubuntu-0.1.70-150000.1.69.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * scap-security-guide-redhat-0.1.70-150000.1.69.1 * scap-security-guide-debian-0.1.70-150000.1.69.1 * scap-security-guide-0.1.70-150000.1.69.1 * scap-security-guide-ubuntu-0.1.70-150000.1.69.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * scap-security-guide-redhat-0.1.70-150000.1.69.1 * scap-security-guide-debian-0.1.70-150000.1.69.1 * scap-security-guide-0.1.70-150000.1.69.1 * scap-security-guide-ubuntu-0.1.70-150000.1.69.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * scap-security-guide-redhat-0.1.70-150000.1.69.1 * scap-security-guide-debian-0.1.70-150000.1.69.1 * scap-security-guide-0.1.70-150000.1.69.1 * scap-security-guide-ubuntu-0.1.70-150000.1.69.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * scap-security-guide-redhat-0.1.70-150000.1.69.1 * scap-security-guide-debian-0.1.70-150000.1.69.1 * scap-security-guide-0.1.70-150000.1.69.1 * scap-security-guide-ubuntu-0.1.70-150000.1.69.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * scap-security-guide-redhat-0.1.70-150000.1.69.1 * scap-security-guide-debian-0.1.70-150000.1.69.1 * scap-security-guide-0.1.70-150000.1.69.1 * scap-security-guide-ubuntu-0.1.70-150000.1.69.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * scap-security-guide-redhat-0.1.70-150000.1.69.1 * scap-security-guide-debian-0.1.70-150000.1.69.1 * scap-security-guide-0.1.70-150000.1.69.1 * scap-security-guide-ubuntu-0.1.70-150000.1.69.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * scap-security-guide-redhat-0.1.70-150000.1.69.1 * scap-security-guide-debian-0.1.70-150000.1.69.1 * scap-security-guide-0.1.70-150000.1.69.1 * scap-security-guide-ubuntu-0.1.70-150000.1.69.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * scap-security-guide-redhat-0.1.70-150000.1.69.1 * scap-security-guide-debian-0.1.70-150000.1.69.1 * scap-security-guide-0.1.70-150000.1.69.1 * scap-security-guide-ubuntu-0.1.70-150000.1.69.1 ## References: * https://jira.suse.com/browse/ECO-3319 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Dec 1 16:36:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 01 Dec 2023 16:36:11 -0000 Subject: SUSE-SU-2023:4631-1: important: Security update for python-Pillow Message-ID: <170144857165.14230.18119368548817546613@smelt2.prg2.suse.org> # Security update for python-Pillow Announcement ID: SUSE-SU-2023:4631-1 Rating: important References: * bsc#1216894 Cross-References: * CVE-2023-44271 CVSS scores: * CVE-2023-44271 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44271 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * HPE Helion OpenStack 8 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise Server 12 SP3 * SUSE OpenStack Cloud 8 * SUSE OpenStack Cloud Crowbar 8 An update that solves one vulnerability can now be installed. ## Description: This update for python-Pillow fixes the following issues: * CVE-2023-44271: Fixed uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (bsc#1216894). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-4631=1 * HPE Helion OpenStack 8 zypper in -t patch HPE-Helion-OpenStack-8-2023-4631=1 * SUSE OpenStack Cloud 8 zypper in -t patch SUSE-OpenStack-Cloud-8-2023-4631=1 ## Package List: * SUSE OpenStack Cloud Crowbar 8 (x86_64) * python-Pillow-debuginfo-4.2.1-3.23.2 * python-Pillow-4.2.1-3.23.2 * python-Pillow-debugsource-4.2.1-3.23.2 * HPE Helion OpenStack 8 (x86_64) * python-Pillow-debuginfo-4.2.1-3.23.2 * python-Pillow-4.2.1-3.23.2 * python-Pillow-debugsource-4.2.1-3.23.2 * SUSE OpenStack Cloud 8 (x86_64) * python-Pillow-debuginfo-4.2.1-3.23.2 * python-Pillow-4.2.1-3.23.2 * python-Pillow-debugsource-4.2.1-3.23.2 ## References: * https://www.suse.com/security/cve/CVE-2023-44271.html * https://bugzilla.suse.com/show_bug.cgi?id=1216894 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Dec 1 16:36:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 01 Dec 2023 16:36:13 -0000 Subject: SUSE-SU-2023:4630-1: important: Security update for python-Pillow Message-ID: <170144857331.14230.14020975707818061986@smelt2.prg2.suse.org> # Security update for python-Pillow Announcement ID: SUSE-SU-2023:4630-1 Rating: important References: * bsc#1216894 Cross-References: * CVE-2023-44271 CVSS scores: * CVE-2023-44271 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44271 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for python-Pillow fixes the following issues: * CVE-2023-44271: Fixed uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (bsc#1216894). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-4630=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-4630=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * python-Pillow-5.2.0-3.20.1 * python-Pillow-debuginfo-5.2.0-3.20.1 * python-Pillow-debugsource-5.2.0-3.20.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * python-Pillow-5.2.0-3.20.1 * python-Pillow-debuginfo-5.2.0-3.20.1 * python-Pillow-debugsource-5.2.0-3.20.1 ## References: * https://www.suse.com/security/cve/CVE-2023-44271.html * https://bugzilla.suse.com/show_bug.cgi?id=1216894 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Dec 1 20:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 01 Dec 2023 20:30:11 -0000 Subject: SUSE-SU-2023:4634-1: important: Security update for ImageMagick Message-ID: <170146261148.1624.4377646934275040808@smelt2.prg2.suse.org> # Security update for ImageMagick Announcement ID: SUSE-SU-2023:4634-1 Rating: important References: * bsc#1153866 * bsc#1181836 * bsc#1182325 * bsc#1182335 * bsc#1182336 * bsc#1182337 * bsc#1184624 * bsc#1184626 * bsc#1184627 * bsc#1184628 * bsc#1195563 * bsc#1197147 * bsc#1199350 * bsc#1200387 * bsc#1200388 * bsc#1200389 * bsc#1202250 * bsc#1202800 * bsc#1207982 * bsc#1207983 * bsc#1209141 * bsc#1211791 * bsc#1213624 * bsc#1214578 * bsc#1215939 Cross-References: * CVE-2019-17540 * CVE-2020-21679 * CVE-2021-20176 * CVE-2021-20224 * CVE-2021-20241 * CVE-2021-20243 * CVE-2021-20244 * CVE-2021-20246 * CVE-2021-20309 * CVE-2021-20311 * CVE-2021-20312 * CVE-2021-20313 * CVE-2022-0284 * CVE-2022-2719 * CVE-2022-28463 * CVE-2022-32545 * CVE-2022-32546 * CVE-2022-32547 * CVE-2022-44267 * CVE-2022-44268 * CVE-2023-1289 * CVE-2023-34151 * CVE-2023-3745 * CVE-2023-5341 CVSS scores: * CVE-2019-17540 ( SUSE ): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2020-21679 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-20176 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-20176 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-20224 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-20224 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-20241 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-20241 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-20243 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-20243 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-20244 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-20244 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-20246 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-20246 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-20309 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-20309 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-20311 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-20311 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-20312 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-20312 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-20313 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2021-20313 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-0284 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2022-0284 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2022-2719 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-2719 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-28463 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2022-28463 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-32545 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-32545 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-32546 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-32546 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-32547 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-32547 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-44267 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-44267 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-44268 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-44268 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-1289 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1289 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-34151 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-34151 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-3745 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-3745 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-5341 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5341 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves 24 vulnerabilities and has one security fix can now be installed. ## Description: This update for ImageMagick fixes the following issues: Security issues: * CVE-2023-5341: Fixed a heap use-after-free in coders/bmp.c. (bsc#1215939) * CVE-2020-21679: Fixed a buffer overflow in WritePCXImage function in pcx.c which may allow a remote attackers to cause a denial of service. (bsc#1214578) * CVE-2023-3745: Fixed heap out of bounds read in PushCharPixel() in quantum- private.h (bsc#1213624). * CVE-2023-34151: Fixed an undefined behavior issue due to floating point truncation (bsc#1211791). * CVE-2023-1289: Fixed segmentation fault and possible DoS via specially crafted SVG. (bsc#1209141) * CVE-2022-44268: Fixed arbitrary file disclosure when parsing a PNG image (bsc#1207983). * CVE-2022-44267: Fixed a denial of service when parsing a PNG image (bsc#1207982). * CVE-2022-32547: Fixed a load of misaligned address at MagickCore/property.c. (bsc#1200387) * CVE-2022-32546: Fixed an outside the range of representable values of type. (bsc#1200389) * CVE-2022-32545: Fixed an outside the range of representable values of type. (bsc#1200388) * CVE-2022-28463: Fixed buffer overflow in coders/cin.c (bsc#1199350). * CVE-2022-2719: Fixed a reachable assertion that could lead to denial of service via a crafted file (bsc#1202250). * CVE-2022-0284: Fixed heap buffer overread in GetPixelAlpha() in MagickCore/pixel-accessor.h (bsc#1195563). * CVE-2021-3574: Fixed memory leaks with convert command (bsc#1203212). * CVE-2021-20313: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c (bsc#1184628) * CVE-2021-20312: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c (bsc#1184627) * CVE-2021-20311: Division by zero in sRGBTransformImage() in MagickCore/colorspace.c (bsc#1184626) * CVE-2021-20309: Division by zero in WaveImage() of MagickCore/visual- effects. (bsc#1184624) * CVE-2021-20246: Division by zero in ScaleResampleFilter in MagickCore/resample.c (bsc#1182337). * CVE-2021-20244: Division by zero in ImplodeImage in MagickCore/visual- effects.c (bsc#1182325). * CVE-2021-20243: Division by zero in GetResizeFilterWeight in MagickCore/resize.c (bsc#1182336). * CVE-2021-20241: Division by zero in WriteJP2Image() in coders/jp2.c (bsc#1182335). * CVE-2021-20224: Fixed an integer overflow that could be triggered via a crafted file (bsc#1202800). * CVE-2021-20176: Fixed an issue where processing a crafted file could lead to division by zero (bsc#1181836). * CVE-2019-17540: Fixed heap-based buffer overflow in ReadPSInfo in coders/ps.c. (bsc#1153866) Bugfixes: * Use png_get_eXIf_1 when available (bsc#1197147). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4634=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4634=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4634=1 ## Package List: * SUSE CaaS Platform 4.0 (x86_64) * libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150000.3.123.1 * ImageMagick-7.0.7.34-150000.3.123.1 * ImageMagick-config-7-SUSE-7.0.7.34-150000.3.123.1 * libMagick++-devel-7.0.7.34-150000.3.123.1 * libMagickWand-7_Q16HDRI6-7.0.7.34-150000.3.123.1 * libMagick++-7_Q16HDRI4-7.0.7.34-150000.3.123.1 * libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150000.3.123.1 * perl-PerlMagick-debuginfo-7.0.7.34-150000.3.123.1 * perl-PerlMagick-7.0.7.34-150000.3.123.1 * ImageMagick-config-7-upstream-7.0.7.34-150000.3.123.1 * libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150000.3.123.1 * ImageMagick-debugsource-7.0.7.34-150000.3.123.1 * libMagickCore-7_Q16HDRI6-7.0.7.34-150000.3.123.1 * ImageMagick-devel-7.0.7.34-150000.3.123.1 * ImageMagick-debuginfo-7.0.7.34-150000.3.123.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150000.3.123.1 * ImageMagick-7.0.7.34-150000.3.123.1 * ImageMagick-config-7-SUSE-7.0.7.34-150000.3.123.1 * libMagick++-devel-7.0.7.34-150000.3.123.1 * libMagickWand-7_Q16HDRI6-7.0.7.34-150000.3.123.1 * libMagick++-7_Q16HDRI4-7.0.7.34-150000.3.123.1 * libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150000.3.123.1 * perl-PerlMagick-debuginfo-7.0.7.34-150000.3.123.1 * perl-PerlMagick-7.0.7.34-150000.3.123.1 * ImageMagick-config-7-upstream-7.0.7.34-150000.3.123.1 * libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150000.3.123.1 * ImageMagick-debugsource-7.0.7.34-150000.3.123.1 * libMagickCore-7_Q16HDRI6-7.0.7.34-150000.3.123.1 * ImageMagick-devel-7.0.7.34-150000.3.123.1 * ImageMagick-debuginfo-7.0.7.34-150000.3.123.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150000.3.123.1 * ImageMagick-7.0.7.34-150000.3.123.1 * ImageMagick-config-7-SUSE-7.0.7.34-150000.3.123.1 * libMagick++-devel-7.0.7.34-150000.3.123.1 * libMagickWand-7_Q16HDRI6-7.0.7.34-150000.3.123.1 * libMagick++-7_Q16HDRI4-7.0.7.34-150000.3.123.1 * libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150000.3.123.1 * perl-PerlMagick-debuginfo-7.0.7.34-150000.3.123.1 * perl-PerlMagick-7.0.7.34-150000.3.123.1 * ImageMagick-config-7-upstream-7.0.7.34-150000.3.123.1 * libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150000.3.123.1 * ImageMagick-debugsource-7.0.7.34-150000.3.123.1 * libMagickCore-7_Q16HDRI6-7.0.7.34-150000.3.123.1 * ImageMagick-devel-7.0.7.34-150000.3.123.1 * ImageMagick-debuginfo-7.0.7.34-150000.3.123.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150000.3.123.1 * ImageMagick-7.0.7.34-150000.3.123.1 * ImageMagick-config-7-SUSE-7.0.7.34-150000.3.123.1 * libMagick++-devel-7.0.7.34-150000.3.123.1 * libMagickWand-7_Q16HDRI6-7.0.7.34-150000.3.123.1 * libMagick++-7_Q16HDRI4-7.0.7.34-150000.3.123.1 * libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150000.3.123.1 * perl-PerlMagick-debuginfo-7.0.7.34-150000.3.123.1 * perl-PerlMagick-7.0.7.34-150000.3.123.1 * ImageMagick-config-7-upstream-7.0.7.34-150000.3.123.1 * libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150000.3.123.1 * ImageMagick-debugsource-7.0.7.34-150000.3.123.1 * libMagickCore-7_Q16HDRI6-7.0.7.34-150000.3.123.1 * ImageMagick-devel-7.0.7.34-150000.3.123.1 * ImageMagick-debuginfo-7.0.7.34-150000.3.123.1 ## References: * https://www.suse.com/security/cve/CVE-2019-17540.html * https://www.suse.com/security/cve/CVE-2020-21679.html * https://www.suse.com/security/cve/CVE-2021-20176.html * https://www.suse.com/security/cve/CVE-2021-20224.html * https://www.suse.com/security/cve/CVE-2021-20241.html * https://www.suse.com/security/cve/CVE-2021-20243.html * https://www.suse.com/security/cve/CVE-2021-20244.html * https://www.suse.com/security/cve/CVE-2021-20246.html * https://www.suse.com/security/cve/CVE-2021-20309.html * https://www.suse.com/security/cve/CVE-2021-20311.html * https://www.suse.com/security/cve/CVE-2021-20312.html * https://www.suse.com/security/cve/CVE-2021-20313.html * https://www.suse.com/security/cve/CVE-2022-0284.html * https://www.suse.com/security/cve/CVE-2022-2719.html * https://www.suse.com/security/cve/CVE-2022-28463.html * https://www.suse.com/security/cve/CVE-2022-32545.html * https://www.suse.com/security/cve/CVE-2022-32546.html * https://www.suse.com/security/cve/CVE-2022-32547.html * https://www.suse.com/security/cve/CVE-2022-44267.html * https://www.suse.com/security/cve/CVE-2022-44268.html * https://www.suse.com/security/cve/CVE-2023-1289.html * https://www.suse.com/security/cve/CVE-2023-34151.html * https://www.suse.com/security/cve/CVE-2023-3745.html * https://www.suse.com/security/cve/CVE-2023-5341.html * https://bugzilla.suse.com/show_bug.cgi?id=1153866 * https://bugzilla.suse.com/show_bug.cgi?id=1181836 * https://bugzilla.suse.com/show_bug.cgi?id=1182325 * https://bugzilla.suse.com/show_bug.cgi?id=1182335 * https://bugzilla.suse.com/show_bug.cgi?id=1182336 * https://bugzilla.suse.com/show_bug.cgi?id=1182337 * https://bugzilla.suse.com/show_bug.cgi?id=1184624 * https://bugzilla.suse.com/show_bug.cgi?id=1184626 * https://bugzilla.suse.com/show_bug.cgi?id=1184627 * https://bugzilla.suse.com/show_bug.cgi?id=1184628 * https://bugzilla.suse.com/show_bug.cgi?id=1195563 * https://bugzilla.suse.com/show_bug.cgi?id=1197147 * https://bugzilla.suse.com/show_bug.cgi?id=1199350 * https://bugzilla.suse.com/show_bug.cgi?id=1200387 * https://bugzilla.suse.com/show_bug.cgi?id=1200388 * https://bugzilla.suse.com/show_bug.cgi?id=1200389 * https://bugzilla.suse.com/show_bug.cgi?id=1202250 * https://bugzilla.suse.com/show_bug.cgi?id=1202800 * https://bugzilla.suse.com/show_bug.cgi?id=1207982 * https://bugzilla.suse.com/show_bug.cgi?id=1207983 * https://bugzilla.suse.com/show_bug.cgi?id=1209141 * https://bugzilla.suse.com/show_bug.cgi?id=1211791 * https://bugzilla.suse.com/show_bug.cgi?id=1213624 * https://bugzilla.suse.com/show_bug.cgi?id=1214578 * https://bugzilla.suse.com/show_bug.cgi?id=1215939 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Dec 2 08:04:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Dec 2023 09:04:29 +0100 (CET) Subject: SUSE-CU-2023:3944-1: Security update of suse/pcp Message-ID: <20231202080429.C99E6F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3944-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.205 , suse/pcp:5.2 , suse/pcp:5.2-17.205 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.205 Container Release : 17.205 Severity : important Type : security References : 1210660 CVE-2023-2137 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). The following package changes have been done: - libsqlite3-0-3.44.0-150000.3.23.1 updated - container:bci-bci-init-15.4-15.4-30.34 updated From sle-updates at lists.suse.com Sat Dec 2 08:05:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Dec 2023 09:05:44 +0100 (CET) Subject: SUSE-CU-2023:3947-1: Security update of suse/sle15 Message-ID: <20231202080544.84CF1F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3947-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.123 , suse/sle15:15.4 , suse/sle15:15.4.27.14.123 Container Release : 27.14.123 Severity : important Type : security References : 1210660 CVE-2023-2137 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). The following package changes have been done: - libsqlite3-0-3.44.0-150000.3.23.1 updated From sle-updates at lists.suse.com Sat Dec 2 08:05:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Dec 2023 09:05:55 +0100 (CET) Subject: SUSE-CU-2023:3948-1: Security update of suse/389-ds Message-ID: <20231202080555.E97B3F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3948-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.51 , suse/389-ds:latest Container Release : 16.51 Severity : important Type : security References : 1210660 CVE-2023-2137 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). The following package changes have been done: - libsqlite3-0-3.44.0-150000.3.23.1 updated - container:sles15-image-15.0.0-36.5.59 updated From sle-updates at lists.suse.com Sat Dec 2 08:08:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Dec 2023 09:08:47 +0100 (CET) Subject: SUSE-CU-2023:3964-1: Security update of suse/pcp Message-ID: <20231202080847.70E26F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3964-1 Container Tags : suse/pcp:5 , suse/pcp:5-15.75 , suse/pcp:5.2 , suse/pcp:5.2-15.75 , suse/pcp:5.2.5 , suse/pcp:5.2.5-15.75 , suse/pcp:latest Container Release : 15.75 Severity : important Type : security References : 1210660 CVE-2023-2137 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). The following package changes have been done: - libsqlite3-0-3.44.0-150000.3.23.1 updated - container:bci-bci-init-15.5-15.5-10.43 updated From sle-updates at lists.suse.com Sat Dec 2 08:09:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Dec 2023 09:09:46 +0100 (CET) Subject: SUSE-CU-2023:3970-1: Security update of suse/rmt-server Message-ID: <20231202080946.D1AB4F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3970-1 Container Tags : suse/rmt-server:2.14 , suse/rmt-server:2.14-11.41 , suse/rmt-server:latest Container Release : 11.41 Severity : important Type : security References : 1210660 CVE-2023-2137 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). The following package changes have been done: - libsqlite3-0-3.44.0-150000.3.23.1 updated - container:sles15-image-15.0.0-36.5.59 updated From sle-updates at lists.suse.com Sat Dec 2 08:10:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Dec 2023 09:10:10 +0100 (CET) Subject: SUSE-CU-2023:3972-1: Recommended update of bci/rust Message-ID: <20231202081010.1447DF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3972-1 Container Tags : bci/rust:1.73 , bci/rust:1.73-2.2.1 , bci/rust:oldstable , bci/rust:oldstable-2.2.1 Container Release : 2.1 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4067-1 Released: Thu Oct 12 20:05:00 2023 Summary: Recommended update for rust, rust1.73 Type: recommended Severity: moderate References: This update for rust, rust1.73 fixes the following issues: Changes in rust1.73: Version 1.73.0 (2023-10-05) ========================== Language -------- - Uplift clippy::fn_null_check lint as useless_ptr_null_checks. - Make noop_method_call warn by default. - Support interpolated block for try and async in macros. - Make unconditional_recursion lint detect recursive drops. - Future compatibility warning for some impls being incorrectly considered not overlapping. - The invalid_reference_casting lint is now **deny-by-default** (instead of allow-by-default) Compiler -------- - Write version information in a .comment section like GCC/Clang. - Add documentation on v0 symbol mangling. - Stabilize extern 'thiscall' and 'thiscall-unwind' ABIs. - Only check outlives goals on impl compared to trait. - Infer type in irrefutable slice patterns with fixed length as array. - Discard default auto trait impls if explicit ones exist. - Add several new tier 3 targets: - aarch64-unknown-teeos - csky-unknown-linux-gnuabiv2 - riscv64-linux-android - riscv64gc-unknown-hermit - x86_64-unikraft-linux-musl - x86_64-unknown-linux-ohos - Add wasm32-wasi-preview1-threads as a tier 2 target. Refer to Rust's platform support page for more information on Rust's tiered platform support. Libraries --------- - Add Read, Write and Seek impls for Arc. - Merge functionality of io::Sink into io::Empty. - Implement RefUnwindSafe for Backtrace - Make ExitStatus implement Default - impl SliceIndex for (Bound, Bound) - Change default panic handler message format. - Cleaner assert_eq! & assert_ne! panic messages. - Correct the (deprecated) Android stat struct definitions. Stabilized APIs --------------- - Unsigned {integer}::div_ceil https://doc.rust-lang.org/stable/std/primitive.u32.html#method.div_ceil - Unsigned {integer}::next_multiple_of https://doc.rust-lang.org/stable/std/primitive.u32.html#method.next_multiple_of - Unsigned {integer}::checked_next_multiple_of https://doc.rust-lang.org/stable/std/primitive.u32.html#method.checked_next_multiple_of - std::ffi::FromBytesUntilNulError https://doc.rust-lang.org/stable/std/ffi/struct.FromBytesUntilNulError.html - std::os::unix::fs::chown https://doc.rust-lang.org/stable/std/os/unix/fs/fn.chown.html - std::os::unix::fs::fchown https://doc.rust-lang.org/stable/std/os/unix/fs/fn.fchown.html - std::os::unix::fs::lchown https://doc.rust-lang.org/stable/std/os/unix/fs/fn.lchown.html - LocalKey::>::get https://doc.rust-lang.org/stable/std/thread/struct.LocalKey.html#method.get - LocalKey::>::set https://doc.rust-lang.org/stable/std/thread/struct.LocalKey.html#method.set - LocalKey::>::take https://doc.rust-lang.org/stable/std/thread/struct.LocalKey.html#method.take - LocalKey::>::replace https://doc.rust-lang.org/stable/std/thread/struct.LocalKey.html#method.replace - LocalKey::>::with_borrow https://doc.rust-lang.org/stable/std/thread/struct.LocalKey.html#method.with_borrow - LocalKey::>::with_borrow_mut https://doc.rust-lang.org/stable/std/thread/struct.LocalKey.html#method.with_borrow_mut - LocalKey::>::set https://doc.rust-lang.org/stable/std/thread/struct.LocalKey.html#method.set-1 - LocalKey::>::take https://doc.rust-lang.org/stable/std/thread/struct.LocalKey.html#method.take-1 - LocalKey::>::replace https://doc.rust-lang.org/stable/std/thread/struct.LocalKey.html#method.replace-1 These APIs are now stable in const contexts: - rc::Weak::new https://doc.rust-lang.org/stable/alloc/rc/struct.Weak.html#method.new - sync::Weak::new https://doc.rust-lang.org/stable/alloc/sync/struct.Weak.html#method.new - NonNull::as_ref https://doc.rust-lang.org/stable/core/ptr/struct.NonNull.html#method.as_ref Cargo ----- - Encode URL params correctly for SourceId in Cargo.lock. - Bail out an error when using cargo:: in custom build script. Compatibility Notes ------------------- - Update the minimum external LLVM to 15. - Check for non-defining uses of return position impl Trait. Changes in rust: - Update to version 1.73.0 - for details see the rust1.73 package The following package changes have been done: - rust1.73-1.73.0-150400.9.3.1 added - cargo1.73-1.73.0-150400.9.3.1 added - container:sles15-image-15.0.0-36.5.59 updated - cargo1.72-1.72.1-150400.9.6.1 removed - rust1.72-1.72.1-150400.9.6.1 removed From sle-updates at lists.suse.com Sat Dec 2 08:10:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Dec 2023 09:10:21 +0100 (CET) Subject: SUSE-CU-2023:3973-1: Recommended update of bci/rust Message-ID: <20231202081021.67E8CF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3973-1 Container Tags : bci/rust:1.74 , bci/rust:1.74-1.2.1 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.1 Container Release : 2.1 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4592-1 Released: Mon Nov 27 18:02:44 2023 Summary: Recommended update for rust, rust1.74 Type: recommended Severity: moderate References: This update for rust, rust1.74 fixes the following issues: Version 1.74.0 (2023-11-16) ========================== Language -------- - Codify that std::mem::Discriminant does not depend on any lifetimes in T - Replace private_in_public lint with private_interfaces and private_bounds per RFC 2145. Read more in [RFC 2145(https://rust-lang.github.io/rfcs/2145-type-privacy.html). - Allow explicit #[repr(Rust)] - closure field capturing: don't depend on alignment of packed fields - Enable MIR-based drop-tracking for async blocks - Stabilize impl_trait_projections Compiler -------- - stabilize combining +bundle and +whole-archive link modifiers - Stabilize PATH option for --print KIND=PATH - Enable ASAN/LSAN/TSAN for *-apple-ios-macabi - Promote loongarch64-unknown-none* to Tier 2 - Add i686-pc-windows-gnullvm as a tier 3 target Libraries --------- - Implement From for ChildStdin/out/err - Implement From<{&,&mut} [T; N]> for Vec where T: Clone - impl Step for IP addresses - Implement From<[T; N]> for Rc<[T]> and Arc<[T]> - impl TryFrom for u16 - Stabilize io_error_other feature - Stabilize the Saturating type - Stabilize const_transmute_copy Stabilized APIs --------------- - core::num::Saturating - impl From for std::process::Stdio - impl From for std::process::Stdio - impl From for std::process::Child{Stdin, Stdout, Stderr} - impl From for std::process::Child{Stdin, Stdout, Stderr} - std::ffi::OsString::from_encoded_bytes_unchecked - std::ffi::OsString::into_encoded_bytes - std::ffi::OsStr::from_encoded_bytes_unchecked - std::ffi::OsStr::as_encoded_bytes - std::io::Error::other - impl TryFrom for u16 - impl From<&[T; N]> for Vec - impl From<&mut [T; N]> for Vec - impl From<[T; N]> for Arc<[T]> - impl From<[T; N]> for Rc<[T]> Thse APIs are now stable in const contexts: - core::mem::transmute_copy - str::is_ascii - [u8]::is_ascii Cargo ----- - fix: Set MSRV for internal packages - config: merge lists in precedence order - fix(update): Clarify meaning of --aggressive as --recursive - fix(update): Make -p more convenient by being positional - feat(help): Add styling to help output - feat(pkgid): Allow incomplete versions when unambigious - feat: stabilize credential-process and registry-auth - feat(cli): Add '-n' to dry-run - Add support for target.'cfg(..)'.linker - Stabilize --keep-going - feat: Stabilize lints Rustdoc ------- - Add warning block support in rustdoc - Accept additional user-defined syntax classes in fenced code blocks - rustdoc-search: add support for type parameters - rustdoc: show inner enum and struct in type definition for concrete type Compatibility Notes ------------------- - Raise minimum supported Apple OS versions - make Cell::swap panic if the Cells partially overlap - Reject invalid crate names in --extern - Don't resolve generic impls that may be shadowed by dyn built-in impls - The new impl From<{&,&mut} [T; N]> for Vec is known to cause some inference failures with overly-generic code. Changes in rust: - Update to version 1.74.0 - for details see the rust1.74 package The following package changes have been done: - rust1.74-1.74.0-150400.9.3.1 added - cargo1.74-1.74.0-150400.9.3.1 added - container:sles15-image-15.0.0-36.5.59 updated - cargo1.73-1.73.0-150400.9.3.1 removed - rust1.73-1.73.0-150400.9.3.1 removed From sle-updates at lists.suse.com Sat Dec 2 08:10:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Dec 2023 09:10:36 +0100 (CET) Subject: SUSE-CU-2023:3975-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20231202081037.00690F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3975-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.9 , suse/manager/4.3/proxy-salt-broker:4.3.9.9.30.18 , suse/manager/4.3/proxy-salt-broker:latest , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.9 , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.9.9.30.18 Container Release : 9.30.18 Severity : important Type : security References : 1210660 CVE-2023-2137 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). The following package changes have been done: - libsqlite3-0-3.44.0-150000.3.23.1 updated From sle-updates at lists.suse.com Sat Dec 2 08:10:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Dec 2023 09:10:44 +0100 (CET) Subject: SUSE-CU-2023:3976-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20231202081044.429D3F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3976-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.9 , suse/manager/4.3/proxy-squid:4.3.9.9.39.15 , suse/manager/4.3/proxy-squid:latest , suse/manager/4.3/proxy-squid:susemanager-4.3.9 , suse/manager/4.3/proxy-squid:susemanager-4.3.9.9.39.15 Container Release : 9.39.15 Severity : important Type : security References : 1210660 CVE-2023-2137 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). The following package changes have been done: - libsqlite3-0-3.44.0-150000.3.23.1 updated From sle-updates at lists.suse.com Sat Dec 2 08:10:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Dec 2023 09:10:50 +0100 (CET) Subject: SUSE-CU-2023:3977-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20231202081050.5148AF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3977-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.9 , suse/manager/4.3/proxy-ssh:4.3.9.9.30.14 , suse/manager/4.3/proxy-ssh:latest , suse/manager/4.3/proxy-ssh:susemanager-4.3.9 , suse/manager/4.3/proxy-ssh:susemanager-4.3.9.9.30.14 Container Release : 9.30.14 Severity : important Type : security References : 1210660 CVE-2023-2137 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). The following package changes have been done: - libsqlite3-0-3.44.0-150000.3.23.1 updated From sle-updates at lists.suse.com Sat Dec 2 08:10:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Dec 2023 09:10:57 +0100 (CET) Subject: SUSE-CU-2023:3978-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20231202081057.23C41F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3978-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.9 , suse/manager/4.3/proxy-tftpd:4.3.9.9.30.16 , suse/manager/4.3/proxy-tftpd:latest , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9 , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9.9.30.16 Container Release : 9.30.16 Severity : important Type : security References : 1210660 CVE-2023-2137 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). The following package changes have been done: - libsqlite3-0-3.44.0-150000.3.23.1 updated From meissner at suse.com Sun Dec 3 08:04:18 2023 From: meissner at suse.com (meissner at suse.com) Date: Sun, 3 Dec 2023 09:04:18 +0100 (CET) Subject: SUSE-CU-2023:3982-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20231203080418.C081CFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3982-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.325 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.325 Severity : important Type : security References : 1210660 CVE-2023-2137 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). The following package changes have been done: - libsqlite3-0-3.44.0-150000.3.23.1 updated - container:sles15-image-15.0.0-17.20.219 updated From sle-updates at lists.suse.com Mon Dec 4 08:36:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 04 Dec 2023 08:36:07 -0000 Subject: SUSE-SU-2023:4635-1: important: Security update for openssl-3 Message-ID: <170167896724.16752.1309230874431283459@smelt2.prg2.suse.org> # Security update for openssl-3 Announcement ID: SUSE-SU-2023:4635-1 Rating: important References: * bsc#1194187 * bsc#1207472 * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). Bug fixes: * The default /etc/ssl/openssl3.cnf file will include any configuration files that other packages might place into /etc/ssl/engines3.d/ and /etc/ssl/engdef3.d/. * Create the two new necessary directores for the above patch. [bsc#1194187, bsc#1207472] ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4635=1 openSUSE-SLE-15.5-2023-4635=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4635=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * openssl-3-debuginfo-3.0.8-150500.5.19.1 * libopenssl-3-devel-3.0.8-150500.5.19.1 * openssl-3-3.0.8-150500.5.19.1 * libopenssl3-debuginfo-3.0.8-150500.5.19.1 * libopenssl3-3.0.8-150500.5.19.1 * openssl-3-debugsource-3.0.8-150500.5.19.1 * openSUSE Leap 15.5 (x86_64) * libopenssl-3-devel-32bit-3.0.8-150500.5.19.1 * libopenssl3-32bit-debuginfo-3.0.8-150500.5.19.1 * libopenssl3-32bit-3.0.8-150500.5.19.1 * openSUSE Leap 15.5 (noarch) * openssl-3-doc-3.0.8-150500.5.19.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl3-64bit-debuginfo-3.0.8-150500.5.19.1 * libopenssl-3-devel-64bit-3.0.8-150500.5.19.1 * libopenssl3-64bit-3.0.8-150500.5.19.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * openssl-3-debuginfo-3.0.8-150500.5.19.1 * libopenssl-3-devel-3.0.8-150500.5.19.1 * openssl-3-3.0.8-150500.5.19.1 * libopenssl3-debuginfo-3.0.8-150500.5.19.1 * libopenssl3-3.0.8-150500.5.19.1 * openssl-3-debugsource-3.0.8-150500.5.19.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1194187 * https://bugzilla.suse.com/show_bug.cgi?id=1207472 * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Dec 4 08:39:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 04 Dec 2023 08:39:08 -0000 Subject: SUSE-SU-2023:4635-1: important: Security update for openssl-3 Message-ID: <170167914850.18222.14646514586982496735@smelt2.prg2.suse.org> # Security update for openssl-3 Announcement ID: SUSE-SU-2023:4635-1 Rating: important References: * bsc#1194187 * bsc#1207472 * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). Bug fixes: * The default /etc/ssl/openssl3.cnf file will include any configuration files that other packages might place into /etc/ssl/engines3.d/ and /etc/ssl/engdef3.d/. * Create the two new necessary directores for the above patch. [bsc#1194187, bsc#1207472] ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4635=1 openSUSE-SLE-15.5-2023-4635=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4635=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * openssl-3-debuginfo-3.0.8-150500.5.19.1 * libopenssl-3-devel-3.0.8-150500.5.19.1 * openssl-3-3.0.8-150500.5.19.1 * libopenssl3-debuginfo-3.0.8-150500.5.19.1 * libopenssl3-3.0.8-150500.5.19.1 * openssl-3-debugsource-3.0.8-150500.5.19.1 * openSUSE Leap 15.5 (x86_64) * libopenssl-3-devel-32bit-3.0.8-150500.5.19.1 * libopenssl3-32bit-debuginfo-3.0.8-150500.5.19.1 * libopenssl3-32bit-3.0.8-150500.5.19.1 * openSUSE Leap 15.5 (noarch) * openssl-3-doc-3.0.8-150500.5.19.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl3-64bit-debuginfo-3.0.8-150500.5.19.1 * libopenssl-3-devel-64bit-3.0.8-150500.5.19.1 * libopenssl3-64bit-3.0.8-150500.5.19.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * openssl-3-debuginfo-3.0.8-150500.5.19.1 * libopenssl-3-devel-3.0.8-150500.5.19.1 * openssl-3-3.0.8-150500.5.19.1 * libopenssl3-debuginfo-3.0.8-150500.5.19.1 * libopenssl3-3.0.8-150500.5.19.1 * openssl-3-debugsource-3.0.8-150500.5.19.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1194187 * https://bugzilla.suse.com/show_bug.cgi?id=1207472 * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Dec 4 12:30:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 04 Dec 2023 12:30:00 -0000 Subject: SUSE-SU-2023:4635-1: important: Security update for openssl-3 Message-ID: <170169300074.7100.1891444829009319960@smelt2.prg2.suse.org> # Security update for openssl-3 Announcement ID: SUSE-SU-2023:4635-1 Rating: important References: * bsc#1194187 * bsc#1207472 * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). Bug fixes: * The default /etc/ssl/openssl3.cnf file will include any configuration files that other packages might place into /etc/ssl/engines3.d/ and /etc/ssl/engdef3.d/. * Create the two new necessary directores for the above patch. [bsc#1194187, bsc#1207472] ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4635=1 openSUSE-SLE-15.5-2023-4635=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4635=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * openssl-3-debuginfo-3.0.8-150500.5.19.1 * libopenssl-3-devel-3.0.8-150500.5.19.1 * openssl-3-3.0.8-150500.5.19.1 * libopenssl3-debuginfo-3.0.8-150500.5.19.1 * libopenssl3-3.0.8-150500.5.19.1 * openssl-3-debugsource-3.0.8-150500.5.19.1 * openSUSE Leap 15.5 (x86_64) * libopenssl-3-devel-32bit-3.0.8-150500.5.19.1 * libopenssl3-32bit-debuginfo-3.0.8-150500.5.19.1 * libopenssl3-32bit-3.0.8-150500.5.19.1 * openSUSE Leap 15.5 (noarch) * openssl-3-doc-3.0.8-150500.5.19.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl3-64bit-debuginfo-3.0.8-150500.5.19.1 * libopenssl-3-devel-64bit-3.0.8-150500.5.19.1 * libopenssl3-64bit-3.0.8-150500.5.19.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * openssl-3-debuginfo-3.0.8-150500.5.19.1 * libopenssl-3-devel-3.0.8-150500.5.19.1 * openssl-3-3.0.8-150500.5.19.1 * libopenssl3-debuginfo-3.0.8-150500.5.19.1 * libopenssl3-3.0.8-150500.5.19.1 * openssl-3-debugsource-3.0.8-150500.5.19.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1194187 * https://bugzilla.suse.com/show_bug.cgi?id=1207472 * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Dec 4 12:33:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 04 Dec 2023 12:33:05 -0000 Subject: SUSE-SU-2023:4635-1: important: Security update for openssl-3 Message-ID: <170169318591.7100.4447349414736378466@smelt2.prg2.suse.org> # Security update for openssl-3 Announcement ID: SUSE-SU-2023:4635-1 Rating: important References: * bsc#1194187 * bsc#1207472 * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). Bug fixes: * The default /etc/ssl/openssl3.cnf file will include any configuration files that other packages might place into /etc/ssl/engines3.d/ and /etc/ssl/engdef3.d/. * Create the two new necessary directores for the above patch. [bsc#1194187, bsc#1207472] ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4635=1 openSUSE-SLE-15.5-2023-4635=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4635=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * openssl-3-debuginfo-3.0.8-150500.5.19.1 * libopenssl-3-devel-3.0.8-150500.5.19.1 * openssl-3-3.0.8-150500.5.19.1 * libopenssl3-debuginfo-3.0.8-150500.5.19.1 * libopenssl3-3.0.8-150500.5.19.1 * openssl-3-debugsource-3.0.8-150500.5.19.1 * openSUSE Leap 15.5 (x86_64) * libopenssl-3-devel-32bit-3.0.8-150500.5.19.1 * libopenssl3-32bit-debuginfo-3.0.8-150500.5.19.1 * libopenssl3-32bit-3.0.8-150500.5.19.1 * openSUSE Leap 15.5 (noarch) * openssl-3-doc-3.0.8-150500.5.19.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl3-64bit-debuginfo-3.0.8-150500.5.19.1 * libopenssl-3-devel-64bit-3.0.8-150500.5.19.1 * libopenssl3-64bit-3.0.8-150500.5.19.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * openssl-3-debuginfo-3.0.8-150500.5.19.1 * libopenssl-3-devel-3.0.8-150500.5.19.1 * openssl-3-3.0.8-150500.5.19.1 * libopenssl3-debuginfo-3.0.8-150500.5.19.1 * libopenssl3-3.0.8-150500.5.19.1 * openssl-3-debugsource-3.0.8-150500.5.19.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1194187 * https://bugzilla.suse.com/show_bug.cgi?id=1207472 * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Dec 5 12:36:09 2023 From: null at suse.de (null at suse.de) Date: Tue, 05 Dec 2023 12:36:09 -0000 Subject: SUSE-RU-2023:4641-1: moderate: Recommended update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed Message-ID: <170177976908.3041.17859283236329461128@smelt2.prg2.suse.org> # Recommended update for kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed Announcement ID: SUSE-RU-2023:4641-1 Rating: moderate References: * bsc#1215981 * bsc#1217370 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two fixes can now be installed. ## Description: This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Changes in kernel-firmware-nvidia-gspx-G06: * update firmware to version 545.29.02 Changes in nvidia-open-driver-G06-signed: * Update to 545.29.02 * added fbdev=1 option for nvidia-drm module, which gives us a proper framebuffer console now ... * nosimplefb kernel option no longer needed with usage of nvidia-drm's fbdev=1 option * nvidia's NVreg_OpenRmEnableUnsupportedGpus=1 option no longer needed; GeForce and Workstation GPUs now officially supported * support added for H100/H800 GPUs (Hopper) * no longer try to overwrite NVreg_OpenRMEnableSupporteGpus driver option setting; apparently it's ignored by the driver (boo#1215981) comment#26) * use different modprobe.d config file to resolve conflict with older driver package (boo#1217370); overwrite NVreg_OpenRMEnableSupporteGpus driver option setting (disable it), since letting it enabled is supposed to break booting (boo#1215981) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4641=1 openSUSE-SLE-15.4-2023-4641=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4641=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4641=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4641=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4641=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4641=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4641=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4641=1 ## Package List: * openSUSE Leap 15.4 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-545.29.02-150400.9.15.1 * openSUSE Leap 15.4 (x86_64) * nvidia-open-driver-G06-signed-azure-devel-545.29.02-150400.9.32.1 * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-545.29.02_k5.14.21_150400.14.72-150400.9.32.1 * nvidia-open-driver-G06-signed-kmp-azure-545.29.02_k5.14.21_150400.14.72-150400.9.32.1 * openSUSE Leap 15.4 (aarch64 x86_64) * nvidia-open-driver-G06-signed-debugsource-545.29.02-150400.9.32.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-545.29.02_k5.14.21_150400.24.97-150400.9.32.1 * nvidia-open-driver-G06-signed-kmp-default-545.29.02_k5.14.21_150400.24.97-150400.9.32.1 * nvidia-open-driver-G06-signed-default-devel-545.29.02-150400.9.32.1 * openSUSE Leap 15.4 (aarch64) * nvidia-open-driver-G06-signed-kmp-64kb-545.29.02_k5.14.21_150400.24.97-150400.9.32.1 * nvidia-open-driver-G06-signed-64kb-devel-545.29.02-150400.9.32.1 * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-545.29.02_k5.14.21_150400.24.97-150400.9.32.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-545.29.02-150400.9.15.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * nvidia-open-driver-G06-signed-debugsource-545.29.02-150400.9.32.1 * nvidia-open-driver-G06-signed-kmp-default-545.29.02_k5.14.21_150400.24.97-150400.9.32.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-545.29.02_k5.14.21_150400.24.97-150400.9.32.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-545.29.02-150400.9.15.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * nvidia-open-driver-G06-signed-debugsource-545.29.02-150400.9.32.1 * nvidia-open-driver-G06-signed-kmp-default-545.29.02_k5.14.21_150400.24.97-150400.9.32.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-545.29.02_k5.14.21_150400.24.97-150400.9.32.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-545.29.02-150400.9.15.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * nvidia-open-driver-G06-signed-debugsource-545.29.02-150400.9.32.1 * nvidia-open-driver-G06-signed-kmp-default-545.29.02_k5.14.21_150400.24.97-150400.9.32.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-545.29.02_k5.14.21_150400.24.97-150400.9.32.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-545.29.02-150400.9.15.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * nvidia-open-driver-G06-signed-debugsource-545.29.02-150400.9.32.1 * nvidia-open-driver-G06-signed-kmp-default-545.29.02_k5.14.21_150400.24.97-150400.9.32.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-545.29.02_k5.14.21_150400.24.97-150400.9.32.1 * Basesystem Module 15-SP4 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-545.29.02-150400.9.15.1 * Basesystem Module 15-SP4 (aarch64) * nvidia-open-driver-G06-signed-kmp-64kb-545.29.02_k5.14.21_150400.24.97-150400.9.32.1 * nvidia-open-driver-G06-signed-64kb-devel-545.29.02-150400.9.32.1 * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-545.29.02_k5.14.21_150400.24.97-150400.9.32.1 * Basesystem Module 15-SP4 (aarch64 x86_64) * nvidia-open-driver-G06-signed-debugsource-545.29.02-150400.9.32.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-545.29.02_k5.14.21_150400.24.97-150400.9.32.1 * nvidia-open-driver-G06-signed-kmp-default-545.29.02_k5.14.21_150400.24.97-150400.9.32.1 * nvidia-open-driver-G06-signed-default-devel-545.29.02-150400.9.32.1 * Basesystem Module 15-SP5 (aarch64 nosrc) * kernel-firmware-nvidia-gspx-G06-545.29.02-150400.9.15.1 * Public Cloud Module 15-SP4 (x86_64) * nvidia-open-driver-G06-signed-azure-devel-545.29.02-150400.9.32.1 * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-545.29.02_k5.14.21_150400.14.72-150400.9.32.1 * nvidia-open-driver-G06-signed-kmp-azure-545.29.02_k5.14.21_150400.14.72-150400.9.32.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215981 * https://bugzilla.suse.com/show_bug.cgi?id=1217370 -------------- next part -------------- An HTML attachment was scrubbed... URL: From meissner at suse.com Tue Dec 5 13:30:47 2023 From: meissner at suse.com (meissner at suse.com) Date: Tue, 5 Dec 2023 14:30:47 +0100 (CET) Subject: SUSE-CU-2023:3984-1: Security update of suse/sle15 Message-ID: <20231205133047.06A47F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3984-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.850 Container Release : 6.2.850 Severity : important Type : security References : 1210660 CVE-2023-2137 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). The following package changes have been done: - libsqlite3-0-3.44.0-150000.3.23.1 updated From meissner at suse.com Tue Dec 5 13:31:06 2023 From: meissner at suse.com (meissner at suse.com) Date: Tue, 5 Dec 2023 14:31:06 +0100 (CET) Subject: SUSE-CU-2023:3985-1: Security update of suse/sle15 Message-ID: <20231205133106.95401F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3985-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.59 , suse/sle15:15.5 , suse/sle15:15.5.36.5.59 Container Release : 36.5.59 Severity : important Type : security References : 1210660 CVE-2023-2137 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). The following package changes have been done: - libsqlite3-0-3.44.0-150000.3.23.1 updated From meissner at suse.de Wed Dec 6 08:03:35 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 6 Dec 2023 09:03:35 +0100 (CET) Subject: SUSE-CU-2023:3988-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20231206080335.EA2D2F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3988-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.110 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.110 Severity : important Type : security References : 1210660 CVE-2023-2137 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). The following package changes have been done: - libsqlite3-0-3.44.0-150000.3.23.1 updated - container:sles15-image-15.0.0-36.5.59 updated From null at suse.de Wed Dec 6 08:36:07 2023 From: null at suse.de (null at suse.de) Date: Wed, 06 Dec 2023 08:36:07 -0000 Subject: SUSE-SU-2023:4645-1: moderate: Security update for haproxy Message-ID: <170185176726.18789.13747859146664248052@smelt2.prg2.suse.org> # Security update for haproxy Announcement ID: SUSE-SU-2023:4645-1 Rating: moderate References: * bsc#1217653 Cross-References: * CVE-2023-45539 CVSS scores: * CVE-2023-45539 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-45539 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for haproxy fixes the following issues: * CVE-2023-45539: Fixed misinterpretation of a path_end rule with # as part of the URI component (bsc#1217653). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-4645=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-4645=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * haproxy-debuginfo-2.0.31-150200.11.26.1 * haproxy-debugsource-2.0.31-150200.11.26.1 * haproxy-2.0.31-150200.11.26.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * haproxy-debuginfo-2.0.31-150200.11.26.1 * haproxy-debugsource-2.0.31-150200.11.26.1 * haproxy-2.0.31-150200.11.26.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45539.html * https://bugzilla.suse.com/show_bug.cgi?id=1217653 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 6 12:33:08 2023 From: null at suse.de (null at suse.de) Date: Wed, 06 Dec 2023 12:33:08 -0000 Subject: SUSE-SU-2023:4654-1: important: Security update for kernel-firmware Message-ID: <170186598838.7847.7727523894725946845@smelt2.prg2.suse.org> # Security update for kernel-firmware Announcement ID: SUSE-SU-2023:4654-1 Rating: important References: * bsc#1215823 * bsc#1215831 Cross-References: * CVE-2021-26345 * CVE-2021-46766 * CVE-2021-46774 * CVE-2022-23820 * CVE-2022-23830 * CVE-2023-20519 * CVE-2023-20521 * CVE-2023-20526 * CVE-2023-20533 * CVE-2023-20566 * CVE-2023-20592 CVSS scores: * CVE-2021-26345 ( SUSE ): 1.6 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2021-26345 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46766 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2021-46766 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-46774 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L * CVE-2021-46774 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-23820 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2022-23820 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-23830 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2022-23830 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-20519 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-20519 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2023-20521 ( SUSE ): 3.3 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L * CVE-2023-20521 ( NVD ): 5.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2023-20526 ( SUSE ): 1.9 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-20526 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20533 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:H * CVE-2023-20533 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-20566 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N * CVE-2023-20566 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-20592 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N * CVE-2023-20592 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for kernel-firmware fixes the following issues: Update AMD ucode to 20231030 (bsc#1215831): * CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. * CVE-2021-46774: Insufficient input validation in ABL may enable a privileged attacker to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation. * CVE-2023-20533: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker using DMA to read/write from/to invalid DRAM address potentially resulting in denial-of-service. 0 CVE-2023-20519: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity. * CVE-2023-20566: Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. * CVE-2023-20521: TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. * CVE-2021-46766: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. * CVE-2022-23830: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity. * CVE-2023-20526: Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. * CVE-2021-26345: Failure to validate the value in APCB may allow an attacker with physical access to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service. * CVE-2023-20592: Issue with INVD instruction aka CacheWarpAttack (bsc#1215823). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4654=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4654=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4654=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4654=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4654=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4654=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4654=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4654=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4654=1 ## Package List: * openSUSE Leap 15.3 (noarch) * kernel-firmware-bnx2-20210208-150300.4.19.1 * kernel-firmware-nfp-20210208-150300.4.19.1 * kernel-firmware-atheros-20210208-150300.4.19.1 * kernel-firmware-sound-20210208-150300.4.19.1 * kernel-firmware-ti-20210208-150300.4.19.1 * kernel-firmware-network-20210208-150300.4.19.1 * kernel-firmware-iwlwifi-20210208-150300.4.19.1 * ucode-amd-20210208-150300.4.19.1 * kernel-firmware-bluetooth-20210208-150300.4.19.1 * kernel-firmware-platform-20210208-150300.4.19.1 * kernel-firmware-brcm-20210208-150300.4.19.1 * kernel-firmware-all-20210208-150300.4.19.1 * kernel-firmware-mediatek-20210208-150300.4.19.1 * kernel-firmware-prestera-20210208-150300.4.19.1 * kernel-firmware-ueagle-20210208-150300.4.19.1 * kernel-firmware-realtek-20210208-150300.4.19.1 * kernel-firmware-serial-20210208-150300.4.19.1 * kernel-firmware-20210208-150300.4.19.1 * kernel-firmware-amdgpu-20210208-150300.4.19.1 * kernel-firmware-dpaa2-20210208-150300.4.19.1 * kernel-firmware-qlogic-20210208-150300.4.19.1 * kernel-firmware-ath11k-20210208-150300.4.19.1 * kernel-firmware-usb-network-20210208-150300.4.19.1 * kernel-firmware-media-20210208-150300.4.19.1 * kernel-firmware-chelsio-20210208-150300.4.19.1 * kernel-firmware-marvell-20210208-150300.4.19.1 * kernel-firmware-mwifiex-20210208-150300.4.19.1 * kernel-firmware-nvidia-20210208-150300.4.19.1 * kernel-firmware-liquidio-20210208-150300.4.19.1 * kernel-firmware-mellanox-20210208-150300.4.19.1 * kernel-firmware-intel-20210208-150300.4.19.1 * kernel-firmware-i915-20210208-150300.4.19.1 * kernel-firmware-ath10k-20210208-150300.4.19.1 * kernel-firmware-radeon-20210208-150300.4.19.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * kernel-firmware-brcm-20210208-150300.4.19.1 * kernel-firmware-20210208-150300.4.19.1 * ucode-amd-20210208-150300.4.19.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * kernel-firmware-brcm-20210208-150300.4.19.1 * kernel-firmware-20210208-150300.4.19.1 * ucode-amd-20210208-150300.4.19.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * kernel-firmware-brcm-20210208-150300.4.19.1 * kernel-firmware-20210208-150300.4.19.1 * ucode-amd-20210208-150300.4.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * kernel-firmware-20210208-150300.4.19.1 * ucode-amd-20210208-150300.4.19.1 * SUSE Enterprise Storage 7.1 (noarch) * kernel-firmware-brcm-20210208-150300.4.19.1 * kernel-firmware-20210208-150300.4.19.1 * ucode-amd-20210208-150300.4.19.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * kernel-firmware-bnx2-20210208-150300.4.19.1 * kernel-firmware-nfp-20210208-150300.4.19.1 * kernel-firmware-atheros-20210208-150300.4.19.1 * kernel-firmware-sound-20210208-150300.4.19.1 * kernel-firmware-ti-20210208-150300.4.19.1 * kernel-firmware-network-20210208-150300.4.19.1 * kernel-firmware-iwlwifi-20210208-150300.4.19.1 * ucode-amd-20210208-150300.4.19.1 * kernel-firmware-bluetooth-20210208-150300.4.19.1 * kernel-firmware-platform-20210208-150300.4.19.1 * kernel-firmware-brcm-20210208-150300.4.19.1 * kernel-firmware-all-20210208-150300.4.19.1 * kernel-firmware-mediatek-20210208-150300.4.19.1 * kernel-firmware-prestera-20210208-150300.4.19.1 * kernel-firmware-ueagle-20210208-150300.4.19.1 * kernel-firmware-realtek-20210208-150300.4.19.1 * kernel-firmware-serial-20210208-150300.4.19.1 * kernel-firmware-amdgpu-20210208-150300.4.19.1 * kernel-firmware-dpaa2-20210208-150300.4.19.1 * kernel-firmware-qlogic-20210208-150300.4.19.1 * kernel-firmware-ath11k-20210208-150300.4.19.1 * kernel-firmware-usb-network-20210208-150300.4.19.1 * kernel-firmware-media-20210208-150300.4.19.1 * kernel-firmware-chelsio-20210208-150300.4.19.1 * kernel-firmware-marvell-20210208-150300.4.19.1 * kernel-firmware-mwifiex-20210208-150300.4.19.1 * kernel-firmware-nvidia-20210208-150300.4.19.1 * kernel-firmware-liquidio-20210208-150300.4.19.1 * kernel-firmware-mellanox-20210208-150300.4.19.1 * kernel-firmware-intel-20210208-150300.4.19.1 * kernel-firmware-i915-20210208-150300.4.19.1 * kernel-firmware-ath10k-20210208-150300.4.19.1 * kernel-firmware-radeon-20210208-150300.4.19.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * kernel-firmware-bnx2-20210208-150300.4.19.1 * kernel-firmware-nfp-20210208-150300.4.19.1 * kernel-firmware-atheros-20210208-150300.4.19.1 * kernel-firmware-sound-20210208-150300.4.19.1 * kernel-firmware-ti-20210208-150300.4.19.1 * kernel-firmware-network-20210208-150300.4.19.1 * kernel-firmware-iwlwifi-20210208-150300.4.19.1 * ucode-amd-20210208-150300.4.19.1 * kernel-firmware-bluetooth-20210208-150300.4.19.1 * kernel-firmware-platform-20210208-150300.4.19.1 * kernel-firmware-brcm-20210208-150300.4.19.1 * kernel-firmware-all-20210208-150300.4.19.1 * kernel-firmware-mediatek-20210208-150300.4.19.1 * kernel-firmware-prestera-20210208-150300.4.19.1 * kernel-firmware-ueagle-20210208-150300.4.19.1 * kernel-firmware-realtek-20210208-150300.4.19.1 * kernel-firmware-serial-20210208-150300.4.19.1 * kernel-firmware-amdgpu-20210208-150300.4.19.1 * kernel-firmware-dpaa2-20210208-150300.4.19.1 * kernel-firmware-qlogic-20210208-150300.4.19.1 * kernel-firmware-ath11k-20210208-150300.4.19.1 * kernel-firmware-usb-network-20210208-150300.4.19.1 * kernel-firmware-media-20210208-150300.4.19.1 * kernel-firmware-chelsio-20210208-150300.4.19.1 * kernel-firmware-marvell-20210208-150300.4.19.1 * kernel-firmware-mwifiex-20210208-150300.4.19.1 * kernel-firmware-nvidia-20210208-150300.4.19.1 * kernel-firmware-liquidio-20210208-150300.4.19.1 * kernel-firmware-mellanox-20210208-150300.4.19.1 * kernel-firmware-intel-20210208-150300.4.19.1 * kernel-firmware-i915-20210208-150300.4.19.1 * kernel-firmware-ath10k-20210208-150300.4.19.1 * kernel-firmware-radeon-20210208-150300.4.19.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * kernel-firmware-bnx2-20210208-150300.4.19.1 * kernel-firmware-nfp-20210208-150300.4.19.1 * kernel-firmware-atheros-20210208-150300.4.19.1 * kernel-firmware-sound-20210208-150300.4.19.1 * kernel-firmware-ti-20210208-150300.4.19.1 * kernel-firmware-network-20210208-150300.4.19.1 * kernel-firmware-iwlwifi-20210208-150300.4.19.1 * ucode-amd-20210208-150300.4.19.1 * kernel-firmware-bluetooth-20210208-150300.4.19.1 * kernel-firmware-platform-20210208-150300.4.19.1 * kernel-firmware-brcm-20210208-150300.4.19.1 * kernel-firmware-all-20210208-150300.4.19.1 * kernel-firmware-mediatek-20210208-150300.4.19.1 * kernel-firmware-prestera-20210208-150300.4.19.1 * kernel-firmware-ueagle-20210208-150300.4.19.1 * kernel-firmware-realtek-20210208-150300.4.19.1 * kernel-firmware-serial-20210208-150300.4.19.1 * kernel-firmware-amdgpu-20210208-150300.4.19.1 * kernel-firmware-dpaa2-20210208-150300.4.19.1 * kernel-firmware-qlogic-20210208-150300.4.19.1 * kernel-firmware-ath11k-20210208-150300.4.19.1 * kernel-firmware-usb-network-20210208-150300.4.19.1 * kernel-firmware-media-20210208-150300.4.19.1 * kernel-firmware-chelsio-20210208-150300.4.19.1 * kernel-firmware-marvell-20210208-150300.4.19.1 * kernel-firmware-mwifiex-20210208-150300.4.19.1 * kernel-firmware-nvidia-20210208-150300.4.19.1 * kernel-firmware-liquidio-20210208-150300.4.19.1 * kernel-firmware-mellanox-20210208-150300.4.19.1 * kernel-firmware-intel-20210208-150300.4.19.1 * kernel-firmware-i915-20210208-150300.4.19.1 * kernel-firmware-ath10k-20210208-150300.4.19.1 * kernel-firmware-radeon-20210208-150300.4.19.1 ## References: * https://www.suse.com/security/cve/CVE-2021-26345.html * https://www.suse.com/security/cve/CVE-2021-46766.html * https://www.suse.com/security/cve/CVE-2021-46774.html * https://www.suse.com/security/cve/CVE-2022-23820.html * https://www.suse.com/security/cve/CVE-2022-23830.html * https://www.suse.com/security/cve/CVE-2023-20519.html * https://www.suse.com/security/cve/CVE-2023-20521.html * https://www.suse.com/security/cve/CVE-2023-20526.html * https://www.suse.com/security/cve/CVE-2023-20533.html * https://www.suse.com/security/cve/CVE-2023-20566.html * https://www.suse.com/security/cve/CVE-2023-20592.html * https://bugzilla.suse.com/show_bug.cgi?id=1215823 * https://bugzilla.suse.com/show_bug.cgi?id=1215831 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 6 12:36:11 2023 From: null at suse.de (null at suse.de) Date: Wed, 06 Dec 2023 12:36:11 -0000 Subject: SUSE-SU-2023:4654-1: important: Security update for kernel-firmware Message-ID: <170186617123.8390.7533264354534902365@smelt2.prg2.suse.org> # Security update for kernel-firmware Announcement ID: SUSE-SU-2023:4654-1 Rating: important References: * bsc#1215823 * bsc#1215831 Cross-References: * CVE-2021-26345 * CVE-2021-46766 * CVE-2021-46774 * CVE-2022-23820 * CVE-2022-23830 * CVE-2023-20519 * CVE-2023-20521 * CVE-2023-20526 * CVE-2023-20533 * CVE-2023-20566 * CVE-2023-20592 CVSS scores: * CVE-2021-26345 ( SUSE ): 1.6 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2021-26345 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46766 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2021-46766 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-46774 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L * CVE-2021-46774 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-23820 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2022-23820 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-23830 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2022-23830 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-20519 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-20519 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2023-20521 ( SUSE ): 3.3 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L * CVE-2023-20521 ( NVD ): 5.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2023-20526 ( SUSE ): 1.9 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-20526 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20533 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:H * CVE-2023-20533 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-20566 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N * CVE-2023-20566 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-20592 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N * CVE-2023-20592 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for kernel-firmware fixes the following issues: Update AMD ucode to 20231030 (bsc#1215831): * CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. * CVE-2021-46774: Insufficient input validation in ABL may enable a privileged attacker to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation. * CVE-2023-20533: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker using DMA to read/write from/to invalid DRAM address potentially resulting in denial-of-service. 0 CVE-2023-20519: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity. * CVE-2023-20566: Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. * CVE-2023-20521: TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. * CVE-2021-46766: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. * CVE-2022-23830: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity. * CVE-2023-20526: Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. * CVE-2021-26345: Failure to validate the value in APCB may allow an attacker with physical access to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service. * CVE-2023-20592: Issue with INVD instruction aka CacheWarpAttack (bsc#1215823). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4654=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4654=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4654=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4654=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4654=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4654=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4654=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4654=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4654=1 ## Package List: * openSUSE Leap 15.3 (noarch) * kernel-firmware-bnx2-20210208-150300.4.19.1 * kernel-firmware-nfp-20210208-150300.4.19.1 * kernel-firmware-atheros-20210208-150300.4.19.1 * kernel-firmware-sound-20210208-150300.4.19.1 * kernel-firmware-ti-20210208-150300.4.19.1 * kernel-firmware-network-20210208-150300.4.19.1 * kernel-firmware-iwlwifi-20210208-150300.4.19.1 * ucode-amd-20210208-150300.4.19.1 * kernel-firmware-bluetooth-20210208-150300.4.19.1 * kernel-firmware-platform-20210208-150300.4.19.1 * kernel-firmware-brcm-20210208-150300.4.19.1 * kernel-firmware-all-20210208-150300.4.19.1 * kernel-firmware-mediatek-20210208-150300.4.19.1 * kernel-firmware-prestera-20210208-150300.4.19.1 * kernel-firmware-ueagle-20210208-150300.4.19.1 * kernel-firmware-realtek-20210208-150300.4.19.1 * kernel-firmware-serial-20210208-150300.4.19.1 * kernel-firmware-20210208-150300.4.19.1 * kernel-firmware-amdgpu-20210208-150300.4.19.1 * kernel-firmware-dpaa2-20210208-150300.4.19.1 * kernel-firmware-qlogic-20210208-150300.4.19.1 * kernel-firmware-ath11k-20210208-150300.4.19.1 * kernel-firmware-usb-network-20210208-150300.4.19.1 * kernel-firmware-media-20210208-150300.4.19.1 * kernel-firmware-chelsio-20210208-150300.4.19.1 * kernel-firmware-marvell-20210208-150300.4.19.1 * kernel-firmware-mwifiex-20210208-150300.4.19.1 * kernel-firmware-nvidia-20210208-150300.4.19.1 * kernel-firmware-liquidio-20210208-150300.4.19.1 * kernel-firmware-mellanox-20210208-150300.4.19.1 * kernel-firmware-intel-20210208-150300.4.19.1 * kernel-firmware-i915-20210208-150300.4.19.1 * kernel-firmware-ath10k-20210208-150300.4.19.1 * kernel-firmware-radeon-20210208-150300.4.19.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * kernel-firmware-brcm-20210208-150300.4.19.1 * kernel-firmware-20210208-150300.4.19.1 * ucode-amd-20210208-150300.4.19.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * kernel-firmware-brcm-20210208-150300.4.19.1 * kernel-firmware-20210208-150300.4.19.1 * ucode-amd-20210208-150300.4.19.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * kernel-firmware-brcm-20210208-150300.4.19.1 * kernel-firmware-20210208-150300.4.19.1 * ucode-amd-20210208-150300.4.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * kernel-firmware-20210208-150300.4.19.1 * ucode-amd-20210208-150300.4.19.1 * SUSE Enterprise Storage 7.1 (noarch) * kernel-firmware-brcm-20210208-150300.4.19.1 * kernel-firmware-20210208-150300.4.19.1 * ucode-amd-20210208-150300.4.19.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * kernel-firmware-bnx2-20210208-150300.4.19.1 * kernel-firmware-nfp-20210208-150300.4.19.1 * kernel-firmware-atheros-20210208-150300.4.19.1 * kernel-firmware-sound-20210208-150300.4.19.1 * kernel-firmware-ti-20210208-150300.4.19.1 * kernel-firmware-network-20210208-150300.4.19.1 * kernel-firmware-iwlwifi-20210208-150300.4.19.1 * ucode-amd-20210208-150300.4.19.1 * kernel-firmware-bluetooth-20210208-150300.4.19.1 * kernel-firmware-platform-20210208-150300.4.19.1 * kernel-firmware-brcm-20210208-150300.4.19.1 * kernel-firmware-all-20210208-150300.4.19.1 * kernel-firmware-mediatek-20210208-150300.4.19.1 * kernel-firmware-prestera-20210208-150300.4.19.1 * kernel-firmware-ueagle-20210208-150300.4.19.1 * kernel-firmware-realtek-20210208-150300.4.19.1 * kernel-firmware-serial-20210208-150300.4.19.1 * kernel-firmware-amdgpu-20210208-150300.4.19.1 * kernel-firmware-dpaa2-20210208-150300.4.19.1 * kernel-firmware-qlogic-20210208-150300.4.19.1 * kernel-firmware-ath11k-20210208-150300.4.19.1 * kernel-firmware-usb-network-20210208-150300.4.19.1 * kernel-firmware-media-20210208-150300.4.19.1 * kernel-firmware-chelsio-20210208-150300.4.19.1 * kernel-firmware-marvell-20210208-150300.4.19.1 * kernel-firmware-mwifiex-20210208-150300.4.19.1 * kernel-firmware-nvidia-20210208-150300.4.19.1 * kernel-firmware-liquidio-20210208-150300.4.19.1 * kernel-firmware-mellanox-20210208-150300.4.19.1 * kernel-firmware-intel-20210208-150300.4.19.1 * kernel-firmware-i915-20210208-150300.4.19.1 * kernel-firmware-ath10k-20210208-150300.4.19.1 * kernel-firmware-radeon-20210208-150300.4.19.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * kernel-firmware-bnx2-20210208-150300.4.19.1 * kernel-firmware-nfp-20210208-150300.4.19.1 * kernel-firmware-atheros-20210208-150300.4.19.1 * kernel-firmware-sound-20210208-150300.4.19.1 * kernel-firmware-ti-20210208-150300.4.19.1 * kernel-firmware-network-20210208-150300.4.19.1 * kernel-firmware-iwlwifi-20210208-150300.4.19.1 * ucode-amd-20210208-150300.4.19.1 * kernel-firmware-bluetooth-20210208-150300.4.19.1 * kernel-firmware-platform-20210208-150300.4.19.1 * kernel-firmware-brcm-20210208-150300.4.19.1 * kernel-firmware-all-20210208-150300.4.19.1 * kernel-firmware-mediatek-20210208-150300.4.19.1 * kernel-firmware-prestera-20210208-150300.4.19.1 * kernel-firmware-ueagle-20210208-150300.4.19.1 * kernel-firmware-realtek-20210208-150300.4.19.1 * kernel-firmware-serial-20210208-150300.4.19.1 * kernel-firmware-amdgpu-20210208-150300.4.19.1 * kernel-firmware-dpaa2-20210208-150300.4.19.1 * kernel-firmware-qlogic-20210208-150300.4.19.1 * kernel-firmware-ath11k-20210208-150300.4.19.1 * kernel-firmware-usb-network-20210208-150300.4.19.1 * kernel-firmware-media-20210208-150300.4.19.1 * kernel-firmware-chelsio-20210208-150300.4.19.1 * kernel-firmware-marvell-20210208-150300.4.19.1 * kernel-firmware-mwifiex-20210208-150300.4.19.1 * kernel-firmware-nvidia-20210208-150300.4.19.1 * kernel-firmware-liquidio-20210208-150300.4.19.1 * kernel-firmware-mellanox-20210208-150300.4.19.1 * kernel-firmware-intel-20210208-150300.4.19.1 * kernel-firmware-i915-20210208-150300.4.19.1 * kernel-firmware-ath10k-20210208-150300.4.19.1 * kernel-firmware-radeon-20210208-150300.4.19.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * kernel-firmware-bnx2-20210208-150300.4.19.1 * kernel-firmware-nfp-20210208-150300.4.19.1 * kernel-firmware-atheros-20210208-150300.4.19.1 * kernel-firmware-sound-20210208-150300.4.19.1 * kernel-firmware-ti-20210208-150300.4.19.1 * kernel-firmware-network-20210208-150300.4.19.1 * kernel-firmware-iwlwifi-20210208-150300.4.19.1 * ucode-amd-20210208-150300.4.19.1 * kernel-firmware-bluetooth-20210208-150300.4.19.1 * kernel-firmware-platform-20210208-150300.4.19.1 * kernel-firmware-brcm-20210208-150300.4.19.1 * kernel-firmware-all-20210208-150300.4.19.1 * kernel-firmware-mediatek-20210208-150300.4.19.1 * kernel-firmware-prestera-20210208-150300.4.19.1 * kernel-firmware-ueagle-20210208-150300.4.19.1 * kernel-firmware-realtek-20210208-150300.4.19.1 * kernel-firmware-serial-20210208-150300.4.19.1 * kernel-firmware-amdgpu-20210208-150300.4.19.1 * kernel-firmware-dpaa2-20210208-150300.4.19.1 * kernel-firmware-qlogic-20210208-150300.4.19.1 * kernel-firmware-ath11k-20210208-150300.4.19.1 * kernel-firmware-usb-network-20210208-150300.4.19.1 * kernel-firmware-media-20210208-150300.4.19.1 * kernel-firmware-chelsio-20210208-150300.4.19.1 * kernel-firmware-marvell-20210208-150300.4.19.1 * kernel-firmware-mwifiex-20210208-150300.4.19.1 * kernel-firmware-nvidia-20210208-150300.4.19.1 * kernel-firmware-liquidio-20210208-150300.4.19.1 * kernel-firmware-mellanox-20210208-150300.4.19.1 * kernel-firmware-intel-20210208-150300.4.19.1 * kernel-firmware-i915-20210208-150300.4.19.1 * kernel-firmware-ath10k-20210208-150300.4.19.1 * kernel-firmware-radeon-20210208-150300.4.19.1 ## References: * https://www.suse.com/security/cve/CVE-2021-26345.html * https://www.suse.com/security/cve/CVE-2021-46766.html * https://www.suse.com/security/cve/CVE-2021-46774.html * https://www.suse.com/security/cve/CVE-2022-23820.html * https://www.suse.com/security/cve/CVE-2022-23830.html * https://www.suse.com/security/cve/CVE-2023-20519.html * https://www.suse.com/security/cve/CVE-2023-20521.html * https://www.suse.com/security/cve/CVE-2023-20526.html * https://www.suse.com/security/cve/CVE-2023-20533.html * https://www.suse.com/security/cve/CVE-2023-20566.html * https://www.suse.com/security/cve/CVE-2023-20592.html * https://bugzilla.suse.com/show_bug.cgi?id=1215823 * https://bugzilla.suse.com/show_bug.cgi?id=1215831 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 6 16:30:04 2023 From: null at suse.de (null at suse.de) Date: Wed, 06 Dec 2023 16:30:04 -0000 Subject: SUSE-RU-2023:4675-1: moderate: Recommended update for yast2-auth-client Message-ID: <170188020445.28866.11928384220134182241@smelt2.prg2.suse.org> # Recommended update for yast2-auth-client Announcement ID: SUSE-RU-2023:4675-1 Rating: moderate References: * bsc#1215297 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one fix can now be installed. ## Description: This update for yast2-auth-client fixes the following issues: * Skip whitespace-only lines parsing krb5.conf (bsc#1215297) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4675=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4675=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4675=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * yast2-auth-client-3.3.21-3.6.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * yast2-auth-client-3.3.21-3.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * yast2-auth-client-3.3.21-3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215297 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 6 16:30:07 2023 From: null at suse.de (null at suse.de) Date: Wed, 06 Dec 2023 16:30:07 -0000 Subject: SUSE-RU-2023:4673-1: moderate: Recommended update for patterns-server-enterprise Message-ID: <170188020755.28866.11911887757003621101@smelt2.prg2.suse.org> # Recommended update for patterns-server-enterprise Announcement ID: SUSE-RU-2023:4673-1 Rating: moderate References: * bsc#1214811 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for patterns-server-enterprise fixes the following issue: * [aarch64] install system with all patterns, nothing provides 'sapconf' when installing 'sap_server'. (bsc#1214811) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4673=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4673=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4673=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4673=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4673=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4673=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4673=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4673=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4673=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4673=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4673=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4673=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4673=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4673=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4673=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4673=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4673=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4673=1 ## Package List: * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * patterns-server-enterprise-oracle_server-32bit-20171206-150100.12.9.1 * Server Applications Module 15-SP4 (ppc64le x86_64) * patterns-server-enterprise-sap_server-20230902-150100.12.9.1 * patterns-server-enterprise-sap_server-32bit-20171206-150100.12.9.1 * Server Applications Module 15-SP4 (s390x) * patterns-server-enterprise-hwcrypto-20171206-150100.12.9.1 * Server Applications Module 15-SP4 (s390x x86_64) * patterns-server-enterprise-oracle_server-20171206-150100.12.9.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * patterns-server-enterprise-oracle_server-32bit-20171206-150100.12.9.1 * Server Applications Module 15-SP5 (ppc64le x86_64) * patterns-server-enterprise-sap_server-20230902-150100.12.9.1 * patterns-server-enterprise-sap_server-32bit-20171206-150100.12.9.1 * Server Applications Module 15-SP5 (s390x) * patterns-server-enterprise-hwcrypto-20171206-150100.12.9.1 * Server Applications Module 15-SP5 (s390x x86_64) * patterns-server-enterprise-oracle_server-20171206-150100.12.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * patterns-server-enterprise-oracle_server-32bit-20171206-150100.12.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * patterns-server-enterprise-sap_server-20230902-150100.12.9.1 * patterns-server-enterprise-sap_server-32bit-20171206-150100.12.9.1 * patterns-server-enterprise-oracle_server-20171206-150100.12.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * patterns-server-enterprise-oracle_server-32bit-20171206-150100.12.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * patterns-server-enterprise-sap_server-20230902-150100.12.9.1 * patterns-server-enterprise-sap_server-32bit-20171206-150100.12.9.1 * patterns-server-enterprise-oracle_server-20171206-150100.12.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * patterns-server-enterprise-oracle_server-32bit-20171206-150100.12.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * patterns-server-enterprise-sap_server-20230902-150100.12.9.1 * patterns-server-enterprise-sap_server-32bit-20171206-150100.12.9.1 * patterns-server-enterprise-oracle_server-20171206-150100.12.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * patterns-server-enterprise-oracle_server-32bit-20171206-150100.12.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * patterns-server-enterprise-sap_server-20230902-150100.12.9.1 * patterns-server-enterprise-sap_server-32bit-20171206-150100.12.9.1 * patterns-server-enterprise-oracle_server-20171206-150100.12.9.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * patterns-server-enterprise-oracle_server-32bit-20171206-150100.12.9.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (ppc64le x86_64) * patterns-server-enterprise-sap_server-20230902-150100.12.9.1 * patterns-server-enterprise-sap_server-32bit-20171206-150100.12.9.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x) * patterns-server-enterprise-hwcrypto-20171206-150100.12.9.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x x86_64) * patterns-server-enterprise-oracle_server-20171206-150100.12.9.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * patterns-server-enterprise-oracle_server-32bit-20171206-150100.12.9.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (ppc64le x86_64) * patterns-server-enterprise-sap_server-20230902-150100.12.9.1 * patterns-server-enterprise-sap_server-32bit-20171206-150100.12.9.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (s390x) * patterns-server-enterprise-hwcrypto-20171206-150100.12.9.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (s390x x86_64) * patterns-server-enterprise-oracle_server-20171206-150100.12.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * patterns-server-enterprise-oracle_server-32bit-20171206-150100.12.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le x86_64) * patterns-server-enterprise-sap_server-20230902-150100.12.9.1 * patterns-server-enterprise-sap_server-32bit-20171206-150100.12.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * patterns-server-enterprise-hwcrypto-20171206-150100.12.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * patterns-server-enterprise-oracle_server-20171206-150100.12.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * patterns-server-enterprise-sap_server-20230902-150100.12.9.1 * patterns-server-enterprise-oracle_server-32bit-20171206-150100.12.9.1 * patterns-server-enterprise-sap_server-32bit-20171206-150100.12.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * patterns-server-enterprise-oracle_server-20171206-150100.12.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * patterns-server-enterprise-sap_server-20230902-150100.12.9.1 * patterns-server-enterprise-oracle_server-32bit-20171206-150100.12.9.1 * patterns-server-enterprise-sap_server-32bit-20171206-150100.12.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * patterns-server-enterprise-oracle_server-20171206-150100.12.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * patterns-server-enterprise-sap_server-20230902-150100.12.9.1 * patterns-server-enterprise-oracle_server-32bit-20171206-150100.12.9.1 * patterns-server-enterprise-sap_server-32bit-20171206-150100.12.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * patterns-server-enterprise-oracle_server-20171206-150100.12.9.1 * SUSE Manager Proxy 4.2 (x86_64) * patterns-server-enterprise-sap_server-20230902-150100.12.9.1 * patterns-server-enterprise-sap_server-32bit-20171206-150100.12.9.1 * patterns-server-enterprise-oracle_server-32bit-20171206-150100.12.9.1 * patterns-server-enterprise-oracle_server-20171206-150100.12.9.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * patterns-server-enterprise-sap_server-20230902-150100.12.9.1 * patterns-server-enterprise-sap_server-32bit-20171206-150100.12.9.1 * patterns-server-enterprise-oracle_server-32bit-20171206-150100.12.9.1 * patterns-server-enterprise-oracle_server-20171206-150100.12.9.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * patterns-server-enterprise-oracle_server-32bit-20171206-150100.12.9.1 * SUSE Manager Server 4.2 (ppc64le x86_64) * patterns-server-enterprise-sap_server-20230902-150100.12.9.1 * patterns-server-enterprise-sap_server-32bit-20171206-150100.12.9.1 * SUSE Manager Server 4.2 (s390x) * patterns-server-enterprise-hwcrypto-20171206-150100.12.9.1 * SUSE Manager Server 4.2 (x86_64) * patterns-server-enterprise-oracle_server-20171206-150100.12.9.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * patterns-server-enterprise-oracle_server-32bit-20171206-150100.12.9.1 * SUSE Enterprise Storage 7.1 (x86_64) * patterns-server-enterprise-sap_server-20230902-150100.12.9.1 * patterns-server-enterprise-sap_server-32bit-20171206-150100.12.9.1 * patterns-server-enterprise-oracle_server-20171206-150100.12.9.1 * SUSE CaaS Platform 4.0 (x86_64) * patterns-server-enterprise-sap_server-20230902-150100.12.9.1 * patterns-server-enterprise-sap_server-32bit-20171206-150100.12.9.1 * patterns-server-enterprise-oracle_server-32bit-20171206-150100.12.9.1 * patterns-server-enterprise-oracle_server-20171206-150100.12.9.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * patterns-server-enterprise-oracle_server-32bit-20171206-150100.12.9.1 * patterns-server-enterprise-oracle_server-20171206-150100.12.9.1 * openSUSE Leap 15.4 (ppc64le x86_64) * patterns-server-enterprise-sap_server-20230902-150100.12.9.1 * patterns-server-enterprise-sap_server-32bit-20171206-150100.12.9.1 * openSUSE Leap 15.4 (s390x) * patterns-server-enterprise-hwcrypto-20171206-150100.12.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * patterns-server-enterprise-oracle_server-32bit-20171206-150100.12.9.1 * patterns-server-enterprise-oracle_server-20171206-150100.12.9.1 * openSUSE Leap 15.5 (ppc64le x86_64) * patterns-server-enterprise-sap_server-20230902-150100.12.9.1 * patterns-server-enterprise-sap_server-32bit-20171206-150100.12.9.1 * openSUSE Leap 15.5 (s390x) * patterns-server-enterprise-hwcrypto-20171206-150100.12.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214811 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 6 16:30:14 2023 From: null at suse.de (null at suse.de) Date: Wed, 06 Dec 2023 16:30:14 -0000 Subject: SUSE-SU-2023:4672-1: important: Security update for suse-build-key Message-ID: <170188021472.28866.9289228179552895199@smelt2.prg2.suse.org> # Security update for suse-build-key Announcement ID: SUSE-SU-2023:4672-1 Rating: important References: * bsc#1216410 * bsc#1217215 * jsc#PED-2777 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature and has two security fixes can now be installed. ## Description: This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). \- suse-build-key- import.service \- suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4672=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4672=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4672=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4672=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4672=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4672=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4672=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4672=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4672=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4672=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4672=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4672=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4672=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4672=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4672=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4672=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4672=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4672=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4672=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4672=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4672=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4672=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4672=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4672=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4672=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * suse-build-key-12.0-150000.8.37.1 * openSUSE Leap Micro 5.4 (noarch) * suse-build-key-12.0-150000.8.37.1 * openSUSE Leap 15.4 (noarch) * suse-build-key-12.0-150000.8.37.1 * openSUSE Leap 15.5 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * suse-build-key-12.0-150000.8.37.1 * Basesystem Module 15-SP4 (noarch) * suse-build-key-12.0-150000.8.37.1 * Basesystem Module 15-SP5 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Enterprise Storage 7.1 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE CaaS Platform 4.0 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * suse-build-key-12.0-150000.8.37.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216410 * https://bugzilla.suse.com/show_bug.cgi?id=1217215 * https://jira.suse.com/browse/PED-2777 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 6 16:30:21 2023 From: null at suse.de (null at suse.de) Date: Wed, 06 Dec 2023 16:30:21 -0000 Subject: SUSE-RU-2023:4668-1: critical: Recommended update for regionServiceClientConfigEC2 Message-ID: <170188022118.28866.15810767814188623014@smelt2.prg2.suse.org> # Recommended update for regionServiceClientConfigEC2 Announcement ID: SUSE-RU-2023:4668-1 Rating: critical References: * bsc#1217536 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for regionServiceClientConfigEC2 fixes the following issue: * Update to version 4.1.1 (bsc#1217536) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4668=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4668=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4668=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4668=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4668=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4668=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4668=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4668=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4668=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-4668=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-4668=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-4668=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4668=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4668=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * regionServiceClientConfigEC2-4.1.1-150000.3.27.1 * openSUSE Leap Micro 5.4 (noarch) * regionServiceClientConfigEC2-4.1.1-150000.3.27.1 * openSUSE Leap 15.4 (noarch) * regionServiceClientConfigEC2-4.1.1-150000.3.27.1 * openSUSE Leap 15.5 (noarch) * regionServiceClientConfigEC2-4.1.1-150000.3.27.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * regionServiceClientConfigEC2-4.1.1-150000.3.27.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * regionServiceClientConfigEC2-4.1.1-150000.3.27.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * regionServiceClientConfigEC2-4.1.1-150000.3.27.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * regionServiceClientConfigEC2-4.1.1-150000.3.27.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * regionServiceClientConfigEC2-4.1.1-150000.3.27.1 * Public Cloud Module 15-SP1 (noarch) * regionServiceClientConfigEC2-4.1.1-150000.3.27.1 * Public Cloud Module 15-SP2 (noarch) * regionServiceClientConfigEC2-4.1.1-150000.3.27.1 * Public Cloud Module 15-SP3 (noarch) * regionServiceClientConfigEC2-4.1.1-150000.3.27.1 * Public Cloud Module 15-SP4 (noarch) * regionServiceClientConfigEC2-4.1.1-150000.3.27.1 * Public Cloud Module 15-SP5 (noarch) * regionServiceClientConfigEC2-4.1.1-150000.3.27.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1217536 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 6 16:30:24 2023 From: null at suse.de (null at suse.de) Date: Wed, 06 Dec 2023 16:30:24 -0000 Subject: SUSE-SU-2023:4666-1: important: Security update for openvswitch Message-ID: <170188022421.28866.6303763303609322557@smelt2.prg2.suse.org> # Security update for openvswitch Announcement ID: SUSE-SU-2023:4666-1 Rating: important References: * bsc#1216002 Cross-References: * CVE-2023-5366 CVSS scores: * CVE-2023-5366 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-5366 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2023-5366: Fixed missing masks on a final stage with ports trie (bsc#1216002). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4666=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4666=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4666=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4666=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libopenvswitch-2_13-0-debuginfo-2.13.2-150200.9.28.1 * libovn-20_03-0-20.03.1-150200.9.28.1 * libovn-20_03-0-debuginfo-20.03.1-150200.9.28.1 * libopenvswitch-2_13-0-2.13.2-150200.9.28.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libopenvswitch-2_13-0-debuginfo-2.13.2-150200.9.28.1 * openvswitch-debuginfo-2.13.2-150200.9.28.1 * ovn-docker-20.03.1-150200.9.28.1 * openvswitch-test-debuginfo-2.13.2-150200.9.28.1 * libovn-20_03-0-20.03.1-150200.9.28.1 * ovn-20.03.1-150200.9.28.1 * ovn-host-20.03.1-150200.9.28.1 * python3-ovs-2.13.2-150200.9.28.1 * openvswitch-test-2.13.2-150200.9.28.1 * openvswitch-2.13.2-150200.9.28.1 * openvswitch-devel-2.13.2-150200.9.28.1 * openvswitch-vtep-debuginfo-2.13.2-150200.9.28.1 * libovn-20_03-0-debuginfo-20.03.1-150200.9.28.1 * openvswitch-debugsource-2.13.2-150200.9.28.1 * ovn-central-20.03.1-150200.9.28.1 * openvswitch-ipsec-2.13.2-150200.9.28.1 * openvswitch-vtep-2.13.2-150200.9.28.1 * ovn-devel-20.03.1-150200.9.28.1 * libopenvswitch-2_13-0-2.13.2-150200.9.28.1 * openvswitch-pki-2.13.2-150200.9.28.1 * ovn-vtep-20.03.1-150200.9.28.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libopenvswitch-2_13-0-debuginfo-2.13.2-150200.9.28.1 * openvswitch-debuginfo-2.13.2-150200.9.28.1 * ovn-docker-20.03.1-150200.9.28.1 * openvswitch-test-debuginfo-2.13.2-150200.9.28.1 * libovn-20_03-0-20.03.1-150200.9.28.1 * ovn-20.03.1-150200.9.28.1 * ovn-host-20.03.1-150200.9.28.1 * python3-ovs-2.13.2-150200.9.28.1 * openvswitch-test-2.13.2-150200.9.28.1 * openvswitch-2.13.2-150200.9.28.1 * openvswitch-devel-2.13.2-150200.9.28.1 * openvswitch-vtep-debuginfo-2.13.2-150200.9.28.1 * libovn-20_03-0-debuginfo-20.03.1-150200.9.28.1 * openvswitch-debugsource-2.13.2-150200.9.28.1 * ovn-central-20.03.1-150200.9.28.1 * openvswitch-ipsec-2.13.2-150200.9.28.1 * openvswitch-vtep-2.13.2-150200.9.28.1 * ovn-devel-20.03.1-150200.9.28.1 * libopenvswitch-2_13-0-2.13.2-150200.9.28.1 * openvswitch-pki-2.13.2-150200.9.28.1 * ovn-vtep-20.03.1-150200.9.28.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libopenvswitch-2_13-0-debuginfo-2.13.2-150200.9.28.1 * openvswitch-debuginfo-2.13.2-150200.9.28.1 * ovn-docker-20.03.1-150200.9.28.1 * openvswitch-test-debuginfo-2.13.2-150200.9.28.1 * libovn-20_03-0-20.03.1-150200.9.28.1 * ovn-20.03.1-150200.9.28.1 * ovn-host-20.03.1-150200.9.28.1 * python3-ovs-2.13.2-150200.9.28.1 * openvswitch-test-2.13.2-150200.9.28.1 * openvswitch-2.13.2-150200.9.28.1 * openvswitch-devel-2.13.2-150200.9.28.1 * openvswitch-vtep-debuginfo-2.13.2-150200.9.28.1 * libovn-20_03-0-debuginfo-20.03.1-150200.9.28.1 * openvswitch-debugsource-2.13.2-150200.9.28.1 * ovn-central-20.03.1-150200.9.28.1 * openvswitch-ipsec-2.13.2-150200.9.28.1 * openvswitch-vtep-2.13.2-150200.9.28.1 * ovn-devel-20.03.1-150200.9.28.1 * libopenvswitch-2_13-0-2.13.2-150200.9.28.1 * openvswitch-pki-2.13.2-150200.9.28.1 * ovn-vtep-20.03.1-150200.9.28.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5366.html * https://bugzilla.suse.com/show_bug.cgi?id=1216002 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 6 16:30:26 2023 From: null at suse.de (null at suse.de) Date: Wed, 06 Dec 2023 16:30:26 -0000 Subject: SUSE-SU-2023:4665-1: important: Security update for kernel-firmware Message-ID: <170188022649.28866.8924946962957271998@smelt2.prg2.suse.org> # Security update for kernel-firmware Announcement ID: SUSE-SU-2023:4665-1 Rating: important References: * bsc#1215823 * bsc#1215831 Cross-References: * CVE-2021-26345 * CVE-2021-46766 * CVE-2021-46774 * CVE-2022-23820 * CVE-2022-23830 * CVE-2023-20519 * CVE-2023-20521 * CVE-2023-20526 * CVE-2023-20533 * CVE-2023-20566 * CVE-2023-20592 CVSS scores: * CVE-2021-26345 ( SUSE ): 1.6 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2021-26345 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46766 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2021-46766 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-46774 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L * CVE-2021-46774 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-23820 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2022-23820 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-23830 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2022-23830 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-20519 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-20519 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2023-20521 ( SUSE ): 3.3 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L * CVE-2023-20521 ( NVD ): 5.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2023-20526 ( SUSE ): 1.9 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-20526 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20533 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:H * CVE-2023-20533 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-20566 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N * CVE-2023-20566 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-20592 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N * CVE-2023-20592 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for kernel-firmware fixes the following issues: Update AMD ucode to 20231030 (bsc#1215831): * CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. * CVE-2021-46774: Insufficient input validation in ABL may enable a privileged attacker to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation. * CVE-2023-20533: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker using DMA to read/write from/to invalid DRAM address potentially resulting in denial-of-service. 0 CVE-2023-20519: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity. * CVE-2023-20566: Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. * CVE-2023-20521: TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. * CVE-2021-46766: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. * CVE-2022-23830: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity. * CVE-2023-20526: Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. * CVE-2021-26345: Failure to validate the value in APCB may allow an attacker with physical access to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service. * CVE-2023-20592: Issue with INVD instruction aka CacheWarpAttack (bsc#1215823). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4665=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4665=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4665=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4665=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4665=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4665=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * ucode-amd-20200107-150100.3.40.1 * kernel-firmware-20200107-150100.3.40.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * ucode-amd-20200107-150100.3.40.1 * kernel-firmware-20200107-150100.3.40.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * ucode-amd-20200107-150100.3.40.1 * kernel-firmware-20200107-150100.3.40.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * ucode-amd-20200107-150100.3.40.1 * kernel-firmware-20200107-150100.3.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * ucode-amd-20200107-150100.3.40.1 * kernel-firmware-20200107-150100.3.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * ucode-amd-20200107-150100.3.40.1 * kernel-firmware-20200107-150100.3.40.1 * SUSE CaaS Platform 4.0 (noarch) * ucode-amd-20200107-150100.3.40.1 * kernel-firmware-20200107-150100.3.40.1 ## References: * https://www.suse.com/security/cve/CVE-2021-26345.html * https://www.suse.com/security/cve/CVE-2021-46766.html * https://www.suse.com/security/cve/CVE-2021-46774.html * https://www.suse.com/security/cve/CVE-2022-23820.html * https://www.suse.com/security/cve/CVE-2022-23830.html * https://www.suse.com/security/cve/CVE-2023-20519.html * https://www.suse.com/security/cve/CVE-2023-20521.html * https://www.suse.com/security/cve/CVE-2023-20526.html * https://www.suse.com/security/cve/CVE-2023-20533.html * https://www.suse.com/security/cve/CVE-2023-20566.html * https://www.suse.com/security/cve/CVE-2023-20592.html * https://bugzilla.suse.com/show_bug.cgi?id=1215823 * https://bugzilla.suse.com/show_bug.cgi?id=1215831 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 6 16:30:31 2023 From: null at suse.de (null at suse.de) Date: Wed, 06 Dec 2023 16:30:31 -0000 Subject: SUSE-SU-2023:4663-1: important: Security update for frr Message-ID: <170188023180.28866.11073305597244874546@smelt2.prg2.suse.org> # Security update for frr Announcement ID: SUSE-SU-2023:4663-1 Rating: important References: * bsc#1216896 * bsc#1216897 * bsc#1216899 * bsc#1216900 Cross-References: * CVE-2023-38406 * CVE-2023-38407 * CVE-2023-47234 * CVE-2023-47235 CVSS scores: * CVE-2023-38406 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38406 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-38407 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38407 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-47234 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-47234 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-47235 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-47235 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for frr fixes the following issues: * CVE-2023-47235: Fixed denial of service caused by malformed BGP UPDATE message with an EOR is processed (bsc#1216896). * CVE-2023-47234: Fixed denial of service caused by crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute (bsc#1216897). * CVE-2023-38407: Fixed read beyond the end of the stream during labeled unicast parsing (bsc#1216899). * CVE-2023-38406: Fixed mishandling of nlri length of zero, aka a "flowspec overflow (bsc#1216900). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4663=1 openSUSE-SLE-15.5-2023-4663=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4663=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * frr-debugsource-8.4-150500.4.15.1 * libfrr0-debuginfo-8.4-150500.4.15.1 * libfrrsnmp0-debuginfo-8.4-150500.4.15.1 * libfrrcares0-8.4-150500.4.15.1 * libfrrfpm_pb0-8.4-150500.4.15.1 * frr-debuginfo-8.4-150500.4.15.1 * libfrrospfapiclient0-8.4-150500.4.15.1 * libmlag_pb0-8.4-150500.4.15.1 * frr-devel-8.4-150500.4.15.1 * libfrrsnmp0-8.4-150500.4.15.1 * libfrr_pb0-debuginfo-8.4-150500.4.15.1 * libmlag_pb0-debuginfo-8.4-150500.4.15.1 * libfrr0-8.4-150500.4.15.1 * libfrr_pb0-8.4-150500.4.15.1 * libfrrcares0-debuginfo-8.4-150500.4.15.1 * libfrrzmq0-debuginfo-8.4-150500.4.15.1 * frr-8.4-150500.4.15.1 * libfrrospfapiclient0-debuginfo-8.4-150500.4.15.1 * libfrrzmq0-8.4-150500.4.15.1 * libfrrfpm_pb0-debuginfo-8.4-150500.4.15.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * frr-debugsource-8.4-150500.4.15.1 * libfrr0-debuginfo-8.4-150500.4.15.1 * libfrrsnmp0-debuginfo-8.4-150500.4.15.1 * libfrrcares0-8.4-150500.4.15.1 * libfrrfpm_pb0-8.4-150500.4.15.1 * frr-debuginfo-8.4-150500.4.15.1 * libfrrospfapiclient0-8.4-150500.4.15.1 * libmlag_pb0-8.4-150500.4.15.1 * frr-devel-8.4-150500.4.15.1 * libfrrsnmp0-8.4-150500.4.15.1 * libfrr_pb0-debuginfo-8.4-150500.4.15.1 * libmlag_pb0-debuginfo-8.4-150500.4.15.1 * libfrr0-8.4-150500.4.15.1 * libfrr_pb0-8.4-150500.4.15.1 * libfrrcares0-debuginfo-8.4-150500.4.15.1 * libfrrzmq0-debuginfo-8.4-150500.4.15.1 * frr-8.4-150500.4.15.1 * libfrrospfapiclient0-debuginfo-8.4-150500.4.15.1 * libfrrzmq0-8.4-150500.4.15.1 * libfrrfpm_pb0-debuginfo-8.4-150500.4.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38406.html * https://www.suse.com/security/cve/CVE-2023-38407.html * https://www.suse.com/security/cve/CVE-2023-47234.html * https://www.suse.com/security/cve/CVE-2023-47235.html * https://bugzilla.suse.com/show_bug.cgi?id=1216896 * https://bugzilla.suse.com/show_bug.cgi?id=1216897 * https://bugzilla.suse.com/show_bug.cgi?id=1216899 * https://bugzilla.suse.com/show_bug.cgi?id=1216900 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 6 16:30:34 2023 From: null at suse.de (null at suse.de) Date: Wed, 06 Dec 2023 16:30:34 -0000 Subject: SUSE-SU-2023:4662-1: important: Security update for qemu Message-ID: <170188023445.28866.17347005733598959381@smelt2.prg2.suse.org> # Security update for qemu Announcement ID: SUSE-SU-2023:4662-1 Rating: important References: * bsc#1188609 * bsc#1212850 * bsc#1213210 * bsc#1213925 * bsc#1215311 Cross-References: * CVE-2021-3638 * CVE-2023-3180 * CVE-2023-3354 CVSS scores: * CVE-2021-3638 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L * CVE-2021-3638 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-3180 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-3180 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-3354 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3354 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for qemu fixes the following issues: * CVE-2021-3638: hw/display/ati_2d: Fix buffer overflow in ati_2d_blt (bsc#1188609) * CVE-2023-3180: virtio-crypto: verify src and dst buffer length for sym request (bsc#1213925) * CVE-2023-3354: io: remove io watch if TLS channel is closed during handshake (bsc#1212850) * [openSUSE] roms/ipxe: Backport 0aa2e4ec9635, in preparation of binutils 2.41 (bsc#1215311) * target/s390x: Fix the "ignored match" case in VSTRS (bsc#1213210) * linux-user/elfload: Enable vxe2 on s390x (bsc#1213210) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4662=1 openSUSE-SLE-15.5-2023-4662=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4662=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4662=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4662=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * qemu-block-ssh-debuginfo-7.1.0-150500.49.9.2 * qemu-ui-curses-debuginfo-7.1.0-150500.49.9.2 * qemu-block-ssh-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-gpu-7.1.0-150500.49.9.2 * qemu-debugsource-7.1.0-150500.49.9.2 * qemu-accel-qtest-debuginfo-7.1.0-150500.49.9.2 * qemu-arm-debuginfo-7.1.0-150500.49.9.2 * qemu-arm-7.1.0-150500.49.9.2 * qemu-hw-usb-smartcard-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.9.2 * qemu-chardev-spice-debuginfo-7.1.0-150500.49.9.2 * qemu-7.1.0-150500.49.9.2 * qemu-ui-spice-app-debuginfo-7.1.0-150500.49.9.2 * qemu-ui-gtk-7.1.0-150500.49.9.2 * qemu-ksm-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.9.2 * qemu-block-curl-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-vga-7.1.0-150500.49.9.2 * qemu-audio-pa-debuginfo-7.1.0-150500.49.9.2 * qemu-vhost-user-gpu-debuginfo-7.1.0-150500.49.9.2 * qemu-audio-alsa-7.1.0-150500.49.9.2 * qemu-guest-agent-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-display-qxl-7.1.0-150500.49.9.2 * qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.9.2 * qemu-block-iscsi-debuginfo-7.1.0-150500.49.9.2 * qemu-tools-debuginfo-7.1.0-150500.49.9.2 * qemu-chardev-baum-7.1.0-150500.49.9.2 * qemu-linux-user-7.1.0-150500.49.9.1 * qemu-tools-7.1.0-150500.49.9.2 * qemu-ui-curses-7.1.0-150500.49.9.2 * qemu-ui-gtk-debuginfo-7.1.0-150500.49.9.2 * qemu-ivshmem-tools-debuginfo-7.1.0-150500.49.9.2 * qemu-ui-opengl-7.1.0-150500.49.9.2 * qemu-audio-oss-7.1.0-150500.49.9.2 * qemu-audio-spice-7.1.0-150500.49.9.2 * qemu-block-dmg-7.1.0-150500.49.9.2 * qemu-ui-opengl-debuginfo-7.1.0-150500.49.9.2 * qemu-linux-user-debugsource-7.1.0-150500.49.9.1 * qemu-ui-spice-core-7.1.0-150500.49.9.2 * qemu-audio-spice-debuginfo-7.1.0-150500.49.9.2 * qemu-extra-debuginfo-7.1.0-150500.49.9.2 * qemu-s390x-7.1.0-150500.49.9.2 * qemu-lang-7.1.0-150500.49.9.2 * qemu-audio-dbus-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-usb-smartcard-7.1.0-150500.49.9.2 * qemu-hw-usb-host-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-gpu-pci-debuginfo-7.1.0-150500.49.9.2 * qemu-audio-pa-7.1.0-150500.49.9.2 * qemu-x86-7.1.0-150500.49.9.2 * qemu-chardev-baum-debuginfo-7.1.0-150500.49.9.2 * qemu-audio-alsa-debuginfo-7.1.0-150500.49.9.2 * qemu-audio-oss-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-s390x-virtio-gpu-ccw-7.1.0-150500.49.9.2 * qemu-audio-dbus-7.1.0-150500.49.9.2 * qemu-block-gluster-debuginfo-7.1.0-150500.49.9.2 * qemu-block-gluster-7.1.0-150500.49.9.2 * qemu-accel-tcg-x86-7.1.0-150500.49.9.2 * qemu-hw-usb-host-7.1.0-150500.49.9.2 * qemu-x86-debuginfo-7.1.0-150500.49.9.2 * qemu-guest-agent-7.1.0-150500.49.9.2 * qemu-block-iscsi-7.1.0-150500.49.9.2 * qemu-block-dmg-debuginfo-7.1.0-150500.49.9.2 * qemu-audio-jack-7.1.0-150500.49.9.2 * qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.9.2 * qemu-ppc-debuginfo-7.1.0-150500.49.9.2 * qemu-vhost-user-gpu-7.1.0-150500.49.9.2 * qemu-audio-jack-debuginfo-7.1.0-150500.49.9.2 * qemu-headless-7.1.0-150500.49.9.2 * qemu-extra-7.1.0-150500.49.9.2 * qemu-ui-dbus-7.1.0-150500.49.9.2 * qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.9.2 * qemu-ivshmem-tools-7.1.0-150500.49.9.2 * qemu-ppc-7.1.0-150500.49.9.2 * qemu-block-nfs-debuginfo-7.1.0-150500.49.9.2 * qemu-block-nfs-7.1.0-150500.49.9.2 * qemu-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-usb-redirect-7.1.0-150500.49.9.2 * qemu-s390x-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.9.2 * qemu-chardev-spice-7.1.0-150500.49.9.2 * qemu-accel-qtest-7.1.0-150500.49.9.2 * qemu-ui-dbus-debuginfo-7.1.0-150500.49.9.2 * qemu-linux-user-debuginfo-7.1.0-150500.49.9.1 * qemu-ui-spice-core-debuginfo-7.1.0-150500.49.9.2 * qemu-block-curl-7.1.0-150500.49.9.2 * qemu-ui-spice-app-7.1.0-150500.49.9.2 * openSUSE Leap 15.5 (s390x x86_64 i586) * qemu-kvm-7.1.0-150500.49.9.2 * openSUSE Leap 15.5 (noarch) * qemu-SLOF-7.1.0-150500.49.9.2 * qemu-ipxe-1.0.0+-150500.49.9.2 * qemu-vgabios-1.16.0_0_gd239552-150500.49.9.2 * qemu-skiboot-7.1.0-150500.49.9.2 * qemu-microvm-7.1.0-150500.49.9.2 * qemu-seabios-1.16.0_0_gd239552-150500.49.9.2 * qemu-sgabios-8-150500.49.9.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * qemu-block-rbd-7.1.0-150500.49.9.2 * qemu-block-rbd-debuginfo-7.1.0-150500.49.9.2 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-gpu-7.1.0-150500.49.9.2 * qemu-tools-debuginfo-7.1.0-150500.49.9.2 * qemu-debugsource-7.1.0-150500.49.9.2 * qemu-debuginfo-7.1.0-150500.49.9.2 * qemu-tools-7.1.0-150500.49.9.2 * qemu-hw-usb-redirect-7.1.0-150500.49.9.2 * qemu-chardev-spice-debuginfo-7.1.0-150500.49.9.2 * qemu-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.9.2 * qemu-chardev-spice-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.9.2 * qemu-guest-agent-7.1.0-150500.49.9.2 * qemu-ui-opengl-7.1.0-150500.49.9.2 * qemu-block-curl-debuginfo-7.1.0-150500.49.9.2 * qemu-audio-spice-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-vga-7.1.0-150500.49.9.2 * qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.9.2 * qemu-ui-spice-core-debuginfo-7.1.0-150500.49.9.2 * qemu-block-curl-7.1.0-150500.49.9.2 * qemu-guest-agent-debuginfo-7.1.0-150500.49.9.2 * qemu-ui-opengl-debuginfo-7.1.0-150500.49.9.2 * qemu-ui-spice-core-7.1.0-150500.49.9.2 * qemu-audio-spice-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-display-qxl-7.1.0-150500.49.9.2 * SUSE Linux Enterprise Micro 5.5 (aarch64) * qemu-arm-7.1.0-150500.49.9.2 * qemu-arm-debuginfo-7.1.0-150500.49.9.2 * SUSE Linux Enterprise Micro 5.5 (noarch) * qemu-seabios-1.16.0_0_gd239552-150500.49.9.2 * qemu-ipxe-1.0.0+-150500.49.9.2 * qemu-vgabios-1.16.0_0_gd239552-150500.49.9.2 * qemu-sgabios-8-150500.49.9.2 * SUSE Linux Enterprise Micro 5.5 (s390x) * qemu-s390x-7.1.0-150500.49.9.2 * qemu-s390x-debuginfo-7.1.0-150500.49.9.2 * SUSE Linux Enterprise Micro 5.5 (x86_64) * qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.9.2 * qemu-x86-7.1.0-150500.49.9.2 * qemu-accel-tcg-x86-7.1.0-150500.49.9.2 * qemu-x86-debuginfo-7.1.0-150500.49.9.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * qemu-debuginfo-7.1.0-150500.49.9.2 * qemu-tools-debuginfo-7.1.0-150500.49.9.2 * qemu-tools-7.1.0-150500.49.9.2 * qemu-debugsource-7.1.0-150500.49.9.2 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * qemu-block-iscsi-debuginfo-7.1.0-150500.49.9.2 * qemu-block-ssh-debuginfo-7.1.0-150500.49.9.2 * qemu-ui-dbus-7.1.0-150500.49.9.2 * qemu-ui-curses-debuginfo-7.1.0-150500.49.9.2 * qemu-audio-dbus-debuginfo-7.1.0-150500.49.9.2 * qemu-block-ssh-7.1.0-150500.49.9.2 * qemu-hw-usb-host-debuginfo-7.1.0-150500.49.9.2 * qemu-debugsource-7.1.0-150500.49.9.2 * qemu-chardev-baum-7.1.0-150500.49.9.2 * qemu-chardev-baum-debuginfo-7.1.0-150500.49.9.2 * qemu-debuginfo-7.1.0-150500.49.9.2 * qemu-block-rbd-7.1.0-150500.49.9.2 * qemu-ui-curses-7.1.0-150500.49.9.2 * qemu-audio-dbus-7.1.0-150500.49.9.2 * qemu-7.1.0-150500.49.9.2 * qemu-hw-usb-host-7.1.0-150500.49.9.2 * qemu-ksm-7.1.0-150500.49.9.2 * qemu-ui-dbus-debuginfo-7.1.0-150500.49.9.2 * qemu-guest-agent-7.1.0-150500.49.9.2 * qemu-block-iscsi-7.1.0-150500.49.9.2 * qemu-block-curl-debuginfo-7.1.0-150500.49.9.2 * qemu-block-curl-7.1.0-150500.49.9.2 * qemu-guest-agent-debuginfo-7.1.0-150500.49.9.2 * qemu-block-rbd-debuginfo-7.1.0-150500.49.9.2 * qemu-lang-7.1.0-150500.49.9.2 * Server Applications Module 15-SP5 (aarch64) * qemu-arm-7.1.0-150500.49.9.2 * qemu-arm-debuginfo-7.1.0-150500.49.9.2 * Server Applications Module 15-SP5 (aarch64 ppc64le x86_64) * qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.9.2 * qemu-ui-gtk-7.1.0-150500.49.9.2 * qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.9.2 * qemu-ui-spice-core-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-usb-redirect-7.1.0-150500.49.9.2 * qemu-chardev-spice-7.1.0-150500.49.9.2 * qemu-ui-opengl-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.9.2 * qemu-ui-spice-app-7.1.0-150500.49.9.2 * qemu-chardev-spice-debuginfo-7.1.0-150500.49.9.2 * qemu-ui-spice-core-7.1.0-150500.49.9.2 * qemu-hw-display-qxl-7.1.0-150500.49.9.2 * qemu-audio-spice-debuginfo-7.1.0-150500.49.9.2 * qemu-ui-opengl-7.1.0-150500.49.9.2 * qemu-ui-spice-app-debuginfo-7.1.0-150500.49.9.2 * qemu-audio-spice-7.1.0-150500.49.9.2 * qemu-ui-gtk-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-vga-7.1.0-150500.49.9.2 * Server Applications Module 15-SP5 (noarch) * qemu-SLOF-7.1.0-150500.49.9.2 * qemu-ipxe-1.0.0+-150500.49.9.2 * qemu-vgabios-1.16.0_0_gd239552-150500.49.9.2 * qemu-skiboot-7.1.0-150500.49.9.2 * qemu-seabios-1.16.0_0_gd239552-150500.49.9.2 * qemu-sgabios-8-150500.49.9.2 * Server Applications Module 15-SP5 (ppc64le) * qemu-ppc-7.1.0-150500.49.9.2 * qemu-ppc-debuginfo-7.1.0-150500.49.9.2 * Server Applications Module 15-SP5 (s390x x86_64) * qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-gpu-7.1.0-150500.49.9.2 * qemu-kvm-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-gpu-pci-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.9.2 * Server Applications Module 15-SP5 (s390x) * qemu-s390x-7.1.0-150500.49.9.2 * qemu-hw-s390x-virtio-gpu-ccw-7.1.0-150500.49.9.2 * qemu-s390x-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-7.1.0-150500.49.9.2 * Server Applications Module 15-SP5 (x86_64) * qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.9.2 * qemu-audio-pa-debuginfo-7.1.0-150500.49.9.2 * qemu-accel-tcg-x86-7.1.0-150500.49.9.2 * qemu-audio-alsa-7.1.0-150500.49.9.2 * qemu-audio-alsa-debuginfo-7.1.0-150500.49.9.2 * qemu-x86-debuginfo-7.1.0-150500.49.9.2 * qemu-audio-pa-7.1.0-150500.49.9.2 * qemu-x86-7.1.0-150500.49.9.2 ## References: * https://www.suse.com/security/cve/CVE-2021-3638.html * https://www.suse.com/security/cve/CVE-2023-3180.html * https://www.suse.com/security/cve/CVE-2023-3354.html * https://bugzilla.suse.com/show_bug.cgi?id=1188609 * https://bugzilla.suse.com/show_bug.cgi?id=1212850 * https://bugzilla.suse.com/show_bug.cgi?id=1213210 * https://bugzilla.suse.com/show_bug.cgi?id=1213925 * https://bugzilla.suse.com/show_bug.cgi?id=1215311 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 6 16:30:37 2023 From: null at suse.de (null at suse.de) Date: Wed, 06 Dec 2023 16:30:37 -0000 Subject: SUSE-SU-2023:4661-1: important: Security update for openvswitch Message-ID: <170188023764.28866.5704361661490177406@smelt2.prg2.suse.org> # Security update for openvswitch Announcement ID: SUSE-SU-2023:4661-1 Rating: important References: * bsc#1216002 Cross-References: * CVE-2023-5366 CVSS scores: * CVE-2023-5366 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-5366 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2023-5366: Fixed missing masks on a final stage with ports trie (bsc#1216002). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4661=1 SUSE-2023-4661=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4661=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4661=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4661=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4661=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4661=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * openvswitch-debuginfo-2.14.2-150400.24.17.1 * openvswitch-vtep-debuginfo-2.14.2-150400.24.17.1 * ovn-vtep-20.06.2-150400.24.17.1 * ovn-vtep-debuginfo-20.06.2-150400.24.17.1 * ovn-central-debuginfo-20.06.2-150400.24.17.1 * ovn-central-20.06.2-150400.24.17.1 * ovn-devel-20.06.2-150400.24.17.1 * libovn-20_06-0-debuginfo-20.06.2-150400.24.17.1 * ovn-debuginfo-20.06.2-150400.24.17.1 * ovn-host-20.06.2-150400.24.17.1 * libovn-20_06-0-20.06.2-150400.24.17.1 * openvswitch-devel-2.14.2-150400.24.17.1 * python3-ovs-2.14.2-150400.24.17.1 * openvswitch-test-2.14.2-150400.24.17.1 * openvswitch-test-debuginfo-2.14.2-150400.24.17.1 * ovn-docker-20.06.2-150400.24.17.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.17.1 * openvswitch-pki-2.14.2-150400.24.17.1 * ovn-20.06.2-150400.24.17.1 * openvswitch-2.14.2-150400.24.17.1 * openvswitch-ipsec-2.14.2-150400.24.17.1 * openvswitch-vtep-2.14.2-150400.24.17.1 * ovn-host-debuginfo-20.06.2-150400.24.17.1 * openvswitch-debugsource-2.14.2-150400.24.17.1 * libopenvswitch-2_14-0-2.14.2-150400.24.17.1 * openSUSE Leap 15.4 (noarch) * ovn-doc-20.06.2-150400.24.17.1 * openvswitch-doc-2.14.2-150400.24.17.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * openvswitch-debuginfo-2.14.2-150400.24.17.1 * openvswitch-vtep-debuginfo-2.14.2-150400.24.17.1 * ovn-vtep-20.06.2-150400.24.17.1 * ovn-vtep-debuginfo-20.06.2-150400.24.17.1 * ovn-central-debuginfo-20.06.2-150400.24.17.1 * ovn-central-20.06.2-150400.24.17.1 * ovn-devel-20.06.2-150400.24.17.1 * libovn-20_06-0-debuginfo-20.06.2-150400.24.17.1 * ovn-debuginfo-20.06.2-150400.24.17.1 * ovn-host-20.06.2-150400.24.17.1 * libovn-20_06-0-20.06.2-150400.24.17.1 * openvswitch-devel-2.14.2-150400.24.17.1 * python3-ovs-2.14.2-150400.24.17.1 * openvswitch-test-2.14.2-150400.24.17.1 * openvswitch-test-debuginfo-2.14.2-150400.24.17.1 * ovn-docker-20.06.2-150400.24.17.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.17.1 * openvswitch-pki-2.14.2-150400.24.17.1 * ovn-20.06.2-150400.24.17.1 * openvswitch-2.14.2-150400.24.17.1 * openvswitch-ipsec-2.14.2-150400.24.17.1 * openvswitch-vtep-2.14.2-150400.24.17.1 * ovn-host-debuginfo-20.06.2-150400.24.17.1 * openvswitch-debugsource-2.14.2-150400.24.17.1 * libopenvswitch-2_14-0-2.14.2-150400.24.17.1 * openSUSE Leap 15.5 (noarch) * ovn-doc-20.06.2-150400.24.17.1 * openvswitch-doc-2.14.2-150400.24.17.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * openvswitch-debuginfo-2.14.2-150400.24.17.1 * openvswitch-vtep-debuginfo-2.14.2-150400.24.17.1 * ovn-vtep-20.06.2-150400.24.17.1 * ovn-vtep-debuginfo-20.06.2-150400.24.17.1 * ovn-central-debuginfo-20.06.2-150400.24.17.1 * ovn-central-20.06.2-150400.24.17.1 * ovn-devel-20.06.2-150400.24.17.1 * libovn-20_06-0-debuginfo-20.06.2-150400.24.17.1 * ovn-debuginfo-20.06.2-150400.24.17.1 * ovn-host-20.06.2-150400.24.17.1 * libovn-20_06-0-20.06.2-150400.24.17.1 * openvswitch-devel-2.14.2-150400.24.17.1 * python3-ovs-2.14.2-150400.24.17.1 * openvswitch-test-2.14.2-150400.24.17.1 * openvswitch-test-debuginfo-2.14.2-150400.24.17.1 * ovn-docker-20.06.2-150400.24.17.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.17.1 * openvswitch-pki-2.14.2-150400.24.17.1 * ovn-20.06.2-150400.24.17.1 * openvswitch-2.14.2-150400.24.17.1 * openvswitch-ipsec-2.14.2-150400.24.17.1 * openvswitch-vtep-2.14.2-150400.24.17.1 * ovn-host-debuginfo-20.06.2-150400.24.17.1 * openvswitch-debugsource-2.14.2-150400.24.17.1 * libopenvswitch-2_14-0-2.14.2-150400.24.17.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * openvswitch-debuginfo-2.14.2-150400.24.17.1 * python3-ovs-2.14.2-150400.24.17.1 * openvswitch-debugsource-2.14.2-150400.24.17.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * openvswitch-debuginfo-2.14.2-150400.24.17.1 * python3-ovs-2.14.2-150400.24.17.1 * openvswitch-debugsource-2.14.2-150400.24.17.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openvswitch-debuginfo-2.14.2-150400.24.17.1 * openvswitch-vtep-debuginfo-2.14.2-150400.24.17.1 * ovn-vtep-20.06.2-150400.24.17.1 * ovn-vtep-debuginfo-20.06.2-150400.24.17.1 * ovn-central-debuginfo-20.06.2-150400.24.17.1 * ovn-central-20.06.2-150400.24.17.1 * ovn-devel-20.06.2-150400.24.17.1 * libovn-20_06-0-debuginfo-20.06.2-150400.24.17.1 * ovn-debuginfo-20.06.2-150400.24.17.1 * ovn-host-20.06.2-150400.24.17.1 * libovn-20_06-0-20.06.2-150400.24.17.1 * openvswitch-devel-2.14.2-150400.24.17.1 * python3-ovs-2.14.2-150400.24.17.1 * openvswitch-test-2.14.2-150400.24.17.1 * openvswitch-test-debuginfo-2.14.2-150400.24.17.1 * ovn-docker-20.06.2-150400.24.17.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.17.1 * openvswitch-pki-2.14.2-150400.24.17.1 * ovn-20.06.2-150400.24.17.1 * openvswitch-2.14.2-150400.24.17.1 * openvswitch-ipsec-2.14.2-150400.24.17.1 * openvswitch-vtep-2.14.2-150400.24.17.1 * ovn-host-debuginfo-20.06.2-150400.24.17.1 * openvswitch-debugsource-2.14.2-150400.24.17.1 * libopenvswitch-2_14-0-2.14.2-150400.24.17.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5366.html * https://bugzilla.suse.com/show_bug.cgi?id=1216002 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 6 16:30:43 2023 From: null at suse.de (null at suse.de) Date: Wed, 06 Dec 2023 16:30:43 -0000 Subject: SUSE-SU-2023:4659-1: moderate: Security update for curl Message-ID: <170188024343.28866.5782150243633855987@smelt2.prg2.suse.org> # Security update for curl Announcement ID: SUSE-SU-2023:4659-1 Rating: moderate References: * bsc#1217573 * bsc#1217574 Cross-References: * CVE-2023-46218 * CVE-2023-46219 CVSS scores: * CVE-2023-46218 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2023-46219 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). * CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4659=1 openSUSE-SLE-15.4-2023-4659=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4659=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4659=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4659=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4659=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4659=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4659=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4659=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4659=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4659=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4659=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * curl-8.0.1-150400.5.36.1 * libcurl4-8.0.1-150400.5.36.1 * libcurl4-debuginfo-8.0.1-150400.5.36.1 * libcurl-devel-8.0.1-150400.5.36.1 * curl-debuginfo-8.0.1-150400.5.36.1 * curl-debugsource-8.0.1-150400.5.36.1 * openSUSE Leap 15.4 (x86_64) * libcurl4-32bit-8.0.1-150400.5.36.1 * libcurl4-32bit-debuginfo-8.0.1-150400.5.36.1 * libcurl-devel-32bit-8.0.1-150400.5.36.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libcurl4-64bit-8.0.1-150400.5.36.1 * libcurl4-64bit-debuginfo-8.0.1-150400.5.36.1 * libcurl-devel-64bit-8.0.1-150400.5.36.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * curl-8.0.1-150400.5.36.1 * libcurl4-8.0.1-150400.5.36.1 * libcurl4-debuginfo-8.0.1-150400.5.36.1 * curl-debuginfo-8.0.1-150400.5.36.1 * curl-debugsource-8.0.1-150400.5.36.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * curl-8.0.1-150400.5.36.1 * libcurl4-8.0.1-150400.5.36.1 * libcurl4-debuginfo-8.0.1-150400.5.36.1 * curl-debuginfo-8.0.1-150400.5.36.1 * curl-debugsource-8.0.1-150400.5.36.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * curl-8.0.1-150400.5.36.1 * libcurl4-8.0.1-150400.5.36.1 * libcurl4-debuginfo-8.0.1-150400.5.36.1 * libcurl-devel-8.0.1-150400.5.36.1 * curl-debuginfo-8.0.1-150400.5.36.1 * curl-debugsource-8.0.1-150400.5.36.1 * openSUSE Leap 15.5 (x86_64) * libcurl4-32bit-8.0.1-150400.5.36.1 * libcurl4-32bit-debuginfo-8.0.1-150400.5.36.1 * libcurl-devel-32bit-8.0.1-150400.5.36.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * curl-8.0.1-150400.5.36.1 * libcurl4-8.0.1-150400.5.36.1 * libcurl4-debuginfo-8.0.1-150400.5.36.1 * curl-debuginfo-8.0.1-150400.5.36.1 * curl-debugsource-8.0.1-150400.5.36.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * curl-8.0.1-150400.5.36.1 * libcurl4-8.0.1-150400.5.36.1 * libcurl4-debuginfo-8.0.1-150400.5.36.1 * curl-debuginfo-8.0.1-150400.5.36.1 * curl-debugsource-8.0.1-150400.5.36.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * curl-8.0.1-150400.5.36.1 * libcurl4-8.0.1-150400.5.36.1 * libcurl4-debuginfo-8.0.1-150400.5.36.1 * curl-debuginfo-8.0.1-150400.5.36.1 * curl-debugsource-8.0.1-150400.5.36.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * curl-8.0.1-150400.5.36.1 * libcurl4-8.0.1-150400.5.36.1 * libcurl4-debuginfo-8.0.1-150400.5.36.1 * curl-debuginfo-8.0.1-150400.5.36.1 * curl-debugsource-8.0.1-150400.5.36.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * curl-8.0.1-150400.5.36.1 * libcurl4-8.0.1-150400.5.36.1 * libcurl4-debuginfo-8.0.1-150400.5.36.1 * curl-debuginfo-8.0.1-150400.5.36.1 * curl-debugsource-8.0.1-150400.5.36.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * curl-8.0.1-150400.5.36.1 * libcurl4-8.0.1-150400.5.36.1 * libcurl4-debuginfo-8.0.1-150400.5.36.1 * libcurl-devel-8.0.1-150400.5.36.1 * curl-debuginfo-8.0.1-150400.5.36.1 * curl-debugsource-8.0.1-150400.5.36.1 * Basesystem Module 15-SP4 (x86_64) * libcurl4-32bit-8.0.1-150400.5.36.1 * libcurl4-32bit-debuginfo-8.0.1-150400.5.36.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * curl-8.0.1-150400.5.36.1 * libcurl4-8.0.1-150400.5.36.1 * libcurl4-debuginfo-8.0.1-150400.5.36.1 * libcurl-devel-8.0.1-150400.5.36.1 * curl-debuginfo-8.0.1-150400.5.36.1 * curl-debugsource-8.0.1-150400.5.36.1 * Basesystem Module 15-SP5 (x86_64) * libcurl4-32bit-8.0.1-150400.5.36.1 * libcurl4-32bit-debuginfo-8.0.1-150400.5.36.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46218.html * https://www.suse.com/security/cve/CVE-2023-46219.html * https://bugzilla.suse.com/show_bug.cgi?id=1217573 * https://bugzilla.suse.com/show_bug.cgi?id=1217574 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 6 16:30:45 2023 From: null at suse.de (null at suse.de) Date: Wed, 06 Dec 2023 16:30:45 -0000 Subject: SUSE-RU-2023:4658-1: moderate: Recommended update for xxhash Message-ID: <170188024528.28866.15632095149511226216@smelt2.prg2.suse.org> # Recommended update for xxhash Announcement ID: SUSE-RU-2023:4658-1 Rating: moderate References: * bsc#1216829 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that has one fix can now be installed. ## Description: This update for xxhash fixes the following issues: * ship libxxhash0 anf xxhash-devel package to Package Hub 15 SP5. (bsc#1216829) * Update to release 0.8.2 * ARM NEON speed improvements; on M1 Pro it is +20% speed for XXH3 and XXH128 (from 30.0 GB/s to 36 GB/s). * Added support for ARM's SVE vector extension. * Resolved some issues with XXH3's s390x vector implementation. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4658=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4658=1 openSUSE-SLE-15.5-2023-4658=1 ## Package List: * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * libxxhash0-0.8.2-150500.4.7.1 * xxhash-devel-0.8.2-150500.4.7.1 * libxxhash0-debuginfo-0.8.2-150500.4.7.1 * xxhash-0.8.2-150500.4.7.1 * xxhash-debuginfo-0.8.2-150500.4.7.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libxxhash0-0.8.2-150500.4.7.1 * xxhash-devel-0.8.2-150500.4.7.1 * libxxhash0-debuginfo-0.8.2-150500.4.7.1 * xxhash-0.8.2-150500.4.7.1 * xxhash-debuginfo-0.8.2-150500.4.7.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216829 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 6 16:30:46 2023 From: null at suse.de (null at suse.de) Date: Wed, 06 Dec 2023 16:30:46 -0000 Subject: SUSE-SU-2023:4657-1: important: Security update for openvswitch3 Message-ID: <170188024676.28866.16901882949713180763@smelt2.prg2.suse.org> # Security update for openvswitch3 Announcement ID: SUSE-SU-2023:4657-1 Rating: important References: * bsc#1216002 Cross-References: * CVE-2023-5366 CVSS scores: * CVE-2023-5366 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-5366 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openvswitch3 fixes the following issues: * CVE-2023-5366: Fixed missing masks on a final stage with ports trie (bsc#1216002). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4657=1 openSUSE-SLE-15.5-2023-4657=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4657=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * openvswitch3-vtep-3.1.0-150500.3.11.1 * openvswitch3-test-3.1.0-150500.3.11.1 * libovn-23_03-0-23.03.0-150500.3.11.1 * libopenvswitch-3_1-0-debuginfo-3.1.0-150500.3.11.1 * openvswitch3-pki-3.1.0-150500.3.11.1 * openvswitch3-devel-3.1.0-150500.3.11.1 * ovn3-devel-23.03.0-150500.3.11.1 * ovn3-host-debuginfo-23.03.0-150500.3.11.1 * libopenvswitch-3_1-0-3.1.0-150500.3.11.1 * ovn3-host-23.03.0-150500.3.11.1 * ovn3-23.03.0-150500.3.11.1 * ovn3-central-23.03.0-150500.3.11.1 * openvswitch3-vtep-debuginfo-3.1.0-150500.3.11.1 * ovn3-central-debuginfo-23.03.0-150500.3.11.1 * openvswitch3-ipsec-3.1.0-150500.3.11.1 * python3-ovs3-3.1.0-150500.3.11.1 * ovn3-debuginfo-23.03.0-150500.3.11.1 * libovn-23_03-0-debuginfo-23.03.0-150500.3.11.1 * openvswitch3-3.1.0-150500.3.11.1 * ovn3-vtep-23.03.0-150500.3.11.1 * openvswitch3-debugsource-3.1.0-150500.3.11.1 * ovn3-vtep-debuginfo-23.03.0-150500.3.11.1 * openvswitch3-test-debuginfo-3.1.0-150500.3.11.1 * ovn3-docker-23.03.0-150500.3.11.1 * openvswitch3-debuginfo-3.1.0-150500.3.11.1 * openSUSE Leap 15.5 (noarch) * openvswitch3-doc-3.1.0-150500.3.11.1 * ovn3-doc-23.03.0-150500.3.11.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * openvswitch3-vtep-3.1.0-150500.3.11.1 * openvswitch3-test-3.1.0-150500.3.11.1 * libovn-23_03-0-23.03.0-150500.3.11.1 * libopenvswitch-3_1-0-debuginfo-3.1.0-150500.3.11.1 * openvswitch3-pki-3.1.0-150500.3.11.1 * openvswitch3-devel-3.1.0-150500.3.11.1 * ovn3-devel-23.03.0-150500.3.11.1 * ovn3-host-debuginfo-23.03.0-150500.3.11.1 * libopenvswitch-3_1-0-3.1.0-150500.3.11.1 * ovn3-host-23.03.0-150500.3.11.1 * ovn3-23.03.0-150500.3.11.1 * ovn3-central-23.03.0-150500.3.11.1 * openvswitch3-vtep-debuginfo-3.1.0-150500.3.11.1 * ovn3-central-debuginfo-23.03.0-150500.3.11.1 * openvswitch3-ipsec-3.1.0-150500.3.11.1 * python3-ovs3-3.1.0-150500.3.11.1 * ovn3-debuginfo-23.03.0-150500.3.11.1 * libovn-23_03-0-debuginfo-23.03.0-150500.3.11.1 * openvswitch3-3.1.0-150500.3.11.1 * ovn3-vtep-23.03.0-150500.3.11.1 * openvswitch3-debugsource-3.1.0-150500.3.11.1 * ovn3-vtep-debuginfo-23.03.0-150500.3.11.1 * openvswitch3-test-debuginfo-3.1.0-150500.3.11.1 * ovn3-docker-23.03.0-150500.3.11.1 * openvswitch3-debuginfo-3.1.0-150500.3.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5366.html * https://bugzilla.suse.com/show_bug.cgi?id=1216002 -------------- next part -------------- An HTML attachment was scrubbed... URL: From meissner at suse.de Thu Dec 7 08:04:40 2023 From: meissner at suse.de (meissner at suse.de) Date: Thu, 7 Dec 2023 09:04:40 +0100 (CET) Subject: SUSE-CU-2023:3997-1: Security update of suse/sle15 Message-ID: <20231207080440.34B36F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3997-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.378 Container Release : 9.5.378 Severity : important Type : security References : 1210660 CVE-2023-2137 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). The following package changes have been done: - libsqlite3-0-3.44.0-150000.3.23.1 updated From meissner at suse.de Thu Dec 7 08:05:52 2023 From: meissner at suse.de (meissner at suse.de) Date: Thu, 7 Dec 2023 09:05:52 +0100 (CET) Subject: SUSE-CU-2023:3999-1: Recommended update of bci/bci-busybox Message-ID: <20231207080552.C7748F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3999-1 Container Tags : bci/bci-busybox:15.4 , bci/bci-busybox:15.4.20.3 Container Release : 20.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - system-user-nobody-20170617-150400.24.2.1 updated From meissner at suse.de Thu Dec 7 08:08:44 2023 From: meissner at suse.de (meissner at suse.de) Date: Thu, 7 Dec 2023 09:08:44 +0100 (CET) Subject: SUSE-CU-2023:4006-1: Security update of bci/dotnet-sdk Message-ID: <20231207080844.8D2B7F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4006-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-17.14 , bci/dotnet-sdk:6.0.25 , bci/dotnet-sdk:6.0.25-17.14 Container Release : 17.14 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-36.5.61 updated From meissner at suse.de Thu Dec 7 08:09:15 2023 From: meissner at suse.de (meissner at suse.de) Date: Thu, 7 Dec 2023 09:09:15 +0100 (CET) Subject: SUSE-CU-2023:4008-1: Security update of bci/dotnet-runtime Message-ID: <20231207080915.8BE79F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4008-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-17.14 , bci/dotnet-runtime:6.0.25 , bci/dotnet-runtime:6.0.25-17.14 Container Release : 17.14 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-36.5.61 updated From meissner at suse.de Thu Dec 7 08:09:40 2023 From: meissner at suse.de (meissner at suse.de) Date: Thu, 7 Dec 2023 09:09:40 +0100 (CET) Subject: SUSE-CU-2023:4011-1: Security update of bci/golang Message-ID: <20231207080940.70B82F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4011-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-8.15 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-8.15 Container Release : 8.15 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-36.5.61 updated From meissner at suse.de Thu Dec 7 08:09:55 2023 From: meissner at suse.de (meissner at suse.de) Date: Thu, 7 Dec 2023 09:09:55 +0100 (CET) Subject: SUSE-CU-2023:4012-1: Security update of bci/nodejs Message-ID: <20231207080955.4CABEF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4012-1 Container Tags : bci/node:18 , bci/node:18-12.15 , bci/nodejs:18 , bci/nodejs:18-12.15 Container Release : 12.15 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - system-user-nobody-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-36.5.61 updated From null at suse.de Thu Dec 7 08:39:05 2023 From: null at suse.de (null at suse.de) Date: Thu, 07 Dec 2023 08:39:05 -0000 Subject: SUSE-RU-2023:4686-1: moderate: Recommended update for yast2-auth-client Message-ID: <170193834591.2129.2563238164915730800@smelt2.prg2.suse.org> # Recommended update for yast2-auth-client Announcement ID: SUSE-RU-2023:4686-1 Rating: moderate References: * bsc#1215297 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for yast2-auth-client fixes the following issues: * Fix failure to join the domain if krb5.conf has a line with white space only (bsc#1215297) * Update to version 4.4.5 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4686=1 openSUSE-SLE-15.4-2023-4686=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4686=1 ## Package List: * openSUSE Leap 15.4 (noarch) * yast2-auth-client-4.4.5-150400.3.10.1 * Basesystem Module 15-SP4 (noarch) * yast2-auth-client-4.4.5-150400.3.10.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215297 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 7 08:39:11 2023 From: null at suse.de (null at suse.de) Date: Thu, 07 Dec 2023 08:39:11 -0000 Subject: SUSE-RU-2023:4683-1: moderate: Recommended update for nvme-stas Message-ID: <170193835153.2129.12334745318367937481@smelt2.prg2.suse.org> # Recommended update for nvme-stas Announcement ID: SUSE-RU-2023:4683-1 Rating: moderate References: * bsc#1214078 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for nvme-stas fixes the following issues: * Update to version 2.3 * Support for NVMe Boot Firmware Table (NBFT) as configuration source * Optimization of udev handling (bsc#1214078) * Bug fixes and optimizations * Improve algorithm to see if we can reuse existing connections * udev: Optimize uevent handling * iputil: Reduce amount of netlink requests to the kernel * udev: FC/Loop - use case-insensitive comparison for traddr * trid: Take Host NQN into account * avahi: add connectivity checker to verify IP addresses are reachable * stafd|ctrl: Do not recreate ctrl object on nvme removed events * udev: Rework/simplify _cid_matches_tid() * udev-rules: Only react to `rediscover` events (not `connected`) * udev: Use ipaddress objects when comparing traddr. * udev: Only take src-addr into account for transport=="tcp" * trid: use strong comparison on host-iface * udev-rule: Invoke systemctl "restart" instead of "start" * udev: improve comparison between candidate and existing controllers * nbft: stafd will now use NBFT data (if found) * nbft: Add NbftConf() object to retrieve and cache NBFT data * iputil: Add mac2iface() and corresponding unit test * ctrl: fix inverted logic "is not None" to "is None" * staslib: Add method to retrieve NBFT data ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4683=1 openSUSE-SLE-15.5-2023-4683=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4683=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * nvme-stas-2.3-150500.3.9.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * nvme-stas-2.3-150500.3.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214078 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 7 08:39:13 2023 From: null at suse.de (null at suse.de) Date: Thu, 07 Dec 2023 08:39:13 -0000 Subject: SUSE-RU-2023:4682-1: moderate: Recommended update for gnome-control-center Message-ID: <170193835301.2129.5838047043968869320@smelt2.prg2.suse.org> # Recommended update for gnome-control-center Announcement ID: SUSE-RU-2023:4682-1 Rating: moderate References: * bsc#1208193 Affected Products: * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that has one fix can now be installed. ## Description: This update for gnome-control-center fixes the following issues: * network-connection-editor: Close the editor when nm-connection-editor exits(bsc#1208193) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4682=1 openSUSE-SLE-15.5-2023-4682=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4682=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4682=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * gnome-control-center-goa-41.7-150500.3.6.1 * gnome-control-center-devel-41.7-150500.3.6.1 * gnome-control-center-user-faces-41.7-150500.3.6.1 * gnome-control-center-color-41.7-150500.3.6.1 * gnome-control-center-41.7-150500.3.6.1 * gnome-control-center-debuginfo-41.7-150500.3.6.1 * gnome-control-center-debugsource-41.7-150500.3.6.1 * openSUSE Leap 15.5 (noarch) * gnome-control-center-lang-41.7-150500.3.6.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * gnome-control-center-41.7-150500.3.6.1 * gnome-control-center-debuginfo-41.7-150500.3.6.1 * gnome-control-center-devel-41.7-150500.3.6.1 * gnome-control-center-debugsource-41.7-150500.3.6.1 * Desktop Applications Module 15-SP5 (noarch) * gnome-control-center-lang-41.7-150500.3.6.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * gnome-control-center-goa-41.7-150500.3.6.1 * gnome-control-center-user-faces-41.7-150500.3.6.1 * gnome-control-center-color-41.7-150500.3.6.1 * gnome-control-center-debuginfo-41.7-150500.3.6.1 * gnome-control-center-debugsource-41.7-150500.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208193 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 7 08:39:15 2023 From: null at suse.de (null at suse.de) Date: Thu, 07 Dec 2023 08:39:15 -0000 Subject: SUSE-RU-2023:4681-1: moderate: Recommended update for qemu Message-ID: <170193835524.2129.4465847876041514689@smelt2.prg2.suse.org> # Recommended update for qemu Announcement ID: SUSE-RU-2023:4681-1 Rating: moderate References: * bsc#1214367 * bsc#1216985 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two fixes can now be installed. ## Description: This update for qemu fixes the following issues: * Fix migration issues by disabling transfer of acpi_index (bsc#1216985) * Fix qemu crash on starting dirty log twice with stopped VM (bsc#1214367) * Fix incorrect calls of log_global_start/stop (bsc#1214367) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4681=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4681=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4681=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4681=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4681=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4681=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4681=1 openSUSE-SLE-15.4-2023-4681=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4681=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4681=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.26.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.26.1 * qemu-chardev-spice-6.2.0-150400.37.26.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.26.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-spice-core-6.2.0-150400.37.26.1 * qemu-ui-opengl-6.2.0-150400.37.26.1 * qemu-hw-usb-redirect-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.26.1 * qemu-6.2.0-150400.37.26.1 * qemu-tools-6.2.0-150400.37.26.1 * qemu-hw-display-qxl-6.2.0-150400.37.26.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.26.1 * qemu-tools-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.26.1 * qemu-debugsource-6.2.0-150400.37.26.1 * qemu-audio-spice-6.2.0-150400.37.26.1 * qemu-guest-agent-6.2.0-150400.37.26.1 * qemu-debuginfo-6.2.0-150400.37.26.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.26.1 * qemu-arm-6.2.0-150400.37.26.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * qemu-sgabios-8-150400.37.26.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.26.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.26.1 * qemu-ipxe-1.0.0+-150400.37.26.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (s390x) * qemu-s390x-debuginfo-6.2.0-150400.37.26.1 * qemu-s390x-6.2.0-150400.37.26.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.26.1 * qemu-accel-tcg-x86-6.2.0-150400.37.26.1 * qemu-x86-debuginfo-6.2.0-150400.37.26.1 * qemu-x86-6.2.0-150400.37.26.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.26.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.26.1 * qemu-chardev-spice-6.2.0-150400.37.26.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.26.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-spice-core-6.2.0-150400.37.26.1 * qemu-ui-opengl-6.2.0-150400.37.26.1 * qemu-hw-usb-redirect-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.26.1 * qemu-6.2.0-150400.37.26.1 * qemu-tools-6.2.0-150400.37.26.1 * qemu-hw-display-qxl-6.2.0-150400.37.26.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.26.1 * qemu-tools-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.26.1 * qemu-debugsource-6.2.0-150400.37.26.1 * qemu-audio-spice-6.2.0-150400.37.26.1 * qemu-guest-agent-6.2.0-150400.37.26.1 * qemu-debuginfo-6.2.0-150400.37.26.1 * SUSE Linux Enterprise Micro 5.3 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.26.1 * qemu-arm-6.2.0-150400.37.26.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * qemu-sgabios-8-150400.37.26.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.26.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.26.1 * qemu-ipxe-1.0.0+-150400.37.26.1 * SUSE Linux Enterprise Micro 5.3 (s390x) * qemu-s390x-debuginfo-6.2.0-150400.37.26.1 * qemu-s390x-6.2.0-150400.37.26.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.26.1 * qemu-accel-tcg-x86-6.2.0-150400.37.26.1 * qemu-x86-debuginfo-6.2.0-150400.37.26.1 * qemu-x86-6.2.0-150400.37.26.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.26.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.26.1 * qemu-chardev-spice-6.2.0-150400.37.26.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.26.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-spice-core-6.2.0-150400.37.26.1 * qemu-ui-opengl-6.2.0-150400.37.26.1 * qemu-hw-usb-redirect-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.26.1 * qemu-6.2.0-150400.37.26.1 * qemu-tools-6.2.0-150400.37.26.1 * qemu-hw-display-qxl-6.2.0-150400.37.26.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.26.1 * qemu-tools-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.26.1 * qemu-debugsource-6.2.0-150400.37.26.1 * qemu-audio-spice-6.2.0-150400.37.26.1 * qemu-guest-agent-6.2.0-150400.37.26.1 * qemu-debuginfo-6.2.0-150400.37.26.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.26.1 * qemu-arm-6.2.0-150400.37.26.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * qemu-sgabios-8-150400.37.26.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.26.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.26.1 * qemu-ipxe-1.0.0+-150400.37.26.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (s390x) * qemu-s390x-debuginfo-6.2.0-150400.37.26.1 * qemu-s390x-6.2.0-150400.37.26.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.26.1 * qemu-accel-tcg-x86-6.2.0-150400.37.26.1 * qemu-x86-debuginfo-6.2.0-150400.37.26.1 * qemu-x86-6.2.0-150400.37.26.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.26.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.26.1 * qemu-chardev-spice-6.2.0-150400.37.26.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.26.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-spice-core-6.2.0-150400.37.26.1 * qemu-ui-opengl-6.2.0-150400.37.26.1 * qemu-hw-usb-redirect-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.26.1 * qemu-6.2.0-150400.37.26.1 * qemu-tools-6.2.0-150400.37.26.1 * qemu-hw-display-qxl-6.2.0-150400.37.26.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.26.1 * qemu-tools-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.26.1 * qemu-debugsource-6.2.0-150400.37.26.1 * qemu-audio-spice-6.2.0-150400.37.26.1 * qemu-guest-agent-6.2.0-150400.37.26.1 * qemu-debuginfo-6.2.0-150400.37.26.1 * SUSE Linux Enterprise Micro 5.4 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.26.1 * qemu-arm-6.2.0-150400.37.26.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * qemu-sgabios-8-150400.37.26.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.26.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.26.1 * qemu-ipxe-1.0.0+-150400.37.26.1 * SUSE Linux Enterprise Micro 5.4 (s390x) * qemu-s390x-debuginfo-6.2.0-150400.37.26.1 * qemu-s390x-6.2.0-150400.37.26.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.26.1 * qemu-accel-tcg-x86-6.2.0-150400.37.26.1 * qemu-x86-debuginfo-6.2.0-150400.37.26.1 * qemu-x86-6.2.0-150400.37.26.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * qemu-debugsource-6.2.0-150400.37.26.1 * qemu-tools-debuginfo-6.2.0-150400.37.26.1 * qemu-tools-6.2.0-150400.37.26.1 * qemu-debuginfo-6.2.0-150400.37.26.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * qemu-block-curl-6.2.0-150400.37.26.1 * qemu-ksm-6.2.0-150400.37.26.1 * qemu-hw-usb-host-debuginfo-6.2.0-150400.37.26.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.26.1 * qemu-block-rbd-6.2.0-150400.37.26.1 * qemu-block-curl-debuginfo-6.2.0-150400.37.26.1 * qemu-block-ssh-6.2.0-150400.37.26.1 * qemu-6.2.0-150400.37.26.1 * qemu-chardev-baum-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-usb-host-6.2.0-150400.37.26.1 * qemu-ui-curses-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-curses-6.2.0-150400.37.26.1 * qemu-block-iscsi-debuginfo-6.2.0-150400.37.26.1 * qemu-lang-6.2.0-150400.37.26.1 * qemu-debugsource-6.2.0-150400.37.26.1 * qemu-block-rbd-debuginfo-6.2.0-150400.37.26.1 * qemu-block-iscsi-6.2.0-150400.37.26.1 * qemu-chardev-baum-6.2.0-150400.37.26.1 * qemu-guest-agent-6.2.0-150400.37.26.1 * qemu-block-ssh-debuginfo-6.2.0-150400.37.26.1 * qemu-debuginfo-6.2.0-150400.37.26.1 * Server Applications Module 15-SP4 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.26.1 * qemu-arm-6.2.0-150400.37.26.1 * Server Applications Module 15-SP4 (aarch64 ppc64le x86_64) * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.26.1 * qemu-audio-spice-6.2.0-150400.37.26.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.26.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-qxl-6.2.0-150400.37.26.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.26.1 * qemu-chardev-spice-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.26.1 * qemu-ui-opengl-6.2.0-150400.37.26.1 * qemu-ui-gtk-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-usb-redirect-6.2.0-150400.37.26.1 * qemu-ui-spice-app-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.26.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-spice-core-6.2.0-150400.37.26.1 * qemu-ui-gtk-6.2.0-150400.37.26.1 * qemu-ui-spice-app-6.2.0-150400.37.26.1 * Server Applications Module 15-SP4 (noarch) * qemu-skiboot-6.2.0-150400.37.26.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.26.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.26.1 * qemu-SLOF-6.2.0-150400.37.26.1 * qemu-ipxe-1.0.0+-150400.37.26.1 * qemu-sgabios-8-150400.37.26.1 * Server Applications Module 15-SP4 (ppc64le) * qemu-ppc-debuginfo-6.2.0-150400.37.26.1 * qemu-ppc-6.2.0-150400.37.26.1 * Server Applications Module 15-SP4 (s390x x86_64) * qemu-kvm-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.26.1 * Server Applications Module 15-SP4 (s390x) * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-6.2.0-150400.37.26.1 * qemu-s390x-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.26.1 * qemu-s390x-6.2.0-150400.37.26.1 * Server Applications Module 15-SP4 (x86_64) * qemu-audio-pa-debuginfo-6.2.0-150400.37.26.1 * qemu-accel-tcg-x86-6.2.0-150400.37.26.1 * qemu-audio-pa-6.2.0-150400.37.26.1 * qemu-x86-6.2.0-150400.37.26.1 * qemu-x86-debuginfo-6.2.0-150400.37.26.1 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.26.1 * qemu-audio-alsa-6.2.0-150400.37.26.1 * qemu-audio-alsa-debuginfo-6.2.0-150400.37.26.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * qemu-block-curl-6.2.0-150400.37.26.1 * qemu-accel-qtest-6.2.0-150400.37.26.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.26.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.26.1 * qemu-ksm-6.2.0-150400.37.26.1 * qemu-extra-6.2.0-150400.37.26.1 * qemu-audio-pa-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.26.1 * qemu-chardev-spice-6.2.0-150400.37.26.1 * qemu-hw-usb-smartcard-6.2.0-150400.37.26.1 * qemu-hw-usb-host-debuginfo-6.2.0-150400.37.26.1 * qemu-arm-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-gtk-debuginfo-6.2.0-150400.37.26.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.26.1 * qemu-audio-oss-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.26.1 * qemu-linux-user-6.2.0-150400.37.26.1 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.26.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-spice-core-6.2.0-150400.37.26.1 * qemu-ui-gtk-6.2.0-150400.37.26.1 * qemu-hw-usb-smartcard-debuginfo-6.2.0-150400.37.26.1 * qemu-s390x-6.2.0-150400.37.26.1 * qemu-ivshmem-tools-6.2.0-150400.37.26.1 * qemu-ui-spice-app-6.2.0-150400.37.26.1 * qemu-linux-user-debuginfo-6.2.0-150400.37.26.1 * qemu-block-curl-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-opengl-6.2.0-150400.37.26.1 * qemu-vhost-user-gpu-debuginfo-6.2.0-150400.37.26.1 * qemu-audio-oss-6.2.0-150400.37.26.1 * qemu-audio-jack-debuginfo-6.2.0-150400.37.26.1 * qemu-block-ssh-6.2.0-150400.37.26.1 * qemu-hw-usb-redirect-6.2.0-150400.37.26.1 * qemu-ppc-debuginfo-6.2.0-150400.37.26.1 * qemu-block-gluster-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.26.1 * qemu-block-gluster-debuginfo-6.2.0-150400.37.26.1 * qemu-audio-alsa-6.2.0-150400.37.26.1 * qemu-6.2.0-150400.37.26.1 * qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.26.1 * qemu-audio-alsa-debuginfo-6.2.0-150400.37.26.1 * qemu-chardev-baum-debuginfo-6.2.0-150400.37.26.1 * qemu-accel-qtest-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.26.1 * qemu-block-dmg-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-usb-host-6.2.0-150400.37.26.1 * qemu-ppc-6.2.0-150400.37.26.1 * qemu-tools-6.2.0-150400.37.26.1 * qemu-block-dmg-6.2.0-150400.37.26.1 * qemu-ui-curses-debuginfo-6.2.0-150400.37.26.1 * qemu-vhost-user-gpu-6.2.0-150400.37.26.1 * qemu-audio-pa-debuginfo-6.2.0-150400.37.26.1 * qemu-accel-tcg-x86-6.2.0-150400.37.26.1 * qemu-hw-display-qxl-6.2.0-150400.37.26.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.26.1 * qemu-ui-curses-6.2.0-150400.37.26.1 * qemu-block-iscsi-debuginfo-6.2.0-150400.37.26.1 * qemu-x86-6.2.0-150400.37.26.1 * qemu-ui-spice-app-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.26.1 * qemu-lang-6.2.0-150400.37.26.1 * qemu-s390x-debuginfo-6.2.0-150400.37.26.1 * qemu-block-nfs-6.2.0-150400.37.26.1 * qemu-block-nfs-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.26.1 * qemu-tools-debuginfo-6.2.0-150400.37.26.1 * qemu-debugsource-6.2.0-150400.37.26.1 * qemu-audio-spice-6.2.0-150400.37.26.1 * qemu-linux-user-debugsource-6.2.0-150400.37.26.1 * qemu-block-iscsi-6.2.0-150400.37.26.1 * qemu-ivshmem-tools-debuginfo-6.2.0-150400.37.26.1 * qemu-audio-jack-6.2.0-150400.37.26.1 * qemu-extra-debuginfo-6.2.0-150400.37.26.1 * qemu-chardev-baum-6.2.0-150400.37.26.1 * qemu-guest-agent-6.2.0-150400.37.26.1 * qemu-arm-6.2.0-150400.37.26.1 * qemu-x86-debuginfo-6.2.0-150400.37.26.1 * qemu-block-ssh-debuginfo-6.2.0-150400.37.26.1 * qemu-debuginfo-6.2.0-150400.37.26.1 * openSUSE Leap 15.4 (s390x x86_64 i586) * qemu-kvm-6.2.0-150400.37.26.1 * openSUSE Leap 15.4 (noarch) * qemu-skiboot-6.2.0-150400.37.26.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.26.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.26.1 * qemu-microvm-6.2.0-150400.37.26.1 * qemu-sgabios-8-150400.37.26.1 * qemu-ipxe-1.0.0+-150400.37.26.1 * qemu-SLOF-6.2.0-150400.37.26.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * qemu-block-rbd-debuginfo-6.2.0-150400.37.26.1 * qemu-block-rbd-6.2.0-150400.37.26.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.26.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.26.1 * qemu-chardev-spice-6.2.0-150400.37.26.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.26.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-spice-core-6.2.0-150400.37.26.1 * qemu-ui-opengl-6.2.0-150400.37.26.1 * qemu-hw-usb-redirect-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.26.1 * qemu-6.2.0-150400.37.26.1 * qemu-tools-6.2.0-150400.37.26.1 * qemu-hw-display-qxl-6.2.0-150400.37.26.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.26.1 * qemu-tools-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.26.1 * qemu-debugsource-6.2.0-150400.37.26.1 * qemu-audio-spice-6.2.0-150400.37.26.1 * qemu-guest-agent-6.2.0-150400.37.26.1 * qemu-debuginfo-6.2.0-150400.37.26.1 * openSUSE Leap Micro 5.3 (x86_64) * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.26.1 * qemu-accel-tcg-x86-6.2.0-150400.37.26.1 * qemu-x86-debuginfo-6.2.0-150400.37.26.1 * qemu-x86-6.2.0-150400.37.26.1 * openSUSE Leap Micro 5.3 (noarch) * qemu-sgabios-8-150400.37.26.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.26.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.26.1 * qemu-ipxe-1.0.0+-150400.37.26.1 * openSUSE Leap Micro 5.3 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.26.1 * qemu-arm-6.2.0-150400.37.26.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.26.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.26.1 * qemu-chardev-spice-6.2.0-150400.37.26.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.26.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.26.1 * qemu-ui-spice-core-6.2.0-150400.37.26.1 * qemu-ui-opengl-6.2.0-150400.37.26.1 * qemu-hw-usb-redirect-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.26.1 * qemu-6.2.0-150400.37.26.1 * qemu-tools-6.2.0-150400.37.26.1 * qemu-hw-display-qxl-6.2.0-150400.37.26.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.26.1 * qemu-tools-debuginfo-6.2.0-150400.37.26.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.26.1 * qemu-debugsource-6.2.0-150400.37.26.1 * qemu-audio-spice-6.2.0-150400.37.26.1 * qemu-guest-agent-6.2.0-150400.37.26.1 * qemu-debuginfo-6.2.0-150400.37.26.1 * openSUSE Leap Micro 5.4 (x86_64) * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.26.1 * qemu-accel-tcg-x86-6.2.0-150400.37.26.1 * qemu-x86-debuginfo-6.2.0-150400.37.26.1 * qemu-x86-6.2.0-150400.37.26.1 * openSUSE Leap Micro 5.4 (noarch) * qemu-sgabios-8-150400.37.26.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.26.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.26.1 * qemu-ipxe-1.0.0+-150400.37.26.1 * openSUSE Leap Micro 5.4 (s390x) * qemu-s390x-debuginfo-6.2.0-150400.37.26.1 * qemu-s390x-6.2.0-150400.37.26.1 * openSUSE Leap Micro 5.4 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.26.1 * qemu-arm-6.2.0-150400.37.26.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214367 * https://bugzilla.suse.com/show_bug.cgi?id=1216985 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 7 08:39:18 2023 From: null at suse.de (null at suse.de) Date: Thu, 07 Dec 2023 08:39:18 -0000 Subject: SUSE-RU-2023:4679-1: moderate: Recommended update for selinux-policy Message-ID: <170193835802.2129.3026682611313100459@smelt2.prg2.suse.org> # Recommended update for selinux-policy Announcement ID: SUSE-RU-2023:4679-1 Rating: moderate References: * bsc#1216747 Affected Products: * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has one fix can now be installed. ## Description: This update for selinux-policy fixes the following issues: * Trigger rebuild of the policy when pcre2 gets updated to avoid regex version mismatch errors (bsc#1216747) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4679=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4679=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4679=1 ## Package List: * openSUSE Leap Micro 5.4 (noarch) * selinux-policy-targeted-20230511+git5.54d165ea-150400.4.21.1 * selinux-policy-devel-20230511+git5.54d165ea-150400.4.21.1 * selinux-policy-20230511+git5.54d165ea-150400.4.21.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * selinux-policy-targeted-20230511+git5.54d165ea-150400.4.21.1 * selinux-policy-devel-20230511+git5.54d165ea-150400.4.21.1 * selinux-policy-20230511+git5.54d165ea-150400.4.21.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * selinux-policy-targeted-20230511+git5.54d165ea-150400.4.21.1 * selinux-policy-devel-20230511+git5.54d165ea-150400.4.21.1 * selinux-policy-20230511+git5.54d165ea-150400.4.21.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216747 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 7 12:30:02 2023 From: null at suse.de (null at suse.de) Date: Thu, 07 Dec 2023 12:30:02 -0000 Subject: SUSE-SU-2023:4690-1: moderate: Security update for poppler Message-ID: <170195220239.26027.14166225444327772887@smelt2.prg2.suse.org> # Security update for poppler Announcement ID: SUSE-SU-2023:4690-1 Rating: moderate References: * bsc#1120956 Cross-References: * CVE-2018-20662 CVSS scores: * CVE-2018-20662 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-20662 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-20662 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2018-20662: PDFDoc setup in PDFDoc.cc allows attackers to cause DOS because of a wrong return value from PDFDoc:setup (bsc#1120956). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4690=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpoppler73-debuginfo-0.62.0-150000.4.34.1 * libpoppler73-0.62.0-150000.4.34.1 * openSUSE Leap 15.4 (x86_64) * libpoppler73-32bit-debuginfo-0.62.0-150000.4.34.1 * libpoppler73-32bit-0.62.0-150000.4.34.1 ## References: * https://www.suse.com/security/cve/CVE-2018-20662.html * https://bugzilla.suse.com/show_bug.cgi?id=1120956 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 7 12:30:04 2023 From: null at suse.de (null at suse.de) Date: Thu, 07 Dec 2023 12:30:04 -0000 Subject: SUSE-SU-2023:4689-1: important: Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, cont Message-ID: <170195220405.26027.5760122876825876242@smelt2.prg2.suse.org> # Security update for cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont Announcement ID: SUSE-SU-2023:4689-1 Rating: important References: Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller- container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy- container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: This update rebuilds containerized-data-importer and its containers against updated GO and updated base images. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4689=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4689=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4689=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4689=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4689=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4689=1 openSUSE-SLE-15.4-2023-4689=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4689=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4689=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.23.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.23.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.23.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.23.1 * Containers Module 15-SP4 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.23.1 * openSUSE Leap 15.4 (x86_64) * containerized-data-importer-uploadproxy-debuginfo-1.51.0-150400.4.23.1 * containerized-data-importer-operator-debuginfo-1.51.0-150400.4.23.1 * containerized-data-importer-api-debuginfo-1.51.0-150400.4.23.1 * containerized-data-importer-api-1.51.0-150400.4.23.1 * containerized-data-importer-operator-1.51.0-150400.4.23.1 * containerized-data-importer-controller-1.51.0-150400.4.23.1 * containerized-data-importer-manifests-1.51.0-150400.4.23.1 * containerized-data-importer-uploadserver-1.51.0-150400.4.23.1 * containerized-data-importer-cloner-1.51.0-150400.4.23.1 * containerized-data-importer-uploadproxy-1.51.0-150400.4.23.1 * containerized-data-importer-uploadserver-debuginfo-1.51.0-150400.4.23.1 * containerized-data-importer-cloner-debuginfo-1.51.0-150400.4.23.1 * obs-service-cdi_containers_meta-1.51.0-150400.4.23.1 * containerized-data-importer-importer-1.51.0-150400.4.23.1 * containerized-data-importer-importer-debuginfo-1.51.0-150400.4.23.1 * containerized-data-importer-controller-debuginfo-1.51.0-150400.4.23.1 * openSUSE Leap Micro 5.3 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.23.1 * openSUSE Leap Micro 5.4 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.23.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 7 12:30:07 2023 From: null at suse.de (null at suse.de) Date: Thu, 07 Dec 2023 12:30:07 -0000 Subject: SUSE-RU-2023:4687-1: moderate: Recommended update for qt6-base Message-ID: <170195220794.26027.3635651500106607933@smelt2.prg2.suse.org> # Recommended update for qt6-base Announcement ID: SUSE-RU-2023:4687-1 Rating: moderate References: * bsc#1215178 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that has one fix can now be installed. ## Description: This update for qt6-base fixes the following issues: * Regression introduced by a patch that makes qt-creator6 hang in an infinite loop (bsc#1215178) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4687=1 openSUSE-SLE-15.4-2023-4687=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4687=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * qt6-networkinformation-nm-debuginfo-6.2.2-150400.4.9.1 * qt6-opengl-devel-6.2.2-150400.4.9.1 * libQt6Test6-6.2.2-150400.4.9.1 * qt6-platformsupport-private-devel-6.2.2-150400.4.9.1 * qt6-test-private-devel-6.2.2-150400.4.9.1 * qt6-base-common-devel-6.2.2-150400.4.9.1 * qt6-base-docs-qch-6.2.2-150400.4.9.1 * qt6-kmssupport-private-devel-6.2.2-150400.4.9.1 * qt6-network-private-devel-6.2.2-150400.4.9.1 * libQt6PrintSupport6-6.2.2-150400.4.9.1 * qt6-platformsupport-devel-static-6.2.2-150400.4.9.1 * qt6-platformtheme-gtk3-6.2.2-150400.4.9.1 * libQt6Widgets6-debuginfo-6.2.2-150400.4.9.1 * libQt6Xml6-6.2.2-150400.4.9.1 * qt6-base-docs-html-6.2.2-150400.4.9.1 * qt6-network-devel-6.2.2-150400.4.9.1 * libQt6Core6-debuginfo-6.2.2-150400.4.9.1 * libQt6Network6-6.2.2-150400.4.9.1 * qt6-base-debuginfo-6.2.2-150400.4.9.1 * qt6-base-examples-6.2.2-150400.4.9.1 * qt6-sql-postgresql-6.2.2-150400.4.9.1 * qt6-xml-private-devel-6.2.2-150400.4.9.1 * qt6-printsupport-devel-6.2.2-150400.4.9.1 * qt6-platformtheme-xdgdesktopportal-6.2.2-150400.4.9.1 * qt6-platformtheme-xdgdesktopportal-debuginfo-6.2.2-150400.4.9.1 * libQt6DBus6-debuginfo-6.2.2-150400.4.9.1 * qt6-sql-devel-6.2.2-150400.4.9.1 * qt6-gui-devel-6.2.2-150400.4.9.1 * libQt6DBus6-6.2.2-150400.4.9.1 * qt6-core-private-devel-6.2.2-150400.4.9.1 * qt6-kmssupport-devel-static-6.2.2-150400.4.9.1 * qt6-printsupport-cups-debuginfo-6.2.2-150400.4.9.1 * qt6-sql-private-devel-6.2.2-150400.4.9.1 * qt6-sql-sqlite-debuginfo-6.2.2-150400.4.9.1 * libQt6Gui6-debuginfo-6.2.2-150400.4.9.1 * libQt6Concurrent6-debuginfo-6.2.2-150400.4.9.1 * qt6-sql-postgresql-debuginfo-6.2.2-150400.4.9.1 * libQt6OpenGLWidgets6-debuginfo-6.2.2-150400.4.9.1 * libQt6Concurrent6-6.2.2-150400.4.9.1 * qt6-platformtheme-gtk3-debuginfo-6.2.2-150400.4.9.1 * libQt6PrintSupport6-debuginfo-6.2.2-150400.4.9.1 * qt6-opengl-private-devel-6.2.2-150400.4.9.1 * qt6-sql-mysql-6.2.2-150400.4.9.1 * libQt6Gui6-6.2.2-150400.4.9.1 * qt6-network-tls-6.2.2-150400.4.9.1 * qt6-networkinformation-nm-6.2.2-150400.4.9.1 * qt6-dbus-private-devel-6.2.2-150400.4.9.1 * qt6-xml-devel-6.2.2-150400.4.9.1 * qt6-base-debugsource-6.2.2-150400.4.9.1 * qt6-network-tls-debuginfo-6.2.2-150400.4.9.1 * libQt6OpenGLWidgets6-6.2.2-150400.4.9.1 * qt6-core-devel-6.2.2-150400.4.9.1 * qt6-openglwidgets-devel-6.2.2-150400.4.9.1 * qt6-sql-sqlite-6.2.2-150400.4.9.1 * libQt6Sql6-6.2.2-150400.4.9.1 * libQt6OpenGL6-6.2.2-150400.4.9.1 * qt6-base-examples-debuginfo-6.2.2-150400.4.9.1 * qt6-test-devel-6.2.2-150400.4.9.1 * qt6-printsupport-cups-6.2.2-150400.4.9.1 * qt6-sql-unixODBC-6.2.2-150400.4.9.1 * qt6-widgets-devel-6.2.2-150400.4.9.1 * libQt6Network6-debuginfo-6.2.2-150400.4.9.1 * libQt6Test6-debuginfo-6.2.2-150400.4.9.1 * libQt6OpenGL6-debuginfo-6.2.2-150400.4.9.1 * libQt6Xml6-debuginfo-6.2.2-150400.4.9.1 * qt6-widgets-private-devel-6.2.2-150400.4.9.1 * qt6-dbus-devel-6.2.2-150400.4.9.1 * qt6-sql-mysql-debuginfo-6.2.2-150400.4.9.1 * libQt6Widgets6-6.2.2-150400.4.9.1 * libQt6Core6-6.2.2-150400.4.9.1 * qt6-gui-private-devel-6.2.2-150400.4.9.1 * qt6-concurrent-devel-6.2.2-150400.4.9.1 * libQt6Sql6-debuginfo-6.2.2-150400.4.9.1 * qt6-printsupport-private-devel-6.2.2-150400.4.9.1 * qt6-base-common-devel-debuginfo-6.2.2-150400.4.9.1 * qt6-sql-unixODBC-debuginfo-6.2.2-150400.4.9.1 * openSUSE Leap 15.4 (noarch) * qt6-docs-common-6.2.2-150400.4.9.1 * qt6-base-private-devel-6.2.2-150400.4.9.1 * qt6-base-devel-6.2.2-150400.4.9.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * qt6-opengl-devel-6.2.2-150400.4.9.1 * libQt6Test6-6.2.2-150400.4.9.1 * qt6-base-common-devel-6.2.2-150400.4.9.1 * qt6-kmssupport-private-devel-6.2.2-150400.4.9.1 * libQt6PrintSupport6-6.2.2-150400.4.9.1 * qt6-platformsupport-devel-static-6.2.2-150400.4.9.1 * libQt6Widgets6-debuginfo-6.2.2-150400.4.9.1 * libQt6Xml6-6.2.2-150400.4.9.1 * qt6-network-devel-6.2.2-150400.4.9.1 * libQt6Core6-debuginfo-6.2.2-150400.4.9.1 * libQt6Network6-6.2.2-150400.4.9.1 * qt6-base-debuginfo-6.2.2-150400.4.9.1 * qt6-printsupport-devel-6.2.2-150400.4.9.1 * qt6-sql-devel-6.2.2-150400.4.9.1 * libQt6DBus6-debuginfo-6.2.2-150400.4.9.1 * qt6-gui-devel-6.2.2-150400.4.9.1 * libQt6DBus6-6.2.2-150400.4.9.1 * qt6-core-private-devel-6.2.2-150400.4.9.1 * qt6-kmssupport-devel-static-6.2.2-150400.4.9.1 * qt6-sql-sqlite-debuginfo-6.2.2-150400.4.9.1 * libQt6Gui6-debuginfo-6.2.2-150400.4.9.1 * libQt6Concurrent6-debuginfo-6.2.2-150400.4.9.1 * libQt6OpenGLWidgets6-debuginfo-6.2.2-150400.4.9.1 * libQt6Concurrent6-6.2.2-150400.4.9.1 * libQt6PrintSupport6-debuginfo-6.2.2-150400.4.9.1 * qt6-opengl-private-devel-6.2.2-150400.4.9.1 * libQt6Gui6-6.2.2-150400.4.9.1 * qt6-network-tls-6.2.2-150400.4.9.1 * qt6-xml-devel-6.2.2-150400.4.9.1 * qt6-base-debugsource-6.2.2-150400.4.9.1 * qt6-network-tls-debuginfo-6.2.2-150400.4.9.1 * libQt6OpenGLWidgets6-6.2.2-150400.4.9.1 * qt6-core-devel-6.2.2-150400.4.9.1 * qt6-openglwidgets-devel-6.2.2-150400.4.9.1 * qt6-sql-sqlite-6.2.2-150400.4.9.1 * libQt6Sql6-6.2.2-150400.4.9.1 * libQt6OpenGL6-6.2.2-150400.4.9.1 * qt6-test-devel-6.2.2-150400.4.9.1 * qt6-widgets-devel-6.2.2-150400.4.9.1 * libQt6Network6-debuginfo-6.2.2-150400.4.9.1 * libQt6Test6-debuginfo-6.2.2-150400.4.9.1 * libQt6OpenGL6-debuginfo-6.2.2-150400.4.9.1 * libQt6Xml6-debuginfo-6.2.2-150400.4.9.1 * qt6-widgets-private-devel-6.2.2-150400.4.9.1 * qt6-dbus-devel-6.2.2-150400.4.9.1 * libQt6Widgets6-6.2.2-150400.4.9.1 * libQt6Core6-6.2.2-150400.4.9.1 * qt6-gui-private-devel-6.2.2-150400.4.9.1 * qt6-concurrent-devel-6.2.2-150400.4.9.1 * libQt6Sql6-debuginfo-6.2.2-150400.4.9.1 * qt6-base-common-devel-debuginfo-6.2.2-150400.4.9.1 * SUSE Package Hub 15 15-SP4 (noarch) * qt6-base-devel-6.2.2-150400.4.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215178 -------------- next part -------------- An HTML attachment was scrubbed... URL: From meissner at suse.de Thu Dec 7 13:40:12 2023 From: meissner at suse.de (meissner at suse.de) Date: Thu, 7 Dec 2023 14:40:12 +0100 (CET) Subject: SUSE-CU-2023:4033-1: Security update of bci/php-apache Message-ID: <20231207134012.791D6FDD0@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4033-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-8.44 Container Release : 8.44 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - system-user-wwwrun-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-36.5.61 updated From meissner at suse.de Thu Dec 7 13:40:27 2023 From: meissner at suse.de (meissner at suse.de) Date: Thu, 7 Dec 2023 14:40:27 +0100 (CET) Subject: SUSE-CU-2023:4034-1: Security update of bci/php Message-ID: <20231207134027.EF7ADFDD0@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4034-1 Container Tags : bci/php:8 , bci/php:8-8.43 Container Release : 8.43 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - system-user-wwwrun-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-36.5.61 updated From meissner at suse.de Thu Dec 7 13:40:44 2023 From: meissner at suse.de (meissner at suse.de) Date: Thu, 7 Dec 2023 14:40:44 +0100 (CET) Subject: SUSE-CU-2023:4035-1: Security update of suse/postgres Message-ID: <20231207134044.3D8D8FDD6@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4035-1 Container Tags : suse/postgres:15 , suse/postgres:15-13.4 , suse/postgres:15.5 , suse/postgres:15.5-13.4 Container Release : 13.4 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-36.5.61 updated From meissner at suse.de Thu Dec 7 13:39:55 2023 From: meissner at suse.de (meissner at suse.de) Date: Thu, 7 Dec 2023 14:39:55 +0100 (CET) Subject: SUSE-CU-2023:4032-1: Security update of suse/pcp Message-ID: <20231207133955.B2730FDCC@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4032-1 Container Tags : suse/pcp:5 , suse/pcp:5-15.83 , suse/pcp:5.2 , suse/pcp:5.2-15.83 , suse/pcp:5.2.5 , suse/pcp:5.2.5-15.83 , suse/pcp:latest Container Release : 15.83 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - libdevmapper1_03-2.03.22_1.02.196-150500.7.9.1 updated - container:bci-bci-init-15.5-15.5-10.47 updated From meissner at suse.de Thu Dec 7 13:38:58 2023 From: meissner at suse.de (meissner at suse.de) Date: Thu, 7 Dec 2023 14:38:58 +0100 (CET) Subject: SUSE-CU-2023:4029-1: Security update of bci/nodejs Message-ID: <20231207133858.9565AFD95@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4029-1 Container Tags : bci/node:20 , bci/node:20-2.14 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-2.14 , bci/nodejs:latest Container Release : 2.14 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - system-user-nobody-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-36.5.61 updated From meissner at suse.de Fri Dec 8 08:04:48 2023 From: meissner at suse.de (meissner at suse.de) Date: Fri, 8 Dec 2023 09:04:48 +0100 (CET) Subject: SUSE-CU-2023:4043-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20231208080448.E1881F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4043-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.168 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.168 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - groff-1.22.4-150400.5.2.1 updated - libcurl4-8.0.1-150400.5.36.1 updated - libpipeline1-1.4.1-150000.3.2.1 updated - man-2.7.6-150100.8.5.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - system-group-wheel-20170617-150400.24.2.1 updated - system-user-man-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-27.14.125 updated From meissner at suse.de Fri Dec 8 08:07:02 2023 From: meissner at suse.de (meissner at suse.de) Date: Fri, 8 Dec 2023 09:07:02 +0100 (CET) Subject: SUSE-CU-2023:4044-1: Security update of suse/sles12sp5 Message-ID: <20231208080702.90171F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4044-1 Container Tags : suse/sles12sp5:6.5.541 , suse/sles12sp5:latest Container Release : 6.5.541 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4653-1 Released: Wed Dec 6 11:34:32 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). The following package changes have been done: - libcurl4-8.0.1-11.80.1 updated From meissner at suse.de Fri Dec 8 08:09:15 2023 From: meissner at suse.de (meissner at suse.de) Date: Fri, 8 Dec 2023 09:09:15 +0100 (CET) Subject: SUSE-CU-2023:4039-1: Security update of suse/rmt-server Message-ID: <20231208080915.2E17BF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4039-1 Container Tags : suse/rmt-server:2.14 , suse/rmt-server:2.14-11.44 , suse/rmt-server:latest Container Release : 11.44 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-36.5.61 updated From meissner at suse.de Fri Dec 8 08:10:00 2023 From: meissner at suse.de (meissner at suse.de) Date: Fri, 8 Dec 2023 09:10:00 +0100 (CET) Subject: SUSE-CU-2023:4047-1: Security update of bci/rust Message-ID: <20231208081000.0F4CAF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4047-1 Container Tags : bci/rust:1.73 , bci/rust:1.73-2.2.4 , bci/rust:oldstable , bci/rust:oldstable-2.2.4 Container Release : 2.4 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-36.5.61 updated From meissner at suse.de Fri Dec 8 08:11:48 2023 From: meissner at suse.de (meissner at suse.de) Date: Fri, 8 Dec 2023 09:11:48 +0100 (CET) Subject: SUSE-CU-2023:4054-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20231208081148.50B23F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4054-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.506 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.506 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libpipeline1-1.4.1-150000.3.2.1 updated - man-2.7.6-150100.8.5.1 updated - container:sles15-image-15.0.0-17.20.221 updated From meissner at suse.de Fri Dec 8 08:12:24 2023 From: meissner at suse.de (meissner at suse.de) Date: Fri, 8 Dec 2023 09:12:24 +0100 (CET) Subject: SUSE-CU-2023:4055-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20231208081224.F0EF3F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4055-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.328 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.328 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libpipeline1-1.4.1-150000.3.2.1 updated - man-2.7.6-150100.8.5.1 updated - container:sles15-image-15.0.0-17.20.221 updated From null at suse.de Fri Dec 8 08:30:22 2023 From: null at suse.de (null at suse.de) Date: Fri, 08 Dec 2023 08:30:22 -0000 Subject: SUSE-RU-2023:4694-1: moderate: Recommended update for crmsh Message-ID: <170202422255.9665.6009113633487510668@smelt2.prg2.suse.org> # Recommended update for crmsh Announcement ID: SUSE-RU-2023:4694-1 Rating: moderate References: * bsc#1217094 * bsc#1217279 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two fixes can now be installed. ## Description: This update for crmsh fixes the following issues: * Fixed the owner and permission issues (bsc#1217279) * Fixed issue starting cluster when target host is localhost (bsc#1217094) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4694=1 openSUSE-SLE-15.5-2023-4694=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-4694=1 ## Package List: * openSUSE Leap 15.5 (noarch) * crmsh-4.5.0+20231128.4c7bd70-150500.3.16.1 * crmsh-test-4.5.0+20231128.4c7bd70-150500.3.16.1 * crmsh-scripts-4.5.0+20231128.4c7bd70-150500.3.16.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (noarch) * crmsh-4.5.0+20231128.4c7bd70-150500.3.16.1 * crmsh-scripts-4.5.0+20231128.4c7bd70-150500.3.16.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1217094 * https://bugzilla.suse.com/show_bug.cgi?id=1217279 -------------- next part -------------- An HTML attachment was scrubbed... URL: From meissner at suse.de Sat Dec 9 08:03:18 2023 From: meissner at suse.de (meissner at suse.de) Date: Sat, 9 Dec 2023 09:03:18 +0100 (CET) Subject: SUSE-CU-2023:4058-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20231209080318.90CACF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4058-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.20 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.20 Container Release : 9.40.20 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - curl-8.0.1-150400.5.36.1 updated From meissner at suse.de Sat Dec 9 08:03:32 2023 From: meissner at suse.de (meissner at suse.de) Date: Sat, 9 Dec 2023 09:03:32 +0100 (CET) Subject: SUSE-CU-2023:4060-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20231209080332.5E5E8F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4060-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.9 , suse/manager/4.3/proxy-tftpd:4.3.9.9.30.19 , suse/manager/4.3/proxy-tftpd:latest , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9 , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9.9.30.19 Container Release : 9.30.19 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated From meissner at suse.de Sun Dec 10 08:02:20 2023 From: meissner at suse.de (meissner at suse.de) Date: Sun, 10 Dec 2023 09:02:20 +0100 (CET) Subject: SUSE-CU-2023:4061-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20231210080220.4788BFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4061-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.9 , suse/manager/4.3/proxy-squid:4.3.9.9.39.19 , suse/manager/4.3/proxy-squid:latest , suse/manager/4.3/proxy-squid:susemanager-4.3.9 , suse/manager/4.3/proxy-squid:susemanager-4.3.9.9.39.19 Container Release : 9.39.19 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated From null at suse.de Mon Dec 11 12:33:04 2023 From: null at suse.de (null at suse.de) Date: Mon, 11 Dec 2023 12:33:04 -0000 Subject: SUSE-RU-2023:4711-1: moderate: Recommended update for wireless-regdb Message-ID: <170229798497.2959.15167863102284680373@smelt2.prg2.suse.org> # Recommended update for wireless-regdb Announcement ID: SUSE-RU-2023:4711-1 Rating: moderate References: * bsc#1029961 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for wireless-regdb fixes the following issues: * Update all regulatory rules(v.20230901) for various countries (bsc#1029961) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4711=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4711=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4711=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4711=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4711=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4711=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4711=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4711=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4711=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4711=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4711=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4711=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4711=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4711=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4711=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4711=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4711=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4711=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4711=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (noarch) * wireless-regdb-20230901-150000.3.17.1 * openSUSE Leap 15.5 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * wireless-regdb-20230901-150000.3.17.1 * Basesystem Module 15-SP4 (noarch) * wireless-regdb-20230901-150000.3.17.1 * Basesystem Module 15-SP5 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Manager Proxy 4.2 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Manager Server 4.2 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Enterprise Storage 7.1 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE CaaS Platform 4.0 (noarch) * wireless-regdb-20230901-150000.3.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1029961 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Dec 11 16:30:02 2023 From: null at suse.de (null at suse.de) Date: Mon, 11 Dec 2023 16:30:02 -0000 Subject: SUSE-SU-2023:4715-1: important: Security update for xerces-c Message-ID: <170231220236.27597.6424430417374026156@smelt2.prg2.suse.org> # Security update for xerces-c Announcement ID: SUSE-SU-2023:4715-1 Rating: important References: * bsc#1216156 Cross-References: * CVE-2023-37536 CVSS scores: * CVE-2023-37536 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H * CVE-2023-37536 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for xerces-c fixes the following issues: * CVE-2023-37536: Fixed an integer overflow that could have led to a out-of- bounds memory accesses (bsc#1216156). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4715=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4715=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4715=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4715=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4715=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4715=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4715=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4715=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4715=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libxerces-c-3_1-debuginfo-3.1.4-150200.10.8.2 * xerces-c-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-devel-3.1.4-150200.10.8.2 * libxerces-c-3_1-3.1.4-150200.10.8.2 * xerces-c-debugsource-3.1.4-150200.10.8.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libxerces-c-3_1-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-3_1-3.1.4-150200.10.8.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libxerces-c-3_1-32bit-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-3_1-32bit-3.1.4-150200.10.8.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libxerces-c-3_1-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-3_1-3.1.4-150200.10.8.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libxerces-c-3_1-32bit-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-3_1-32bit-3.1.4-150200.10.8.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libxerces-c-3_1-debuginfo-3.1.4-150200.10.8.2 * xerces-c-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-devel-3.1.4-150200.10.8.2 * libxerces-c-3_1-3.1.4-150200.10.8.2 * xerces-c-debugsource-3.1.4-150200.10.8.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libxerces-c-3_1-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-3_1-3.1.4-150200.10.8.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libxerces-c-3_1-32bit-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-3_1-32bit-3.1.4-150200.10.8.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libxerces-c-3_1-debuginfo-3.1.4-150200.10.8.2 * xerces-c-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-devel-3.1.4-150200.10.8.2 * libxerces-c-3_1-3.1.4-150200.10.8.2 * xerces-c-debugsource-3.1.4-150200.10.8.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libxerces-c-3_1-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-3_1-3.1.4-150200.10.8.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libxerces-c-3_1-32bit-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-3_1-32bit-3.1.4-150200.10.8.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libxerces-c-3_1-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-3_1-3.1.4-150200.10.8.2 * SUSE Enterprise Storage 7.1 (x86_64) * libxerces-c-3_1-32bit-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-3_1-32bit-3.1.4-150200.10.8.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libxerces-c-3_1-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-3_1-3.1.4-150200.10.8.2 * openSUSE Leap 15.4 (x86_64) * libxerces-c-3_1-32bit-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-3_1-32bit-3.1.4-150200.10.8.2 ## References: * https://www.suse.com/security/cve/CVE-2023-37536.html * https://bugzilla.suse.com/show_bug.cgi?id=1216156 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Dec 11 16:39:09 2023 From: null at suse.de (null at suse.de) Date: Mon, 11 Dec 2023 16:39:09 -0000 Subject: SUSE-SU-2023:4715-1: important: Security update for xerces-c Message-ID: <170231274949.28553.12786550255242682992@smelt2.prg2.suse.org> # Security update for xerces-c Announcement ID: SUSE-SU-2023:4715-1 Rating: important References: * bsc#1216156 Cross-References: * CVE-2023-37536 CVSS scores: * CVE-2023-37536 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H * CVE-2023-37536 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for xerces-c fixes the following issues: * CVE-2023-37536: Fixed an integer overflow that could have led to a out-of- bounds memory accesses (bsc#1216156). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4715=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4715=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4715=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4715=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4715=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4715=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4715=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4715=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4715=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libxerces-c-3_1-debuginfo-3.1.4-150200.10.8.2 * xerces-c-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-devel-3.1.4-150200.10.8.2 * libxerces-c-3_1-3.1.4-150200.10.8.2 * xerces-c-debugsource-3.1.4-150200.10.8.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libxerces-c-3_1-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-3_1-3.1.4-150200.10.8.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libxerces-c-3_1-32bit-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-3_1-32bit-3.1.4-150200.10.8.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libxerces-c-3_1-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-3_1-3.1.4-150200.10.8.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libxerces-c-3_1-32bit-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-3_1-32bit-3.1.4-150200.10.8.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libxerces-c-3_1-debuginfo-3.1.4-150200.10.8.2 * xerces-c-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-devel-3.1.4-150200.10.8.2 * libxerces-c-3_1-3.1.4-150200.10.8.2 * xerces-c-debugsource-3.1.4-150200.10.8.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libxerces-c-3_1-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-3_1-3.1.4-150200.10.8.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libxerces-c-3_1-32bit-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-3_1-32bit-3.1.4-150200.10.8.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libxerces-c-3_1-debuginfo-3.1.4-150200.10.8.2 * xerces-c-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-devel-3.1.4-150200.10.8.2 * libxerces-c-3_1-3.1.4-150200.10.8.2 * xerces-c-debugsource-3.1.4-150200.10.8.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libxerces-c-3_1-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-3_1-3.1.4-150200.10.8.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libxerces-c-3_1-32bit-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-3_1-32bit-3.1.4-150200.10.8.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libxerces-c-3_1-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-3_1-3.1.4-150200.10.8.2 * SUSE Enterprise Storage 7.1 (x86_64) * libxerces-c-3_1-32bit-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-3_1-32bit-3.1.4-150200.10.8.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libxerces-c-3_1-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-3_1-3.1.4-150200.10.8.2 * openSUSE Leap 15.4 (x86_64) * libxerces-c-3_1-32bit-debuginfo-3.1.4-150200.10.8.2 * libxerces-c-3_1-32bit-3.1.4-150200.10.8.2 ## References: * https://www.suse.com/security/cve/CVE-2023-37536.html * https://bugzilla.suse.com/show_bug.cgi?id=1216156 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Dec 11 20:36:15 2023 From: null at suse.de (null at suse.de) Date: Mon, 11 Dec 2023 20:36:15 -0000 Subject: SUSE-RU-2023:4711-1: moderate: Recommended update for wireless-regdb Message-ID: <170232697549.16329.2292102540944060612@smelt2.prg2.suse.org> # Recommended update for wireless-regdb Announcement ID: SUSE-RU-2023:4711-1 Rating: moderate References: * bsc#1029961 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for wireless-regdb fixes the following issues: * Update all regulatory rules(v.20230901) for various countries (bsc#1029961) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4711=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4711=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4711=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4711=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4711=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4711=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4711=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4711=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4711=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4711=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4711=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4711=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4711=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4711=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4711=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4711=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4711=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4711=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4711=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (noarch) * wireless-regdb-20230901-150000.3.17.1 * openSUSE Leap 15.5 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * wireless-regdb-20230901-150000.3.17.1 * Basesystem Module 15-SP4 (noarch) * wireless-regdb-20230901-150000.3.17.1 * Basesystem Module 15-SP5 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Manager Proxy 4.2 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Manager Server 4.2 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE Enterprise Storage 7.1 (noarch) * wireless-regdb-20230901-150000.3.17.1 * SUSE CaaS Platform 4.0 (noarch) * wireless-regdb-20230901-150000.3.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1029961 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Dec 11 20:36:31 2023 From: null at suse.de (null at suse.de) Date: Mon, 11 Dec 2023 20:36:31 -0000 Subject: SUSE-RU-2023:4704-1: moderate: Recommended update for dracut Message-ID: <170232699145.16329.2107493933800892060@smelt2.prg2.suse.org> # Recommended update for dracut Announcement ID: SUSE-RU-2023:4704-1 Rating: moderate References: * bsc#1192986 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that has one fix can now be installed. ## Description: This update for dracut fixes the following issues: * Update to version 049.1+suse.257.gf94c3fd1 * Fix network device naming in udev-rules (bsc#1192986) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4704=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4704=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4704=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4704=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4704=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4704=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4704=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4704=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4704=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4704=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4704=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * dracut-debuginfo-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-fips-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-debugsource-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-ima-049.1+suse.257.gf94c3fd1-150200.3.75.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * dracut-debuginfo-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-fips-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-debugsource-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-ima-049.1+suse.257.gf94c3fd1-150200.3.75.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * dracut-debuginfo-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-fips-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-debugsource-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-ima-049.1+suse.257.gf94c3fd1-150200.3.75.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * dracut-debuginfo-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-fips-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-debugsource-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-ima-049.1+suse.257.gf94c3fd1-150200.3.75.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * dracut-debuginfo-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-fips-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-debugsource-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-ima-049.1+suse.257.gf94c3fd1-150200.3.75.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * dracut-debuginfo-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-fips-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-debugsource-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-ima-049.1+suse.257.gf94c3fd1-150200.3.75.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * dracut-debuginfo-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-fips-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-debugsource-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-ima-049.1+suse.257.gf94c3fd1-150200.3.75.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * dracut-debuginfo-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-fips-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-debugsource-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-ima-049.1+suse.257.gf94c3fd1-150200.3.75.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * dracut-debuginfo-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-fips-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-debugsource-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-049.1+suse.257.gf94c3fd1-150200.3.75.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * dracut-debuginfo-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-fips-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-debugsource-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-049.1+suse.257.gf94c3fd1-150200.3.75.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * dracut-debuginfo-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-fips-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-debugsource-049.1+suse.257.gf94c3fd1-150200.3.75.1 * dracut-049.1+suse.257.gf94c3fd1-150200.3.75.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1192986 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Dec 11 20:36:33 2023 From: null at suse.de (null at suse.de) Date: Mon, 11 Dec 2023 20:36:33 -0000 Subject: SUSE-RU-2023:4703-1: moderate: Recommended update for dracut Message-ID: <170232699324.16329.13244766714564644275@smelt2.prg2.suse.org> # Recommended update for dracut Announcement ID: SUSE-RU-2023:4703-1 Rating: moderate References: * bsc#1192986 * bsc#1217031 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two fixes can now be installed. ## Description: This update for dracut fixes the following issues: * Update to version 055+suse.375.g1167ed75 * Fix network device naming in udev-rules (bsc#1192986) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4703=1 openSUSE-SLE-15.5-2023-4703=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4703=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4703=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * dracut-debugsource-055+suse.375.g1167ed75-150500.3.15.1 * dracut-extra-055+suse.375.g1167ed75-150500.3.15.1 * dracut-tools-055+suse.375.g1167ed75-150500.3.15.1 * dracut-mkinitrd-deprecated-055+suse.375.g1167ed75-150500.3.15.1 * dracut-debuginfo-055+suse.375.g1167ed75-150500.3.15.1 * dracut-055+suse.375.g1167ed75-150500.3.15.1 * dracut-ima-055+suse.375.g1167ed75-150500.3.15.1 * dracut-fips-055+suse.375.g1167ed75-150500.3.15.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * dracut-debuginfo-055+suse.375.g1167ed75-150500.3.15.1 * dracut-055+suse.375.g1167ed75-150500.3.15.1 * dracut-fips-055+suse.375.g1167ed75-150500.3.15.1 * dracut-debugsource-055+suse.375.g1167ed75-150500.3.15.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * dracut-debugsource-055+suse.375.g1167ed75-150500.3.15.1 * dracut-mkinitrd-deprecated-055+suse.375.g1167ed75-150500.3.15.1 * dracut-debuginfo-055+suse.375.g1167ed75-150500.3.15.1 * dracut-055+suse.375.g1167ed75-150500.3.15.1 * dracut-ima-055+suse.375.g1167ed75-150500.3.15.1 * dracut-fips-055+suse.375.g1167ed75-150500.3.15.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1192986 * https://bugzilla.suse.com/show_bug.cgi?id=1217031 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Dec 12 08:30:03 2023 From: null at suse.de (null at suse.de) Date: Tue, 12 Dec 2023 08:30:03 -0000 Subject: SUSE-RU-2023:4722-1: moderate: Recommended update for scap-security-guide Message-ID: <170236980314.14201.11097135765111802990@smelt2.prg2.suse.org> # Recommended update for scap-security-guide Announcement ID: SUSE-RU-2023:4722-1 Rating: moderate References: * bsc#1217832 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for scap-security-guide fixes the following issues: * switch buggy journald plugindir remediation to write into journald.conf (bsc#1217832) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4722=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4722=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4722=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4722=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2023-4722=1 ## Package List: * Basesystem Module 15-SP4 (noarch) * scap-security-guide-0.1.70-150000.1.72.1 * scap-security-guide-debian-0.1.70-150000.1.72.1 * scap-security-guide-redhat-0.1.70-150000.1.72.1 * scap-security-guide-ubuntu-0.1.70-150000.1.72.1 * Basesystem Module 15-SP5 (noarch) * scap-security-guide-0.1.70-150000.1.72.1 * scap-security-guide-debian-0.1.70-150000.1.72.1 * scap-security-guide-redhat-0.1.70-150000.1.72.1 * scap-security-guide-ubuntu-0.1.70-150000.1.72.1 * openSUSE Leap 15.4 (noarch) * scap-security-guide-0.1.70-150000.1.72.1 * scap-security-guide-debian-0.1.70-150000.1.72.1 * scap-security-guide-redhat-0.1.70-150000.1.72.1 * scap-security-guide-ubuntu-0.1.70-150000.1.72.1 * openSUSE Leap 15.5 (noarch) * scap-security-guide-0.1.70-150000.1.72.1 * scap-security-guide-debian-0.1.70-150000.1.72.1 * scap-security-guide-redhat-0.1.70-150000.1.72.1 * scap-security-guide-ubuntu-0.1.70-150000.1.72.1 * SUSE Manager Client Tools for SLE Micro 5 (noarch) * scap-security-guide-0.1.70-150000.1.72.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1217832 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Dec 12 08:30:11 2023 From: null at suse.de (null at suse.de) Date: Tue, 12 Dec 2023 08:30:11 -0000 Subject: SUSE-RU-2023:4719-1: moderate: Recommended update for pacemaker Message-ID: <170236981106.14201.13641161900622311428@smelt2.prg2.suse.org> # Recommended update for pacemaker Announcement ID: SUSE-RU-2023:4719-1 Rating: moderate References: * bsc#1215446 Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has one fix can now be installed. ## Description: This update for pacemaker fixes the following issues: * attrd: don't start a new election when receiving a client update (bsc#1215446) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4719=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-4719=1 * SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-4719=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * pacemaker-cts-debuginfo-1.1.24+20210811.f5abda0ee-3.36.1 * libpacemaker-devel-1.1.24+20210811.f5abda0ee-3.36.1 * pacemaker-debuginfo-1.1.24+20210811.f5abda0ee-3.36.1 * pacemaker-cts-1.1.24+20210811.f5abda0ee-3.36.1 * pacemaker-debugsource-1.1.24+20210811.f5abda0ee-3.36.1 * libpacemaker3-1.1.24+20210811.f5abda0ee-3.36.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * pacemaker-cts-debuginfo-1.1.24+20210811.f5abda0ee-3.36.1 * pacemaker-cli-1.1.24+20210811.f5abda0ee-3.36.1 * pacemaker-debuginfo-1.1.24+20210811.f5abda0ee-3.36.1 * pacemaker-remote-debuginfo-1.1.24+20210811.f5abda0ee-3.36.1 * pacemaker-cts-1.1.24+20210811.f5abda0ee-3.36.1 * pacemaker-debugsource-1.1.24+20210811.f5abda0ee-3.36.1 * libpacemaker3-1.1.24+20210811.f5abda0ee-3.36.1 * pacemaker-remote-1.1.24+20210811.f5abda0ee-3.36.1 * libpacemaker3-debuginfo-1.1.24+20210811.f5abda0ee-3.36.1 * pacemaker-1.1.24+20210811.f5abda0ee-3.36.1 * pacemaker-cli-debuginfo-1.1.24+20210811.f5abda0ee-3.36.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64) * pacemaker-cts-debuginfo-1.1.24+20210811.f5abda0ee-3.36.1 * pacemaker-cli-1.1.24+20210811.f5abda0ee-3.36.1 * pacemaker-debuginfo-1.1.24+20210811.f5abda0ee-3.36.1 * pacemaker-remote-debuginfo-1.1.24+20210811.f5abda0ee-3.36.1 * pacemaker-cts-1.1.24+20210811.f5abda0ee-3.36.1 * pacemaker-debugsource-1.1.24+20210811.f5abda0ee-3.36.1 * libpacemaker3-1.1.24+20210811.f5abda0ee-3.36.1 * pacemaker-remote-1.1.24+20210811.f5abda0ee-3.36.1 * libpacemaker3-debuginfo-1.1.24+20210811.f5abda0ee-3.36.1 * pacemaker-1.1.24+20210811.f5abda0ee-3.36.1 * pacemaker-cli-debuginfo-1.1.24+20210811.f5abda0ee-3.36.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215446 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Dec 12 08:30:12 2023 From: null at suse.de (null at suse.de) Date: Tue, 12 Dec 2023 08:30:12 -0000 Subject: SUSE-RU-2023:4717-1: moderate: Recommended update for libzypp Message-ID: <170236981259.14201.8900661844106513007@smelt2.prg2.suse.org> # Recommended update for libzypp Announcement ID: SUSE-RU-2023:4717-1 Rating: moderate References: * bsc#1216064 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has one fix can now be installed. ## Description: This update for libzypp fixes the following issues: * Fixed handling of unmounting media. It mitigates the mount change during a package installation, for examlple a nfs.service restart that forcefully unmounts the media being accessed (bsc#1216064) * Don't download sqlite metadata that is not needed ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4717=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4717=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4717=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4717=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libzypp-devel-doc-16.22.10-56.1 * libzypp-debuginfo-16.22.10-56.1 * libzypp-devel-16.22.10-56.1 * libzypp-debugsource-16.22.10-56.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libzypp-debugsource-16.22.10-56.1 * libzypp-debuginfo-16.22.10-56.1 * libzypp-devel-16.22.10-56.1 * libzypp-16.22.10-56.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libzypp-debugsource-16.22.10-56.1 * libzypp-debuginfo-16.22.10-56.1 * libzypp-devel-16.22.10-56.1 * libzypp-16.22.10-56.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libzypp-debugsource-16.22.10-56.1 * libzypp-debuginfo-16.22.10-56.1 * libzypp-devel-16.22.10-56.1 * libzypp-16.22.10-56.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216064 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Dec 12 12:30:03 2023 From: null at suse.de (null at suse.de) Date: Tue, 12 Dec 2023 12:30:03 -0000 Subject: SUSE-SU-2023:4727-1: important: Security update for catatonit, containerd, runc Message-ID: <170238420392.5762.7647862081799333568@smelt2.prg2.suse.org> # Security update for catatonit, containerd, runc Announcement ID: SUSE-SU-2023:4727-1 Rating: important References: * bsc#1200528 Cross-References: * CVE-2022-1996 CVSS scores: * CVE-2022-1996 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2022-1996 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2022-1996 ( NVD ): 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: * Containers Module 15-SP4 * Containers Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update of runc and containerd fixes the following issues: containerd: * Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528) catatonit: * Update to catatonit v0.2.0. * Change license to GPL-2.0-or-later. * Update to catatont v0.1.7 * This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). * Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). runc: * Update to runc v1.1.10. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.10 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4727=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4727=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4727=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4727=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4727=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4727=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4727=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4727=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4727=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4727=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4727=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4727=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4727=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4727=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4727=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4727=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4727=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4727=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4727=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4727=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4727=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4727=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4727=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4727=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4727=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * runc-1.1.10-150000.55.1 * containerd-devel-1.7.8-150000.103.1 * containerd-1.7.8-150000.103.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * runc-1.1.10-150000.55.1 * containerd-devel-1.7.8-150000.103.1 * containerd-1.7.8-150000.103.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * runc-1.1.10-150000.55.1 * containerd-devel-1.7.8-150000.103.1 * containerd-1.7.8-150000.103.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * runc-1.1.10-150000.55.1 * catatonit-0.2.0-150000.3.6.1 * catatonit-debugsource-0.2.0-150000.3.6.1 * containerd-1.7.8-150000.103.1 * catatonit-debuginfo-0.2.0-150000.3.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * runc-1.1.10-150000.55.1 * catatonit-0.2.0-150000.3.6.1 * catatonit-debugsource-0.2.0-150000.3.6.1 * containerd-1.7.8-150000.103.1 * catatonit-debuginfo-0.2.0-150000.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * runc-1.1.10-150000.55.1 * catatonit-0.2.0-150000.3.6.1 * catatonit-debugsource-0.2.0-150000.3.6.1 * containerd-1.7.8-150000.103.1 * catatonit-debuginfo-0.2.0-150000.3.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * runc-1.1.10-150000.55.1 * catatonit-0.2.0-150000.3.6.1 * catatonit-debugsource-0.2.0-150000.3.6.1 * containerd-1.7.8-150000.103.1 * catatonit-debuginfo-0.2.0-150000.3.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * runc-1.1.10-150000.55.1 * catatonit-0.2.0-150000.3.6.1 * catatonit-debugsource-0.2.0-150000.3.6.1 * containerd-1.7.8-150000.103.1 * catatonit-debuginfo-0.2.0-150000.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * runc-1.1.10-150000.55.1 * catatonit-0.2.0-150000.3.6.1 * catatonit-debugsource-0.2.0-150000.3.6.1 * containerd-1.7.8-150000.103.1 * catatonit-debuginfo-0.2.0-150000.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * SUSE CaaS Platform 4.0 (x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * runc-1.1.10-150000.55.1 * catatonit-0.2.0-150000.3.6.1 * catatonit-debugsource-0.2.0-150000.3.6.1 * containerd-1.7.8-150000.103.1 * catatonit-debuginfo-0.2.0-150000.3.6.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 ## References: * https://www.suse.com/security/cve/CVE-2022-1996.html * https://bugzilla.suse.com/show_bug.cgi?id=1200528 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Dec 12 12:30:08 2023 From: null at suse.de (null at suse.de) Date: Tue, 12 Dec 2023 12:30:08 -0000 Subject: SUSE-RU-2023:4725-1: low: Recommended update for podman Message-ID: <170238420821.5762.9719871709527095068@smelt2.prg2.suse.org> # Recommended update for podman Announcement ID: SUSE-RU-2023:4725-1 Rating: low References: * bsc#1210299 Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that has one fix can now be installed. ## Description: This update for podman fixes the following issues: * Build against latest stable Go version (bsc#1210299) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4725=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4725=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4725=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4725=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4725=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4725=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4725=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4725=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4725=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * podman-remote-debuginfo-4.4.4-150300.9.23.1 * podman-4.4.4-150300.9.23.1 * podman-debuginfo-4.4.4-150300.9.23.1 * podman-remote-4.4.4-150300.9.23.1 * openSUSE Leap 15.3 (noarch) * podman-cni-config-4.4.4-150300.9.23.1 * podman-docker-4.4.4-150300.9.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * podman-4.4.4-150300.9.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * podman-cni-config-4.4.4-150300.9.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * podman-4.4.4-150300.9.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * podman-cni-config-4.4.4-150300.9.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * podman-4.4.4-150300.9.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * podman-cni-config-4.4.4-150300.9.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * podman-4.4.4-150300.9.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * podman-cni-config-4.4.4-150300.9.23.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * podman-4.4.4-150300.9.23.1 * podman-debuginfo-4.4.4-150300.9.23.1 * SUSE Enterprise Storage 7.1 (noarch) * podman-cni-config-4.4.4-150300.9.23.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * podman-4.4.4-150300.9.23.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * podman-cni-config-4.4.4-150300.9.23.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * podman-4.4.4-150300.9.23.1 * podman-debuginfo-4.4.4-150300.9.23.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * podman-cni-config-4.4.4-150300.9.23.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * podman-4.4.4-150300.9.23.1 * podman-debuginfo-4.4.4-150300.9.23.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * podman-cni-config-4.4.4-150300.9.23.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210299 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Dec 12 12:30:10 2023 From: null at suse.de (null at suse.de) Date: Tue, 12 Dec 2023 12:30:10 -0000 Subject: SUSE-SU-2023:4724-1: important: Security update for squid Message-ID: <170238421007.5762.12734437379409824197@smelt2.prg2.suse.org> # Security update for squid Announcement ID: SUSE-SU-2023:4724-1 Rating: important References: * bsc#1217654 * bsc#1217813 * bsc#1217815 Cross-References: * CVE-2023-49285 * CVE-2023-49286 CVSS scores: * CVE-2023-49285 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2023-49285 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-49286 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2023-49286 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for squid fixes the following issues: * CVE-2023-49285: Fixed buffer over read bug on HTTP Message processing flow (bsc#1217813) * CVE-2023-49286: Fixed Denial of Service vulnerability in helper process management (bsc#1217815) * Fix X-Forwarded-For Stack Overflow (bsc#1217654) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4724=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4724=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4724=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * squid-debuginfo-4.17-4.38.1 * squid-4.17-4.38.1 * squid-debugsource-4.17-4.38.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * squid-debuginfo-4.17-4.38.1 * squid-4.17-4.38.1 * squid-debugsource-4.17-4.38.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * squid-debuginfo-4.17-4.38.1 * squid-4.17-4.38.1 * squid-debugsource-4.17-4.38.1 ## References: * https://www.suse.com/security/cve/CVE-2023-49285.html * https://www.suse.com/security/cve/CVE-2023-49286.html * https://bugzilla.suse.com/show_bug.cgi?id=1217654 * https://bugzilla.suse.com/show_bug.cgi?id=1217813 * https://bugzilla.suse.com/show_bug.cgi?id=1217815 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Dec 12 16:30:22 2023 From: null at suse.de (null at suse.de) Date: Tue, 12 Dec 2023 16:30:22 -0000 Subject: SUSE-SU-2023:4736-1: important: Security update for tiff Message-ID: <170239862248.25363.2655882833484524544@smelt2.prg2.suse.org> # Security update for tiff Announcement ID: SUSE-SU-2023:4736-1 Rating: important References: * bsc#1199483 * bsc#1210231 * bsc#1211478 * bsc#1212398 * bsc#1214680 Cross-References: * CVE-2022-1622 * CVE-2022-40090 * CVE-2023-1916 * CVE-2023-26965 * CVE-2023-2731 CVSS scores: * CVE-2022-1622 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-1622 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-40090 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-40090 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1916 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2023-1916 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2023-26965 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2023-26965 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2731 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2731 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for tiff fixes the following issues: * CVE-2023-2731: Fix null pointer deference in LZWDecode() (bsc#1211478). * CVE-2023-1916: Fix out-of-bounds read in extractImageSection() (bsc#1210231). * CVE-2023-26965: Fix heap-based use after free in loadImage() (bsc#1212398). * CVE-2022-40090: Fix infinite loop in TIFFReadDirectory() (bsc#1214680). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4736=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4736=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4736=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4736=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libtiff-devel-4.0.9-44.74.1 * tiff-debuginfo-4.0.9-44.74.1 * tiff-debugsource-4.0.9-44.74.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libtiff5-debuginfo-32bit-4.0.9-44.74.1 * libtiff5-32bit-4.0.9-44.74.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * tiff-4.0.9-44.74.1 * tiff-debugsource-4.0.9-44.74.1 * libtiff5-debuginfo-4.0.9-44.74.1 * tiff-debuginfo-4.0.9-44.74.1 * libtiff5-4.0.9-44.74.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * tiff-4.0.9-44.74.1 * tiff-debugsource-4.0.9-44.74.1 * libtiff5-debuginfo-4.0.9-44.74.1 * tiff-debuginfo-4.0.9-44.74.1 * libtiff5-4.0.9-44.74.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libtiff5-debuginfo-32bit-4.0.9-44.74.1 * libtiff5-32bit-4.0.9-44.74.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * tiff-4.0.9-44.74.1 * tiff-debugsource-4.0.9-44.74.1 * libtiff5-debuginfo-4.0.9-44.74.1 * tiff-debuginfo-4.0.9-44.74.1 * libtiff5-4.0.9-44.74.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libtiff5-debuginfo-32bit-4.0.9-44.74.1 * libtiff5-32bit-4.0.9-44.74.1 ## References: * https://www.suse.com/security/cve/CVE-2022-1622.html * https://www.suse.com/security/cve/CVE-2022-40090.html * https://www.suse.com/security/cve/CVE-2023-1916.html * https://www.suse.com/security/cve/CVE-2023-26965.html * https://www.suse.com/security/cve/CVE-2023-2731.html * https://bugzilla.suse.com/show_bug.cgi?id=1199483 * https://bugzilla.suse.com/show_bug.cgi?id=1210231 * https://bugzilla.suse.com/show_bug.cgi?id=1211478 * https://bugzilla.suse.com/show_bug.cgi?id=1212398 * https://bugzilla.suse.com/show_bug.cgi?id=1214680 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Dec 12 16:30:38 2023 From: null at suse.de (null at suse.de) Date: Tue, 12 Dec 2023 16:30:38 -0000 Subject: SUSE-SU-2023:4734-1: important: Security update for the Linux Kernel Message-ID: <170239863832.25363.7745173377054247260@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4734-1 Rating: important References: * bsc#1084909 * bsc#1207948 * bsc#1210447 * bsc#1214286 * bsc#1214700 * bsc#1214840 * bsc#1214976 * bsc#1215123 * bsc#1215124 * bsc#1215292 * bsc#1215420 * bsc#1215458 * bsc#1215710 * bsc#1215802 * bsc#1215931 * bsc#1216058 * bsc#1216105 * bsc#1216259 * bsc#1216527 * bsc#1216584 * bsc#1216687 * bsc#1216693 * bsc#1216759 * bsc#1216788 * bsc#1216844 * bsc#1216861 * bsc#1216909 * bsc#1216959 * bsc#1216965 * bsc#1216976 * bsc#1217036 * bsc#1217068 * bsc#1217086 * bsc#1217095 * bsc#1217124 * bsc#1217140 * bsc#1217147 * bsc#1217195 * bsc#1217196 * bsc#1217200 * bsc#1217205 * bsc#1217332 * bsc#1217366 * bsc#1217511 * bsc#1217515 * bsc#1217598 * bsc#1217599 * bsc#1217609 * bsc#1217687 * bsc#1217731 * bsc#1217780 * jsc#PED-3184 * jsc#PED-5021 * jsc#PED-7237 Cross-References: * CVE-2023-2006 * CVE-2023-25775 * CVE-2023-39197 * CVE-2023-39198 * CVE-2023-4244 * CVE-2023-45863 * CVE-2023-45871 * CVE-2023-46862 * CVE-2023-5158 * CVE-2023-5633 * CVE-2023-5717 * CVE-2023-6039 * CVE-2023-6176 CVSS scores: * CVE-2023-2006 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2006 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25775 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-25775 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4244 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4244 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-46862 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46862 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5158 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-5158 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-5633 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5633 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6039 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6039 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 13 vulnerabilities, contains three features and has 38 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447). * CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959). * CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). * CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). * CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). * CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). * CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). * CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693). * CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710). * CVE-2023-5633: Fixed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface (bsc#1216527). * CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). * CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068). * CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). The following non-security bugs were fixed: * acpi: fpdt: properly handle invalid fpdt subtables (git-fixes). * acpi: resource: do irq override on tongfang gmxxgxx (git-fixes). * acpi: resource: skip irq override on asus expertbook b1402cva (git-fixes). * acpi: sysfs: fix create_pnp_modalias() and create_of_modalias() (git-fixes). * alsa: hda/realtek - add dell alc295 to pin fall back table (git-fixes). * alsa: hda/realtek - alc287 realtek i2s speaker platform support (git-fixes). * alsa: hda/realtek - enable internal speaker of asus k6500zc (git-fixes). * alsa: hda/realtek: add quirk for asus ux7602zm (git-fixes). * alsa: hda/realtek: add quirks for asus 2024 zenbooks (git-fixes). * alsa: hda/realtek: add quirks for hp laptops (git-fixes). * alsa: hda/realtek: add support dual speaker for dell (git-fixes). * alsa: hda/realtek: enable mute led on hp 255 g10 (git-fixes). * alsa: hda/realtek: enable mute led on hp 255 g8 (git-fixes). * alsa: hda: asus um5302la: added quirks for cs35l41/10431a83 on i2c bus (git- fixes). * alsa: hda: cs35l41: fix unbalanced pm_runtime_get() (git-fixes). * alsa: hda: cs35l41: undo runtime pm changes at driver exit time (git-fixes). * alsa: hda: disable power-save on kontron singlepc (bsc#1217140). * alsa: hda: fix possible null-ptr-deref when assigning a stream (git-fixes). * alsa: hda: intel-dsp-config: fix jsl chromebook quirk detection (git-fixes). * alsa: info: fix potential deadlock at disconnection (git-fixes). * alsa: usb-audio: add quirk flag to enable native dsd for mcintosh devices (git-fixes). * arm/xen: fix xen_vcpu_info allocation alignment (git-fixes). * arm64: add cortex-a520 cpu part definition (git-fixes) * arm64: allow kprobes on el0 handlers (git-fixes) * arm64: armv8_deprecated move emulation functions (git-fixes) * arm64: armv8_deprecated: fix unused-function error (git-fixes) * arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes) * arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes) * arm64: armv8_deprecated: rework deprected instruction handling (git-fixes) * arm64: consistently pass esr_elx to die() (git-fixes) * arm64: die(): pass 'err' as long (git-fixes) * arm64: factor insn read out of call_undef_hook() (git-fixes) * arm64: factor out el1 ssbs emulation hook (git-fixes) * arm64: report el1 undefs better (git-fixes) * arm64: rework bti exception handling (git-fixes) * arm64: rework el0 mrs emulation (git-fixes) * arm64: rework fpac exception handling (git-fixes) * arm64: split el0/el1 undef handlers (git-fixes) * arm: 9321/1: memset: cast the constant byte to unsigned char (git-fixes). * asoc: ams-delta.c: use component after check (git-fixes). * asoc: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes). * asoc: cs35l41: undo runtime pm changes at driver exit time (git-fixes). * asoc: cs35l41: verify pm runtime resume errors in irq handler (git-fixes). * asoc: fsl: fix pm disable depth imbalance in fsl_easrc_probe (git-fixes). * asoc: fsl: mpc5200_dma.c: fix warning of function parameter or member not described (git-fixes). * asoc: hdmi-codec: register hpd callback on component probe (git-fixes). * asoc: intel: skylake: fix mem leak when parsing uuids fails (git-fixes). * asoc: rt5650: fix the wrong result of key button (git-fixes). * asoc: simple-card: fixup asoc_simple_probe() error handling (git-fixes). * asoc: sof: core: ensure sof_ops_free() is still called when probe never ran (git-fixes). * asoc: ti: omap-mcbsp: fix runtime pm underflow warnings (git-fixes). * ata: pata_isapnp: add missing error check for devm_ioport_map() (git-fixes). * atl1c: work around the dma rx overflow issue (git-fixes). * atm: iphase: do pci error checks on own line (git-fixes). * blk-mq: do not clear driver tags own mapping (bsc#1217366). * blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366). * bluetooth: add device 0bda:887b to device tables (git-fixes). * bluetooth: add device 13d3:3571 to device tables (git-fixes). * bluetooth: btusb: add 0bda:b85b for fn-link rtl8852be (git-fixes). * bluetooth: btusb: add date->evt_skb is null check (git-fixes). * bluetooth: btusb: add realtek rtl8852be support id 0x0cb8:0xc559 (git- fixes). * bluetooth: btusb: add rtw8852be device 13d3:3570 to device tables (git- fixes). * btrfs: always log symlinks in full mode (bsc#1214840). * can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes). * can: dev: can_restart(): do not crash kernel if carrier is ok (git-fixes). * can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes). * can: isotp: add local echo tx processing for consecutive frames (git-fixes). * can: isotp: fix race between isotp_sendsmg() and isotp_release() (git- fixes). * can: isotp: fix tx state handling for echo tx processing (git-fixes). * can: isotp: handle wait_event_interruptible() return values (git-fixes). * can: isotp: isotp_bind(): return -einval on incorrect can id formatting (git-fixes). * can: isotp: isotp_sendmsg(): fix tx state detection and wait behavior (git- fixes). * can: isotp: remove re-binding of bound socket (git-fixes). * can: isotp: sanitize can id checks in isotp_bind() (git-fixes). * can: isotp: set max pdu size to 64 kbyte (git-fixes). * can: isotp: split tx timer into transmission and timeout (git-fixes). * can: sja1000: fix comment (git-fixes). * clk: imx: imx8mq: correct error handling path (git-fixes). * clk: imx: imx8qxp: fix elcdif_pll clock (git-fixes). * clk: imx: select mxc_clk for clk_imx8qxp (git-fixes). * clk: keystone: pll: fix a couple null vs is_err() checks (git-fixes). * clk: mediatek: clk-mt2701: add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt6765: add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt6779: add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt6797: add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt7629-eth: add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt7629: add check for mtk_alloc_clk_data (git-fixes). * clk: npcm7xx: fix incorrect kfree (git-fixes). * clk: qcom: clk-rcg2: fix clock rate overflow for high parent frequencies (git-fixes). * clk: qcom: config ipq_apss_6018 should depend on qcom_smem (git-fixes). * clk: qcom: gcc-sm8150: fix gcc_sdcc2_apps_clk_src (git-fixes). * clk: qcom: ipq6018: drop the clk_set_rate_parent flag from pll clocks (git- fixes). * clk: qcom: mmcc-msm8998: do not check halt bit on some branch clks (git- fixes). * clk: qcom: mmcc-msm8998: fix the smmu gdsc (git-fixes). * clk: sanitize possible_parent_show to handle return value of of_clk_get_parent_name (git-fixes). * clk: scmi: free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes). * clk: ti: add ti_dt_clk_name() helper to use clock-output-names (git-fixes). * clk: ti: change ti_clk_register_omap_hw api (git-fixes). * clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes). * clk: ti: update component clocks to use ti_dt_clk_name() (git-fixes). * clk: ti: update pll and clockdomain clocks to use ti_dt_clk_name() (git- fixes). * clocksource/drivers/timer-atmel-tcb: fix initialization on sam9 hardware (git-fixes). * clocksource/drivers/timer-imx-gpt: fix potential memory leak (git-fixes). * crypto: caam/jr - fix chacha20 + poly1305 self test failure (git-fixes). * crypto: caam/qi2 - fix chacha20 + poly1305 self test failure (git-fixes). * crypto: hisilicon/hpre - fix a erroneous check after snprintf() (git-fixes). * disable loongson drivers loongson is a mips architecture, it does not make sense to build loongson drivers on other architectures. * dmaengine: pxa_dma: remove an erroneous bug_on() in pxad_free_desc() (git- fixes). * dmaengine: ste_dma40: fix pm disable depth imbalance in d40_probe (git- fixes). * dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes). * dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes). * doc/readme.suse: adjust heading style (jsc#ped-5021) * underscore all headings as a preparation for markdown conversion. * use title-style capitalization for the document name and sentence-style capitalization for section headings, as recommended in the current suse documentation style guide. * doc/readme.suse: bring information about compiling up to date (jsc#ped-5021) * when building the kernel, do not mention to initially change the current directory to /usr/src/linux because later description discourages it and specifies to use 'make -c /usr/src/linux'. * avoid writing additional details in parentheses, incorporate them instead properly in the text. * fix the obsolete name of /etc/modprobe.d/unsupported-modules -> /etc/modprobe.d/10-unsupported-modules.conf. * drop a note that a newly built kernel should be added to the boot manager because that normally happens automatically when running 'make install'. * update a link to the kernel module packages manual. * when preparing a build for external modules, mention use of the upstream recommended 'make modules_prepare' instead of a pair of 'make prepare' \+ 'make scripts'. * fix some typos+grammar. * doc/readme.suse: bring the overview section up to date (jsc#ped-5021) * update information in the overview section that was no longer accurate. * improve wording and fix some typos+grammar. * doc/readme.suse: convert the document to markdown (jsc#ped-5021) * doc/readme.suse: minor content clean up (jsc#ped-5021) * mark the user's build directory as a variable, not a command: 'make -c $(your_build_dir)' -> 'make -c $your_build_dir'. * unify how to get the current directory: 'm=$(pwd)' -> 'm=$pwd'. * 'git' / 'git' -> 'git'. * doc/readme.suse: reflow text to 80-column width (jsc#ped-5021) * doc/readme.suse: update information about (un)supported modules (jsc#ped-5021) * update the list of taint flags. convert it to a table that matches the upstream documentation format and describe specifically flags that are related to module support status. * fix some typos and wording. * doc/readme.suse: update information about config files (jsc#ped-5021) * use version variables to describe a name of the /boot/config-... file instead of using specific example versions which get outdated quickly. * replace removed silentoldconfig with oldconfig. * mention that oldconfig can automatically pick a base config from "/boot/config-$(uname -r)". * avoid writing additional details in parentheses, incorporate them instead properly in the text. * doc/readme.suse: update information about custom patches (jsc#ped-5021) * replace mention of various patches.* directories with only patches.suse as the typical location for patches. * replace i386 with x86_64 in the example how to define a config addon. * fix some typos and wording. * doc/readme.suse: update information about dud (jsc#ped-5021) remove a dead link to description of device update disks found previously on novell.com. replace it with a short section summarizing what dud is and reference the mkdud + mksusecd tools and their documentation for more information. * doc/readme.suse: update information about module paths (jsc#ped-5021) * use version variables to describe names of the /lib/modules/$version-$release-$flavor/... directories instead of using specific example versions which get outdated quickly. * note: keep the /lib/modules/ prefix instead of using the new /usr/lib/modules/ location for now. the updated readme is expected to be incorporated to various branches that are not yet usrmerged. * doc/readme.suse: update the references list (jsc#ped-5021) * remove the reference to linux documentation project. it has been inactive for years and mostly contains old manuals that are not relevant for contemporary systems and hardware. * update the name and link to lwn.net. the original name "linux weekly news" has been deemphasized over time by its authors. * update the link to kernel newbies website. * update the reference to the linux kernel module programming guide. the document has not been updated for over a decade but it looks its content is still relevant for today. * point kernel module packages manual to the current version. * add a reference to suse soliddriver program. * doc/readme.suse: update title information (jsc#ped-5021) * drop the mention of kernel versions from the readme title. * remove information about the original authors of the document. rely as in case of other readmes on git metadata to get information about all contributions. * strip the table of contents. the document is short and easy to navigate just by scrolling through it. * docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458). * docs: net: reformat driver.rst from a list to sections (bsc#1215458). * docs: net: use c syntax highlight in driver.rst (bsc#1215458). * documentation: networking: correct possessive "its" (bsc#1215458). * drivers: hv: vmbus: remove unused extern declaration vmbus_ontimer() (git- fixes). * drm/amd/display: avoid null dereference of timing generator (git-fixes). * drm/amd/display: change the dmcub mailbox memory location from fb to inbox (git-fixes). * drm/amd/display: refactor dm_get_plane_scale helper (git-fixes). * drm/amd/display: remove useless check in should_enable_fbc() (git-fixes). * drm/amd/display: use full update for clip size increase of large plane source (git-fixes). * drm/amd/pm: handle non-terminated overdrive commands (git-fixes). * drm/amd: disable aspm for vi w/ all intel systems (git-fixes). * drm/amd: fix ubsan array-index-out-of-bounds for polaris and tonga (git- fixes). * drm/amd: fix ubsan array-index-out-of-bounds for smu7 (git-fixes). * drm/amd: move helper for dynamic speed switch check out of smu13 (git- fixes). * drm/amdgpu/vkms: fix a possible null pointer dereference (git-fixes). * drm/amdgpu: add drv_vram_usage_va for virt data exchange (bsc#1215802). * drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git- fixes). * drm/amdgpu: do not use atrm for external devices (git-fixes). * drm/amdgpu: fix a null pointer access when the smc_rreg pointer is null (git-fixes). * drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes). * drm/amdgpu: fix potential null pointer derefernce (git-fixes). * drm/amdgpu: fix software pci_unplug on some chips (git-fixes). * drm/amdgpu: not to save bo in the case of ras err_event_athub (git-fixes). * drm/amdgpu: remove unnecessary domain argument (git-fixes). * drm/amdgpu: reserve fences for vm update (git-fixes). * drm/amdgpu: skip vram reserve on firmware_v2_2 for bare-metal (bsc#1215802). * drm/amdkfd: fix a race condition of vram buffer unref in svm code (git- fixes). * drm/amdkfd: fix shift out-of-bounds issue (git-fixes). * drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes). * drm/bridge: fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes). * drm/bridge: lt8912b: add missing drm_bridge_attach call (git-fixes). * drm/bridge: lt8912b: fix bridge_detach (git-fixes). * drm/bridge: lt8912b: fix crash on bridge detach (git-fixes). * drm/bridge: lt8912b: manually disable hpd only if it was enabled (git- fixes). * drm/bridge: lt8912b: register and attach our dsi device at probe (git- fixes). * drm/bridge: lt8912b: switch to devm mipi-dsi helpers (git-fixes). * drm/bridge: lt9611uxc: fix the race in the error path (git-fixes). * drm/bridge: lt9611uxc: register and attach our dsi device at probe (git- fixes). * drm/bridge: lt9611uxc: switch to devm mipi-dsi helpers (git-fixes). * drm/bridge: tc358768: clean up clock period code (git-fixes). * drm/bridge: tc358768: disable non-continuous clock mode (git-fixes). * drm/bridge: tc358768: fix bit updates (git-fixes). * drm/bridge: tc358768: fix tc358768_ns_to_cnt() (git-fixes). * drm/bridge: tc358768: fix use of uninitialized variable (git-fixes). * drm/bridge: tc358768: print logical values, not raw register values (git- fixes). * drm/bridge: tc358768: remove unused variable (git-fixes). * drm/bridge: tc358768: rename dsibclk to hsbyteclk (git-fixes). * drm/bridge: tc358768: use dev for dbg prints, not priv->dev (git-fixes). * drm/bridge: tc358768: use struct videomode (git-fixes). * drm/dp_mst: fix null deref in get_mst_branch_device_by_guid_helper() (git- fixes). * drm/gma500: fix call trace when psb_gem_mm_init() fails (git-fixes). * drm/gud: use size_add() in call to struct_size() (git-fixes). * drm/i915/pmu: check if pmu is closed before stopping event (git-fixes). * drm/i915: fix potential spectre vulnerability (git-fixes). * drm/i915: flush wc ggtt only on required platforms (git-fixes). * drm/komeda: drop all currently held locks if deadlock happens (git-fixes). * drm/mediatek: fix iommu fault by swapping fbs after updating plane state (git-fixes). * drm/mediatek: fix iommu fault during crtc enabling (git-fixes). * drm/mipi-dsi: create devm device attachment (git-fixes). * drm/mipi-dsi: create devm device registration (git-fixes). * drm/msm/dp: skip validity check for dp cts edid checksum (git-fixes). * drm/msm/dsi: free tx buffer in unbind (git-fixes). * drm/msm/dsi: use msm_gem_kernel_put to free tx buffer (git-fixes). * drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git- fixes). * drm/panel: fix a possible null pointer dereference (git-fixes). * drm/panel: simple: fix innolux g101ice-l01 bus flags (git-fixes). * drm/panel: simple: fix innolux g101ice-l01 timings (git-fixes). * drm/panel: st7703: pick different reset sequence (git-fixes). * drm/qxl: prevent memory leak (git-fixes). * drm/radeon: fix a possible null pointer dereference (git-fixes). * drm/radeon: possible buffer overflow (git-fixes). * drm/rockchip: cdn-dp: fix some error handling paths in cdn_dp_probe() (git- fixes). * drm/rockchip: fix type promotion bug in rockchip_gem_iommu_map() (git- fixes). * drm/rockchip: vop: fix call to crtc reset helper (git-fixes). * drm/rockchip: vop: fix color for rgb888/bgr888 format on vop full (git- fixes). * drm/rockchip: vop: fix reset of state in duplicate state crtc funcs (git- fixes). * drm/syncobj: fix drm_syncobj_wait_flags_wait_available (git-fixes). * drm/ttm: reorder sys manager cleanup step (git-fixes). * drm/vc4: fix typo (git-fixes). * drm/vmwgfx: remove the duplicate bo_free function (bsc#1216527) * drm/vmwgfx: rename vmw_buffer_object to vmw_bo (bsc#1216527) * drm: bridge: it66121: fix invalid connector dereference (git-fixes). * drm: mediatek: mtk_dsi: fix no_eot_packet settings/handling (git-fixes). * drm: vmwgfx_surface.c: copy user-array safely (git-fixes). * dt-bindings: usb: hcd: add missing phy name to example (git-fixes). * dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes). * ensure ia32_emulation is always enabled for kernel-obs-build if ia32_emulation is disabled by default, ensure it is enabled back for obs kernel to allow building 32bit binaries (jsc#ped-3184) [ms: always pass the parameter, no need to grep through the config which may not be very reliable] * fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (git-fixes). * fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes). * fbdev: imsttfb: fix a resource leak in probe (git-fixes). * fbdev: imsttfb: fix double free in probe() (git-fixes). * fbdev: imsttfb: fix error path of imsttfb_probe() (git-fixes). * fbdev: imsttfb: release framebuffer and dealloc cmap on error path (git- fixes). * fbdev: omapfb: drop unused remove function (git-fixes). * fbdev: uvesafb: call cn_del_callback() at the end of uvesafb_exit() (git- fixes). * firewire: core: fix possible memory leak in create_units() (git-fixes). * firmware/imx-dsp: fix use_after_free in imx_dsp_setup_channels() (git- fixes). * fix termination state for idr_for_each_entry_ul() (git-fixes). * fix x86/mm: print the encryption features in hyperv is disabled * gpio: mockup: fix kerneldoc (git-fixes). * gpio: mockup: remove unused field (git-fixes). * gpu: host1x: correct allocated size for contexts (git-fixes). * hid: add quirk for dell pro wireless keyboard and mouse km5221w (git-fixes). * hid: cp2112: fix duplicate workqueue initialization (git-fixes). * hid: hyperv: avoid struct memcpy overrun warning (git-fixes). * hid: hyperv: remove unused struct synthhid_msg (git-fixes). * hid: hyperv: replace one-element array with flexible-array member (git- fixes). * hid: lenovo: detect quirk-free fw on cptkbd and stop applying workaround (git-fixes). * hid: logitech-hidpp: do not restart io, instead defer hid_connect() only (git-fixes). * hid: logitech-hidpp: move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes). * hid: logitech-hidpp: remove hidpp_quirk_no_hidinput quirk (git-fixes). * hid: logitech-hidpp: revert "do not restart communication if not necessary" (git-fixes). * hv: simplify sysctl registration (git-fixes). * hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes). * hv_netvsc: fix race of netvsc and vf register_netdevice (git-fixes). * hv_netvsc: fix race of register_netdevice_notifier and vf register (git- fixes). * hv_netvsc: mark vf as slave before exposing it to user-mode (git-fixes). * hwmon: (coretemp) fix potentially truncated sysfs attribute name (git- fixes). * i2c: aspeed: fix i2c bus hang in slave read (git-fixes). * i2c: core: run atomic i2c xfer when !preemptible (git-fixes). * i2c: designware: disable tx_empty irq while waiting for block length byte (git-fixes). * i2c: dev: copy userspace array safely (git-fixes). * i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git- fixes). * i2c: iproc: handle invalid slave state (git-fixes). * i2c: muxes: i2c-demux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes). * i2c: muxes: i2c-mux-gpmux: use of_get_i2c_adapter_by_node() (git-fixes). * i2c: muxes: i2c-mux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes). * i2c: stm32f7: fix pec handling in case of smbus transfers (git-fixes). * i2c: sun6i-p2wi: prevent potential division by zero (git-fixes). * i3c: fix potential refcount leak in i3c_master_register_new_i3c_devs (git- fixes). * i3c: master: cdns: fix reading status register (git-fixes). * i3c: master: mipi-i3c-hci: fix a kernel panic for accessing dat_data (git- fixes). * i3c: master: svc: fix check wrong status register in irq handler (git- fixes). * i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes). * i3c: master: svc: fix race condition in ibi work thread (git-fixes). * i3c: master: svc: fix sda keep low when polling ibiwon timeout happen (git- fixes). * i3c: master: svc: fix wrong data return when ibi happen during start frame (git-fixes). * i3c: mipi-i3c-hci: fix out of bounds access in hci_dma_irq_handler (git- fixes). * i915/perf: fix null deref bugs with drm_dbg() calls (git-fixes). * idpf: add controlq init and reset checks (bsc#1215458). * idpf: add core init and interrupt request (bsc#1215458). * idpf: add create vport and netdev configuration (bsc#1215458). * idpf: add ethtool callbacks (bsc#1215458). * idpf: add module register and probe functionality (bsc#1215458). * idpf: add ptypes and mac filter support (bsc#1215458). * idpf: add rx splitq napi poll support (bsc#1215458). * idpf: add singleq start_xmit and napi poll (bsc#1215458). * idpf: add splitq start_xmit (bsc#1215458). * idpf: add sriov support and other ndo_ops (bsc#1215458). * idpf: add tx splitq napi poll support (bsc#1215458). * idpf: cancel mailbox work in error path (bsc#1215458). * idpf: configure resources for rx queues (bsc#1215458). * idpf: configure resources for tx queues (bsc#1215458). * idpf: fix potential use-after-free in idpf_tso() (bsc#1215458). * idpf: initialize interrupts and enable vport (bsc#1215458). * idpf: set scheduling mode for completion queue (bsc#1215458). * iio: adc: xilinx-xadc: correct temperature offset/scale for ultrascale (git- fixes). * iio: adc: xilinx-xadc: do not clobber preset voltage/temperature thresholds (git-fixes). * iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes). * input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes). * input: synaptics-rmi4 - handle reset delay when using smbus trsnsport (git- fixes). * input: xpad - add vid for turtle beach controllers (git-fixes). * irqchip/stm32-exti: add missing dt irq flag translation (git-fixes). * kabi/severities: ignore kabi in rxrpc (bsc#1210447) the rxrpc module is built since sle15-sp3 but it is not shipped as part of any sle product, only in leap (in kernel-*-optional). * kernel-binary: suse-module-tools is also required when installed requires(pre) adds dependency for the specific sciptlet. however, suse- module-tools also ships modprobe.d files which may be needed at posttrans time or any time the kernel is on the system for generating ramdisk. add plain requires as well. * kernel-source: move provides after sources * leds: pwm: do not disable the pwm when the led should be off (git-fixes). * leds: trigger: ledtrig-cpu:: fix 'output may be truncated' issue for 'cpu' (git-fixes). * leds: turris-omnia: do not use smbus calls (git-fixes). * lsm: fix default return value for inode_getsecctx (git-fixes). * lsm: fix default return value for vm_enough_memory (git-fixes). * media: bttv: fix use after free error due to btv->timeout timer (git-fixes). * media: ccs: correctly initialise try compose rectangle (git-fixes). * media: ccs: fix driver quirk struct documentation (git-fixes). * media: cedrus: fix clock/reset sequence (git-fixes). * media: cobalt: use field_get() to extract link width (git-fixes). * media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes). * media: i2c: max9286: fix some redundant of_node_put() calls (git-fixes). * media: imon: fix access to invalid resource for the second interface (git- fixes). * media: lirc: drop trailing space from scancode transmit (git-fixes). * media: qcom: camss: fix missing vfe_lite clocks check (git-fixes). * media: qcom: camss: fix pm_domain_on sequence in probe (git-fixes). * media: qcom: camss: fix vfe-17x vfe_disable_output() (git-fixes). * media: qcom: camss: fix vfe_get() error jump (git-fixes). * media: sharp: fix sharp encoding (git-fixes). * media: siano: drop unnecessary error check for debugfs_create_dir/file() (git-fixes). * media: venus: hfi: add checks to handle capabilities from firmware (git- fixes). * media: venus: hfi: add checks to perform sanity on queue pointers (git- fixes). * media: venus: hfi: fix the check to handle session buffer requirement (git- fixes). * media: venus: hfi_parser: add check to keep the number of codecs within range (git-fixes). * media: vidtv: mux: add check and kfree for kstrdup (git-fixes). * media: vidtv: psi: add check for kstrdup (git-fixes). * media: vivid: avoid integer overflow (git-fixes). * mfd: arizona-spi: set pdata.hpdet_channel for acpi enumerated devs (git- fixes). * mfd: core: ensure disabled devices are skipped without aborting (git-fixes). * mfd: dln2: fix double put in dln2_probe (git-fixes). * misc: fastrpc: clean buffers on remote invocation failures (git-fixes). * misc: pci_endpoint_test: add device id for r-car s4-8 pcie controller (git- fixes). * mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#ped-7237, git-fixes). * mmc: block: be sure to wait while busy in cqe error recovery (git-fixes). * mmc: block: do not lose cache flush during cqe error recovery (git-fixes). * mmc: block: retry commands in cqe error recovery (git-fixes). * mmc: cqhci: fix task clearing in cqe error recovery (git-fixes). * mmc: cqhci: increase recovery halt timeout (git-fixes). * mmc: cqhci: warn of halt or task clear failure (git-fixes). * mmc: meson-gx: remove setting of cmd_cfg_error (git-fixes). * mmc: sdhci-pci-gli: a workaround to allow gl9750 to enter aspm l1.2 (git- fixes). * mmc: sdhci-pci-gli: gl9750: mask the replay timer timeout of aer (git- fixes). * mmc: sdhci_am654: fix start loop index for tap value parsing (git-fixes). * mmc: vub300: fix an error code (git-fixes). * modpost: fix tee module_device_table built on big-endian host (git-fixes). * mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes). * mtd: cfi_cmdset_0001: byte swap otp info (git-fixes). * mtd: rawnand: arasan: include ecc syndrome along with in-band data while checking for ecc failure (git-fixes). * net-memcg: fix scope of sockmem pressure indicators (bsc#1216759). * net: add macro netif_subqueue_completed_wake (bsc#1215458). * net: avoid address overwrite in kernel_connect (bsc#1216861). * net: fix use-after-free in tw_timer_handler (bsc#1217195). * net: ieee802154: adf7242: fix some potential buffer overflow in adf7242_stats_show() (git-fixes). * net: mana: fix return type of mana_start_xmit() (git-fixes). * net: piggy back on the memory barrier in bql when waking queues (bsc#1215458). * net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458). * net: usb: ax88179_178a: fix failed operations during ax88179_reset (git- fixes). * net: usb: smsc95xx: fix uninit-value access in smsc95xx_read_reg (git- fixes). * nfs: fix access to page->mapping (bsc#1216788). * nvme: update firmware version after commit (bsc#1215292). * pci/aspm: fix l1 substate handling in aspm_attr_store_common() (git-fixes). * pci/sysfs: protect driver's d3cold preference from user space (git-fixes). * pci: disable ats for specific intel ipu e2000 devices (bsc#1215458). * pci: extract ats disabling to a helper function (bsc#1215458). * pci: exynos: do not discard .remove() callback (git-fixes). * pci: keystone: do not discard .probe() callback (git-fixes). * pci: keystone: do not discard .remove() callback (git-fixes). * pci: prevent xhci driver from claiming amd vangogh usb3 drd device (git- fixes). * pci: tegra194: use field_get()/field_prep() with link width fields (git- fixes). * pci: use field_get() in sapphire rx 5600 xt pulse quirk (git-fixes). * pci: use field_get() to extract link width (git-fixes). * pci: vmd: correct pci header type register's multi-function check (git- fixes). * pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes). * pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes). * pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes). * pinctrl: avoid reload of p state in list iteration (git-fixes). * platform/x86/intel-uncore-freq: return error on write frequency (bsc#1217147). * platform/x86/intel-uncore-freq: split common and enumeration part (bsc#1217147). * platform/x86/intel-uncore-freq: support for cluster level controls (bsc#1217147). * platform/x86/intel-uncore-freq: tpmi: provide cluster level control (bsc#1217147). * platform/x86/intel-uncore-freq: uncore frequency control via tpmi (bsc#1217147). * platform/x86/intel/tpmi: add tpmi external interface for tpmi feature drivers (bsc#1217147). * platform/x86/intel/tpmi: fix double free reported by smatch (bsc#1217147). * platform/x86/intel/tpmi: process cpu package mapping (bsc#1217147). * platform/x86/intel/uncore-freq: display uncore current frequency (bsc#1217147). * platform/x86/intel/uncore-freq: move to uncore-frequency folder (bsc#1217147). * platform/x86/intel/uncore-freq: use sysfs api to create attributes (bsc#1217147). * platform/x86/intel/vsec: add tpmi id (bsc#1217147). * platform/x86/intel/vsec: enhance and export intel_vsec_add_aux() (bsc#1217147). * platform/x86/intel/vsec: support private data (bsc#1217147). * platform/x86/intel/vsec: use mutex for ida_alloc() and ida_free() (bsc#1217147). * platform/x86/intel: intel tpmi enumeration driver (bsc#1217147). * platform/x86/intel: tpmi: fix double free in tpmi_create_device() (bsc#1217147). * platform/x86: intel-uncore-freq: add client processors (bsc#1217147). * platform/x86: intel-uncore-freq: conditionally create attribute for read frequency (bsc#1217147). * platform/x86: intel-uncore-freq: fix uncore_freq_common_init() error codes (bsc#1217147). * platform/x86: intel-uncore-freq: prevent driver loading in guests (bsc#1217147). * platform/x86: intel-uncore-freq: use sysfs_emit() to instead of scnprintf() (bsc#1217147). * platform/x86: intel-uncore-frequency: move to intel sub-directory (bsc#1217147). * platform/x86: intel-uncore-frequency: use default_groups in kobj_type (bsc#1217147). * platform/x86: thinkpad_acpi: add battery quirk for thinkpad x120e (git- fixes). * platform/x86: wmi: fix opening of char device (git-fixes). * platform/x86: wmi: fix probe failure when failing to register wmi devices (git-fixes). * platform/x86: wmi: remove unnecessary initializations (git-fixes). * pm / devfreq: rockchip-dfi: make pmu regmap mandatory (git-fixes). * pm: hibernate: use __get_safe_page() rather than touching the list (git- fixes). * powerpc/perf/hv-24x7: update domain value check (bsc#1215931). * powerpc/vas: limit open window failure messages in log bufffer (bsc#1216687 ltc#203927). * powerpc: do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). * pwm: brcmstb: utilize appropriate clock apis in suspend/resume (git-fixes). * pwm: fix double shift bug (git-fixes). * pwm: sti: reduce number of allocations and drop usage of chip_data (git- fixes). * r8152: cancel hw_phy_work if we have an error in probe (git-fixes). * r8152: check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes). * r8152: check for unplug in rtl_phy_patch_request() (git-fixes). * r8152: increase usb control msg timeout to 5000ms as per spec (git-fixes). * r8152: release firmware if we have an error in probe (git-fixes). * r8152: run the unload routine if we have errors during probe (git-fixes). * regmap: debugfs: fix a erroneous check after snprintf() (git-fixes). * regmap: ensure range selector registers are updated after cache sync (git- fixes). * regmap: prevent noinc writes from clobbering cache (git-fixes). * revert "i2c: pxa: move to generic gpio recovery" (git-fixes). * revert "mmc: core: capture correct oemid-bits for emmc cards" (git-fixes). * revert "tracing: fix warning in trace_buffered_event_disable()" (bsc#1217036) * rpm/check-for-config-changes: add as_wruss to ignored_configs_re add as_wruss as an ignored_configs_re entry in check-for-config-changes to fix build on x86_32. there was a fix submitted to upstream but it was not accepted: https://lore.kernel.org/all/20231031140504.gczuejkmpxsredh3ma at fat_crate.local/ so carry this in ignored_configs_re instead. * rpm/check-for-config-changes: add have_shadow_call_stack to ignored_configs_re not supported by our compiler. * rpm/mkspec-dtb: add riscv64 dtb-allwinner subpackage * run scripts/renamepatches for sle15-sp4 * s390/ap: fix ap bus crash on early config change callback invocation (git- fixes bsc#1217687). * s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609). * s390/cmma: fix detection of dat pages (ltc#203997 bsc#1217086). * s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (ltc#203997 bsc#1217086). * s390/cmma: fix initial kernel address space page table walk (ltc#203997 bsc#1217086). * s390/crashdump: fix tod programmable field size (git-fixes bsc#1217205). * s390/dasd: fix hanging device after request requeue (git-fixes ltc#203629 bsc#1215124). * s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515). * s390/dasd: use correct number of retries for erp requests (git-fixes bsc#1217598). * s390/ipl: add missing ipl_type_eckd_dump case to ipl_init() (git-fixes bsc#1217511). * s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes). * s390/mm: add missing arch_set_page_dat() call to gmap allocations (ltc#203997 bsc#1217086). * s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (ltc#203997 bsc#1217086). * s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200). * s390/ptrace: fix ptrace_get_last_break error handling (git-fixes bsc#1217599). * sbitmap: fix batched wait_cnt accounting (bsc#1217095 bsc#1217196). * sbitmap: fix up kabi for sbitmap_queue_wake_up() (bsc#1217095 bsc#1217196). * sbsa_gwdt: calculate timeout with 64-bit math (git-fixes). * scsi: lpfc: copyright updates for 14.2.0.16 patches (bsc#1217731). * scsi: lpfc: correct maximum pci function value for ras fw logging (bsc#1217731). * scsi: lpfc: eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731). * scsi: lpfc: enhance driver logging for selected discovery events (bsc#1217731). * scsi: lpfc: fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731). * scsi: lpfc: fix possible file string name overflow when updating firmware (bsc#1217731). * scsi: lpfc: introduce log_node_verbose messaging flag (bsc#1217124). * scsi: lpfc: refactor and clean up mailbox command memory free (bsc#1217731). * scsi: lpfc: reject received prlis with only initiator fcn role for npiv ports (bsc#1217124). * scsi: lpfc: remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124). * scsi: lpfc: return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731). * scsi: lpfc: treat ioerr_sli_down i/o completion status the same as pci offline (bsc#1217124). * scsi: lpfc: update lpfc version to 14.2.0.15 (bsc#1217124). * scsi: lpfc: update lpfc version to 14.2.0.16 (bsc#1217731). * scsi: lpfc: validate els ls_acc completion payload (bsc#1217124). * scsi: qla2xxx: fix double free of dsd_list during driver load (git-fixes). * scsi: qla2xxx: use field_get() to extract pcie capability fields (git- fixes). * selftests/efivarfs: create-read: fix a resource leak (git-fixes). * selftests/pidfd: fix ksft print formats (git-fixes). * selftests/resctrl: ensure the benchmark commands fits to its array (git- fixes). * selftests/resctrl: reduce failures due to outliers in mba/mbm tests (git- fixes). * selftests/resctrl: remove duplicate feature check from cmt test (git-fixes). * seq_buf: fix a misleading comment (git-fixes). * serial: exar: revert "serial: exar: add support for sealevel 7xxxc serial cards" (git-fixes). * serial: meson: use platform_get_irq() to get the interrupt (git-fixes). * soc: qcom: llcc: handle a second device without data corruption (git-fixes). * spi: nxp-fspi: use the correct ioremap function (git-fixes). * spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes). * spi: tegra: fix missing irq check in tegra_slink_probe() (git-fixes). * staging: media: ipu3: remove ftrace-like logging (git-fixes). * string.h: add array-wrappers for (v)memdup_user() (git-fixes). * supported.conf: marked idpf supported * thermal: core: prevent potential string overflow (git-fixes). * treewide: spelling fix in comment (git-fixes). * tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes). * tty: 8250: add brainboxes oxford semiconductor-based quirks (git-fixes). * tty: 8250: add support for additional brainboxes px cards (git-fixes). * tty: 8250: add support for additional brainboxes uc cards (git-fixes). * tty: 8250: add support for brainboxes up cards (git-fixes). * tty: 8250: add support for intashield is-100 (git-fixes). * tty: 8250: add support for intashield ix cards (git-fixes). * tty: 8250: fix port count of px-257 (git-fixes). * tty: 8250: fix up px-803/px-857 (git-fixes). * tty: 8250: remove uc-257 and uc-431 (git-fixes). * tty: fix uninit-value access in ppp_sync_receive() (git-fixes). * tty: n_gsm: fix race condition in status line change on dead connections (git-fixes). * tty: serial: meson: fix hard lockup on crtscts mode (git-fixes). * tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes). * tty: vcc: add check for kstrdup() in vcc_probe() (git-fixes). * update metadata patches.suse/s390-ipl-add-missing-secure-has_secure-file-to- ipl-type-unknown (bsc#1214976 git-fixes). * usb: cdnsp: fix deadlock issue during using ncm gadget (git-fixes). * usb: chipidea: fix dma overwrite for tegra (git-fixes). * usb: chipidea: simplify tegra dma alignment code (git-fixes). * usb: dwc2: fix possible null pointer dereference caused by driver concurrency (git-fixes). * usb: dwc2: write hcint with intmask applied (bsc#1214286). * usb: dwc3: fix default mode initialization (git-fixes). * usb: dwc3: qcom: fix acpi platform device leak (git-fixes). * usb: dwc3: qcom: fix resource leaks on probe deferral (git-fixes). * usb: dwc3: qcom: fix software node leak on probe errors (git-fixes). * usb: dwc3: qcom: fix wakeup after probe deferral (git-fixes). * usb: dwc3: set the dma max_seg_size (git-fixes). * usb: gadget: f_ncm: always set current gadget in ncm_bind() (git-fixes). * usb: raw-gadget: properly handle interrupted requests (git-fixes). * usb: serial: option: add fibocom l7xx modules (git-fixes). * usb: serial: option: do not claim interface 4 for zte mf290 (git-fixes). * usb: serial: option: fix fm101r-gl defines (git-fixes). * usb: storage: set 1.50 as the lower bcddevice for older "super top" compatibility (git-fixes). * usb: typec: tcpm: fix null pointer dereference in tcpm_pd_svdm() (git- fixes). * usb: typec: tcpm: skip hard reset when in error recovery (git-fixes). * usb: usbip: fix stub_dev hub disconnect (git-fixes). * virtchnl: add virtchnl version 2 ops (bsc#1215458). * wifi: ath10k: do not touch the ce interrupt registers after power up (git- fixes). * wifi: ath10k: fix clang-specific fortify warning (git-fixes). * wifi: ath11k: debugfs: fix to work with multiple pci devices (git-fixes). * wifi: ath11k: fix dfs radar event locking (git-fixes). * wifi: ath11k: fix gtk offload status event locking (git-fixes). * wifi: ath11k: fix htt pktlog locking (git-fixes). * wifi: ath11k: fix temperature event locking (git-fixes). * wifi: ath9k: fix clang-specific fortify warnings (git-fixes). * wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git- fixes). * wifi: iwlwifi: empty overflow queue during flush (git-fixes). * wifi: iwlwifi: honor the enable_ini value (git-fixes). * wifi: iwlwifi: pcie: synchronize irqs before napi (git-fixes). * wifi: iwlwifi: use fw rate for non-data frames (git-fixes). * wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git- fixes). * wifi: mac80211: fix # of msdu in a-msdu calculation (git-fixes). * wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes). * wifi: rtlwifi: fix edca limit set by bt coexistence (git-fixes). * wifi: rtw88: debug: fix the null vs is_err() bug for debugfs_create_file() (git-fixes). * x86/alternative: add a __alt_reloc_selftest() prototype (git-fixes). * x86/cpu: clear svm feature if disabled by bios (bsc#1214700). * x86/cpu: fix amd erratum #1485 on zen4-based cpus (git-fixes). * x86/fpu: set x86_feature_osxsave feature after enabling osxsave in cr4 (git- fixes). * x86/hyperv: add hv_expose_invariant_tsc define (git-fixes). * x86/hyperv: fix a warning in mshyperv.h (git-fixes). * x86/hyperv: improve code for referencing hyperv_pcpu_input_arg (git-fixes). * x86/hyperv: make hv_get_nmi_reason public (git-fixes). * x86/sev: do not try to parse for the cc blob on non-amd hardware (git- fixes). * x86/sev: fix calculation of end address based on number of pages (git- fixes). * x86/sev: use the ghcb protocol when available for snp cpuid requests (git- fixes). * x86: move gds_ucode_mitigated() declaration to header (git-fixes). * xfs: add attr state machine tracepoints (git-fixes). * xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909). * xfs: constify btree function parameters that are not modified (git-fixes). * xfs: convert agf log flags to unsigned (git-fixes). * xfs: convert agi log flags to unsigned (git-fixes). * xfs: convert attr type flags to unsigned (git-fixes). * xfs: convert bmap extent type flags to unsigned (git-fixes). * xfs: convert bmapi flags to unsigned (git-fixes). * xfs: convert btree buffer log flags to unsigned (git-fixes). * xfs: convert buffer flags to unsigned (git-fixes). * xfs: convert buffer log item flags to unsigned (git-fixes). * xfs: convert da btree operations flags to unsigned (git-fixes). * xfs: convert dquot flags to unsigned (git-fixes). * xfs: convert inode lock flags to unsigned (git-fixes). * xfs: convert log item tracepoint flags to unsigned (git-fixes). * xfs: convert log ticket and iclog flags to unsigned (git-fixes). * xfs: convert quota options flags to unsigned (git-fixes). * xfs: convert scrub type flags to unsigned (git-fixes). * xfs: disambiguate units for ftrace fields tagged "blkno", "block", or "bno" (git-fixes). * xfs: disambiguate units for ftrace fields tagged "count" (git-fixes). * xfs: disambiguate units for ftrace fields tagged "len" (git-fixes). * xfs: disambiguate units for ftrace fields tagged "offset" (git-fixes). * xfs: make the key parameters to all btree key comparison functions const (git-fixes). * xfs: make the key parameters to all btree query range functions const (git- fixes). * xfs: make the keys and records passed to btree inorder functions const (git- fixes). * xfs: make the pointer passed to btree set_root functions const (git-fixes). * xfs: make the start pointer passed to btree alloc_block functions const (git-fixes). * xfs: mark the record passed into btree init_key functions as const (git- fixes). * xfs: mark the record passed into xchk_btree functions as const (git-fixes). * xfs: remove xfs_btree_cur_t typedef (git-fixes). * xfs: rename i_disk_size fields in ftrace output (git-fixes). * xfs: resolve fork names in trace output (git-fixes). * xfs: standardize ag block number formatting in ftrace output (git-fixes). * xfs: standardize ag number formatting in ftrace output (git-fixes). * xfs: standardize daddr formatting in ftrace output (git-fixes). * xfs: standardize inode generation formatting in ftrace output (git-fixes). * xfs: standardize inode number formatting in ftrace output (git-fixes). * xfs: standardize remaining xfs_buf length tracepoints (git-fixes). * xfs: standardize rmap owner number formatting in ftrace output (git-fixes). * xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes). * xhci: enable rpm on controllers that support low-power states (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4734=1 openSUSE-SLE-15.5-2023-4734=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4734=1 ## Package List: * openSUSE Leap 15.5 (aarch64 x86_64) * kernel-azure-debuginfo-5.14.21-150500.33.26.1 * reiserfs-kmp-azure-5.14.21-150500.33.26.1 * kernel-azure-extra-debuginfo-5.14.21-150500.33.26.1 * ocfs2-kmp-azure-5.14.21-150500.33.26.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.26.1 * gfs2-kmp-azure-5.14.21-150500.33.26.1 * kselftests-kmp-azure-5.14.21-150500.33.26.1 * kselftests-kmp-azure-debuginfo-5.14.21-150500.33.26.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150500.33.26.1 * cluster-md-kmp-azure-5.14.21-150500.33.26.1 * dlm-kmp-azure-debuginfo-5.14.21-150500.33.26.1 * kernel-azure-debugsource-5.14.21-150500.33.26.1 * kernel-azure-optional-5.14.21-150500.33.26.1 * gfs2-kmp-azure-debuginfo-5.14.21-150500.33.26.1 * dlm-kmp-azure-5.14.21-150500.33.26.1 * kernel-azure-devel-5.14.21-150500.33.26.1 * kernel-syms-azure-5.14.21-150500.33.26.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150500.33.26.1 * kernel-azure-livepatch-devel-5.14.21-150500.33.26.1 * kernel-azure-optional-debuginfo-5.14.21-150500.33.26.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150500.33.26.1 * kernel-azure-extra-5.14.21-150500.33.26.1 * openSUSE Leap 15.5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.26.1 * openSUSE Leap 15.5 (x86_64) * kernel-azure-vdso-debuginfo-5.14.21-150500.33.26.1 * kernel-azure-vdso-5.14.21-150500.33.26.1 * openSUSE Leap 15.5 (noarch) * kernel-devel-azure-5.14.21-150500.33.26.1 * kernel-source-azure-5.14.21-150500.33.26.1 * Public Cloud Module 15-SP5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.26.1 * Public Cloud Module 15-SP5 (aarch64 x86_64) * kernel-syms-azure-5.14.21-150500.33.26.1 * kernel-azure-debuginfo-5.14.21-150500.33.26.1 * kernel-azure-debugsource-5.14.21-150500.33.26.1 * kernel-azure-devel-5.14.21-150500.33.26.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.26.1 * Public Cloud Module 15-SP5 (noarch) * kernel-devel-azure-5.14.21-150500.33.26.1 * kernel-source-azure-5.14.21-150500.33.26.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2006.html * https://www.suse.com/security/cve/CVE-2023-25775.html * https://www.suse.com/security/cve/CVE-2023-39197.html * https://www.suse.com/security/cve/CVE-2023-39198.html * https://www.suse.com/security/cve/CVE-2023-4244.html * https://www.suse.com/security/cve/CVE-2023-45863.html * https://www.suse.com/security/cve/CVE-2023-45871.html * https://www.suse.com/security/cve/CVE-2023-46862.html * https://www.suse.com/security/cve/CVE-2023-5158.html * https://www.suse.com/security/cve/CVE-2023-5633.html * https://www.suse.com/security/cve/CVE-2023-5717.html * https://www.suse.com/security/cve/CVE-2023-6039.html * https://www.suse.com/security/cve/CVE-2023-6176.html * https://bugzilla.suse.com/show_bug.cgi?id=1084909 * https://bugzilla.suse.com/show_bug.cgi?id=1207948 * https://bugzilla.suse.com/show_bug.cgi?id=1210447 * https://bugzilla.suse.com/show_bug.cgi?id=1214286 * https://bugzilla.suse.com/show_bug.cgi?id=1214700 * https://bugzilla.suse.com/show_bug.cgi?id=1214840 * https://bugzilla.suse.com/show_bug.cgi?id=1214976 * https://bugzilla.suse.com/show_bug.cgi?id=1215123 * https://bugzilla.suse.com/show_bug.cgi?id=1215124 * https://bugzilla.suse.com/show_bug.cgi?id=1215292 * https://bugzilla.suse.com/show_bug.cgi?id=1215420 * https://bugzilla.suse.com/show_bug.cgi?id=1215458 * https://bugzilla.suse.com/show_bug.cgi?id=1215710 * https://bugzilla.suse.com/show_bug.cgi?id=1215802 * https://bugzilla.suse.com/show_bug.cgi?id=1215931 * https://bugzilla.suse.com/show_bug.cgi?id=1216058 * https://bugzilla.suse.com/show_bug.cgi?id=1216105 * https://bugzilla.suse.com/show_bug.cgi?id=1216259 * https://bugzilla.suse.com/show_bug.cgi?id=1216527 * https://bugzilla.suse.com/show_bug.cgi?id=1216584 * https://bugzilla.suse.com/show_bug.cgi?id=1216687 * https://bugzilla.suse.com/show_bug.cgi?id=1216693 * https://bugzilla.suse.com/show_bug.cgi?id=1216759 * https://bugzilla.suse.com/show_bug.cgi?id=1216788 * https://bugzilla.suse.com/show_bug.cgi?id=1216844 * https://bugzilla.suse.com/show_bug.cgi?id=1216861 * https://bugzilla.suse.com/show_bug.cgi?id=1216909 * https://bugzilla.suse.com/show_bug.cgi?id=1216959 * https://bugzilla.suse.com/show_bug.cgi?id=1216965 * https://bugzilla.suse.com/show_bug.cgi?id=1216976 * https://bugzilla.suse.com/show_bug.cgi?id=1217036 * https://bugzilla.suse.com/show_bug.cgi?id=1217068 * https://bugzilla.suse.com/show_bug.cgi?id=1217086 * https://bugzilla.suse.com/show_bug.cgi?id=1217095 * https://bugzilla.suse.com/show_bug.cgi?id=1217124 * https://bugzilla.suse.com/show_bug.cgi?id=1217140 * https://bugzilla.suse.com/show_bug.cgi?id=1217147 * https://bugzilla.suse.com/show_bug.cgi?id=1217195 * https://bugzilla.suse.com/show_bug.cgi?id=1217196 * https://bugzilla.suse.com/show_bug.cgi?id=1217200 * https://bugzilla.suse.com/show_bug.cgi?id=1217205 * https://bugzilla.suse.com/show_bug.cgi?id=1217332 * https://bugzilla.suse.com/show_bug.cgi?id=1217366 * https://bugzilla.suse.com/show_bug.cgi?id=1217511 * https://bugzilla.suse.com/show_bug.cgi?id=1217515 * https://bugzilla.suse.com/show_bug.cgi?id=1217598 * https://bugzilla.suse.com/show_bug.cgi?id=1217599 * https://bugzilla.suse.com/show_bug.cgi?id=1217609 * https://bugzilla.suse.com/show_bug.cgi?id=1217687 * https://bugzilla.suse.com/show_bug.cgi?id=1217731 * https://bugzilla.suse.com/show_bug.cgi?id=1217780 * https://jira.suse.com/browse/PED-3184 * https://jira.suse.com/browse/PED-5021 * https://jira.suse.com/browse/PED-7237 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Dec 12 16:30:44 2023 From: null at suse.de (null at suse.de) Date: Tue, 12 Dec 2023 16:30:44 -0000 Subject: SUSE-SU-2023:4733-1: important: Security update for the Linux Kernel Message-ID: <170239864487.25363.11114338252768113474@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4733-1 Rating: important References: * bsc#1084909 * bsc#1210780 * bsc#1214037 * bsc#1214344 * bsc#1214764 * bsc#1215371 * bsc#1216058 * bsc#1216259 * bsc#1216584 * bsc#1216965 * bsc#1216976 * bsc#1217140 * bsc#1217332 * bsc#1217408 * bsc#1217780 * jsc#PED-3184 * jsc#PED-5021 Cross-References: * CVE-2023-31083 * CVE-2023-39197 * CVE-2023-39198 * CVE-2023-45863 * CVE-2023-45871 * CVE-2023-5717 * CVE-2023-6176 CVSS scores: * CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves seven vulnerabilities, contains two features and has eight security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). * CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). * CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). * CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). * CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). * CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). * CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). The following non-security bugs were fixed: * ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140). * Call flush_delayed_fput() from nfsd main-loop (bsc#1217408). * net: mana: Configure hwc timeout from hardware (bsc#1214037). * net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764). * powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4733=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4733=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4733=1 ## Package List: * SUSE Linux Enterprise Micro 5.1 (nosrc x86_64) * kernel-rt-5.3.18-150300.152.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.152.1 * kernel-rt-debugsource-5.3.18-150300.152.1 * SUSE Linux Enterprise Micro 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.152.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.152.1 * kernel-rt-debugsource-5.3.18-150300.152.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.152.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.152.1 * kernel-rt-debugsource-5.3.18-150300.152.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31083.html * https://www.suse.com/security/cve/CVE-2023-39197.html * https://www.suse.com/security/cve/CVE-2023-39198.html * https://www.suse.com/security/cve/CVE-2023-45863.html * https://www.suse.com/security/cve/CVE-2023-45871.html * https://www.suse.com/security/cve/CVE-2023-5717.html * https://www.suse.com/security/cve/CVE-2023-6176.html * https://bugzilla.suse.com/show_bug.cgi?id=1084909 * https://bugzilla.suse.com/show_bug.cgi?id=1210780 * https://bugzilla.suse.com/show_bug.cgi?id=1214037 * https://bugzilla.suse.com/show_bug.cgi?id=1214344 * https://bugzilla.suse.com/show_bug.cgi?id=1214764 * https://bugzilla.suse.com/show_bug.cgi?id=1215371 * https://bugzilla.suse.com/show_bug.cgi?id=1216058 * https://bugzilla.suse.com/show_bug.cgi?id=1216259 * https://bugzilla.suse.com/show_bug.cgi?id=1216584 * https://bugzilla.suse.com/show_bug.cgi?id=1216965 * https://bugzilla.suse.com/show_bug.cgi?id=1216976 * https://bugzilla.suse.com/show_bug.cgi?id=1217140 * https://bugzilla.suse.com/show_bug.cgi?id=1217332 * https://bugzilla.suse.com/show_bug.cgi?id=1217408 * https://bugzilla.suse.com/show_bug.cgi?id=1217780 * https://jira.suse.com/browse/PED-3184 * https://jira.suse.com/browse/PED-5021 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Dec 12 16:30:58 2023 From: null at suse.de (null at suse.de) Date: Tue, 12 Dec 2023 16:30:58 -0000 Subject: SUSE-RU-2023:4729-1: moderate: Recommended update for csp-billing-adapter Message-ID: <170239865887.25363.15247111211829550353@smelt2.prg2.suse.org> # Recommended update for csp-billing-adapter Announcement ID: SUSE-RU-2023:4729-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for csp-billing-adapter fixes the following issues: * Update to version 0.8.0: * Clear billing status with an empty dictionary ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4729=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4729=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4729=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python3-csp-billing-adapter-0.8.0-150400.9.8.1 * csp-billing-adapter-service-0.8.0-150400.9.8.1 * Public Cloud Module 15-SP4 (noarch) * python3-csp-billing-adapter-0.8.0-150400.9.8.1 * csp-billing-adapter-service-0.8.0-150400.9.8.1 * Public Cloud Module 15-SP5 (noarch) * python3-csp-billing-adapter-0.8.0-150400.9.8.1 * csp-billing-adapter-service-0.8.0-150400.9.8.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From meissner at suse.de Wed Dec 13 08:08:17 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 09:08:17 +0100 (CET) Subject: SUSE-CU-2023:4090-1: Recommended update of bci/nodejs Message-ID: <20231213080817.68557FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4090-1 Container Tags : bci/node:18 , bci/node:18-12.19 , bci/nodejs:18 , bci/nodejs:18-12.19 Container Release : 12.19 Severity : moderate Type : recommended References : 1216501 1216862 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - git-core-2.35.3-150300.10.33.1 updated - container:sles15-image-15.0.0-36.5.62 updated From meissner at suse.de Wed Dec 13 08:08:18 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 09:08:18 +0100 (CET) Subject: SUSE-CU-2023:4091-1: Recommended update of bci/nodejs Message-ID: <20231213080818.C2D13FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4091-1 Container Tags : bci/node:20 , bci/node:20-2.18 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-2.18 , bci/nodejs:latest Container Release : 2.18 Severity : moderate Type : recommended References : 1216501 1216862 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - git-core-2.35.3-150300.10.33.1 updated - container:sles15-image-15.0.0-36.5.62 updated From meissner at suse.de Wed Dec 13 08:08:33 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 09:08:33 +0100 (CET) Subject: SUSE-CU-2023:4092-1: Recommended update of bci/openjdk-devel Message-ID: <20231213080833.A5DE6FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4092-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-10.111 Container Release : 10.111 Severity : moderate Type : recommended References : 1216501 1216862 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - git-core-2.35.3-150300.10.33.1 updated - container:bci-openjdk-11-15.5.11-11.53 updated From meissner at suse.de Wed Dec 13 08:08:44 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 09:08:44 +0100 (CET) Subject: SUSE-CU-2023:4093-1: Recommended update of bci/openjdk Message-ID: <20231213080844.A39ABFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4093-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-11.53 Container Release : 11.53 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - container:sles15-image-15.0.0-36.5.63 updated From meissner at suse.de Wed Dec 13 08:08:57 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 09:08:57 +0100 (CET) Subject: SUSE-CU-2023:4094-1: Recommended update of bci/openjdk Message-ID: <20231213080857.13C4FFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4094-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.52 , bci/openjdk:latest Container Release : 12.52 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - container:sles15-image-15.0.0-36.5.63 updated From null at suse.de Wed Dec 13 12:30:04 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 12:30:04 -0000 Subject: SUSE-RU-2023:4760-1: low: Optional update for llvm15 Message-ID: <170247060499.19262.18065764060499286412@smelt2.prg2.suse.org> # Optional update for llvm15 Announcement ID: SUSE-RU-2023:4760-1 Rating: low References: * bsc#1217091 Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that has one fix can now be installed. ## Description: This optional update for llvm15 fixes the following issues: * Add missing LLVM 15 binary packages to Package Hub 15 SP5 (bsc#1217091) * clang15-devel * clang15-doc * libclang13 * llvm15 * llvm15-devel * llvm15-doc * llvm15-gold * llvm15-opt-viewer * llvm15-polly * llvm15-polly-devel * llvm15-vim-plugins * libomp15-devel * libLTO15 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4760=1 openSUSE-SLE-15.5-2023-4760=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4760=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4760=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4760=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4760=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libclang-cpp15-debuginfo-15.0.7-150500.4.4.1 * llvm15-debuginfo-15.0.7-150500.4.4.1 * libclang13-15.0.7-150500.4.4.1 * libLTO15-15.0.7-150500.4.4.1 * clang15-15.0.7-150500.4.4.1 * llvm15-gold-debuginfo-15.0.7-150500.4.4.1 * llvm15-devel-debuginfo-15.0.7-150500.4.4.1 * llvm15-polly-devel-15.0.7-150500.4.4.1 * libLLVM15-15.0.7-150500.4.4.1 * libclang-cpp15-15.0.7-150500.4.4.1 * clang15-devel-15.0.7-150500.4.4.1 * llvm15-gold-15.0.7-150500.4.4.1 * libclang13-debuginfo-15.0.7-150500.4.4.1 * llvm15-polly-15.0.7-150500.4.4.1 * llvm15-15.0.7-150500.4.4.1 * lld15-15.0.7-150500.4.4.1 * clang-tools-debuginfo-15.0.7-150500.4.4.1 * lld15-debuginfo-15.0.7-150500.4.4.1 * libLLVM15-debuginfo-15.0.7-150500.4.4.1 * clang-tools-15.0.7-150500.4.4.1 * llvm15-polly-debuginfo-15.0.7-150500.4.4.1 * clang15-debuginfo-15.0.7-150500.4.4.1 * llvm15-devel-15.0.7-150500.4.4.1 * libLTO15-debuginfo-15.0.7-150500.4.4.1 * python3-clang15-15.0.7-150500.4.4.1 * openSUSE Leap 15.5 (noarch) * llvm15-doc-15.0.7-150500.4.4.1 * clang15-doc-15.0.7-150500.4.4.1 * llvm15-vim-plugins-15.0.7-150500.4.4.1 * llvm15-opt-viewer-15.0.7-150500.4.4.1 * openSUSE Leap 15.5 (x86_64) * liblldb15-15.0.7-150500.4.4.1 * lldb15-15.0.7-150500.4.4.1 * lldb15-debuginfo-15.0.7-150500.4.4.1 * python3-lldb15-15.0.7-150500.4.4.1 * lldb15-devel-15.0.7-150500.4.4.1 * libclang-cpp15-32bit-debuginfo-15.0.7-150500.4.4.1 * libLLVM15-32bit-15.0.7-150500.4.4.1 * libclang-cpp15-32bit-15.0.7-150500.4.4.1 * liblldb15-debuginfo-15.0.7-150500.4.4.1 * libLLVM15-32bit-debuginfo-15.0.7-150500.4.4.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64 i586) * libomp15-devel-debuginfo-15.0.7-150500.4.4.1 * libomp15-devel-15.0.7-150500.4.4.1 * openSUSE Leap 15.5 (aarch64 x86_64) * libc++-devel-15.0.7-150500.4.4.1 * libc++1-15.0.7-150500.4.4.1 * libc++abi-devel-15.0.7-150500.4.4.1 * libc++abi1-15.0.7-150500.4.4.1 * libc++1-debuginfo-15.0.7-150500.4.4.1 * libc++abi1-debuginfo-15.0.7-150500.4.4.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libclang-cpp15-64bit-debuginfo-15.0.7-150500.4.4.1 * libclang-cpp15-64bit-15.0.7-150500.4.4.1 * libLLVM15-64bit-debuginfo-15.0.7-150500.4.4.1 * libLLVM15-64bit-15.0.7-150500.4.4.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libLLVM15-debuginfo-15.0.7-150500.4.4.1 * llvm15-debuginfo-15.0.7-150500.4.4.1 * libLLVM15-15.0.7-150500.4.4.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libLLVM15-debuginfo-15.0.7-150500.4.4.1 * llvm15-debuginfo-15.0.7-150500.4.4.1 * libLLVM15-15.0.7-150500.4.4.1 * Basesystem Module 15-SP5 (aarch64 x86_64) * libc++-devel-15.0.7-150500.4.4.1 * libc++1-15.0.7-150500.4.4.1 * libc++abi-devel-15.0.7-150500.4.4.1 * libc++abi1-15.0.7-150500.4.4.1 * libc++1-debuginfo-15.0.7-150500.4.4.1 * libc++abi1-debuginfo-15.0.7-150500.4.4.1 * Basesystem Module 15-SP5 (x86_64) * libLLVM15-32bit-debuginfo-15.0.7-150500.4.4.1 * libLLVM15-32bit-15.0.7-150500.4.4.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libclang-cpp15-debuginfo-15.0.7-150500.4.4.1 * libclang-cpp15-15.0.7-150500.4.4.1 * llvm15-debuginfo-15.0.7-150500.4.4.1 * libclang13-debuginfo-15.0.7-150500.4.4.1 * libclang13-15.0.7-150500.4.4.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * libclang-cpp15-debuginfo-15.0.7-150500.4.4.1 * libclang-cpp15-15.0.7-150500.4.4.1 * clang15-devel-15.0.7-150500.4.4.1 * llvm15-gold-15.0.7-150500.4.4.1 * clang-tools-15.0.7-150500.4.4.1 * llvm15-15.0.7-150500.4.4.1 * clang15-debuginfo-15.0.7-150500.4.4.1 * clang-tools-debuginfo-15.0.7-150500.4.4.1 * libLTO15-15.0.7-150500.4.4.1 * libclang13-15.0.7-150500.4.4.1 * clang15-15.0.7-150500.4.4.1 * llvm15-devel-15.0.7-150500.4.4.1 * llvm15-polly-15.0.7-150500.4.4.1 * llvm15-polly-devel-15.0.7-150500.4.4.1 * SUSE Package Hub 15 15-SP5 (noarch) * llvm15-doc-15.0.7-150500.4.4.1 * clang15-doc-15.0.7-150500.4.4.1 * llvm15-vim-plugins-15.0.7-150500.4.4.1 * llvm15-opt-viewer-15.0.7-150500.4.4.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le x86_64) * libomp15-devel-15.0.7-150500.4.4.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1217091 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 12:30:08 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 12:30:08 -0000 Subject: SUSE-RU-2023:4759-1: moderate: Recommended update for open-iscsi Message-ID: <170247060831.19262.207783673058570323@smelt2.prg2.suse.org> # Recommended update for open-iscsi Announcement ID: SUSE-RU-2023:4759-1 Rating: moderate References: * bsc#1210514 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for open-iscsi fixes the following issue: * Upgrade to upstream version 2.1.9 (bsc#1210514) with tag "2.1.9-suse" (bsc#1210514) * replacing open-iscsi-2.1.8-suse.tar.bz2 with open-iscsi-2.1.9-suse.tar.bz2 * several fixes to harden iscsiuio (v0.7.8.8), including: * logging now uses syslog * shutdown now waits for helper threads to complete * netlink socket cleanup * some minor bug fixes, some helping builds on musl ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4759=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4759=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4759=1 openSUSE-SLE-15.5-2023-4759=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * iscsiuio-debuginfo-0.7.8.8-150500.46.3.1 * open-iscsi-debugsource-2.1.9-150500.46.3.1 * iscsiuio-0.7.8.8-150500.46.3.1 * open-iscsi-2.1.9-150500.46.3.1 * libopeniscsiusr0-debuginfo-0.2.0-150500.46.3.1 * libopeniscsiusr0-0.2.0-150500.46.3.1 * open-iscsi-debuginfo-2.1.9-150500.46.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * iscsiuio-debuginfo-0.7.8.8-150500.46.3.1 * open-iscsi-debugsource-2.1.9-150500.46.3.1 * iscsiuio-0.7.8.8-150500.46.3.1 * open-iscsi-2.1.9-150500.46.3.1 * libopeniscsiusr0-debuginfo-0.2.0-150500.46.3.1 * libopeniscsiusr0-0.2.0-150500.46.3.1 * open-iscsi-debuginfo-2.1.9-150500.46.3.1 * open-iscsi-devel-2.1.9-150500.46.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * iscsiuio-debuginfo-0.7.8.8-150500.46.3.1 * open-iscsi-debugsource-2.1.9-150500.46.3.1 * iscsiuio-0.7.8.8-150500.46.3.1 * open-iscsi-2.1.9-150500.46.3.1 * libopeniscsiusr0-debuginfo-0.2.0-150500.46.3.1 * libopeniscsiusr0-0.2.0-150500.46.3.1 * open-iscsi-debuginfo-2.1.9-150500.46.3.1 * open-iscsi-devel-2.1.9-150500.46.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210514 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 12:30:15 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 12:30:15 -0000 Subject: SUSE-SU-2023:4758-1: important: Security update for SUSE Manager 4.3.10 Release Notes Message-ID: <170247061513.19262.14896099784294386694@smelt2.prg2.suse.org> # Security update for SUSE Manager 4.3.10 Release Notes Announcement ID: SUSE-SU-2023:4758-1 Rating: important References: * bsc#1191143 * bsc#1204235 * bsc#1207012 * bsc#1207532 * bsc#1210928 * bsc#1210930 * bsc#1211355 * bsc#1211560 * bsc#1211649 * bsc#1212695 * bsc#1212904 * bsc#1213469 * bsc#1214186 * bsc#1214471 * bsc#1214601 * bsc#1214759 * bsc#1215209 * bsc#1215514 * bsc#1215949 * bsc#1216030 * bsc#1216041 * bsc#1216085 * bsc#1216128 * bsc#1216380 * bsc#1216506 * bsc#1216555 * bsc#1216690 * bsc#1216754 * bsc#1217038 * bsc#1217223 * bsc#1217224 * jsc#MSQA-708 Cross-References: * CVE-2023-22644 CVSS scores: * CVE-2023-22644 ( NVD ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability, contains one feature and has 30 security fixes can now be installed. ## Security update for SUSE Manager Proxy and Retail Branch Server 4.3 ### Description: This update fixes the following issues: release-notes-susemanager-proxy: * Update to SUSE Manager 4.3.10 * Bugs mentioned: bsc#1216506, bsc#1216754 ## Security update for SUSE Manager Server 4.3 ### Description: This update fixes the following issues: release-notes-susemanager: * Update to SUSE Manager 4.3.10 * SUSE Linux Enterprise Server Micro 5.5 support * CLM filter by package build date * Enhanced Errata.getDetails API endpoint * CVEs fixed: CVE-2023-22644 * Bugs mentioned: bsc#1191143, bsc#1204235, bsc#1207012, bsc#1207532, bsc#1210928, bsc#1210930, bsc#1211355, bsc#1211560, bsc#1211649, bsc#1212695, bsc#1212904, bsc#1213469, bsc#1214186, bsc#1214471, bsc#1214601, bsc#1214759, bsc#1215209, bsc#1215514, bsc#1215949, bsc#1216030, bsc#1216041, bsc#1216085, bsc#1216128, bsc#1216380, bsc#1216506, bsc#1216555, bsc#1216690, bsc#1216754, bsc#1217038, bsc#1217223, bsc#1217224 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4758=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2023-4758=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2023-4758=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2023-4758=1 ## Package List: * openSUSE Leap 15.4 (noarch) * release-notes-susemanager-4.3.10-150400.3.93.1 * release-notes-susemanager-proxy-4.3.10-150400.3.72.1 * SUSE Manager Proxy 4.3 (noarch) * release-notes-susemanager-proxy-4.3.10-150400.3.72.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * release-notes-susemanager-proxy-4.3.10-150400.3.72.1 * SUSE Manager Server 4.3 (noarch) * release-notes-susemanager-4.3.10-150400.3.93.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22644.html * https://bugzilla.suse.com/show_bug.cgi?id=1191143 * https://bugzilla.suse.com/show_bug.cgi?id=1204235 * https://bugzilla.suse.com/show_bug.cgi?id=1207012 * https://bugzilla.suse.com/show_bug.cgi?id=1207532 * https://bugzilla.suse.com/show_bug.cgi?id=1210928 * https://bugzilla.suse.com/show_bug.cgi?id=1210930 * https://bugzilla.suse.com/show_bug.cgi?id=1211355 * https://bugzilla.suse.com/show_bug.cgi?id=1211560 * https://bugzilla.suse.com/show_bug.cgi?id=1211649 * https://bugzilla.suse.com/show_bug.cgi?id=1212695 * https://bugzilla.suse.com/show_bug.cgi?id=1212904 * https://bugzilla.suse.com/show_bug.cgi?id=1213469 * https://bugzilla.suse.com/show_bug.cgi?id=1214186 * https://bugzilla.suse.com/show_bug.cgi?id=1214471 * https://bugzilla.suse.com/show_bug.cgi?id=1214601 * https://bugzilla.suse.com/show_bug.cgi?id=1214759 * https://bugzilla.suse.com/show_bug.cgi?id=1215209 * https://bugzilla.suse.com/show_bug.cgi?id=1215514 * https://bugzilla.suse.com/show_bug.cgi?id=1215949 * https://bugzilla.suse.com/show_bug.cgi?id=1216030 * https://bugzilla.suse.com/show_bug.cgi?id=1216041 * https://bugzilla.suse.com/show_bug.cgi?id=1216085 * https://bugzilla.suse.com/show_bug.cgi?id=1216128 * https://bugzilla.suse.com/show_bug.cgi?id=1216380 * https://bugzilla.suse.com/show_bug.cgi?id=1216506 * https://bugzilla.suse.com/show_bug.cgi?id=1216555 * https://bugzilla.suse.com/show_bug.cgi?id=1216690 * https://bugzilla.suse.com/show_bug.cgi?id=1216754 * https://bugzilla.suse.com/show_bug.cgi?id=1217038 * https://bugzilla.suse.com/show_bug.cgi?id=1217223 * https://bugzilla.suse.com/show_bug.cgi?id=1217224 * https://jira.suse.com/browse/MSQA-708 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 12:36:43 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 12:36:43 -0000 Subject: SUSE-SU-2023:4749-1: important: Security update for SUSE Manager Salt Bundle Message-ID: <170247100353.20867.6915899371187811169@smelt2.prg2.suse.org> # Security update for SUSE Manager Salt Bundle Announcement ID: SUSE-SU-2023:4749-1 Rating: important References: * bsc#1213351 * bsc#1214477 * bsc#1215157 * jsc#MSQA-708 Cross-References: * CVE-2023-34049 CVSS scores: * CVE-2023-34049 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 * SUSE Linux Enterprise Desktop 15 SP1 * SUSE Linux Enterprise Desktop 15 SP2 * SUSE Linux Enterprise Desktop 15 SP3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP1 * SUSE Linux Enterprise Real Time 15 SP2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Client Tools for SLE 15 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that solves one vulnerability, contains one feature and has two security fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Security fixes: * CVE-2023-34049: Arbitrary code execution via symlink attack (bsc#1215157) * Non security fixes: * Add python dateutil module to the bundle * Allow all primitive grain types for autosign_grains (bsc#1214477) * Remove non-free RNG schema file (bsc#1213351) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 15 zypper in -t patch SUSE-SLE-Manager-Tools-15-2023-4749=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2023-4749=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-4749=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-4749=1 ## Package List: * SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150000.3.48.2 * SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64) * venv-salt-minion-3006.0-150000.3.48.2 * SUSE Manager Proxy 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150000.3.48.2 * SUSE Manager Server 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150000.3.48.2 ## References: * https://www.suse.com/security/cve/CVE-2023-34049.html * https://bugzilla.suse.com/show_bug.cgi?id=1213351 * https://bugzilla.suse.com/show_bug.cgi?id=1214477 * https://bugzilla.suse.com/show_bug.cgi?id=1215157 * https://jira.suse.com/browse/MSQA-708 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 12:36:49 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 12:36:49 -0000 Subject: SUSE-RU-2023:4744-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <170247100949.20867.11918725174492503790@smelt2.prg2.suse.org> # Recommended update for SUSE Manager Client Tools Announcement ID: SUSE-RU-2023:4744-1 Rating: moderate References: * jsc#MSQA-708 Affected Products: * SUSE Manager Client Tools for Debian 12 An update that contains one feature can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 4.3.25-1 * Update translation strings ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Debian 12 zypper in -t patch SUSE-Debian-12-CLIENT-TOOLS-x86_64-2023-4744=1 ## Package List: * SUSE Manager Client Tools for Debian 12 (all) * spacecmd-4.3.25-3.6.1 ## References: * https://jira.suse.com/browse/MSQA-708 -------------- next part -------------- An HTML attachment was scrubbed... URL: From meissner at suse.de Wed Dec 13 13:55:06 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 14:55:06 +0100 (CET) Subject: SUSE-CU-2023:4095-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20231213135506.CCB5AFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4095-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.274 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.274 Severity : moderate Type : recommended References : 1216862 1217212 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - gpg2-2.2.27-150300.3.8.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - container:sles15-image-15.0.0-27.14.127 updated From meissner at suse.de Wed Dec 13 13:55:40 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 14:55:40 +0100 (CET) Subject: SUSE-CU-2023:4096-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20231213135540.507F2FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4096-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.172 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.172 Severity : moderate Type : recommended References : 1216862 1217212 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - gpg2-2.2.27-150300.3.8.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - container:sles15-image-15.0.0-27.14.127 updated From meissner at suse.de Wed Dec 13 13:55:55 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 14:55:55 +0100 (CET) Subject: SUSE-CU-2023:4097-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20231213135555.1211DFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4097-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.117 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.117 Severity : moderate Type : security References : 1216862 1217212 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - gpg2-2.2.27-150300.3.8.1 updated - libcurl4-8.0.1-150400.5.36.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-36.5.63 updated From meissner at suse.de Wed Dec 13 13:57:27 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 14:57:27 +0100 (CET) Subject: SUSE-CU-2023:4098-1: Recommended update of suse/sles12sp5 Message-ID: <20231213135727.5E045FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4098-1 Container Tags : suse/sles12sp5:6.5.543 , suse/sles12sp5:latest Container Release : 6.5.543 Severity : moderate Type : recommended References : 1216064 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4717-1 Released: Tue Dec 12 04:59:05 2023 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1216064 This update for libzypp fixes the following issues: - Fixed handling of unmounting media. It mitigates the mount change during a package installation, for examlple a nfs.service restart that forcefully unmounts the media being accessed (bsc#1216064) - Don't download sqlite metadata that is not needed The following package changes have been done: - libzypp-16.22.10-56.1 updated From meissner at suse.de Wed Dec 13 13:59:11 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 14:59:11 +0100 (CET) Subject: SUSE-CU-2023:4099-1: Security update of suse/sle15 Message-ID: <20231213135911.B8D28FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4099-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.381 Container Release : 9.5.381 Severity : moderate Type : security References : 1217573 CVE-2023-46218 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4713-1 Released: Mon Dec 11 13:23:12 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,CVE-2023-46218 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). The following package changes have been done: - libcurl4-7.66.0-150200.4.63.1 updated From meissner at suse.de Wed Dec 13 14:00:00 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:00:00 +0100 (CET) Subject: SUSE-CU-2023:4100-1: Recommended update of bci/bci-init Message-ID: <20231213140000.C1C66FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4100-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.30.42 Container Release : 30.42 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - container:sles15-image-15.0.0-27.14.127 updated From meissner at suse.de Wed Dec 13 14:00:58 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:00:58 +0100 (CET) Subject: SUSE-CU-2023:4101-1: Recommended update of suse/pcp Message-ID: <20231213140058.B71F9FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4101-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.218 , suse/pcp:5.2 , suse/pcp:5.2-17.218 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.218 Container Release : 17.218 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - container:bci-bci-init-15.4-15.4-30.42 updated From meissner at suse.de Wed Dec 13 14:01:14 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:01:14 +0100 (CET) Subject: SUSE-CU-2023:4102-1: Recommended update of suse/389-ds Message-ID: <20231213140114.02985FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4102-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.59 , suse/389-ds:latest Container Release : 16.59 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - container:sles15-image-15.0.0-36.5.63 updated From meissner at suse.de Wed Dec 13 14:01:19 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:01:19 +0100 (CET) Subject: SUSE-CU-2023:4103-1: Recommended update of suse/git Message-ID: <20231213140119.04582FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4103-1 Container Tags : suse/git:2.35 , suse/git:2.35-4.17 , suse/git:latest Container Release : 4.17 Severity : moderate Type : recommended References : 1216501 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier The following package changes have been done: - git-core-2.35.3-150300.10.33.1 updated From meissner at suse.de Wed Dec 13 14:01:39 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:01:39 +0100 (CET) Subject: SUSE-CU-2023:4105-1: Recommended update of bci/golang Message-ID: <20231213140139.64382FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4105-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-8.21 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-8.21 Container Release : 8.21 Severity : moderate Type : recommended References : 1216501 1216578 1216862 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4695-1 Released: Fri Dec 8 09:01:20 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1216578 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Temporary remove go1.19-openssl EOL, will be readded once we ship get go1.21-openssl yet. (bsc#1216578) - Mark gcc12 EOL date to April 30th of 2024 (6 months after release of gcc13) (jsc#PED-6584) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - lifecycle-data-sle-module-development-tools-1-150200.3.24.1 updated - git-core-2.35.3-150300.10.33.1 updated - container:sles15-image-15.0.0-36.5.63 updated From meissner at suse.de Wed Dec 13 14:01:31 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:01:31 +0100 (CET) Subject: SUSE-CU-2023:4104-1: Security update of bci/golang Message-ID: <20231213140131.B472BFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4104-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.4.61 , bci/golang:oldstable , bci/golang:oldstable-2.4.61 Container Release : 4.61 Severity : important Type : security References : 1206346 1216501 1216578 1216862 1216943 1217833 1217834 CVE-2023-39326 CVE-2023-45284 CVE-2023-45285 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4695-1 Released: Fri Dec 8 09:01:20 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1216578 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Temporary remove go1.19-openssl EOL, will be readded once we ship get go1.21-openssl yet. (bsc#1216578) - Mark gcc12 EOL date to April 30th of 2024 (6 months after release of gcc13) (jsc#PED-6584) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4708-1 Released: Mon Dec 11 10:44:30 2023 Summary: Security update for go1.20 Type: security Severity: important References: 1206346,1216943,1217833,1217834,CVE-2023-39326,CVE-2023-45284,CVE-2023-45285 This update for go1.20 fixes the following issues: Update to go1.20.12: - CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834). - CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943). - CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833). - cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents - cmd/go: TestScript/mod_get_direct fails with 'Filename too long' on Windows ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - go1.20-doc-1.20.12-150000.1.35.1 updated - lifecycle-data-sle-module-development-tools-1-150200.3.24.1 updated - git-core-2.35.3-150300.10.33.1 updated - go1.20-1.20.12-150000.1.35.1 updated - go1.20-race-1.20.12-150000.1.35.1 updated - container:sles15-image-15.0.0-36.5.63 updated From meissner at suse.de Wed Dec 13 14:01:59 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:01:59 +0100 (CET) Subject: SUSE-CU-2023:4107-1: Recommended update of bci/openjdk-devel Message-ID: <20231213140159.A5B98FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4107-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-12.104 , bci/openjdk-devel:latest Container Release : 12.104 Severity : moderate Type : recommended References : 1216501 1216862 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - git-core-2.35.3-150300.10.33.1 updated - container:bci-openjdk-17-15.5.17-12.52 updated From meissner at suse.de Wed Dec 13 14:02:14 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:02:14 +0100 (CET) Subject: SUSE-CU-2023:4094-1: Recommended update of bci/openjdk Message-ID: <20231213140214.36EBAFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4094-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.52 , bci/openjdk:latest Container Release : 12.52 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - container:sles15-image-15.0.0-36.5.63 updated From meissner at suse.de Wed Dec 13 14:02:34 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:02:34 +0100 (CET) Subject: SUSE-CU-2023:4108-1: Recommended update of suse/pcp Message-ID: <20231213140234.4D71AFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4108-1 Container Tags : suse/pcp:5 , suse/pcp:5-15.92 , suse/pcp:5.2 , suse/pcp:5.2-15.92 , suse/pcp:5.2.5 , suse/pcp:5.2.5-15.92 , suse/pcp:latest Container Release : 15.92 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - container:bci-bci-init-15.5-15.5-10.52 updated From meissner at suse.de Wed Dec 13 14:02:49 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:02:49 +0100 (CET) Subject: SUSE-CU-2023:4109-1: Recommended update of bci/php-apache Message-ID: <20231213140249.4D88EFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4109-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-8.48 Container Release : 8.48 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - container:sles15-image-15.0.0-36.5.62 updated From meissner at suse.de Wed Dec 13 14:03:04 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:03:04 +0100 (CET) Subject: SUSE-CU-2023:4110-1: Recommended update of bci/php-fpm Message-ID: <20231213140304.8D432FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4110-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-8.51 Container Release : 8.51 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - container:sles15-image-15.0.0-36.5.63 updated From meissner at suse.de Wed Dec 13 14:03:18 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:03:18 +0100 (CET) Subject: SUSE-CU-2023:4111-1: Recommended update of bci/php Message-ID: <20231213140318.4FCD8FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4111-1 Container Tags : bci/php:8 , bci/php:8-8.47 Container Release : 8.47 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - container:sles15-image-15.0.0-36.5.62 updated From meissner at suse.de Wed Dec 13 14:03:34 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:03:34 +0100 (CET) Subject: SUSE-CU-2023:4113-1: Recommended update of suse/postgres Message-ID: <20231213140334.1DC54FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4113-1 Container Tags : suse/postgres:16 , suse/postgres:16-2.6 , suse/postgres:16.1 , suse/postgres:16.1-2.6 , suse/postgres:latest Container Release : 2.6 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - container:sles15-image-15.0.0-36.5.62 updated From meissner at suse.de Wed Dec 13 14:03:33 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:03:33 +0100 (CET) Subject: SUSE-CU-2023:4112-1: Recommended update of suse/postgres Message-ID: <20231213140333.18001FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4112-1 Container Tags : suse/postgres:15 , suse/postgres:15-13.7 , suse/postgres:15.5 , suse/postgres:15.5-13.7 Container Release : 13.7 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - container:sles15-image-15.0.0-36.5.62 updated From meissner at suse.de Wed Dec 13 14:03:51 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:03:51 +0100 (CET) Subject: SUSE-CU-2023:4114-1: Recommended update of bci/python Message-ID: <20231213140351.2FE59FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4114-1 Container Tags : bci/python:3 , bci/python:3-12.46 , bci/python:3.11 , bci/python:3.11-12.46 , bci/python:latest Container Release : 12.46 Severity : moderate Type : recommended References : 1216501 1216578 1216862 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4695-1 Released: Fri Dec 8 09:01:20 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1216578 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Temporary remove go1.19-openssl EOL, will be readded once we ship get go1.21-openssl yet. (bsc#1216578) - Mark gcc12 EOL date to April 30th of 2024 (6 months after release of gcc13) (jsc#PED-6584) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - lifecycle-data-sle-module-development-tools-1-150200.3.24.1 updated - git-core-2.35.3-150300.10.33.1 updated - container:sles15-image-15.0.0-36.5.62 updated From meissner at suse.de Wed Dec 13 14:04:08 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:04:08 +0100 (CET) Subject: SUSE-CU-2023:4115-1: Recommended update of bci/python Message-ID: <20231213140408.9279AFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4115-1 Container Tags : bci/python:3 , bci/python:3-14.46 , bci/python:3.6 , bci/python:3.6-14.46 Container Release : 14.46 Severity : moderate Type : recommended References : 1216501 1216578 1216862 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4695-1 Released: Fri Dec 8 09:01:20 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1216578 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Temporary remove go1.19-openssl EOL, will be readded once we ship get go1.21-openssl yet. (bsc#1216578) - Mark gcc12 EOL date to April 30th of 2024 (6 months after release of gcc13) (jsc#PED-6584) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - lifecycle-data-sle-module-development-tools-1-150200.3.24.1 updated - git-core-2.35.3-150300.10.33.1 updated - container:sles15-image-15.0.0-36.5.62 updated From sle-updates at lists.suse.com Wed Dec 13 14:14:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Dec 2023 15:14:15 +0100 (CET) Subject: SUSE-CU-2023:4115-1: Recommended update of bci/python Message-ID: <20231213141415.0DC3AFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4115-1 Container Tags : bci/python:3 , bci/python:3-14.46 , bci/python:3.6 , bci/python:3.6-14.46 Container Release : 14.46 Severity : moderate Type : recommended References : 1216501 1216578 1216862 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4695-1 Released: Fri Dec 8 09:01:20 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1216578 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Temporary remove go1.19-openssl EOL, will be readded once we ship get go1.21-openssl yet. (bsc#1216578) - Mark gcc12 EOL date to April 30th of 2024 (6 months after release of gcc13) (jsc#PED-6584) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - lifecycle-data-sle-module-development-tools-1-150200.3.24.1 updated - git-core-2.35.3-150300.10.33.1 updated - container:sles15-image-15.0.0-36.5.62 updated From sle-updates at lists.suse.com Wed Dec 13 14:14:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Dec 2023 15:14:32 +0100 (CET) Subject: SUSE-CU-2023:4116-1: Recommended update of bci/ruby Message-ID: <20231213141432.7EF7AFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4116-1 Container Tags : bci/ruby:2 , bci/ruby:2-12.47 , bci/ruby:2.5 , bci/ruby:2.5-12.47 , bci/ruby:latest Container Release : 12.47 Severity : moderate Type : recommended References : 1216501 1216862 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - git-core-2.35.3-150300.10.33.1 updated - container:sles15-image-15.0.0-36.5.62 updated From sle-updates at lists.suse.com Wed Dec 13 14:14:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Dec 2023 15:14:48 +0100 (CET) Subject: SUSE-CU-2023:4117-1: Recommended update of bci/rust Message-ID: <20231213141448.A75CDFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4117-1 Container Tags : bci/rust:1.73 , bci/rust:1.73-2.2.8 , bci/rust:oldstable , bci/rust:oldstable-2.2.8 Container Release : 2.8 Severity : moderate Type : recommended References : 1216578 1216862 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4695-1 Released: Fri Dec 8 09:01:20 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1216578 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Temporary remove go1.19-openssl EOL, will be readded once we ship get go1.21-openssl yet. (bsc#1216578) - Mark gcc12 EOL date to April 30th of 2024 (6 months after release of gcc13) (jsc#PED-6584) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - lifecycle-data-sle-module-development-tools-1-150200.3.24.1 updated - container:sles15-image-15.0.0-36.5.62 updated From sle-updates at lists.suse.com Wed Dec 13 14:15:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Dec 2023 15:15:05 +0100 (CET) Subject: SUSE-CU-2023:4118-1: Recommended update of bci/rust Message-ID: <20231213141505.ED912FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4118-1 Container Tags : bci/rust:1.74 , bci/rust:1.74-1.2.8 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.8 Container Release : 2.8 Severity : moderate Type : recommended References : 1216578 1216862 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4695-1 Released: Fri Dec 8 09:01:20 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1216578 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Temporary remove go1.19-openssl EOL, will be readded once we ship get go1.21-openssl yet. (bsc#1216578) - Mark gcc12 EOL date to April 30th of 2024 (6 months after release of gcc13) (jsc#PED-6584) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - lifecycle-data-sle-module-development-tools-1-150200.3.24.1 updated - container:sles15-image-15.0.0-36.5.62 updated From sle-updates at lists.suse.com Wed Dec 13 14:15:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Dec 2023 15:15:19 +0100 (CET) Subject: SUSE-CU-2023:4119-1: Security update of suse/sle15 Message-ID: <20231213141519.7F1A9FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4119-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.63 , suse/sle15:15.5 , suse/sle15:15.5.36.5.63 Container Release : 36.5.63 Severity : important Type : security References : 1216410 1216862 1217212 1217215 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4672-1 Released: Wed Dec 6 14:37:37 2023 Summary: Security update for suse-build-key Type: security Severity: important References: 1216410,1217215 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - curl-8.0.1-150400.5.36.1 updated - gpg2-2.2.27-150300.3.8.1 updated - libcurl4-8.0.1-150400.5.36.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - suse-build-key-12.0-150000.8.37.1 updated - system-group-hardware-20170617-150400.24.2.1 updated From sle-updates at lists.suse.com Wed Dec 13 14:15:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Dec 2023 15:15:35 +0100 (CET) Subject: SUSE-CU-2023:4120-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20231213141535.9BAC1FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4120-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.24 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.24 Container Release : 9.40.24 Severity : moderate Type : recommended References : 1216862 1217212 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - gpg2-2.2.27-150300.3.8.1 updated From sle-updates at lists.suse.com Wed Dec 13 14:15:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Dec 2023 15:15:45 +0100 (CET) Subject: SUSE-CU-2023:4121-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20231213141545.C4C50FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4121-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.9 , suse/manager/4.3/proxy-salt-broker:4.3.9.9.30.25 , suse/manager/4.3/proxy-salt-broker:latest , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.9 , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.9.9.30.25 Container Release : 9.30.25 Severity : moderate Type : recommended References : 1216862 1217212 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - gpg2-2.2.27-150300.3.8.1 updated From sle-updates at lists.suse.com Wed Dec 13 14:15:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Dec 2023 15:15:56 +0100 (CET) Subject: SUSE-CU-2023:4122-1: Recommended update of suse/manager/4.3/proxy-squid Message-ID: <20231213141556.DB4FBFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4122-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.9 , suse/manager/4.3/proxy-squid:4.3.9.9.39.22 , suse/manager/4.3/proxy-squid:latest , suse/manager/4.3/proxy-squid:susemanager-4.3.9 , suse/manager/4.3/proxy-squid:susemanager-4.3.9.9.39.22 Container Release : 9.39.22 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated From sle-updates at lists.suse.com Wed Dec 13 14:16:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Dec 2023 15:16:05 +0100 (CET) Subject: SUSE-CU-2023:4123-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20231213141605.DD10EFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4123-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.9 , suse/manager/4.3/proxy-ssh:4.3.9.9.30.20 , suse/manager/4.3/proxy-ssh:latest , suse/manager/4.3/proxy-ssh:susemanager-4.3.9 , suse/manager/4.3/proxy-ssh:susemanager-4.3.9.9.30.20 Container Release : 9.30.20 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated From sle-updates at lists.suse.com Wed Dec 13 14:16:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Dec 2023 15:16:16 +0100 (CET) Subject: SUSE-CU-2023:4124-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20231213141616.DCDFDFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4124-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.9 , suse/manager/4.3/proxy-tftpd:4.3.9.9.30.22 , suse/manager/4.3/proxy-tftpd:latest , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9 , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9.9.30.22 Container Release : 9.30.22 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated From sle-updates at lists.suse.com Wed Dec 13 14:18:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Dec 2023 15:18:10 +0100 (CET) Subject: SUSE-CU-2023:4126-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20231213141810.AB4EEFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4126-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.333 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.333 Severity : moderate Type : security References : 1216862 1217212 1217573 CVE-2023-46218 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4713-1 Released: Mon Dec 11 13:23:12 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,CVE-2023-46218 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - gpg2-2.2.27-150300.3.8.1 updated - libcurl4-7.66.0-150200.4.63.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - container:sles15-image-15.0.0-17.20.225 updated From null at suse.de Wed Dec 13 16:30:02 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 16:30:02 -0000 Subject: SUSE-SU-2023:4796-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP2) Message-ID: <170248500237.16852.2834891762769887353@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:4796-1 Rating: important References: * bsc#1215442 * bsc#1215519 Cross-References: * CVE-2023-2163 * CVE-2023-4622 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_151 fixes several issues. The following security issues were fixed: * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215442). * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-4796=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP2_Update_36-debugsource-8-150200.2.1 * kernel-livepatch-5_3_18-150200_24_151-default-8-150200.2.1 * kernel-livepatch-5_3_18-150200_24_151-default-debuginfo-8-150200.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://bugzilla.suse.com/show_bug.cgi?id=1215442 * https://bugzilla.suse.com/show_bug.cgi?id=1215519 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 16:30:09 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 16:30:09 -0000 Subject: SUSE-SU-2023:4784-1: important: Security update for the Linux Kernel Message-ID: <170248500962.16852.3147446032478729838@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4784-1 Rating: important References: * bsc#1084909 * bsc#1176950 * bsc#1190208 * bsc#1203496 * bsc#1205462 * bsc#1208787 * bsc#1210780 * bsc#1214037 * bsc#1214285 * bsc#1214408 * bsc#1214764 * bsc#1216031 * bsc#1216058 * bsc#1216259 * bsc#1216584 * bsc#1216759 * bsc#1216965 * bsc#1216976 * bsc#1217036 * bsc#1217087 * bsc#1217206 * bsc#1217519 * bsc#1217525 * bsc#1217603 * bsc#1217604 * bsc#1217607 * jsc#PED-3184 * jsc#PED-5021 Cross-References: * CVE-2023-0461 * CVE-2023-31083 * CVE-2023-39197 * CVE-2023-39198 * CVE-2023-45863 * CVE-2023-45871 * CVE-2023-5717 CVSS scores: * CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves seven vulnerabilities, contains two features and has 19 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). * CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). * CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). * CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). * CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). * CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). * CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). The following non-security bugs were fixed: * USB: serial: option: add Quectel RM500U-CN modem (git-fixes). * USB: serial: option: add Telit FE990 compositions (git-fixes). * USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). * cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214408). * cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214408). * cpu/SMT: Remove topology_smt_supported() (bsc#1214408). * cpu/SMT: Store the current/max number of threads (bsc#1214408). * cpu/hotplug: Create SMT sysfs interface for all arches (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * dm-raid: remove useless checking in raid_message() (git-fixes). * l2tp: fix refcount leakage on PPPoL2TP sockets (git-fixes). * l2tp: fix {pppol2tp, l2tp_dfs}_seq_stop() in case of seq_file overflow (git- fixes). * md/bitmap: always wake up md_thread in timeout_store (git-fixes). * md/bitmap: factor out a helper to set timeout (git-fixes). * md/raid10: Do not add spare disk when recovery fails (git-fixes). * md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes). * md/raid10: clean up md_add_new_disk() (git-fixes). * md/raid10: fix io loss while replacement replace rdev (git-fixes). * md/raid10: fix leak of 'r10bio->remaining' for recovery (git-fixes). * md/raid10: fix memleak for 'conf->bio_split' (git-fixes). * md/raid10: fix memleak of md thread (git-fixes). * md/raid10: fix null-ptr-deref in raid10_sync_request (git-fixes). * md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request (git- fixes). * md/raid10: fix overflow of md/safe_mode_delay (git-fixes). * md/raid10: fix wrong setting of max_corr_read_errors (git-fixes). * md/raid10: improve code of mrdev in raid10_sync_request (git-fixes). * md/raid10: prevent soft lockup while flush writes (git-fixes). * md/raid10: prioritize adding disk to 'removed' mirror (git-fixes). * md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). * md: add new workqueue for delete rdev (git-fixes). * md: avoid signed overflow in slot_store() (git-fixes). * md: do not return existing mddevs from mddev_find_or_alloc (git-fixes). * md: factor out a mddev_alloc_unit helper from mddev_find (git-fixes). * md: fix data corruption for raid456 when reshape restart while grow up (git- fixes). * md: fix deadlock causing by sysfs_notify (git-fixes). * md: fix incorrect declaration about claim_rdev in md_import_device (git- fixes). * md: flush md_rdev_misc_wq for HOT_ADD_DISK case (git-fixes). * md: get sysfs entry after redundancy attr group create (git-fixes). * md: refactor mddev_find_or_alloc (git-fixes). * md: remove lock_bdev / unlock_bdev (git-fixes). * mm, memcg: add mem_cgroup_disabled checks in vmpressure and swap-related functions (bsc#1190208 (MM functional and performance backports) bsc#1216759). * net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759). * net: mana: Configure hwc timeout from hardware (bsc#1214037). * net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764). * powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files. * ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). * s390/cio: unregister device when the only path is gone (git-fixes bsc#1217607). * s390/cmma: fix detection of DAT pages (LTC#203996 bsc#1217087). * s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203996 bsc#1217087). * s390/cmma: fix initial kernel address space page table walk (LTC#203996 bsc#1217087). * s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217206). * s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217519). * s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217604). * s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203996 bsc#1217087). * s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203996 bsc#1217087). * s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217603). * scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes). * scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git- fixes). * tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1216031). * usb-storage: fix deadlock when a scsi command timeouts more than once (git- fixes). * usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git- fixes). * xfs: fix units conversion error in xfs_bmap_del_extent_delay (git-fixes). * xfs: make sure maxlen is still congruent with prod when rounding down (git- fixes). * xfs: reserve data and rt quota at the same time (bsc#1203496). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4784=1 SUSE-SLE- HA-12-SP5-2023-4784=1 * SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-4784=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-4784=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4784=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4784=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4784=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4784=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * kernel-default-devel-4.12.14-122.186.1 * kernel-default-debugsource-4.12.14-122.186.1 * dlm-kmp-default-4.12.14-122.186.1 * kernel-default-debuginfo-4.12.14-122.186.1 * dlm-kmp-default-debuginfo-4.12.14-122.186.1 * gfs2-kmp-default-debuginfo-4.12.14-122.186.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.186.1 * kernel-default-base-4.12.14-122.186.1 * kernel-default-base-debuginfo-4.12.14-122.186.1 * ocfs2-kmp-default-4.12.14-122.186.1 * kernel-syms-4.12.14-122.186.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.186.1 * cluster-md-kmp-default-4.12.14-122.186.1 * gfs2-kmp-default-4.12.14-122.186.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64) * kernel-default-4.12.14-122.186.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-source-4.12.14-122.186.1 * kernel-macros-4.12.14-122.186.1 * kernel-devel-4.12.14-122.186.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.186.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64) * kernel-default-debugsource-4.12.14-122.186.1 * dlm-kmp-default-4.12.14-122.186.1 * kernel-default-debuginfo-4.12.14-122.186.1 * dlm-kmp-default-debuginfo-4.12.14-122.186.1 * gfs2-kmp-default-debuginfo-4.12.14-122.186.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.186.1 * ocfs2-kmp-default-4.12.14-122.186.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.186.1 * cluster-md-kmp-default-4.12.14-122.186.1 * gfs2-kmp-default-4.12.14-122.186.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (nosrc) * kernel-default-4.12.14-122.186.1 * SUSE Linux Enterprise Live Patching 12-SP5 (nosrc) * kernel-default-4.12.14-122.186.1 * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_186-default-1-8.3.1 * kernel-default-debugsource-4.12.14-122.186.1 * kernel-default-debuginfo-4.12.14-122.186.1 * kernel-default-kgraft-devel-4.12.14-122.186.1 * kernel-default-kgraft-4.12.14-122.186.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch nosrc) * kernel-docs-4.12.14-122.186.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-4.12.14-122.186.1 * kernel-obs-build-debugsource-4.12.14-122.186.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 nosrc x86_64) * kernel-default-4.12.14-122.186.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * kernel-default-devel-4.12.14-122.186.1 * kernel-default-debugsource-4.12.14-122.186.1 * kernel-default-debuginfo-4.12.14-122.186.1 * kernel-default-base-debuginfo-4.12.14-122.186.1 * kernel-syms-4.12.14-122.186.1 * kernel-default-base-4.12.14-122.186.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-source-4.12.14-122.186.1 * kernel-macros-4.12.14-122.186.1 * kernel-devel-4.12.14-122.186.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.186.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-122.186.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-4.12.14-122.186.1 * kernel-default-debugsource-4.12.14-122.186.1 * kernel-default-debuginfo-4.12.14-122.186.1 * kernel-default-base-debuginfo-4.12.14-122.186.1 * kernel-syms-4.12.14-122.186.1 * kernel-default-base-4.12.14-122.186.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-source-4.12.14-122.186.1 * kernel-macros-4.12.14-122.186.1 * kernel-devel-4.12.14-122.186.1 * SUSE Linux Enterprise Server 12 SP5 (s390x) * kernel-default-man-4.12.14-122.186.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.186.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (nosrc) * kernel-default-4.12.14-122.186.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * kernel-default-extra-debuginfo-4.12.14-122.186.1 * kernel-default-debugsource-4.12.14-122.186.1 * kernel-default-extra-4.12.14-122.186.1 * kernel-default-debuginfo-4.12.14-122.186.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0461.html * https://www.suse.com/security/cve/CVE-2023-31083.html * https://www.suse.com/security/cve/CVE-2023-39197.html * https://www.suse.com/security/cve/CVE-2023-39198.html * https://www.suse.com/security/cve/CVE-2023-45863.html * https://www.suse.com/security/cve/CVE-2023-45871.html * https://www.suse.com/security/cve/CVE-2023-5717.html * https://bugzilla.suse.com/show_bug.cgi?id=1084909 * https://bugzilla.suse.com/show_bug.cgi?id=1176950 * https://bugzilla.suse.com/show_bug.cgi?id=1190208 * https://bugzilla.suse.com/show_bug.cgi?id=1203496 * https://bugzilla.suse.com/show_bug.cgi?id=1205462 * https://bugzilla.suse.com/show_bug.cgi?id=1208787 * https://bugzilla.suse.com/show_bug.cgi?id=1210780 * https://bugzilla.suse.com/show_bug.cgi?id=1214037 * https://bugzilla.suse.com/show_bug.cgi?id=1214285 * https://bugzilla.suse.com/show_bug.cgi?id=1214408 * https://bugzilla.suse.com/show_bug.cgi?id=1214764 * https://bugzilla.suse.com/show_bug.cgi?id=1216031 * https://bugzilla.suse.com/show_bug.cgi?id=1216058 * https://bugzilla.suse.com/show_bug.cgi?id=1216259 * https://bugzilla.suse.com/show_bug.cgi?id=1216584 * https://bugzilla.suse.com/show_bug.cgi?id=1216759 * https://bugzilla.suse.com/show_bug.cgi?id=1216965 * https://bugzilla.suse.com/show_bug.cgi?id=1216976 * https://bugzilla.suse.com/show_bug.cgi?id=1217036 * https://bugzilla.suse.com/show_bug.cgi?id=1217087 * https://bugzilla.suse.com/show_bug.cgi?id=1217206 * https://bugzilla.suse.com/show_bug.cgi?id=1217519 * https://bugzilla.suse.com/show_bug.cgi?id=1217525 * https://bugzilla.suse.com/show_bug.cgi?id=1217603 * https://bugzilla.suse.com/show_bug.cgi?id=1217604 * https://bugzilla.suse.com/show_bug.cgi?id=1217607 * https://jira.suse.com/browse/PED-3184 * https://jira.suse.com/browse/PED-5021 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 16:30:14 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 16:30:14 -0000 Subject: SUSE-SU-2023:4783-1: important: Security update for the Linux Kernel Message-ID: <170248501448.16852.5756517427832442900@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4783-1 Rating: important References: * bsc#1084909 * bsc#1210780 * bsc#1214037 * bsc#1214344 * bsc#1214764 * bsc#1216058 * bsc#1216259 * bsc#1216584 * bsc#1216965 * bsc#1216976 * bsc#1217332 * bsc#1217780 * jsc#PED-3184 * jsc#PED-5021 Cross-References: * CVE-2023-31083 * CVE-2023-39197 * CVE-2023-39198 * CVE-2023-45863 * CVE-2023-45871 * CVE-2023-5717 * CVE-2023-6176 CVSS scores: * CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Manager Proxy 4.1 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Server 4.1 An update that solves seven vulnerabilities, contains two features and has five security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). * CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). * CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). * CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). * CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). * CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). * CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). The following non-security bugs were fixed: * net: mana: Configure hwc timeout from hardware (bsc#1214037). * net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764). * powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-4783=1 * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-4783=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4783=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4783=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4783=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (nosrc) * kernel-default-5.3.18-150200.24.172.1 * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-default-livepatch-5.3.18-150200.24.172.1 * kernel-default-livepatch-devel-5.3.18-150200.24.172.1 * kernel-livepatch-SLE15-SP2_Update_43-debugsource-1-150200.5.3.1 * kernel-default-debuginfo-5.3.18-150200.24.172.1 * kernel-livepatch-5_3_18-150200_24_172-default-debuginfo-1-150200.5.3.1 * kernel-livepatch-5_3_18-150200_24_172-default-1-150200.5.3.1 * kernel-default-debugsource-5.3.18-150200.24.172.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * ocfs2-kmp-default-debuginfo-5.3.18-150200.24.172.1 * ocfs2-kmp-default-5.3.18-150200.24.172.1 * dlm-kmp-default-5.3.18-150200.24.172.1 * cluster-md-kmp-default-5.3.18-150200.24.172.1 * kernel-default-debuginfo-5.3.18-150200.24.172.1 * cluster-md-kmp-default-debuginfo-5.3.18-150200.24.172.1 * gfs2-kmp-default-debuginfo-5.3.18-150200.24.172.1 * gfs2-kmp-default-5.3.18-150200.24.172.1 * dlm-kmp-default-debuginfo-5.3.18-150200.24.172.1 * kernel-default-debugsource-5.3.18-150200.24.172.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc) * kernel-default-5.3.18-150200.24.172.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150200.24.172.1 * kernel-preempt-5.3.18-150200.24.172.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kernel-default-base-5.3.18-150200.24.172.1.150200.9.87.1 * kernel-preempt-debuginfo-5.3.18-150200.24.172.1 * kernel-obs-build-debugsource-5.3.18-150200.24.172.1 * kernel-preempt-debugsource-5.3.18-150200.24.172.1 * kernel-default-debuginfo-5.3.18-150200.24.172.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.172.1 * kernel-syms-5.3.18-150200.24.172.1 * kernel-obs-build-5.3.18-150200.24.172.1 * kernel-preempt-devel-5.3.18-150200.24.172.1 * kernel-default-devel-5.3.18-150200.24.172.1 * kernel-default-debugsource-5.3.18-150200.24.172.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.172.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * kernel-source-5.3.18-150200.24.172.1 * kernel-devel-5.3.18-150200.24.172.1 * kernel-macros-5.3.18-150200.24.172.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.172.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150200.24.172.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * kernel-default-base-5.3.18-150200.24.172.1.150200.9.87.1 * kernel-obs-build-debugsource-5.3.18-150200.24.172.1 * kernel-default-debuginfo-5.3.18-150200.24.172.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.172.1 * kernel-syms-5.3.18-150200.24.172.1 * kernel-obs-build-5.3.18-150200.24.172.1 * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.172.1 * reiserfs-kmp-default-5.3.18-150200.24.172.1 * kernel-default-devel-5.3.18-150200.24.172.1 * kernel-default-debugsource-5.3.18-150200.24.172.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * kernel-source-5.3.18-150200.24.172.1 * kernel-devel-5.3.18-150200.24.172.1 * kernel-macros-5.3.18-150200.24.172.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.172.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150200.24.172.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kernel-preempt-debuginfo-5.3.18-150200.24.172.1 * kernel-preempt-devel-5.3.18-150200.24.172.1 * kernel-preempt-debugsource-5.3.18-150200.24.172.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.172.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150200.24.172.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * kernel-default-base-5.3.18-150200.24.172.1.150200.9.87.1 * kernel-obs-build-debugsource-5.3.18-150200.24.172.1 * kernel-default-debuginfo-5.3.18-150200.24.172.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.172.1 * kernel-syms-5.3.18-150200.24.172.1 * kernel-obs-build-5.3.18-150200.24.172.1 * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.172.1 * reiserfs-kmp-default-5.3.18-150200.24.172.1 * kernel-default-devel-5.3.18-150200.24.172.1 * kernel-default-debugsource-5.3.18-150200.24.172.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * kernel-source-5.3.18-150200.24.172.1 * kernel-devel-5.3.18-150200.24.172.1 * kernel-macros-5.3.18-150200.24.172.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.172.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64) * kernel-preempt-5.3.18-150200.24.172.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * kernel-preempt-debuginfo-5.3.18-150200.24.172.1 * kernel-preempt-devel-5.3.18-150200.24.172.1 * kernel-preempt-debugsource-5.3.18-150200.24.172.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.172.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31083.html * https://www.suse.com/security/cve/CVE-2023-39197.html * https://www.suse.com/security/cve/CVE-2023-39198.html * https://www.suse.com/security/cve/CVE-2023-45863.html * https://www.suse.com/security/cve/CVE-2023-45871.html * https://www.suse.com/security/cve/CVE-2023-5717.html * https://www.suse.com/security/cve/CVE-2023-6176.html * https://bugzilla.suse.com/show_bug.cgi?id=1084909 * https://bugzilla.suse.com/show_bug.cgi?id=1210780 * https://bugzilla.suse.com/show_bug.cgi?id=1214037 * https://bugzilla.suse.com/show_bug.cgi?id=1214344 * https://bugzilla.suse.com/show_bug.cgi?id=1214764 * https://bugzilla.suse.com/show_bug.cgi?id=1216058 * https://bugzilla.suse.com/show_bug.cgi?id=1216259 * https://bugzilla.suse.com/show_bug.cgi?id=1216584 * https://bugzilla.suse.com/show_bug.cgi?id=1216965 * https://bugzilla.suse.com/show_bug.cgi?id=1216976 * https://bugzilla.suse.com/show_bug.cgi?id=1217332 * https://bugzilla.suse.com/show_bug.cgi?id=1217780 * https://jira.suse.com/browse/PED-3184 * https://jira.suse.com/browse/PED-5021 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 16:30:16 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 16:30:16 -0000 Subject: SUSE-SU-2023:4781-1: important: Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP5) Message-ID: <170248501635.16852.5123891204775475422@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:4781-1 Rating: important References: * bsc#1215097 Cross-References: * CVE-2023-3777 CVSS scores: * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_24 fixes one issue. The following security issue was fixed: * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215097) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4781=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4781=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_13_24-rt-2-150500.2.1 * kernel-livepatch-5_14_21-150500_13_24-rt-debuginfo-2-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_7-debugsource-2-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_24-rt-2-150500.2.1 * kernel-livepatch-5_14_21-150500_13_24-rt-debuginfo-2-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_7-debugsource-2-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3777.html * https://bugzilla.suse.com/show_bug.cgi?id=1215097 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 16:30:18 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 16:30:18 -0000 Subject: SUSE-SU-2023:4776-1: important: Security update for the Linux Kernel RT (Live Patch 6 for SLE 15 SP5) Message-ID: <170248501850.16852.4882291405756105108@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 6 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:4776-1 Rating: important References: * bsc#1215097 * bsc#1215519 Cross-References: * CVE-2023-2163 * CVE-2023-3777 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_21 fixes several issues. The following security issues were fixed: * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215097) * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4776=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4780=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4780=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-SLE15-SP4-RT_Update_14-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_15_56-rt-2-150400.2.1 * kernel-livepatch-5_14_21-150400_15_56-rt-debuginfo-2-150400.2.1 * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_13_21-rt-debuginfo-2-150500.2.1 * kernel-livepatch-5_14_21-150500_13_21-rt-2-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_6-debugsource-2-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_21-rt-debuginfo-2-150500.2.1 * kernel-livepatch-5_14_21-150500_13_21-rt-2-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://bugzilla.suse.com/show_bug.cgi?id=1215097 * https://bugzilla.suse.com/show_bug.cgi?id=1215519 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 16:30:21 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 16:30:21 -0000 Subject: SUSE-SU-2023:4775-1: important: Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP5) Message-ID: <170248502116.16852.3622354021844145057@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:4775-1 Rating: important References: * bsc#1215097 * bsc#1215442 * bsc#1215519 * bsc#1215971 Cross-References: * CVE-2023-2163 * CVE-2023-3777 * CVE-2023-4622 * CVE-2023-5345 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_18 fixes several issues. The following security issues were fixed: * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215097) * CVE-2023-5345: Fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215971) * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215442). * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4775=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4779=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4779=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-SLE15-SP4-RT_Update_13-debugsource-3-150400.2.1 * kernel-livepatch-5_14_21-150400_15_53-rt-3-150400.2.1 * kernel-livepatch-5_14_21-150400_15_53-rt-debuginfo-3-150400.2.1 * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_13_18-rt-3-150500.2.1 * kernel-livepatch-5_14_21-150500_13_18-rt-debuginfo-3-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_5-debugsource-3-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_18-rt-3-150500.2.1 * kernel-livepatch-5_14_21-150500_13_18-rt-debuginfo-3-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_5-debugsource-3-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-5345.html * https://bugzilla.suse.com/show_bug.cgi?id=1215097 * https://bugzilla.suse.com/show_bug.cgi?id=1215442 * https://bugzilla.suse.com/show_bug.cgi?id=1215519 * https://bugzilla.suse.com/show_bug.cgi?id=1215971 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 16:30:23 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 16:30:23 -0000 Subject: SUSE-SU-2023:4774-1: important: Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP1) Message-ID: <170248502318.16852.6404848787168492656@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP1) Announcement ID: SUSE-SU-2023:4774-1 Rating: important References: * bsc#1210619 Cross-References: * CVE-2023-1829 CVSS scores: * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.12.14-150100_197_160 fixes one issue. The following security issue was fixed: * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-4774=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_160-default-2-150100.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1829.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 16:30:25 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 16:30:25 -0000 Subject: SUSE-SU-2023:4766-1: important: Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP5) Message-ID: <170248502564.16852.4641665777352533344@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:4766-1 Rating: important References: * bsc#1213584 * bsc#1215097 * bsc#1215442 * bsc#1215519 * bsc#1215971 Cross-References: * CVE-2023-2163 * CVE-2023-3610 * CVE-2023-3777 * CVE-2023-4622 * CVE-2023-5345 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_11 fixes several issues. The following security issues were fixed: * CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213584). * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215097) * CVE-2023-5345: Fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215971) * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215442). * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4766=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-4767=1 SUSE-SLE-Module-Live- Patching-15-SP4-2023-4768=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-4769=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-4770=1 SUSE-SLE-Module-Live- Patching-15-SP4-2023-4771=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-4786=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-4772=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4777=1 SUSE-2023-4778=1 SUSE-2023-4798=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4777=1 SUSE-SLE- Module-Live-Patching-15-SP5-2023-4778=1 SUSE-SLE-Module-Live- Patching-15-SP5-2023-4798=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-SLE15-SP4-RT_Update_6-debugsource-8-150400.2.1 * kernel-livepatch-5_14_21-150400_15_11-rt-debuginfo-10-150400.2.2 * kernel-livepatch-SLE15-SP4-RT_Update_7-debugsource-8-150400.2.1 * kernel-livepatch-5_14_21-150400_15_23-rt-8-150400.2.1 * kernel-livepatch-SLE15-SP4-RT_Update_2-debugsource-11-150400.2.2 * kernel-livepatch-5_14_21-150400_15_18-rt-9-150400.2.1 * kernel-livepatch-5_14_21-150400_15_28-rt-8-150400.2.1 * kernel-livepatch-5_14_21-150400_15_8-rt-11-150400.2.2 * kernel-livepatch-5_14_21-150400_15_23-rt-debuginfo-8-150400.2.1 * kernel-livepatch-SLE15-SP4-RT_Update_11-debugsource-4-150400.2.1 * kernel-livepatch-SLE15-SP4-RT_Update_9-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_15_37-rt-debuginfo-5-150400.2.1 * kernel-livepatch-5_14_21-150400_15_11-rt-10-150400.2.2 * kernel-livepatch-SLE15-SP4-RT_Update_5-debugsource-9-150400.2.1 * kernel-livepatch-5_14_21-150400_15_8-rt-debuginfo-11-150400.2.2 * kernel-livepatch-5_14_21-150400_15_46-rt-4-150400.2.1 * kernel-livepatch-5_14_21-150400_15_46-rt-debuginfo-4-150400.2.1 * kernel-livepatch-5_14_21-150400_15_18-rt-debuginfo-9-150400.2.1 * kernel-livepatch-SLE15-SP4-RT_Update_8-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_15_40-rt-5-150400.2.1 * kernel-livepatch-5_14_21-150400_15_40-rt-debuginfo-5-150400.2.1 * kernel-livepatch-SLE15-SP4-RT_Update_3-debugsource-10-150400.2.2 * kernel-livepatch-5_14_21-150400_15_37-rt-5-150400.2.1 * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_11-rt-debuginfo-6-150500.15.1 * kernel-livepatch-5_14_21-150500_13_5-rt-5-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_3-debugsource-4-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_0-debugsource-6-150500.15.1 * kernel-livepatch-SLE15-SP5-RT_Update_1-debugsource-5-150500.2.1 * kernel-livepatch-5_14_21-150500_13_11-rt-debuginfo-4-150500.2.1 * kernel-livepatch-5_14_21-150500_11-rt-6-150500.15.1 * kernel-livepatch-5_14_21-150500_13_11-rt-4-150500.2.1 * kernel-livepatch-5_14_21-150500_13_5-rt-debuginfo-5-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_11-rt-debuginfo-6-150500.15.1 * kernel-livepatch-5_14_21-150500_13_5-rt-5-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_3-debugsource-4-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_0-debugsource-6-150500.15.1 * kernel-livepatch-SLE15-SP5-RT_Update_1-debugsource-5-150500.2.1 * kernel-livepatch-5_14_21-150500_13_11-rt-debuginfo-4-150500.2.1 * kernel-livepatch-5_14_21-150500_11-rt-6-150500.15.1 * kernel-livepatch-5_14_21-150500_13_11-rt-4-150500.2.1 * kernel-livepatch-5_14_21-150500_13_5-rt-debuginfo-5-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-3610.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-5345.html * https://bugzilla.suse.com/show_bug.cgi?id=1213584 * https://bugzilla.suse.com/show_bug.cgi?id=1215097 * https://bugzilla.suse.com/show_bug.cgi?id=1215442 * https://bugzilla.suse.com/show_bug.cgi?id=1215519 * https://bugzilla.suse.com/show_bug.cgi?id=1215971 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 16:30:29 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 16:30:29 -0000 Subject: SUSE-SU-2023:4795-1: important: Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP1) Message-ID: <170248502996.16852.9234704152198950@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP1) Announcement ID: SUSE-SU-2023:4795-1 Rating: important References: * bsc#1215442 Cross-References: * CVE-2023-4622 CVSS scores: * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.12.14-150100_197_157 fixes one issue. The following security issue was fixed: * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215442). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-4793=1 SUSE-SLE-Live- Patching-12-SP5-2023-4794=1 SUSE-SLE-Live-Patching-12-SP5-2023-4795=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-4762=1 SUSE-SLE- Module-Live-Patching-15-SP1-2023-4763=1 SUSE-SLE-Module-Live- Patching-15-SP1-2023-4764=1 SUSE-SLE-Module-Live-Patching-15-SP1-2023-4765=1 SUSE-SLE-Module-Live-Patching-15-SP1-2023-4785=1 SUSE-SLE-Module-Live- Patching-15-SP1-2023-4797=1 SUSE-SLE-Module-Live-Patching-15-SP1-2023-4773=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_144-default-11-2.2 * kgraft-patch-4_12_14-122_176-default-3-2.1 * kgraft-patch-4_12_14-122_173-default-4-2.1 * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_137-default-8-150100.2.1 * kernel-livepatch-4_12_14-150100_197_145-default-8-150100.2.1 * kernel-livepatch-4_12_14-150100_197_148-default-6-150100.2.1 * kernel-livepatch-4_12_14-150100_197_151-default-5-150100.2.1 * kernel-livepatch-4_12_14-150100_197_157-default-3-150100.2.1 * kernel-livepatch-4_12_14-150100_197_154-default-4-150100.2.1 * kernel-livepatch-4_12_14-150100_197_142-default-8-150100.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4622.html * https://bugzilla.suse.com/show_bug.cgi?id=1215442 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 16:30:31 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 16:30:31 -0000 Subject: SUSE-SU-2023:4792-1: important: Security update for xwayland Message-ID: <170248503185.16852.4227917872047080139@smelt2.prg2.suse.org> # Security update for xwayland Announcement ID: SUSE-SU-2023:4792-1 Rating: important References: * bsc#1217765 * bsc#1217766 Cross-References: * CVE-2023-6377 * CVE-2023-6478 CVSS scores: * CVE-2023-6377 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6478 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for xwayland fixes the following issues: * CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions (bsc#1217765). * CVE-2023-6478: Fixed out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (bsc#1217766). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4792=1 openSUSE-SLE-15.4-2023-4792=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4792=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * xwayland-devel-21.1.4-150400.3.23.1 * xwayland-debugsource-21.1.4-150400.3.23.1 * xwayland-debuginfo-21.1.4-150400.3.23.1 * xwayland-21.1.4-150400.3.23.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * xwayland-debugsource-21.1.4-150400.3.23.1 * xwayland-debuginfo-21.1.4-150400.3.23.1 * xwayland-21.1.4-150400.3.23.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6377.html * https://www.suse.com/security/cve/CVE-2023-6478.html * https://bugzilla.suse.com/show_bug.cgi?id=1217765 * https://bugzilla.suse.com/show_bug.cgi?id=1217766 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 16:30:36 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 16:30:36 -0000 Subject: SUSE-SU-2023:4791-1: important: Security update for xorg-x11-server Message-ID: <170248503675.16852.1561151611527264493@smelt2.prg2.suse.org> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2023:4791-1 Rating: important References: * bsc#1217765 * bsc#1217766 Cross-References: * CVE-2023-6377 * CVE-2023-6478 CVSS scores: * CVE-2023-6377 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6478 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions (bsc#1217765). * CVE-2023-6478: Fixed out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (bsc#1217766). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4791=1 openSUSE-SLE-15.4-2023-4791=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4791=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4791=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * xorg-x11-server-source-1.20.3-150400.38.32.1 * xorg-x11-server-debugsource-1.20.3-150400.38.32.1 * xorg-x11-server-1.20.3-150400.38.32.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.32.1 * xorg-x11-server-extra-1.20.3-150400.38.32.1 * xorg-x11-server-sdk-1.20.3-150400.38.32.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.32.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-debugsource-1.20.3-150400.38.32.1 * xorg-x11-server-1.20.3-150400.38.32.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.32.1 * xorg-x11-server-extra-1.20.3-150400.38.32.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.32.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-debugsource-1.20.3-150400.38.32.1 * xorg-x11-server-sdk-1.20.3-150400.38.32.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.32.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6377.html * https://www.suse.com/security/cve/CVE-2023-6478.html * https://bugzilla.suse.com/show_bug.cgi?id=1217765 * https://bugzilla.suse.com/show_bug.cgi?id=1217766 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 16:30:38 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 16:30:38 -0000 Subject: SUSE-SU-2023:4790-1: important: Security update for xorg-x11-server Message-ID: <170248503882.16852.17458425840591847893@smelt2.prg2.suse.org> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2023:4790-1 Rating: important References: * bsc#1217765 * bsc#1217766 Cross-References: * CVE-2023-6377 * CVE-2023-6478 CVSS scores: * CVE-2023-6377 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6478 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions (bsc#1217765). * CVE-2023-6478: Fixed out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (bsc#1217766). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4790=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4790=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4790=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4790=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-sdk-1.19.6-10.59.1 * xorg-x11-server-debugsource-1.19.6-10.59.1 * xorg-x11-server-debuginfo-1.19.6-10.59.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * xorg-x11-server-debugsource-1.19.6-10.59.1 * xorg-x11-server-extra-1.19.6-10.59.1 * xorg-x11-server-debuginfo-1.19.6-10.59.1 * xorg-x11-server-1.19.6-10.59.1 * xorg-x11-server-extra-debuginfo-1.19.6-10.59.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-debugsource-1.19.6-10.59.1 * xorg-x11-server-extra-1.19.6-10.59.1 * xorg-x11-server-debuginfo-1.19.6-10.59.1 * xorg-x11-server-1.19.6-10.59.1 * xorg-x11-server-extra-debuginfo-1.19.6-10.59.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * xorg-x11-server-debugsource-1.19.6-10.59.1 * xorg-x11-server-extra-1.19.6-10.59.1 * xorg-x11-server-debuginfo-1.19.6-10.59.1 * xorg-x11-server-1.19.6-10.59.1 * xorg-x11-server-extra-debuginfo-1.19.6-10.59.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6377.html * https://www.suse.com/security/cve/CVE-2023-6478.html * https://bugzilla.suse.com/show_bug.cgi?id=1217765 * https://bugzilla.suse.com/show_bug.cgi?id=1217766 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 16:30:40 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 16:30:40 -0000 Subject: SUSE-SU-2023:4789-1: important: Security update for xorg-x11-server Message-ID: <170248504069.16852.10642639870169118002@smelt2.prg2.suse.org> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2023:4789-1 Rating: important References: * bsc#1217765 * bsc#1217766 Cross-References: * CVE-2023-6377 * CVE-2023-6478 CVSS scores: * CVE-2023-6377 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6478 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2023-6377: Fixed Out-of-bounds memory write in XKB button actions(bsc#1217765). * CVE-2023-6478: Fixed Out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (bsc#1217766). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4789=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4789=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4789=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4789=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4789=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4789=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4789=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4789=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4789=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4789=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4789=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-wayland-1.20.3-150200.22.5.82.1 * xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.82.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.82.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.82.1 * xorg-x11-server-extra-1.20.3-150200.22.5.82.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.82.1 * xorg-x11-server-1.20.3-150200.22.5.82.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.82.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.82.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.82.1 * xorg-x11-server-extra-1.20.3-150200.22.5.82.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.82.1 * xorg-x11-server-1.20.3-150200.22.5.82.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.82.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.82.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.82.1 * xorg-x11-server-extra-1.20.3-150200.22.5.82.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.82.1 * xorg-x11-server-1.20.3-150200.22.5.82.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.82.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.82.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.82.1 * xorg-x11-server-extra-1.20.3-150200.22.5.82.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.82.1 * xorg-x11-server-1.20.3-150200.22.5.82.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.82.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.82.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.82.1 * xorg-x11-server-extra-1.20.3-150200.22.5.82.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.82.1 * xorg-x11-server-1.20.3-150200.22.5.82.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.82.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.82.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.82.1 * xorg-x11-server-extra-1.20.3-150200.22.5.82.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.82.1 * xorg-x11-server-1.20.3-150200.22.5.82.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.82.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.82.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.82.1 * xorg-x11-server-extra-1.20.3-150200.22.5.82.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.82.1 * xorg-x11-server-1.20.3-150200.22.5.82.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.82.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * xorg-x11-server-debugsource-1.20.3-150200.22.5.82.1 * xorg-x11-server-wayland-1.20.3-150200.22.5.82.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.82.1 * xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.82.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * xorg-x11-server-debugsource-1.20.3-150200.22.5.82.1 * xorg-x11-server-wayland-1.20.3-150200.22.5.82.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.82.1 * xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.82.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.82.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.82.1 * xorg-x11-server-extra-1.20.3-150200.22.5.82.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.82.1 * xorg-x11-server-1.20.3-150200.22.5.82.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.82.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6377.html * https://www.suse.com/security/cve/CVE-2023-6478.html * https://bugzilla.suse.com/show_bug.cgi?id=1217765 * https://bugzilla.suse.com/show_bug.cgi?id=1217766 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 16:30:43 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 16:30:43 -0000 Subject: SUSE-SU-2023:4788-1: important: Security update for xwayland Message-ID: <170248504313.16852.5044015946039850765@smelt2.prg2.suse.org> # Security update for xwayland Announcement ID: SUSE-SU-2023:4788-1 Rating: important References: * bsc#1217765 * bsc#1217766 Cross-References: * CVE-2023-6377 * CVE-2023-6478 CVSS scores: * CVE-2023-6377 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6478 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for xwayland fixes the following issues: * CVE-2023-6377: Fixed Out-of-bounds memory write in XKB button actions(bsc#1217765). * CVE-2023-6478: Fixed Out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (bsc#1217766). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4788=1 openSUSE-SLE-15.5-2023-4788=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4788=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * xwayland-debuginfo-22.1.5-150500.7.8.1 * xwayland-debugsource-22.1.5-150500.7.8.1 * xwayland-devel-22.1.5-150500.7.8.1 * xwayland-22.1.5-150500.7.8.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * xwayland-debuginfo-22.1.5-150500.7.8.1 * xwayland-debugsource-22.1.5-150500.7.8.1 * xwayland-22.1.5-150500.7.8.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6377.html * https://www.suse.com/security/cve/CVE-2023-6478.html * https://bugzilla.suse.com/show_bug.cgi?id=1217765 * https://bugzilla.suse.com/show_bug.cgi?id=1217766 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 16:30:45 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 16:30:45 -0000 Subject: SUSE-SU-2023:4787-1: important: Security update for xorg-x11-server Message-ID: <170248504510.16852.11483179826103846219@smelt2.prg2.suse.org> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2023:4787-1 Rating: important References: * bsc#1217765 * bsc#1217766 Cross-References: * CVE-2023-6377 * CVE-2023-6478 CVSS scores: * CVE-2023-6377 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6478 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2023-6377: Fixed Out-of-bounds memory write in XKB button actions(bsc#1217765). * CVE-2023-6478: Fixed Out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (bsc#1217766). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4787=1 openSUSE-SLE-15.5-2023-4787=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4787=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4787=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * xorg-x11-server-Xvfb-21.1.4-150500.7.10.1 * xorg-x11-server-extra-21.1.4-150500.7.10.1 * xorg-x11-server-extra-debuginfo-21.1.4-150500.7.10.1 * xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.10.1 * xorg-x11-server-debugsource-21.1.4-150500.7.10.1 * xorg-x11-server-sdk-21.1.4-150500.7.10.1 * xorg-x11-server-debuginfo-21.1.4-150500.7.10.1 * xorg-x11-server-source-21.1.4-150500.7.10.1 * xorg-x11-server-21.1.4-150500.7.10.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-Xvfb-21.1.4-150500.7.10.1 * xorg-x11-server-extra-21.1.4-150500.7.10.1 * xorg-x11-server-extra-debuginfo-21.1.4-150500.7.10.1 * xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.10.1 * xorg-x11-server-debugsource-21.1.4-150500.7.10.1 * xorg-x11-server-debuginfo-21.1.4-150500.7.10.1 * xorg-x11-server-21.1.4-150500.7.10.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-debugsource-21.1.4-150500.7.10.1 * xorg-x11-server-sdk-21.1.4-150500.7.10.1 * xorg-x11-server-debuginfo-21.1.4-150500.7.10.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6377.html * https://www.suse.com/security/cve/CVE-2023-6478.html * https://bugzilla.suse.com/show_bug.cgi?id=1217765 * https://bugzilla.suse.com/show_bug.cgi?id=1217766 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 16:30:47 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 16:30:47 -0000 Subject: SUSE-RU-2023:3428-2: moderate: Recommended update for sap-installation-wizard Message-ID: <170248504722.16852.13075959673567169626@smelt2.prg2.suse.org> # Recommended update for sap-installation-wizard Announcement ID: SUSE-RU-2023:3428-2 Rating: moderate References: * bsc#1211099 * bsc#1212097 * bsc#1212813 Affected Products: * openSUSE Leap 15.5 * SAP Applications Module 15-SP5 * SAP Business One Module 15-SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has three fixes can now be installed. ## Description: This update for sap-installation-wizard fixes the following issues: NOTE: This update has been retracted because it broke new installation. * Fixes an issue when 'sap-installation-wizard' update is trying to install file as sapconf but with different content. (bsc#1212813) * Fixes an issue when the 'sap-installation-wizard' can't find the installer on BusinessOne image. (bsc#1212097) * Enable 'sapconf' to apply the required system settings by start. * Fixes an issue when 'sap-installation-wizard' aborts with wrong number of arguments. (bsc#1211099) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3428=1 * SAP Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP5-2023-3428=1 * SAP Business One Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Business-One-15-SP5-2023-3428=1 ## Package List: * openSUSE Leap 15.5 (ppc64le x86_64) * sap-installation-wizard-4.5.8-150500.5.3.1 * bone-installation-wizard-4.5.8-150500.5.3.1 * SAP Applications Module 15-SP5 (ppc64le x86_64) * sap-installation-wizard-4.5.8-150500.5.3.1 * SAP Business One Module 15-SP5 (x86_64) * bone-installation-wizard-4.5.8-150500.5.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211099 * https://bugzilla.suse.com/show_bug.cgi?id=1212097 * https://bugzilla.suse.com/show_bug.cgi?id=1212813 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 16:30:54 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 16:30:54 -0000 Subject: SUSE-SU-2023:4782-1: important: Security update for the Linux Kernel Message-ID: <170248505427.16852.9167598983291862887@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4782-1 Rating: important References: * bsc#1210447 * bsc#1214286 * bsc#1214976 * bsc#1215124 * bsc#1215292 * bsc#1215420 * bsc#1215458 * bsc#1215710 * bsc#1216058 * bsc#1216105 * bsc#1216259 * bsc#1216584 * bsc#1216693 * bsc#1216759 * bsc#1216844 * bsc#1216861 * bsc#1216909 * bsc#1216959 * bsc#1216965 * bsc#1216976 * bsc#1217036 * bsc#1217068 * bsc#1217086 * bsc#1217124 * bsc#1217140 * bsc#1217195 * bsc#1217200 * bsc#1217205 * bsc#1217332 * bsc#1217366 * bsc#1217515 * bsc#1217598 * bsc#1217599 * bsc#1217609 * bsc#1217687 * bsc#1217731 * bsc#1217780 * jsc#PED-3184 * jsc#PED-5021 * jsc#PED-7237 Cross-References: * CVE-2023-2006 * CVE-2023-25775 * CVE-2023-39197 * CVE-2023-39198 * CVE-2023-4244 * CVE-2023-45863 * CVE-2023-45871 * CVE-2023-46862 * CVE-2023-5158 * CVE-2023-5717 * CVE-2023-6039 * CVE-2023-6176 CVSS scores: * CVE-2023-2006 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2006 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25775 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-25775 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4244 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4244 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-46862 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46862 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5158 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-5158 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6039 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6039 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 12 vulnerabilities, contains three features and has 25 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447). * CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959). * CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). * CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). * CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). * CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). * CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). * CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693). * CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710). * CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). * CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068). * CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). The following non-security bugs were fixed: * acpi: fpdt: properly handle invalid fpdt subtables (git-fixes). * acpi: resource: do irq override on tongfang gmxxgxx (git-fixes). * acpi: resource: skip irq override on asus expertbook b1402cva (git-fixes). * acpi: sysfs: fix create_pnp_modalias() and create_of_modalias() (git-fixes). * alsa: hda/realtek - add dell alc295 to pin fall back table (git-fixes). * alsa: hda/realtek - enable internal speaker of asus k6500zc (git-fixes). * alsa: hda/realtek: add quirks for hp laptops (git-fixes). * alsa: hda/realtek: enable mute led on hp 255 g10 (git-fixes). * alsa: hda/realtek: enable mute led on hp 255 g8 (git-fixes). * alsa: hda: cs35l41: fix unbalanced pm_runtime_get() (git-fixes). * alsa: hda: cs35l41: undo runtime pm changes at driver exit time (git-fixes). * alsa: hda: disable power-save on kontron singlepc (bsc#1217140). * alsa: hda: fix possible null-ptr-deref when assigning a stream (git-fixes). * alsa: hda: intel-dsp-config: fix jsl chromebook quirk detection (git-fixes). * alsa: info: fix potential deadlock at disconnection (git-fixes). * arm/xen: fix xen_vcpu_info allocation alignment (git-fixes). * arm64: add cortex-a520 cpu part definition (git-fixes) * arm64: allow kprobes on el0 handlers (git-fixes) * arm64: armv8_deprecated move emulation functions (git-fixes) * arm64: armv8_deprecated: fix unused-function error (git-fixes) * arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes) * arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes) * arm64: armv8_deprecated: rework deprected instruction handling (git-fixes) * arm64: consistently pass esr_elx to die() (git-fixes) * arm64: die(): pass 'err' as long (git-fixes) * arm64: factor insn read out of call_undef_hook() (git-fixes) * arm64: factor out el1 ssbs emulation hook (git-fixes) * arm64: report el1 undefs better (git-fixes) * arm64: rework bti exception handling (git-fixes) * arm64: rework el0 mrs emulation (git-fixes) * arm64: rework fpac exception handling (git-fixes) * arm64: split el0/el1 undef handlers (git-fixes) * arm: 9321/1: memset: cast the constant byte to unsigned char (git-fixes). * asoc: ams-delta.c: use component after check (git-fixes). * asoc: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes). * asoc: cs35l41: undo runtime pm changes at driver exit time (git-fixes). * asoc: cs35l41: verify pm runtime resume errors in irq handler (git-fixes). * asoc: fsl: fix pm disable depth imbalance in fsl_easrc_probe (git-fixes). * asoc: fsl: mpc5200_dma.c: fix warning of function parameter or member not described (git-fixes). * asoc: hdmi-codec: register hpd callback on component probe (git-fixes). * asoc: intel: skylake: fix mem leak when parsing uuids fails (git-fixes). * asoc: rt5650: fix the wrong result of key button (git-fixes). * asoc: simple-card: fixup asoc_simple_probe() error handling (git-fixes). * asoc: ti: omap-mcbsp: fix runtime pm underflow warnings (git-fixes). * ata: pata_isapnp: add missing error check for devm_ioport_map() (git-fixes). * atl1c: work around the dma rx overflow issue (git-fixes). * atm: iphase: do pci error checks on own line (git-fixes). * blk-mq: do not clear driver tags own mapping (bsc#1217366). * blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366). * bluetooth: add device 0bda:887b to device tables (git-fixes). * bluetooth: add device 13d3:3571 to device tables (git-fixes). * bluetooth: btusb: add 0bda:b85b for fn-link rtl8852be (git-fixes). * bluetooth: btusb: add date->evt_skb is null check (git-fixes). * bluetooth: btusb: add realtek rtl8852be support id 0x0cb8:0xc559 (git- fixes). * bluetooth: btusb: add rtw8852be device 13d3:3570 to device tables (git- fixes). * can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes). * can: dev: can_restart(): do not crash kernel if carrier is ok (git-fixes). * can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes). * can: isotp: add local echo tx processing for consecutive frames (git-fixes). * can: isotp: fix race between isotp_sendsmg() and isotp_release() (git- fixes). * can: isotp: fix tx state handling for echo tx processing (git-fixes). * can: isotp: handle wait_event_interruptible() return values (git-fixes). * can: isotp: isotp_bind(): return -einval on incorrect can id formatting (git-fixes). * can: isotp: isotp_sendmsg(): fix tx state detection and wait behavior (git- fixes). * can: isotp: remove re-binding of bound socket (git-fixes). * can: isotp: sanitize can id checks in isotp_bind() (git-fixes). * can: isotp: set max pdu size to 64 kbyte (git-fixes). * can: isotp: split tx timer into transmission and timeout (git-fixes). * can: sja1000: fix comment (git-fixes). * clk: imx: imx8mq: correct error handling path (git-fixes). * clk: imx: imx8qxp: fix elcdif_pll clock (git-fixes). * clk: imx: select mxc_clk for clk_imx8qxp (git-fixes). * clk: keystone: pll: fix a couple null vs is_err() checks (git-fixes). * clk: mediatek: clk-mt2701: add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt6765: add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt6779: add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt6797: add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt7629-eth: add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt7629: add check for mtk_alloc_clk_data (git-fixes). * clk: npcm7xx: fix incorrect kfree (git-fixes). * clk: qcom: clk-rcg2: fix clock rate overflow for high parent frequencies (git-fixes). * clk: qcom: config ipq_apss_6018 should depend on qcom_smem (git-fixes). * clk: qcom: gcc-sm8150: fix gcc_sdcc2_apps_clk_src (git-fixes). * clk: qcom: ipq6018: drop the clk_set_rate_parent flag from pll clocks (git- fixes). * clk: qcom: mmcc-msm8998: do not check halt bit on some branch clks (git- fixes). * clk: qcom: mmcc-msm8998: fix the smmu gdsc (git-fixes). * clk: sanitize possible_parent_show to handle return value of of_clk_get_parent_name (git-fixes). * clk: scmi: free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes). * clk: ti: add ti_dt_clk_name() helper to use clock-output-names (git-fixes). * clk: ti: change ti_clk_register_omap_hw api (git-fixes). * clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes). * clk: ti: update component clocks to use ti_dt_clk_name() (git-fixes). * clk: ti: update pll and clockdomain clocks to use ti_dt_clk_name() (git- fixes). * crypto: caam/jr - fix chacha20 + poly1305 self test failure (git-fixes). * crypto: caam/qi2 - fix chacha20 + poly1305 self test failure (git-fixes). * crypto: hisilicon/hpre - fix a erroneous check after snprintf() (git-fixes). * disable loongson drivers loongson is a mips architecture, it does not make sense to build loongson drivers on other architectures. * dmaengine: pxa_dma: remove an erroneous bug_on() in pxad_free_desc() (git- fixes). * dmaengine: ste_dma40: fix pm disable depth imbalance in d40_probe (git- fixes). * dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes). * dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes). * docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458). * docs: net: reformat driver.rst from a list to sections (bsc#1215458). * docs: net: use c syntax highlight in driver.rst (bsc#1215458). * documentation: networking: correct possessive "its" (bsc#1215458). * drivers: hv: vmbus: remove unused extern declaration vmbus_ontimer() (git- fixes). * drm/amd/display: avoid null dereference of timing generator (git-fixes). * drm/amd/display: change the dmcub mailbox memory location from fb to inbox (git-fixes). * drm/amd/display: remove useless check in should_enable_fbc() (git-fixes). * drm/amd/display: use full update for clip size increase of large plane source (git-fixes). * drm/amd/pm: handle non-terminated overdrive commands (git-fixes). * drm/amd: fix ubsan array-index-out-of-bounds for polaris and tonga (git- fixes). * drm/amd: fix ubsan array-index-out-of-bounds for smu7 (git-fixes). * drm/amdgpu: do not use atrm for external devices (git-fixes). * drm/amdgpu: fix a null pointer access when the smc_rreg pointer is null (git-fixes). * drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes). * drm/amdgpu: fix potential null pointer derefernce (git-fixes). * drm/amdgpu: fix software pci_unplug on some chips (git-fixes). * drm/amdkfd: fix a race condition of vram buffer unref in svm code (git- fixes). * drm/amdkfd: fix shift out-of-bounds issue (git-fixes). * drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes). * drm/bridge: fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes). * drm/bridge: lt8912b: add missing drm_bridge_attach call (git-fixes). * drm/bridge: lt8912b: fix bridge_detach (git-fixes). * drm/bridge: lt8912b: fix crash on bridge detach (git-fixes). * drm/bridge: lt8912b: manually disable hpd only if it was enabled (git- fixes). * drm/bridge: lt8912b: register and attach our dsi device at probe (git- fixes). * drm/bridge: lt8912b: switch to devm mipi-dsi helpers (git-fixes). * drm/bridge: lt9611uxc: fix the race in the error path (git-fixes). * drm/bridge: lt9611uxc: register and attach our dsi device at probe (git- fixes). * drm/bridge: lt9611uxc: switch to devm mipi-dsi helpers (git-fixes). * drm/bridge: tc358768: disable non-continuous clock mode (git-fixes). * drm/bridge: tc358768: fix bit updates (git-fixes). * drm/bridge: tc358768: fix use of uninitialized variable (git-fixes). * drm/gud: use size_add() in call to struct_size() (git-fixes). * drm/i915/pmu: check if pmu is closed before stopping event (git-fixes). * drm/i915: fix potential spectre vulnerability (git-fixes). * drm/komeda: drop all currently held locks if deadlock happens (git-fixes). * drm/mediatek: fix iommu fault by swapping fbs after updating plane state (git-fixes). * drm/mediatek: fix iommu fault during crtc enabling (git-fixes). * drm/mipi-dsi: create devm device attachment (git-fixes). * drm/mipi-dsi: create devm device registration (git-fixes). * drm/msm/dp: skip validity check for dp cts edid checksum (git-fixes). * drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git- fixes). * drm/panel: fix a possible null pointer dereference (git-fixes). * drm/panel: simple: fix innolux g101ice-l01 bus flags (git-fixes). * drm/panel: simple: fix innolux g101ice-l01 timings (git-fixes). * drm/panel: st7703: pick different reset sequence (git-fixes). * drm/qxl: prevent memory leak (git-fixes). * drm/radeon: possible buffer overflow (git-fixes). * drm/rockchip: cdn-dp: fix some error handling paths in cdn_dp_probe() (git- fixes). * drm/rockchip: fix type promotion bug in rockchip_gem_iommu_map() (git- fixes). * drm/rockchip: vop: fix call to crtc reset helper (git-fixes). * drm/rockchip: vop: fix color for rgb888/bgr888 format on vop full (git- fixes). * drm/rockchip: vop: fix reset of state in duplicate state crtc funcs (git- fixes). * drm/syncobj: fix drm_syncobj_wait_flags_wait_available (git-fixes). * drm/vc4: fix typo (git-fixes). * drm: vmwgfx_surface.c: copy user-array safely (git-fixes). * dt-bindings: usb: hcd: add missing phy name to example (git-fixes). * dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes). * ensure ia32_emulation is always enabled for kernel-obs-build if ia32_emulation is disabled by default, ensure it is enabled back for obs kernel to allow building 32bit binaries (jsc#ped-3184) [ms: always pass the parameter, no need to grep through the config which may not be very reliable] * fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes). * fbdev: imsttfb: fix a resource leak in probe (git-fixes). * fbdev: imsttfb: fix double free in probe() (git-fixes). * fbdev: imsttfb: fix error path of imsttfb_probe() (git-fixes). * fbdev: imsttfb: release framebuffer and dealloc cmap on error path (git- fixes). * fbdev: omapfb: drop unused remove function (git-fixes). * firewire: core: fix possible memory leak in create_units() (git-fixes). * firmware/imx-dsp: fix use_after_free in imx_dsp_setup_channels() (git- fixes). * fix termination state for idr_for_each_entry_ul() (git-fixes). * gpio: mockup: fix kerneldoc (git-fixes). * gpio: mockup: remove unused field (git-fixes). * hid: add quirk for dell pro wireless keyboard and mouse km5221w (git-fixes). * hid: cp2112: fix duplicate workqueue initialization (git-fixes). * hid: hyperv: avoid struct memcpy overrun warning (git-fixes). * hid: hyperv: remove unused struct synthhid_msg (git-fixes). * hid: hyperv: replace one-element array with flexible-array member (git- fixes). * hid: lenovo: detect quirk-free fw on cptkbd and stop applying workaround (git-fixes). * hid: logitech-hidpp: do not restart io, instead defer hid_connect() only (git-fixes). * hid: logitech-hidpp: move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes). * hid: logitech-hidpp: remove hidpp_quirk_no_hidinput quirk (git-fixes). * hid: logitech-hidpp: revert "do not restart communication if not necessary" (git-fixes). * hv: simplify sysctl registration (git-fixes). * hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes). * hv_netvsc: fix race of netvsc and vf register_netdevice (git-fixes). * hv_netvsc: fix race of register_netdevice_notifier and vf register (git- fixes). * hv_netvsc: mark vf as slave before exposing it to user-mode (git-fixes). * hwmon: (coretemp) fix potentially truncated sysfs attribute name (git- fixes). * i2c: aspeed: fix i2c bus hang in slave read (git-fixes). * i2c: core: run atomic i2c xfer when !preemptible (git-fixes). * i2c: designware: disable tx_empty irq while waiting for block length byte (git-fixes). * i2c: dev: copy userspace array safely (git-fixes). * i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git- fixes). * i2c: iproc: handle invalid slave state (git-fixes). * i2c: muxes: i2c-demux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes). * i2c: muxes: i2c-mux-gpmux: use of_get_i2c_adapter_by_node() (git-fixes). * i2c: muxes: i2c-mux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes). * i2c: stm32f7: fix pec handling in case of smbus transfers (git-fixes). * i2c: sun6i-p2wi: prevent potential division by zero (git-fixes). * i3c: fix potential refcount leak in i3c_master_register_new_i3c_devs (git- fixes). * i3c: master: cdns: fix reading status register (git-fixes). * i3c: master: mipi-i3c-hci: fix a kernel panic for accessing dat_data (git- fixes). * i3c: master: svc: fix check wrong status register in irq handler (git- fixes). * i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes). * i3c: master: svc: fix race condition in ibi work thread (git-fixes). * i3c: master: svc: fix sda keep low when polling ibiwon timeout happen (git- fixes). * i3c: master: svc: fix wrong data return when ibi happen during start frame (git-fixes). * i3c: mipi-i3c-hci: fix out of bounds access in hci_dma_irq_handler (git- fixes). * i915/perf: fix null deref bugs with drm_dbg() calls (git-fixes). * idpf: add controlq init and reset checks (bsc#1215458). * idpf: add core init and interrupt request (bsc#1215458). * idpf: add create vport and netdev configuration (bsc#1215458). * idpf: add ethtool callbacks (bsc#1215458). * idpf: add module register and probe functionality (bsc#1215458). * idpf: add ptypes and mac filter support (bsc#1215458). * idpf: add rx splitq napi poll support (bsc#1215458). * idpf: add singleq start_xmit and napi poll (bsc#1215458). * idpf: add splitq start_xmit (bsc#1215458). * idpf: add sriov support and other ndo_ops (bsc#1215458). * idpf: add tx splitq napi poll support (bsc#1215458). * idpf: cancel mailbox work in error path (bsc#1215458). * idpf: configure resources for rx queues (bsc#1215458). * idpf: configure resources for tx queues (bsc#1215458). * idpf: fix potential use-after-free in idpf_tso() (bsc#1215458). * idpf: initialize interrupts and enable vport (bsc#1215458). * idpf: set scheduling mode for completion queue (bsc#1215458). * iio: adc: xilinx-xadc: correct temperature offset/scale for ultrascale (git- fixes). * iio: adc: xilinx-xadc: do not clobber preset voltage/temperature thresholds (git-fixes). * iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes). * input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes). * input: synaptics-rmi4 - handle reset delay when using smbus trsnsport (git- fixes). * input: xpad - add vid for turtle beach controllers (git-fixes). * irqchip/stm32-exti: add missing dt irq flag translation (git-fixes). * kabi/severities: ignore kabi in rxrpc (bsc#1210447) the rxrpc module is built since sle15-sp3 but it is not shipped as part of any sle product, only in leap (in kernel-*-optional). * kernel-binary: suse-module-tools is also required when installed requires(pre) adds dependency for the specific sciptlet. however, suse- module-tools also ships modprobe.d files which may be needed at posttrans time or any time the kernel is on the system for generating ramdisk. add plain requires as well. * kernel-source: move provides after sources * leds: pwm: do not disable the pwm when the led should be off (git-fixes). * leds: trigger: ledtrig-cpu:: fix 'output may be truncated' issue for 'cpu' (git-fixes). * leds: turris-omnia: do not use smbus calls (git-fixes). * lsm: fix default return value for inode_getsecctx (git-fixes). * lsm: fix default return value for vm_enough_memory (git-fixes). * media: bttv: fix use after free error due to btv->timeout timer (git-fixes). * media: ccs: correctly initialise try compose rectangle (git-fixes). * media: ccs: fix driver quirk struct documentation (git-fixes). * media: cedrus: fix clock/reset sequence (git-fixes). * media: cobalt: use field_get() to extract link width (git-fixes). * media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes). * media: i2c: max9286: fix some redundant of_node_put() calls (git-fixes). * media: imon: fix access to invalid resource for the second interface (git- fixes). * media: lirc: drop trailing space from scancode transmit (git-fixes). * media: qcom: camss: fix missing vfe_lite clocks check (git-fixes). * media: qcom: camss: fix pm_domain_on sequence in probe (git-fixes). * media: qcom: camss: fix vfe-17x vfe_disable_output() (git-fixes). * media: qcom: camss: fix vfe_get() error jump (git-fixes). * media: sharp: fix sharp encoding (git-fixes). * media: siano: drop unnecessary error check for debugfs_create_dir/file() (git-fixes). * media: venus: hfi: add checks to handle capabilities from firmware (git- fixes). * media: venus: hfi: add checks to perform sanity on queue pointers (git- fixes). * media: venus: hfi: fix the check to handle session buffer requirement (git- fixes). * media: venus: hfi_parser: add check to keep the number of codecs within range (git-fixes). * media: vidtv: mux: add check and kfree for kstrdup (git-fixes). * media: vidtv: psi: add check for kstrdup (git-fixes). * media: vivid: avoid integer overflow (git-fixes). * mfd: arizona-spi: set pdata.hpdet_channel for acpi enumerated devs (git- fixes). * mfd: core: ensure disabled devices are skipped without aborting (git-fixes). * mfd: dln2: fix double put in dln2_probe (git-fixes). * misc: fastrpc: clean buffers on remote invocation failures (git-fixes). * misc: pci_endpoint_test: add device id for r-car s4-8 pcie controller (git- fixes). * mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#ped-7237, git-fixes). * mmc: block: be sure to wait while busy in cqe error recovery (git-fixes). * mmc: block: do not lose cache flush during cqe error recovery (git-fixes). * mmc: block: retry commands in cqe error recovery (git-fixes). * mmc: cqhci: fix task clearing in cqe error recovery (git-fixes). * mmc: cqhci: increase recovery halt timeout (git-fixes). * mmc: cqhci: warn of halt or task clear failure (git-fixes). * mmc: meson-gx: remove setting of cmd_cfg_error (git-fixes). * mmc: sdhci-pci-gli: a workaround to allow gl9750 to enter aspm l1.2 (git- fixes). * mmc: sdhci-pci-gli: gl9750: mask the replay timer timeout of aer (git- fixes). * mmc: sdhci_am654: fix start loop index for tap value parsing (git-fixes). * mmc: vub300: fix an error code (git-fixes). * modpost: fix tee module_device_table built on big-endian host (git-fixes). * mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes). * mtd: cfi_cmdset_0001: byte swap otp info (git-fixes). * mtd: rawnand: arasan: include ecc syndrome along with in-band data while checking for ecc failure (git-fixes). * net-memcg: fix scope of sockmem pressure indicators (bsc#1216759). * net: add macro netif_subqueue_completed_wake (bsc#1215458). * net: avoid address overwrite in kernel_connect (bsc#1216861). * net: fix use-after-free in tw_timer_handler (bsc#1217195). * net: ieee802154: adf7242: fix some potential buffer overflow in adf7242_stats_show() (git-fixes). * net: mana: fix return type of mana_start_xmit() (git-fixes). * net: piggy back on the memory barrier in bql when waking queues (bsc#1215458). * net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458). * net: usb: ax88179_178a: fix failed operations during ax88179_reset (git- fixes). * net: usb: smsc95xx: fix uninit-value access in smsc95xx_read_reg (git- fixes). * nvme: update firmware version after commit (bsc#1215292). * pci/aspm: fix l1 substate handling in aspm_attr_store_common() (git-fixes). * pci/sysfs: protect driver's d3cold preference from user space (git-fixes). * pci: disable ats for specific intel ipu e2000 devices (bsc#1215458). * pci: extract ats disabling to a helper function (bsc#1215458). * pci: exynos: do not discard .remove() callback (git-fixes). * pci: keystone: do not discard .probe() callback (git-fixes). * pci: keystone: do not discard .remove() callback (git-fixes). * pci: prevent xhci driver from claiming amd vangogh usb3 drd device (git- fixes). * pci: tegra194: use field_get()/field_prep() with link width fields (git- fixes). * pci: use field_get() in sapphire rx 5600 xt pulse quirk (git-fixes). * pci: use field_get() to extract link width (git-fixes). * pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes). * pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes). * pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes). * pinctrl: avoid reload of p state in list iteration (git-fixes). * platform/x86: thinkpad_acpi: add battery quirk for thinkpad x120e (git- fixes). * platform/x86: wmi: fix opening of char device (git-fixes). * platform/x86: wmi: fix probe failure when failing to register wmi devices (git-fixes). * platform/x86: wmi: remove unnecessary initializations (git-fixes). * pm / devfreq: rockchip-dfi: make pmu regmap mandatory (git-fixes). * pm: hibernate: use __get_safe_page() rather than touching the list (git- fixes). * powerpc: do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). * pwm: brcmstb: utilize appropriate clock apis in suspend/resume (git-fixes). * pwm: fix double shift bug (git-fixes). * pwm: sti: reduce number of allocations and drop usage of chip_data (git- fixes). * r8152: cancel hw_phy_work if we have an error in probe (git-fixes). * r8152: check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes). * r8152: check for unplug in rtl_phy_patch_request() (git-fixes). * r8152: increase usb control msg timeout to 5000ms as per spec (git-fixes). * r8152: release firmware if we have an error in probe (git-fixes). * r8152: run the unload routine if we have errors during probe (git-fixes). * regmap: debugfs: fix a erroneous check after snprintf() (git-fixes). * regmap: ensure range selector registers are updated after cache sync (git- fixes). * regmap: prevent noinc writes from clobbering cache (git-fixes). * revert "i2c: pxa: move to generic gpio recovery" (git-fixes). * revert "mmc: core: capture correct oemid-bits for emmc cards" (git-fixes). * rpm/check-for-config-changes: add as_wruss to ignored_configs_re add as_wruss as an ignored_configs_re entry in check-for-config-changes to fix build on x86_32. there was a fix submitted to upstream but it was not accepted: https://lore.kernel.org/all/20231031140504.gczuejkmpxsredh3ma at fat_crate.local/ so carry this in ignored_configs_re instead. * rpm/check-for-config-changes: add have_shadow_call_stack to ignored_configs_re not supported by our compiler. * rpm/mkspec-dtb: add riscv64 dtb-allwinner subpackage * s390/ap: fix ap bus crash on early config change callback invocation (git- fixes bsc#1217687). * s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609). * s390/cmma: fix detection of dat pages (ltc#203997 bsc#1217086). * s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (ltc#203997 bsc#1217086). * s390/cmma: fix initial kernel address space page table walk (ltc#203997 bsc#1217086). * s390/crashdump: fix tod programmable field size (git-fixes bsc#1217205). * s390/dasd: fix hanging device after request requeue (git-fixes ltc#203629 bsc#1215124). * s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515). * s390/dasd: use correct number of retries for erp requests (git-fixes bsc#1217598). * s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes). * s390/mm: add missing arch_set_page_dat() call to gmap allocations (ltc#203997 bsc#1217086). * s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (ltc#203997 bsc#1217086). * s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200). * s390/ptrace: fix ptrace_get_last_break error handling (git-fixes bsc#1217599). * sbsa_gwdt: calculate timeout with 64-bit math (git-fixes). * scsi: lpfc: copyright updates for 14.2.0.16 patches (bsc#1217731). * scsi: lpfc: correct maximum pci function value for ras fw logging (bsc#1217731). * scsi: lpfc: eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731). * scsi: lpfc: enhance driver logging for selected discovery events (bsc#1217731). * scsi: lpfc: fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731). * scsi: lpfc: fix possible file string name overflow when updating firmware (bsc#1217731). * scsi: lpfc: introduce log_node_verbose messaging flag (bsc#1217124). * scsi: lpfc: refactor and clean up mailbox command memory free (bsc#1217731). * scsi: lpfc: reject received prlis with only initiator fcn role for npiv ports (bsc#1217124). * scsi: lpfc: remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124). * scsi: lpfc: return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731). * scsi: lpfc: treat ioerr_sli_down i/o completion status the same as pci offline (bsc#1217124). * scsi: lpfc: update lpfc version to 14.2.0.15 (bsc#1217124). * scsi: lpfc: update lpfc version to 14.2.0.16 (bsc#1217731). * scsi: lpfc: validate els ls_acc completion payload (bsc#1217124). * scsi: qla2xxx: fix double free of dsd_list during driver load (git-fixes). * scsi: qla2xxx: use field_get() to extract pcie capability fields (git- fixes). * selftests/efivarfs: create-read: fix a resource leak (git-fixes). * selftests/pidfd: fix ksft print formats (git-fixes). * selftests/resctrl: ensure the benchmark commands fits to its array (git- fixes). * selftests/resctrl: reduce failures due to outliers in mba/mbm tests (git- fixes). * selftests/resctrl: remove duplicate feature check from cmt test (git-fixes). * seq_buf: fix a misleading comment (git-fixes). * serial: exar: revert "serial: exar: add support for sealevel 7xxxc serial cards" (git-fixes). * serial: meson: use platform_get_irq() to get the interrupt (git-fixes). * soc: qcom: llcc: handle a second device without data corruption (git-fixes). * spi: nxp-fspi: use the correct ioremap function (git-fixes). * spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes). * spi: tegra: fix missing irq check in tegra_slink_probe() (git-fixes). * staging: media: ipu3: remove ftrace-like logging (git-fixes). * string.h: add array-wrappers for (v)memdup_user() (git-fixes). * supported.conf: marked idpf supported * thermal: core: prevent potential string overflow (git-fixes). * treewide: spelling fix in comment (git-fixes). * tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes). * tty: 8250: add brainboxes oxford semiconductor-based quirks (git-fixes). * tty: 8250: add support for additional brainboxes px cards (git-fixes). * tty: 8250: add support for additional brainboxes uc cards (git-fixes). * tty: 8250: add support for brainboxes up cards (git-fixes). * tty: 8250: add support for intashield is-100 (git-fixes). * tty: 8250: add support for intashield ix cards (git-fixes). * tty: 8250: fix port count of px-257 (git-fixes). * tty: 8250: fix up px-803/px-857 (git-fixes). * tty: 8250: remove uc-257 and uc-431 (git-fixes). * tty: fix uninit-value access in ppp_sync_receive() (git-fixes). * tty: n_gsm: fix race condition in status line change on dead connections (git-fixes). * tty: serial: meson: fix hard lockup on crtscts mode (git-fixes). * tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes). * tty: vcc: add check for kstrdup() in vcc_probe() (git-fixes). * usb: cdnsp: fix deadlock issue during using ncm gadget (git-fixes). * usb: chipidea: fix dma overwrite for tegra (git-fixes). * usb: chipidea: simplify tegra dma alignment code (git-fixes). * usb: dwc2: fix possible null pointer dereference caused by driver concurrency (git-fixes). * usb: dwc2: write hcint with intmask applied (bsc#1214286). * usb: dwc3: fix default mode initialization (git-fixes). * usb: dwc3: qcom: fix acpi platform device leak (git-fixes). * usb: dwc3: qcom: fix resource leaks on probe deferral (git-fixes). * usb: dwc3: qcom: fix software node leak on probe errors (git-fixes). * usb: dwc3: qcom: fix wakeup after probe deferral (git-fixes). * usb: dwc3: set the dma max_seg_size (git-fixes). * usb: gadget: f_ncm: always set current gadget in ncm_bind() (git-fixes). * usb: raw-gadget: properly handle interrupted requests (git-fixes). * usb: serial: option: add fibocom l7xx modules (git-fixes). * usb: serial: option: do not claim interface 4 for zte mf290 (git-fixes). * usb: serial: option: fix fm101r-gl defines (git-fixes). * usb: storage: set 1.50 as the lower bcddevice for older "super top" compatibility (git-fixes). * usb: typec: tcpm: fix null pointer dereference in tcpm_pd_svdm() (git- fixes). * usb: typec: tcpm: skip hard reset when in error recovery (git-fixes). * usb: usbip: fix stub_dev hub disconnect (git-fixes). * virtchnl: add virtchnl version 2 ops (bsc#1215458). * wifi: ath10k: do not touch the ce interrupt registers after power up (git- fixes). * wifi: ath10k: fix clang-specific fortify warning (git-fixes). * wifi: ath11k: debugfs: fix to work with multiple pci devices (git-fixes). * wifi: ath11k: fix dfs radar event locking (git-fixes). * wifi: ath11k: fix htt pktlog locking (git-fixes). * wifi: ath11k: fix temperature event locking (git-fixes). * wifi: ath9k: fix clang-specific fortify warnings (git-fixes). * wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git- fixes). * wifi: iwlwifi: empty overflow queue during flush (git-fixes). * wifi: iwlwifi: honor the enable_ini value (git-fixes). * wifi: iwlwifi: pcie: synchronize irqs before napi (git-fixes). * wifi: iwlwifi: use fw rate for non-data frames (git-fixes). * wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git- fixes). * wifi: mac80211: fix # of msdu in a-msdu calculation (git-fixes). * wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes). * wifi: rtlwifi: fix edca limit set by bt coexistence (git-fixes). * wifi: rtw88: debug: fix the null vs is_err() bug for debugfs_create_file() (git-fixes). * x86/alternative: add a __alt_reloc_selftest() prototype (git-fixes). * x86/cpu: fix amd erratum #1485 on zen4-based cpus (git-fixes). * x86/fpu: set x86_feature_osxsave feature after enabling osxsave in cr4 (git- fixes). * x86/hyperv: add hv_expose_invariant_tsc define (git-fixes). * x86/hyperv: fix a warning in mshyperv.h (git-fixes). * x86/hyperv: improve code for referencing hyperv_pcpu_input_arg (git-fixes). * x86/hyperv: make hv_get_nmi_reason public (git-fixes). * x86/sev: do not try to parse for the cc blob on non-amd hardware (git- fixes). * x86/sev: fix calculation of end address based on number of pages (git- fixes). * x86/sev: use the ghcb protocol when available for snp cpuid requests (git- fixes). * x86: move gds_ucode_mitigated() declaration to header (git-fixes). * xfs: add attr state machine tracepoints (git-fixes). * xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909). * xfs: constify btree function parameters that are not modified (git-fixes). * xfs: convert agf log flags to unsigned (git-fixes). * xfs: convert agi log flags to unsigned (git-fixes). * xfs: convert attr type flags to unsigned (git-fixes). * xfs: convert bmap extent type flags to unsigned (git-fixes). * xfs: convert bmapi flags to unsigned (git-fixes). * xfs: convert btree buffer log flags to unsigned (git-fixes). * xfs: convert buffer flags to unsigned (git-fixes). * xfs: convert buffer log item flags to unsigned (git-fixes). * xfs: convert da btree operations flags to unsigned (git-fixes). * xfs: convert dquot flags to unsigned (git-fixes). * xfs: convert inode lock flags to unsigned (git-fixes). * xfs: convert log item tracepoint flags to unsigned (git-fixes). * xfs: convert log ticket and iclog flags to unsigned (git-fixes). * xfs: convert quota options flags to unsigned (git-fixes). * xfs: convert scrub type flags to unsigned (git-fixes). * xfs: disambiguate units for ftrace fields tagged "blkno", "block", or "bno" (git-fixes). * xfs: disambiguate units for ftrace fields tagged "count" (git-fixes). * xfs: disambiguate units for ftrace fields tagged "len" (git-fixes). * xfs: disambiguate units for ftrace fields tagged "offset" (git-fixes). * xfs: make the key parameters to all btree key comparison functions const (git-fixes). * xfs: make the key parameters to all btree query range functions const (git- fixes). * xfs: make the keys and records passed to btree inorder functions const (git- fixes). * xfs: make the pointer passed to btree set_root functions const (git-fixes). * xfs: make the start pointer passed to btree alloc_block functions const (git-fixes). * xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes). * xfs: mark the record passed into btree init_key functions as const (git- fixes). * xfs: mark the record passed into xchk_btree functions as const (git-fixes). * xfs: remove xfs_btree_cur_t typedef (git-fixes). * xfs: rename i_disk_size fields in ftrace output (git-fixes). * xfs: resolve fork names in trace output (git-fixes). * xfs: standardize ag block number formatting in ftrace output (git-fixes). * xfs: standardize ag number formatting in ftrace output (git-fixes). * xfs: standardize daddr formatting in ftrace output (git-fixes). * xfs: standardize inode generation formatting in ftrace output (git-fixes). * xfs: standardize inode number formatting in ftrace output (git-fixes). * xfs: standardize remaining xfs_buf length tracepoints (git-fixes). * xfs: standardize rmap owner number formatting in ftrace output (git-fixes). * xhci: enable rpm on controllers that support low-power states (git-fixes). * xhci: loosen rpm as default policy to cover for amd xhc 1.1 (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4782=1 openSUSE-SLE-15.4-2023-4782=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4782=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * kselftests-kmp-azure-debuginfo-5.14.21-150400.14.75.1 * ocfs2-kmp-azure-5.14.21-150400.14.75.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.75.1 * kernel-azure-optional-5.14.21-150400.14.75.1 * gfs2-kmp-azure-5.14.21-150400.14.75.1 * dlm-kmp-azure-debuginfo-5.14.21-150400.14.75.1 * kernel-azure-optional-debuginfo-5.14.21-150400.14.75.1 * cluster-md-kmp-azure-5.14.21-150400.14.75.1 * gfs2-kmp-azure-debuginfo-5.14.21-150400.14.75.1 * kernel-azure-debuginfo-5.14.21-150400.14.75.1 * kernel-azure-devel-debuginfo-5.14.21-150400.14.75.1 * kernel-azure-extra-debuginfo-5.14.21-150400.14.75.1 * kernel-syms-azure-5.14.21-150400.14.75.1 * kernel-azure-debugsource-5.14.21-150400.14.75.1 * kernel-azure-livepatch-devel-5.14.21-150400.14.75.1 * dlm-kmp-azure-5.14.21-150400.14.75.1 * kselftests-kmp-azure-5.14.21-150400.14.75.1 * kernel-azure-devel-5.14.21-150400.14.75.1 * kernel-azure-extra-5.14.21-150400.14.75.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.75.1 * reiserfs-kmp-azure-5.14.21-150400.14.75.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.75.1 * openSUSE Leap 15.4 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150400.14.75.1 * openSUSE Leap 15.4 (noarch) * kernel-devel-azure-5.14.21-150400.14.75.1 * kernel-source-azure-5.14.21-150400.14.75.1 * Public Cloud Module 15-SP4 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150400.14.75.1 * Public Cloud Module 15-SP4 (aarch64 x86_64) * kernel-azure-debuginfo-5.14.21-150400.14.75.1 * kernel-azure-devel-debuginfo-5.14.21-150400.14.75.1 * kernel-syms-azure-5.14.21-150400.14.75.1 * kernel-azure-devel-5.14.21-150400.14.75.1 * kernel-azure-debugsource-5.14.21-150400.14.75.1 * Public Cloud Module 15-SP4 (noarch) * kernel-devel-azure-5.14.21-150400.14.75.1 * kernel-source-azure-5.14.21-150400.14.75.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2006.html * https://www.suse.com/security/cve/CVE-2023-25775.html * https://www.suse.com/security/cve/CVE-2023-39197.html * https://www.suse.com/security/cve/CVE-2023-39198.html * https://www.suse.com/security/cve/CVE-2023-4244.html * https://www.suse.com/security/cve/CVE-2023-45863.html * https://www.suse.com/security/cve/CVE-2023-45871.html * https://www.suse.com/security/cve/CVE-2023-46862.html * https://www.suse.com/security/cve/CVE-2023-5158.html * https://www.suse.com/security/cve/CVE-2023-5717.html * https://www.suse.com/security/cve/CVE-2023-6039.html * https://www.suse.com/security/cve/CVE-2023-6176.html * https://bugzilla.suse.com/show_bug.cgi?id=1210447 * https://bugzilla.suse.com/show_bug.cgi?id=1214286 * https://bugzilla.suse.com/show_bug.cgi?id=1214976 * https://bugzilla.suse.com/show_bug.cgi?id=1215124 * https://bugzilla.suse.com/show_bug.cgi?id=1215292 * https://bugzilla.suse.com/show_bug.cgi?id=1215420 * https://bugzilla.suse.com/show_bug.cgi?id=1215458 * https://bugzilla.suse.com/show_bug.cgi?id=1215710 * https://bugzilla.suse.com/show_bug.cgi?id=1216058 * https://bugzilla.suse.com/show_bug.cgi?id=1216105 * https://bugzilla.suse.com/show_bug.cgi?id=1216259 * https://bugzilla.suse.com/show_bug.cgi?id=1216584 * https://bugzilla.suse.com/show_bug.cgi?id=1216693 * https://bugzilla.suse.com/show_bug.cgi?id=1216759 * https://bugzilla.suse.com/show_bug.cgi?id=1216844 * https://bugzilla.suse.com/show_bug.cgi?id=1216861 * https://bugzilla.suse.com/show_bug.cgi?id=1216909 * https://bugzilla.suse.com/show_bug.cgi?id=1216959 * https://bugzilla.suse.com/show_bug.cgi?id=1216965 * https://bugzilla.suse.com/show_bug.cgi?id=1216976 * https://bugzilla.suse.com/show_bug.cgi?id=1217036 * https://bugzilla.suse.com/show_bug.cgi?id=1217068 * https://bugzilla.suse.com/show_bug.cgi?id=1217086 * https://bugzilla.suse.com/show_bug.cgi?id=1217124 * https://bugzilla.suse.com/show_bug.cgi?id=1217140 * https://bugzilla.suse.com/show_bug.cgi?id=1217195 * https://bugzilla.suse.com/show_bug.cgi?id=1217200 * https://bugzilla.suse.com/show_bug.cgi?id=1217205 * https://bugzilla.suse.com/show_bug.cgi?id=1217332 * https://bugzilla.suse.com/show_bug.cgi?id=1217366 * https://bugzilla.suse.com/show_bug.cgi?id=1217515 * https://bugzilla.suse.com/show_bug.cgi?id=1217598 * https://bugzilla.suse.com/show_bug.cgi?id=1217599 * https://bugzilla.suse.com/show_bug.cgi?id=1217609 * https://bugzilla.suse.com/show_bug.cgi?id=1217687 * https://bugzilla.suse.com/show_bug.cgi?id=1217731 * https://bugzilla.suse.com/show_bug.cgi?id=1217780 * https://jira.suse.com/browse/PED-3184 * https://jira.suse.com/browse/PED-5021 * https://jira.suse.com/browse/PED-7237 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 20:30:05 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 20:30:05 -0000 Subject: SUSE-SU-2023:4817-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP3) Message-ID: <170249940517.27528.8030120214372768137@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:4817-1 Rating: important References: * bsc#1215097 * bsc#1215442 * bsc#1215519 Cross-References: * CVE-2023-2163 * CVE-2023-3777 * CVE-2023-4622 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_124 fixes several issues. The following security issues were fixed: * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215097) * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215442). * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4808=1 SUSE-2023-4817=1 SUSE-2023-4813=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4808=1 SUSE-SLE- Module-Live-Patching-15-SP3-2023-4817=1 SUSE-SLE-Module-Live- Patching-15-SP3-2023-4813=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_118-default-8-150300.2.1 * kernel-livepatch-5_3_18-150300_59_124-default-6-150300.2.1 * kernel-livepatch-5_3_18-150300_59_121-default-8-150300.2.1 * kernel-livepatch-5_3_18-150300_59_118-default-debuginfo-8-150300.2.1 * kernel-livepatch-5_3_18-150300_59_121-default-debuginfo-8-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_31-debugsource-8-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_32-debugsource-8-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_33-debugsource-6-150300.2.1 * kernel-livepatch-5_3_18-150300_59_124-default-debuginfo-6-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_121-preempt-debuginfo-8-150300.2.1 * kernel-livepatch-5_3_18-150300_59_124-preempt-debuginfo-6-150300.2.1 * kernel-livepatch-5_3_18-150300_59_118-preempt-debuginfo-8-150300.2.1 * kernel-livepatch-5_3_18-150300_59_118-preempt-8-150300.2.1 * kernel-livepatch-5_3_18-150300_59_124-preempt-6-150300.2.1 * kernel-livepatch-5_3_18-150300_59_121-preempt-8-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_118-default-8-150300.2.1 * kernel-livepatch-5_3_18-150300_59_124-default-6-150300.2.1 * kernel-livepatch-5_3_18-150300_59_121-default-8-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://bugzilla.suse.com/show_bug.cgi?id=1215097 * https://bugzilla.suse.com/show_bug.cgi?id=1215442 * https://bugzilla.suse.com/show_bug.cgi?id=1215519 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 20:30:08 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 20:30:08 -0000 Subject: SUSE-SU-2023:4804-1: important: Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP2) Message-ID: <170249940860.27528.2672210122363886920@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:4804-1 Rating: important References: * bsc#1210619 Cross-References: * CVE-2023-1829 CVSS scores: * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_169 fixes one issue. The following security issue was fixed: * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-4804=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_169-default-2-150200.2.1 * kernel-livepatch-5_3_18-150200_24_169-default-debuginfo-2-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_42-debugsource-2-150200.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1829.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 20:30:12 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 20:30:12 -0000 Subject: SUSE-SU-2023:4802-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP2) Message-ID: <170249941236.27528.17444642302478066012@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:4802-1 Rating: important References: * bsc#1215442 * bsc#1215519 Cross-References: * CVE-2023-2163 * CVE-2023-4622 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_163 fixes several issues. The following security issues were fixed: * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215442). * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-4814=1 SUSE-SLE- Module-Live-Patching-15-SP2-2023-4803=1 SUSE-SLE-Module-Live- Patching-15-SP2-2023-4815=1 SUSE-SLE-Module-Live-Patching-15-SP2-2023-4802=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_148-default-debuginfo-8-150200.2.1 * kernel-livepatch-5_3_18-150200_24_160-default-4-150200.2.1 * kernel-livepatch-5_3_18-150200_24_163-default-3-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_40-debugsource-3-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_39-debugsource-4-150200.2.1 * kernel-livepatch-5_3_18-150200_24_163-default-debuginfo-3-150200.2.1 * kernel-livepatch-5_3_18-150200_24_157-default-debuginfo-5-150200.2.1 * kernel-livepatch-5_3_18-150200_24_148-default-8-150200.2.1 * kernel-livepatch-5_3_18-150200_24_160-default-debuginfo-4-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_35-debugsource-8-150200.2.1 * kernel-livepatch-5_3_18-150200_24_157-default-5-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_38-debugsource-5-150200.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://bugzilla.suse.com/show_bug.cgi?id=1215442 * https://bugzilla.suse.com/show_bug.cgi?id=1215519 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 20:30:15 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 20:30:15 -0000 Subject: SUSE-SU-2023:4801-1: important: Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP4) Message-ID: <170249941552.27528.7755685588999595205@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:4801-1 Rating: important References: * bsc#1215097 * bsc#1215442 * bsc#1215519 * bsc#1215971 Cross-References: * CVE-2023-2163 * CVE-2023-3777 * CVE-2023-4622 * CVE-2023-5345 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_88 fixes several issues. The following security issues were fixed: * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215097) * CVE-2023-5345: Fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215971) * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215442). * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4801=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4801=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_88-default-debuginfo-3-150400.2.1 * kernel-livepatch-5_14_21-150400_24_88-default-3-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_18-debugsource-3-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_88-default-debuginfo-3-150400.2.1 * kernel-livepatch-5_14_21-150400_24_88-default-3-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_18-debugsource-3-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-5345.html * https://bugzilla.suse.com/show_bug.cgi?id=1215097 * https://bugzilla.suse.com/show_bug.cgi?id=1215442 * https://bugzilla.suse.com/show_bug.cgi?id=1215519 * https://bugzilla.suse.com/show_bug.cgi?id=1215971 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 20:30:19 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 20:30:19 -0000 Subject: SUSE-SU-2023:4805-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP5) Message-ID: <170249941933.27528.7041954159078050977@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:4805-1 Rating: important References: * bsc#1213584 * bsc#1215097 * bsc#1215442 * bsc#1215519 * bsc#1215971 Cross-References: * CVE-2023-2163 * CVE-2023-3610 * CVE-2023-3777 * CVE-2023-4622 * CVE-2023-5345 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_7 fixes several issues. The following security issues were fixed: * CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213584). * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215097) * CVE-2023-5345: Fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215971) * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215442). * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4800=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-4805=1 SUSE-SLE-Module-Live- Patching-15-SP4-2023-4809=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4806=1 SUSE-2023-4819=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4806=1 SUSE-SLE- Module-Live-Patching-15-SP5-2023-4819=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4805=1 SUSE-2023-4809=1 SUSE-2023-4800=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_7-debugsource-11-150400.2.2 * kernel-livepatch-5_14_21-150400_24_41-default-debuginfo-11-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_15-debugsource-5-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_12-debugsource-8-150400.2.1 * kernel-livepatch-5_14_21-150400_24_63-default-8-150400.2.1 * kernel-livepatch-5_14_21-150400_24_63-default-debuginfo-8-150400.2.1 * kernel-livepatch-5_14_21-150400_24_74-default-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_74-default-debuginfo-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_41-default-11-150400.2.2 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_7-default-5-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_1-debugsource-5-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_0-debugsource-6-150500.15.1 * kernel-livepatch-5_14_21-150500_53-default-6-150500.15.1 * kernel-livepatch-5_14_21-150500_53-default-debuginfo-6-150500.15.1 * kernel-livepatch-5_14_21-150500_55_7-default-debuginfo-5-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_7-default-5-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_1-debugsource-5-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_0-debugsource-6-150500.15.1 * kernel-livepatch-5_14_21-150500_53-default-6-150500.15.1 * kernel-livepatch-5_14_21-150500_53-default-debuginfo-6-150500.15.1 * kernel-livepatch-5_14_21-150500_55_7-default-debuginfo-5-150500.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_7-debugsource-11-150400.2.2 * kernel-livepatch-5_14_21-150400_24_41-default-debuginfo-11-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_15-debugsource-5-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_12-debugsource-8-150400.2.1 * kernel-livepatch-5_14_21-150400_24_63-default-8-150400.2.1 * kernel-livepatch-5_14_21-150400_24_41-default-11-150400.2.2 * kernel-livepatch-5_14_21-150400_24_74-default-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_74-default-debuginfo-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_63-default-debuginfo-8-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-3610.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-5345.html * https://bugzilla.suse.com/show_bug.cgi?id=1213584 * https://bugzilla.suse.com/show_bug.cgi?id=1215097 * https://bugzilla.suse.com/show_bug.cgi?id=1215442 * https://bugzilla.suse.com/show_bug.cgi?id=1215519 * https://bugzilla.suse.com/show_bug.cgi?id=1215971 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 20:30:23 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 20:30:23 -0000 Subject: SUSE-SU-2023:4799-1: important: Security update for the Linux Kernel (Live Patch 45 for SLE 12 SP5) Message-ID: <170249942384.27528.11110403594841628729@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 45 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:4799-1 Rating: important References: * bsc#1215442 Cross-References: * CVE-2023-4622 CVSS scores: * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_165 fixes one issue. The following security issue was fixed: * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215442). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-4812=1 SUSE-SLE-Live- Patching-12-SP5-2023-4816=1 SUSE-SLE-Live-Patching-12-SP5-2023-4818=1 SUSE-SLE- Live-Patching-12-SP5-2023-4799=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_159-default-7-2.1 * kgraft-patch-4_12_14-122_165-default-5-2.1 * kgraft-patch-4_12_14-122_156-default-8-2.1 * kgraft-patch-4_12_14-122_139-default-12-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-4622.html * https://bugzilla.suse.com/show_bug.cgi?id=1215442 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 20:30:29 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 20:30:29 -0000 Subject: SUSE-SU-2023:4811-1: important: Security update for the Linux Kernel Message-ID: <170249942966.27528.17760198027767753817@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4811-1 Rating: important References: * bsc#1084909 * bsc#1210780 * bsc#1214037 * bsc#1214344 * bsc#1214764 * bsc#1215371 * bsc#1216058 * bsc#1216259 * bsc#1216584 * bsc#1216965 * bsc#1216976 * bsc#1217140 * bsc#1217332 * bsc#1217408 * bsc#1217780 * jsc#PED-3184 * jsc#PED-5021 Cross-References: * CVE-2023-31083 * CVE-2023-39197 * CVE-2023-39198 * CVE-2023-45863 * CVE-2023-45871 * CVE-2023-5717 * CVE-2023-6176 CVSS scores: * CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves seven vulnerabilities, contains two features and has eight security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). * CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). * CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). * CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). * CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). * CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). * CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). The following non-security bugs were fixed: * ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140). * Call flush_delayed_fput() from nfsd main-loop (bsc#1217408). * net: mana: Configure hwc timeout from hardware (bsc#1214037). * net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764). * powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4811=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4811=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-4811=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4811=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4811=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4811=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4811=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4811=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4811=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4811=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4811=1 ## Package List: * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_144-preempt-debuginfo-1-150300.7.3.1 * kernel-livepatch-5_3_18-150300_59_144-preempt-1-150300.7.3.1 * openSUSE Leap 15.3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.144.1 * openSUSE Leap 15.3 (noarch) * kernel-docs-html-5.3.18-150300.59.144.1 * kernel-source-5.3.18-150300.59.144.1 * kernel-macros-5.3.18-150300.59.144.1 * kernel-source-vanilla-5.3.18-150300.59.144.1 * kernel-devel-5.3.18-150300.59.144.1 * openSUSE Leap 15.3 (nosrc ppc64le x86_64) * kernel-kvmsmall-5.3.18-150300.59.144.1 * kernel-debug-5.3.18-150300.59.144.1 * openSUSE Leap 15.3 (ppc64le x86_64) * kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.144.1 * kernel-debug-livepatch-devel-5.3.18-150300.59.144.1 * kernel-debug-devel-5.3.18-150300.59.144.1 * kernel-kvmsmall-debugsource-5.3.18-150300.59.144.1 * kernel-kvmsmall-devel-5.3.18-150300.59.144.1 * kernel-debug-debuginfo-5.3.18-150300.59.144.1 * kernel-kvmsmall-debuginfo-5.3.18-150300.59.144.1 * kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.144.1 * kernel-debug-debugsource-5.3.18-150300.59.144.1 * kernel-debug-devel-debuginfo-5.3.18-150300.59.144.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.144.1 * kernel-default-livepatch-5.3.18-150300.59.144.1 * kernel-default-livepatch-devel-5.3.18-150300.59.144.1 * reiserfs-kmp-default-5.3.18-150300.59.144.1 * kselftests-kmp-default-debuginfo-5.3.18-150300.59.144.1 * kernel-default-base-rebuild-5.3.18-150300.59.144.1.150300.18.84.1 * kernel-default-extra-5.3.18-150300.59.144.1 * kernel-obs-qa-5.3.18-150300.59.144.1 * kernel-default-debugsource-5.3.18-150300.59.144.1 * kernel-default-devel-5.3.18-150300.59.144.1 * gfs2-kmp-default-5.3.18-150300.59.144.1 * kselftests-kmp-default-5.3.18-150300.59.144.1 * gfs2-kmp-default-debuginfo-5.3.18-150300.59.144.1 * kernel-obs-build-5.3.18-150300.59.144.1 * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.144.1 * dlm-kmp-default-5.3.18-150300.59.144.1 * kernel-default-extra-debuginfo-5.3.18-150300.59.144.1 * kernel-obs-build-debugsource-5.3.18-150300.59.144.1 * dlm-kmp-default-debuginfo-5.3.18-150300.59.144.1 * kernel-default-optional-5.3.18-150300.59.144.1 * ocfs2-kmp-default-5.3.18-150300.59.144.1 * kernel-default-optional-debuginfo-5.3.18-150300.59.144.1 * cluster-md-kmp-default-5.3.18-150300.59.144.1 * kernel-syms-5.3.18-150300.59.144.1 * kernel-default-debuginfo-5.3.18-150300.59.144.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.144.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.144.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.144.1 * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_144-default-1-150300.7.3.1 * kernel-livepatch-5_3_18-150300_59_144-default-debuginfo-1-150300.7.3.1 * kernel-livepatch-SLE15-SP3_Update_39-debugsource-1-150300.7.3.1 * openSUSE Leap 15.3 (aarch64 x86_64) * kernel-preempt-optional-5.3.18-150300.59.144.1 * reiserfs-kmp-preempt-5.3.18-150300.59.144.1 * dlm-kmp-preempt-debuginfo-5.3.18-150300.59.144.1 * kernel-preempt-extra-5.3.18-150300.59.144.1 * cluster-md-kmp-preempt-5.3.18-150300.59.144.1 * ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.144.1 * gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.144.1 * kernel-preempt-devel-5.3.18-150300.59.144.1 * kernel-preempt-debugsource-5.3.18-150300.59.144.1 * cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.144.1 * kernel-preempt-livepatch-devel-5.3.18-150300.59.144.1 * ocfs2-kmp-preempt-5.3.18-150300.59.144.1 * kselftests-kmp-preempt-5.3.18-150300.59.144.1 * kernel-preempt-extra-debuginfo-5.3.18-150300.59.144.1 * kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.144.1 * kernel-preempt-optional-debuginfo-5.3.18-150300.59.144.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.144.1 * kernel-preempt-debuginfo-5.3.18-150300.59.144.1 * gfs2-kmp-preempt-5.3.18-150300.59.144.1 * dlm-kmp-preempt-5.3.18-150300.59.144.1 * reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.144.1 * openSUSE Leap 15.3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.144.1 * openSUSE Leap 15.3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.144.1 * openSUSE Leap 15.3 (s390x) * kernel-zfcpdump-debugsource-5.3.18-150300.59.144.1 * kernel-zfcpdump-debuginfo-5.3.18-150300.59.144.1 * openSUSE Leap 15.3 (nosrc) * dtb-aarch64-5.3.18-150300.59.144.1 * openSUSE Leap 15.3 (aarch64) * dtb-zte-5.3.18-150300.59.144.1 * kernel-64kb-debuginfo-5.3.18-150300.59.144.1 * kernel-64kb-extra-debuginfo-5.3.18-150300.59.144.1 * dtb-altera-5.3.18-150300.59.144.1 * reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.144.1 * kernel-64kb-optional-debuginfo-5.3.18-150300.59.144.1 * dtb-freescale-5.3.18-150300.59.144.1 * dtb-exynos-5.3.18-150300.59.144.1 * kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.144.1 * dtb-lg-5.3.18-150300.59.144.1 * dtb-al-5.3.18-150300.59.144.1 * dtb-socionext-5.3.18-150300.59.144.1 * ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.144.1 * kernel-64kb-devel-5.3.18-150300.59.144.1 * dtb-marvell-5.3.18-150300.59.144.1 * dtb-broadcom-5.3.18-150300.59.144.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.144.1 * dtb-qcom-5.3.18-150300.59.144.1 * dtb-nvidia-5.3.18-150300.59.144.1 * dtb-allwinner-5.3.18-150300.59.144.1 * kselftests-kmp-64kb-5.3.18-150300.59.144.1 * dtb-hisilicon-5.3.18-150300.59.144.1 * reiserfs-kmp-64kb-5.3.18-150300.59.144.1 * dtb-arm-5.3.18-150300.59.144.1 * ocfs2-kmp-64kb-5.3.18-150300.59.144.1 * cluster-md-kmp-64kb-5.3.18-150300.59.144.1 * dtb-apm-5.3.18-150300.59.144.1 * kernel-64kb-extra-5.3.18-150300.59.144.1 * gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.144.1 * kernel-64kb-livepatch-devel-5.3.18-150300.59.144.1 * kernel-64kb-optional-5.3.18-150300.59.144.1 * dlm-kmp-64kb-debuginfo-5.3.18-150300.59.144.1 * kernel-64kb-debugsource-5.3.18-150300.59.144.1 * dlm-kmp-64kb-5.3.18-150300.59.144.1 * dtb-mediatek-5.3.18-150300.59.144.1 * dtb-sprd-5.3.18-150300.59.144.1 * dtb-amd-5.3.18-150300.59.144.1 * dtb-amlogic-5.3.18-150300.59.144.1 * dtb-renesas-5.3.18-150300.59.144.1 * dtb-rockchip-5.3.18-150300.59.144.1 * gfs2-kmp-64kb-5.3.18-150300.59.144.1 * dtb-cavium-5.3.18-150300.59.144.1 * cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.144.1 * dtb-xilinx-5.3.18-150300.59.144.1 * openSUSE Leap 15.3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.144.1 * SUSE Linux Enterprise Live Patching 15-SP3 (nosrc) * kernel-default-5.3.18-150300.59.144.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_144-default-1-150300.7.3.1 * kernel-default-livepatch-5.3.18-150300.59.144.1 * kernel-default-debuginfo-5.3.18-150300.59.144.1 * kernel-default-livepatch-devel-5.3.18-150300.59.144.1 * kernel-default-debugsource-5.3.18-150300.59.144.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * gfs2-kmp-default-debuginfo-5.3.18-150300.59.144.1 * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.144.1 * dlm-kmp-default-5.3.18-150300.59.144.1 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.144.1 * gfs2-kmp-default-5.3.18-150300.59.144.1 * kernel-default-debuginfo-5.3.18-150300.59.144.1 * dlm-kmp-default-debuginfo-5.3.18-150300.59.144.1 * ocfs2-kmp-default-5.3.18-150300.59.144.1 * cluster-md-kmp-default-5.3.18-150300.59.144.1 * kernel-default-debugsource-5.3.18-150300.59.144.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc) * kernel-default-5.3.18-150300.59.144.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.144.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.144.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.144.1 * kernel-64kb-debuginfo-5.3.18-150300.59.144.1 * kernel-64kb-devel-5.3.18-150300.59.144.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150300.59.144.1 * kernel-preempt-5.3.18-150300.59.144.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * kernel-obs-build-5.3.18-150300.59.144.1 * kernel-syms-5.3.18-150300.59.144.1 * kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1 * kernel-preempt-devel-5.3.18-150300.59.144.1 * kernel-default-devel-5.3.18-150300.59.144.1 * kernel-default-debuginfo-5.3.18-150300.59.144.1 * kernel-obs-build-debugsource-5.3.18-150300.59.144.1 * reiserfs-kmp-default-5.3.18-150300.59.144.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.144.1 * kernel-preempt-debuginfo-5.3.18-150300.59.144.1 * kernel-preempt-debugsource-5.3.18-150300.59.144.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.144.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.144.1 * kernel-default-debugsource-5.3.18-150300.59.144.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * kernel-macros-5.3.18-150300.59.144.1 * kernel-source-5.3.18-150300.59.144.1 * kernel-devel-5.3.18-150300.59.144.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.144.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.144.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.144.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.144.1 * kernel-64kb-debuginfo-5.3.18-150300.59.144.1 * kernel-64kb-devel-5.3.18-150300.59.144.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150300.59.144.1 * kernel-preempt-5.3.18-150300.59.144.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * kernel-obs-build-5.3.18-150300.59.144.1 * kernel-syms-5.3.18-150300.59.144.1 * kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1 * kernel-preempt-devel-5.3.18-150300.59.144.1 * kernel-default-devel-5.3.18-150300.59.144.1 * kernel-default-debuginfo-5.3.18-150300.59.144.1 * kernel-obs-build-debugsource-5.3.18-150300.59.144.1 * reiserfs-kmp-default-5.3.18-150300.59.144.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.144.1 * kernel-preempt-debuginfo-5.3.18-150300.59.144.1 * kernel-preempt-debugsource-5.3.18-150300.59.144.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.144.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.144.1 * kernel-default-debugsource-5.3.18-150300.59.144.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * kernel-macros-5.3.18-150300.59.144.1 * kernel-source-5.3.18-150300.59.144.1 * kernel-devel-5.3.18-150300.59.144.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.144.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.144.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.144.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.144.1 * kernel-64kb-debuginfo-5.3.18-150300.59.144.1 * kernel-64kb-devel-5.3.18-150300.59.144.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.144.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-5.3.18-150300.59.144.1 * kernel-syms-5.3.18-150300.59.144.1 * kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1 * kernel-default-devel-5.3.18-150300.59.144.1 * kernel-default-debuginfo-5.3.18-150300.59.144.1 * kernel-obs-build-debugsource-5.3.18-150300.59.144.1 * reiserfs-kmp-default-5.3.18-150300.59.144.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.144.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.144.1 * kernel-default-debugsource-5.3.18-150300.59.144.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * kernel-macros-5.3.18-150300.59.144.1 * kernel-source-5.3.18-150300.59.144.1 * kernel-devel-5.3.18-150300.59.144.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.144.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.144.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * kernel-preempt-devel-debuginfo-5.3.18-150300.59.144.1 * kernel-preempt-debuginfo-5.3.18-150300.59.144.1 * kernel-preempt-debugsource-5.3.18-150300.59.144.1 * kernel-preempt-devel-5.3.18-150300.59.144.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.144.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * kernel-zfcpdump-debugsource-5.3.18-150300.59.144.1 * kernel-zfcpdump-debuginfo-5.3.18-150300.59.144.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150300.59.144.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * kernel-obs-build-5.3.18-150300.59.144.1 * kernel-syms-5.3.18-150300.59.144.1 * kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1 * kernel-default-devel-5.3.18-150300.59.144.1 * kernel-default-debuginfo-5.3.18-150300.59.144.1 * kernel-obs-build-debugsource-5.3.18-150300.59.144.1 * reiserfs-kmp-default-5.3.18-150300.59.144.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.144.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.144.1 * kernel-default-debugsource-5.3.18-150300.59.144.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * kernel-macros-5.3.18-150300.59.144.1 * kernel-source-5.3.18-150300.59.144.1 * kernel-devel-5.3.18-150300.59.144.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.144.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.144.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * kernel-preempt-devel-debuginfo-5.3.18-150300.59.144.1 * kernel-preempt-debuginfo-5.3.18-150300.59.144.1 * kernel-preempt-debugsource-5.3.18-150300.59.144.1 * kernel-preempt-devel-5.3.18-150300.59.144.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.144.1 * SUSE Enterprise Storage 7.1 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.144.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.144.1 * kernel-64kb-debuginfo-5.3.18-150300.59.144.1 * kernel-64kb-devel-5.3.18-150300.59.144.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150300.59.144.1 * kernel-preempt-5.3.18-150300.59.144.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * kernel-obs-build-5.3.18-150300.59.144.1 * kernel-syms-5.3.18-150300.59.144.1 * kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1 * kernel-preempt-devel-5.3.18-150300.59.144.1 * kernel-default-devel-5.3.18-150300.59.144.1 * kernel-default-debuginfo-5.3.18-150300.59.144.1 * kernel-obs-build-debugsource-5.3.18-150300.59.144.1 * reiserfs-kmp-default-5.3.18-150300.59.144.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.144.1 * kernel-preempt-debuginfo-5.3.18-150300.59.144.1 * kernel-preempt-debugsource-5.3.18-150300.59.144.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.144.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.144.1 * kernel-default-debugsource-5.3.18-150300.59.144.1 * SUSE Enterprise Storage 7.1 (noarch) * kernel-macros-5.3.18-150300.59.144.1 * kernel-source-5.3.18-150300.59.144.1 * kernel-devel-5.3.18-150300.59.144.1 * SUSE Enterprise Storage 7.1 (noarch nosrc) * kernel-docs-5.3.18-150300.59.144.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.144.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.144.1 * kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1 * kernel-default-debugsource-5.3.18-150300.59.144.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.144.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.144.1 * kernel-default-debugsource-5.3.18-150300.59.144.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.144.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.144.1 * kernel-default-debugsource-5.3.18-150300.59.144.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31083.html * https://www.suse.com/security/cve/CVE-2023-39197.html * https://www.suse.com/security/cve/CVE-2023-39198.html * https://www.suse.com/security/cve/CVE-2023-45863.html * https://www.suse.com/security/cve/CVE-2023-45871.html * https://www.suse.com/security/cve/CVE-2023-5717.html * https://www.suse.com/security/cve/CVE-2023-6176.html * https://bugzilla.suse.com/show_bug.cgi?id=1084909 * https://bugzilla.suse.com/show_bug.cgi?id=1210780 * https://bugzilla.suse.com/show_bug.cgi?id=1214037 * https://bugzilla.suse.com/show_bug.cgi?id=1214344 * https://bugzilla.suse.com/show_bug.cgi?id=1214764 * https://bugzilla.suse.com/show_bug.cgi?id=1215371 * https://bugzilla.suse.com/show_bug.cgi?id=1216058 * https://bugzilla.suse.com/show_bug.cgi?id=1216259 * https://bugzilla.suse.com/show_bug.cgi?id=1216584 * https://bugzilla.suse.com/show_bug.cgi?id=1216965 * https://bugzilla.suse.com/show_bug.cgi?id=1216976 * https://bugzilla.suse.com/show_bug.cgi?id=1217140 * https://bugzilla.suse.com/show_bug.cgi?id=1217332 * https://bugzilla.suse.com/show_bug.cgi?id=1217408 * https://bugzilla.suse.com/show_bug.cgi?id=1217780 * https://jira.suse.com/browse/PED-3184 * https://jira.suse.com/browse/PED-5021 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 20:30:39 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 20:30:39 -0000 Subject: SUSE-SU-2023:4810-1: important: Security update for the Linux Kernel Message-ID: <170249943946.27528.16871360285751042980@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4810-1 Rating: important References: * bsc#1084909 * bsc#1210447 * bsc#1214286 * bsc#1214976 * bsc#1215124 * bsc#1215292 * bsc#1215420 * bsc#1215458 * bsc#1215710 * bsc#1216058 * bsc#1216105 * bsc#1216259 * bsc#1216584 * bsc#1216693 * bsc#1216759 * bsc#1216844 * bsc#1216861 * bsc#1216909 * bsc#1216959 * bsc#1216965 * bsc#1216976 * bsc#1217036 * bsc#1217068 * bsc#1217086 * bsc#1217124 * bsc#1217140 * bsc#1217195 * bsc#1217200 * bsc#1217205 * bsc#1217332 * bsc#1217366 * bsc#1217515 * bsc#1217598 * bsc#1217599 * bsc#1217609 * bsc#1217687 * bsc#1217731 * bsc#1217780 * jsc#PED-3184 * jsc#PED-5021 * jsc#PED-7237 Cross-References: * CVE-2023-2006 * CVE-2023-25775 * CVE-2023-39197 * CVE-2023-39198 * CVE-2023-4244 * CVE-2023-45863 * CVE-2023-45871 * CVE-2023-46862 * CVE-2023-5158 * CVE-2023-5717 * CVE-2023-6039 * CVE-2023-6176 CVSS scores: * CVE-2023-2006 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2006 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25775 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-25775 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4244 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4244 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-46862 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46862 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5158 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-5158 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6039 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6039 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * Legacy Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 12 vulnerabilities, contains three features and has 26 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). * CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447). * CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). * CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). * CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068). * CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). * CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710). * CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). * CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). * CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). * CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959). * CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693). The following non-security bugs were fixed: * ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes). * ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes). * ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes). * ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes). * ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes). * ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes). * ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes). * ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes). * ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes). * ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140). * ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes). * ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes). * ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes). * ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes). * ALSA: info: Fix potential deadlock at disconnection (git-fixes). * ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes). * ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes). * ASoC: ams-delta.c: use component after check (git-fixes). * ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes). * ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes). * ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes). * ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes). * ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described (git-fixes). * ASoC: hdmi-codec: register hpd callback on component probe (git-fixes). * ASoC: rt5650: fix the wrong result of key button (git-fixes). * ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes). * ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes). * Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes). * Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git- fixes). * Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git- fixes). * Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes). * Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git- fixes). * HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes). * HID: hyperv: Replace one-element array with flexible-array member (git- fixes). * HID: hyperv: avoid struct memcpy overrun warning (git-fixes). * HID: hyperv: remove unused struct synthhid_msg (git-fixes). * HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround (git-fixes). * HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only (git-fixes). * HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes). * HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes). * HID: logitech-hidpp: Revert "Do not restart communication if not necessary" (git-fixes). * Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes). * Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git- fixes). * Input: xpad - add VID for Turtle Beach controllers (git-fixes). * PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes). * PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes). * PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458). * PCI: Extract ATS disabling to a helper function (bsc#1215458). * PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git- fixes). * PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes). * PCI: Use FIELD_GET() to extract Link Width (git-fixes). * PCI: exynos: Do not discard .remove() callback (git-fixes). * PCI: keystone: Do not discard .probe() callback (git-fixes). * PCI: keystone: Do not discard .remove() callback (git-fixes). * PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git- fixes). * PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes). * PM: hibernate: Use __get_safe_page() rather than touching the list (git- fixes). * USB: dwc2: write HCINT with INTMASK applied (bsc#1214286). * USB: dwc3: qcom: fix ACPI platform device leak (git-fixes). * USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes). * USB: dwc3: qcom: fix software node leak on probe errors (git-fixes). * USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes). * USB: serial: option: add Fibocom L7xx modules (git-fixes). * USB: serial: option: add Luat Air72*U series products (git-fixes). * USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes). * USB: serial: option: fix FM101R-GL defines (git-fixes). * USB: usbip: fix stub_dev hub disconnect (git-fixes). * arm/xen: fix xen_vcpu_info allocation alignment (git-fixes). * arm64: Add Cortex-A520 CPU part definition (git-fixes) * arm64: allow kprobes on EL0 handlers (git-fixes) * arm64: armv8_deprecated move emulation functions (git-fixes) * arm64: armv8_deprecated: fix unused-function error (git-fixes) * arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes) * arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes) * arm64: armv8_deprecated: rework deprected instruction handling (git-fixes) * arm64: consistently pass ESR_ELx to die() (git-fixes) * arm64: die(): pass 'err' as long (git-fixes) * arm64: factor insn read out of call_undef_hook() (git-fixes) * arm64: factor out EL1 SSBS emulation hook (git-fixes) * arm64: report EL1 UNDEFs better (git-fixes) * arm64: rework BTI exception handling (git-fixes) * arm64: rework EL0 MRS emulation (git-fixes) * arm64: rework FPAC exception handling (git-fixes) * arm64: split EL0/EL1 UNDEF handlers (git-fixes) * ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes). * atl1c: Work around the DMA RX overflow issue (git-fixes). * atm: iphase: Do PCI error checks on own line (git-fixes). * blk-mq: Do not clear driver tags own mapping (bsc#1217366). * blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366). * bluetooth: Add device 0bda:887b to device tables (git-fixes). * bluetooth: Add device 13d3:3571 to device tables (git-fixes). * can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes). * can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes). * can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes). * can: isotp: add local echo tx processing for consecutive frames (git-fixes). * can: isotp: fix race between isotp_sendsmg() and isotp_release() (git- fixes). * can: isotp: fix tx state handling for echo tx processing (git-fixes). * can: isotp: handle wait_event_interruptible() return values (git-fixes). * can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting (git-fixes). * can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git- fixes). * can: isotp: remove re-binding of bound socket (git-fixes). * can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes). * can: isotp: set max PDU size to 64 kByte (git-fixes). * can: isotp: split tx timer into transmission and timeout (git-fixes). * can: sja1000: Fix comment (git-fixes). * clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (git-fixes). * clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes). * clk: imx: imx8mq: correct error handling path (git-fixes). * clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes). * clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes). * clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes). * clk: npcm7xx: Fix incorrect kfree (git-fixes). * clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (git-fixes). * clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes). * clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes). * clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git- fixes). * clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git- fixes). * clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes). * clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes). * clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes). * clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes). * clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git- fixes). * clk: ti: change ti_clk_register_omap_hw API (git-fixes). * clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes). * crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes). * crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes). * crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes). * dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git- fixes). * dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git- fixes). * dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes). * dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes). * docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458). * docs: net: reformat driver.rst from a list to sections (bsc#1215458). * docs: net: use C syntax highlight in driver.rst (bsc#1215458). * drm/amd/display: Avoid NULL dereference of timing generator (git-fixes). * drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (git-fixes). * drm/amd/display: remove useless check in should_enable_fbc() (git-fixes). * drm/amd/display: use full update for clip size increase of large plane source (git-fixes). * drm/amd/pm: Handle non-terminated overdrive commands (git-fixes). * drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git- fixes). * drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes). * drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (git-fixes). * drm/amdgpu: Fix potential null pointer derefernce (git-fixes). * drm/amdgpu: do not use ATRM for external devices (git-fixes). * drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes). * drm/amdgpu: fix software pci_unplug on some chips (git-fixes). * drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git- fixes). * drm/amdkfd: Fix shift out-of-bounds issue (git-fixes). * drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes). * drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes). * drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes). * drm/bridge: lt8912b: Fix bridge_detach (git-fixes). * drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes). * drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git- fixes). * drm/bridge: lt8912b: Register and attach our DSI device at probe (git- fixes). * drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes). * drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git- fixes). * drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes). * drm/bridge: lt9611uxc: fix the race in the error path (git-fixes). * drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes). * drm/bridge: tc358768: Fix bit updates (git-fixes). * drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes). * drm/gud: Use size_add() in call to struct_size() (git-fixes). * drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes). * drm/i915: Fix potential spectre vulnerability (git-fixes). * drm/komeda: drop all currently held locks if deadlock happens (git-fixes). * drm/mediatek: Fix iommu fault by swapping FBs after updating plane state (git-fixes). * drm/mediatek: Fix iommu fault during crtc enabling (git-fixes). * drm/mipi-dsi: Create devm device attachment (git-fixes). * drm/mipi-dsi: Create devm device registration (git-fixes). * drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes). * drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git- fixes). * drm/panel: fix a possible null pointer dereference (git-fixes). * drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes). * drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes). * drm/panel: st7703: Pick different reset sequence (git-fixes). * drm/qxl: prevent memory leak (git-fixes). * drm/radeon: possible buffer overflow (git-fixes). * drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git- fixes). * drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git- fixes). * drm/rockchip: vop: Fix call to crtc reset helper (git-fixes). * drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git- fixes). * drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git- fixes). * drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes). * drm/vc4: fix typo (git-fixes). * drm: vmwgfx_surface.c: copy user-array safely (git-fixes). * dt-bindings: usb: hcd: add missing phy name to example (git-fixes). * dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes). * fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes). * fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes). * fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git- fixes). * fbdev: imsttfb: fix a resource leak in probe (git-fixes). * fbdev: imsttfb: fix double free in probe() (git-fixes). * fbdev: omapfb: Drop unused remove function (git-fixes). * firewire: core: fix possible memory leak in create_units() (git-fixes). * firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git- fixes). * gpio: mockup: fix kerneldoc (git-fixes). * gpio: mockup: remove unused field (git-fixes). * hid: cp2112: Fix duplicate workqueue initialization (git-fixes). * hv: simplify sysctl registration (git-fixes). * hv_netvsc: Fix race of register_netdevice_notifier and VF register (git- fixes). * hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes). * hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes). * hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes). * hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git- fixes). * i2c: aspeed: Fix i2c bus hang in slave read (git-fixes). * i2c: core: Run atomic i2c xfer when !preemptible (git-fixes). * i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (git-fixes). * i2c: dev: copy userspace array safely (git-fixes). * i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git- fixes). * i2c: iproc: handle invalid slave state (git-fixes). * i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). * i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes). * i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). * i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes). * i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes). * i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git- fixes). * i3c: master: cdns: Fix reading status register (git-fixes). * i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git- fixes). * i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git- fixes). * i3c: master: svc: fix check wrong status register in irq handler (git- fixes). * i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes). * i3c: master: svc: fix race condition in ibi work thread (git-fixes). * i3c: master: svc: fix wrong data return when IBI happen during start frame (git-fixes). * i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git- fixes). * i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes). * idpf: add RX splitq napi poll support (bsc#1215458). * idpf: add SRIOV support and other ndo_ops (bsc#1215458). * idpf: add TX splitq napi poll support (bsc#1215458). * idpf: add controlq init and reset checks (bsc#1215458). * idpf: add core init and interrupt request (bsc#1215458). * idpf: add create vport and netdev configuration (bsc#1215458). * idpf: add ethtool callbacks (bsc#1215458). * idpf: add module register and probe functionality (bsc#1215458). * idpf: add ptypes and MAC filter support (bsc#1215458). * idpf: add singleq start_xmit and napi poll (bsc#1215458). * idpf: add splitq start_xmit (bsc#1215458). * idpf: cancel mailbox work in error path (bsc#1215458). * idpf: configure resources for RX queues (bsc#1215458). * idpf: configure resources for TX queues (bsc#1215458). * idpf: fix potential use-after-free in idpf_tso() (bsc#1215458). * idpf: initialize interrupts and enable vport (bsc#1215458). * idpf: set scheduling mode for completion queue (bsc#1215458). * iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git- fixes). * iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds (git-fixes). * iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes). * irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes). * leds: pwm: Do not disable the PWM when the LED should be off (git-fixes). * leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (git-fixes). * leds: turris-omnia: Do not use SMBUS calls (git-fixes). * lsm: fix default return value for inode_getsecctx (git-fixes). * lsm: fix default return value for vm_enough_memory (git-fixes). * media: bttv: fix use after free error due to btv->timeout timer (git-fixes). * media: ccs: Correctly initialise try compose rectangle (git-fixes). * media: ccs: Fix driver quirk struct documentation (git-fixes). * media: cedrus: Fix clock/reset sequence (git-fixes). * media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes). * media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes). * media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes). * media: imon: fix access to invalid resource for the second interface (git- fixes). * media: lirc: drop trailing space from scancode transmit (git-fixes). * media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes). * media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes). * media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes). * media: qcom: camss: Fix vfe_get() error jump (git-fixes). * media: sharp: fix sharp encoding (git-fixes). * media: siano: Drop unnecessary error check for debugfs_create_dir/file() (git-fixes). * media: venus: hfi: add checks to handle capabilities from firmware (git- fixes). * media: venus: hfi: add checks to perform sanity on queue pointers (git- fixes). * media: venus: hfi: fix the check to handle session buffer requirement (git- fixes). * media: venus: hfi_parser: Add check to keep the number of codecs within range (git-fixes). * media: vidtv: mux: Add check and kfree for kstrdup (git-fixes). * media: vidtv: psi: Add check for kstrdup (git-fixes). * media: vivid: avoid integer overflow (git-fixes). * mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git- fixes). * mfd: core: Ensure disabled devices are skipped without aborting (git-fixes). * mfd: dln2: Fix double put in dln2_probe (git-fixes). * misc: fastrpc: Clean buffers on remote invocation failures (git-fixes). * misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git- fixes). * mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237, git-fixes). * mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes). * mmc: block: Do not lose cache flush during CQE error recovery (git-fixes). * mmc: block: Retry commands in CQE error recovery (git-fixes). * mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes). * mmc: cqhci: Increase recovery halt timeout (git-fixes). * mmc: cqhci: Warn of halt or task clear failure (git-fixes). * mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes). * mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git- fixes). * mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git- fixes). * mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes). * mmc: vub300: fix an error code (git-fixes). * modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes). * mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes). * mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes). * mtd: rawnand: arasan: Include ECC syndrome along with in-band data while checking for ECC failure (git-fixes). * net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759). * net: Avoid address overwrite in kernel_connect (bsc#1216861). * net: add macro netif_subqueue_completed_wake (bsc#1215458). * net: fix use-after-free in tw_timer_handler (bsc#1217195). * net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (git-fixes). * net: mana: Fix return type of mana_start_xmit() (git-fixes). * net: piggy back on the memory barrier in bql when waking queues (bsc#1215458). * net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458). * net: usb: ax88179_178a: fix failed operations during ax88179_reset (git- fixes). * net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git- fixes). * nvme: update firmware version after commit (bsc#1215292). * pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes). * pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes). * pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes). * pinctrl: avoid reload of p state in list iteration (git-fixes). * platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git- fixes). * platform/x86: wmi: Fix opening of char device (git-fixes). * platform/x86: wmi: Fix probe failure when failing to register WMI devices (git-fixes). * platform/x86: wmi: remove unnecessary initializations (git-fixes). * powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). * pwm: Fix double shift bug (git-fixes). * pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes). * pwm: sti: Reduce number of allocations and drop usage of chip_data (git- fixes). * r8152: Cancel hw_phy_work if we have an error in probe (git-fixes). * r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes). * r8152: Check for unplug in rtl_phy_patch_request() (git-fixes). * r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes). * r8152: Release firmware if we have an error in probe (git-fixes). * r8152: Run the unload routine if we have errors during probe (git-fixes). * regmap: Ensure range selector registers are updated after cache sync (git- fixes). * regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes). * regmap: prevent noinc writes from clobbering cache (git-fixes). * s390/ap: fix AP bus crash on early config change callback invocation (git- fixes bsc#1217687). * s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609). * s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086). * s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997 bsc#1217086). * s390/cmma: fix initial kernel address space page table walk (LTC#203997 bsc#1217086). * s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205). * s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124). * s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515). * s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217598). * s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes). * s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203997 bsc#1217086). * s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203997 bsc#1217086). * s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200). * s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217599). * sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes). * scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731). * scsi: lpfc: Correct maximum PCI function value for RAS fw logging (bsc#1217731). * scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731). * scsi: lpfc: Enhance driver logging for selected discovery events (bsc#1217731). * scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731). * scsi: lpfc: Fix possible file string name overflow when updating firmware (bsc#1217731). * scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124). * scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731). * scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV ports (bsc#1217124). * scsi: lpfc: Remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124). * scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731). * scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci offline (bsc#1217124). * scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124). * scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731). * scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124). * scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes). * scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git- fixes). * selftests/efivarfs: create-read: fix a resource leak (git-fixes). * selftests/pidfd: Fix ksft print formats (git-fixes). * selftests/resctrl: Ensure the benchmark commands fits to its array (git- fixes). * selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git- fixes). * selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes). * seq_buf: fix a misleading comment (git-fixes). * serial: exar: Revert "serial: exar: Add support for Sealevel 7xxxC serial cards" (git-fixes). * serial: meson: Use platform_get_irq() to get the interrupt (git-fixes). * soc: qcom: llcc: Handle a second device without data corruption (git-fixes). * spi: nxp-fspi: use the correct ioremap function (git-fixes). * spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes). * spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes). * staging: media: ipu3: remove ftrace-like logging (git-fixes). * string.h: add array-wrappers for (v)memdup_user() (git-fixes). * supported.conf: marked idpf supported * thermal: core: prevent potential string overflow (git-fixes). * treewide: Spelling fix in comment (git-fixes). * tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes). * tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes). * tty: 8250: Add support for Brainboxes UP cards (git-fixes). * tty: 8250: Add support for Intashield IS-100 (git-fixes). * tty: 8250: Add support for Intashield IX cards (git-fixes). * tty: 8250: Add support for additional Brainboxes PX cards (git-fixes). * tty: 8250: Add support for additional Brainboxes UC cards (git-fixes). * tty: 8250: Fix port count of PX-257 (git-fixes). * tty: 8250: Fix up PX-803/PX-857 (git-fixes). * tty: 8250: Remove UC-257 and UC-431 (git-fixes). * tty: Fix uninit-value access in ppp_sync_receive() (git-fixes). * tty: n_gsm: fix race condition in status line change on dead connections (git-fixes). * tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes). * tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes). * tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes). * usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes). * usb: chipidea: Fix DMA overwrite for Tegra (git-fixes). * usb: chipidea: Simplify Tegra DMA alignment code (git-fixes). * usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (git-fixes). * usb: dwc3: Fix default mode initialization (git-fixes). * usb: dwc3: set the dma max_seg_size (git-fixes). * usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes). * usb: raw-gadget: properly handle interrupted requests (git-fixes). * usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility (git-fixes). * usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git- fixes). * usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes). * virtchnl: add virtchnl version 2 ops (bsc#1215458). * wifi: ath10k: Do not touch the CE interrupt registers after power up (git- fixes). * wifi: ath10k: fix clang-specific fortify warning (git-fixes). * wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes). * wifi: ath11k: fix dfs radar event locking (git-fixes). * wifi: ath11k: fix htt pktlog locking (git-fixes). * wifi: ath11k: fix temperature event locking (git-fixes). * wifi: ath9k: fix clang-specific fortify warnings (git-fixes). * wifi: iwlwifi: Use FW rate for non-data frames (git-fixes). * wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git- fixes). * wifi: iwlwifi: empty overflow queue during flush (git-fixes). * wifi: iwlwifi: honor the enable_ini value (git-fixes). * wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes). * wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git- fixes). * wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes). * wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes). * wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes). * wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). * x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes). * x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes). * x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git- fixes). * x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes). * x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes). * x86/hyperv: Make hv_get_nmi_reason public (git-fixes). * x86/hyperv: fix a warning in mshyperv.h (git-fixes). * x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git- fixes). * x86/sev: Fix calculation of end address based on number of pages (git- fixes). * x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git- fixes). * x86: Move gds_ucode_mitigated() declaration to header (git-fixes). * xfs: add attr state machine tracepoints (git-fixes). * xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909). * xfs: constify btree function parameters that are not modified (git-fixes). * xfs: convert AGF log flags to unsigned (git-fixes). * xfs: convert AGI log flags to unsigned (git-fixes). * xfs: convert attr type flags to unsigned (git-fixes). * xfs: convert bmap extent type flags to unsigned (git-fixes). * xfs: convert bmapi flags to unsigned (git-fixes). * xfs: convert btree buffer log flags to unsigned (git-fixes). * xfs: convert buffer flags to unsigned (git-fixes). * xfs: convert buffer log item flags to unsigned (git-fixes). * xfs: convert da btree operations flags to unsigned (git-fixes). * xfs: convert dquot flags to unsigned (git-fixes). * xfs: convert inode lock flags to unsigned (git-fixes). * xfs: convert log item tracepoint flags to unsigned (git-fixes). * xfs: convert log ticket and iclog flags to unsigned (git-fixes). * xfs: convert quota options flags to unsigned (git-fixes). * xfs: convert scrub type flags to unsigned (git-fixes). * xfs: disambiguate units for ftrace fields tagged "blkno", "block", or "bno" (git-fixes). * xfs: disambiguate units for ftrace fields tagged "count" (git-fixes). * xfs: disambiguate units for ftrace fields tagged "len" (git-fixes). * xfs: disambiguate units for ftrace fields tagged "offset" (git-fixes). * xfs: make the key parameters to all btree key comparison functions const (git-fixes). * xfs: make the key parameters to all btree query range functions const (git- fixes). * xfs: make the keys and records passed to btree inorder functions const (git- fixes). * xfs: make the pointer passed to btree set_root functions const (git-fixes). * xfs: make the start pointer passed to btree alloc_block functions const (git-fixes). * xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes). * xfs: mark the record passed into btree init_key functions as const (git- fixes). * xfs: mark the record passed into xchk_btree functions as const (git-fixes). * xfs: remove xfs_btree_cur_t typedef (git-fixes). * xfs: rename i_disk_size fields in ftrace output (git-fixes). * xfs: resolve fork names in trace output (git-fixes). * xfs: standardize AG block number formatting in ftrace output (git-fixes). * xfs: standardize AG number formatting in ftrace output (git-fixes). * xfs: standardize daddr formatting in ftrace output (git-fixes). * xfs: standardize inode generation formatting in ftrace output (git-fixes). * xfs: standardize inode number formatting in ftrace output (git-fixes). * xfs: standardize remaining xfs_buf length tracepoints (git-fixes). * xfs: standardize rmap owner number formatting in ftrace output (git-fixes). * xhci: Enable RPM on controllers that support low-power states (git-fixes). * xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4810=1 openSUSE-SLE-15.4-2023-4810=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4810=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4810=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4810=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4810=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4810=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4810=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4810=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4810=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-4810=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4810=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-4810=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4810=1 ## Package List: * openSUSE Leap 15.4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.100.1 * openSUSE Leap 15.4 (noarch) * kernel-devel-5.14.21-150400.24.100.2 * kernel-docs-html-5.14.21-150400.24.100.1 * kernel-macros-5.14.21-150400.24.100.2 * kernel-source-vanilla-5.14.21-150400.24.100.2 * kernel-source-5.14.21-150400.24.100.2 * openSUSE Leap 15.4 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150400.24.100.2 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-devel-debuginfo-5.14.21-150400.24.100.2 * kernel-debug-livepatch-devel-5.14.21-150400.24.100.2 * kernel-debug-debuginfo-5.14.21-150400.24.100.2 * kernel-debug-debugsource-5.14.21-150400.24.100.2 * kernel-debug-devel-5.14.21-150400.24.100.2 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * kernel-default-base-rebuild-5.14.21-150400.24.100.2.150400.24.46.2 * kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.100.2 * kernel-kvmsmall-devel-5.14.21-150400.24.100.2 * kernel-kvmsmall-debuginfo-5.14.21-150400.24.100.2 * kernel-kvmsmall-debugsource-5.14.21-150400.24.100.2 * kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2 * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.100.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * gfs2-kmp-default-5.14.21-150400.24.100.2 * dlm-kmp-default-debuginfo-5.14.21-150400.24.100.2 * kernel-default-debuginfo-5.14.21-150400.24.100.2 * kernel-default-debugsource-5.14.21-150400.24.100.2 * cluster-md-kmp-default-5.14.21-150400.24.100.2 * kernel-obs-build-debugsource-5.14.21-150400.24.100.2 * kernel-obs-build-5.14.21-150400.24.100.2 * kernel-default-optional-debuginfo-5.14.21-150400.24.100.2 * kernel-obs-qa-5.14.21-150400.24.100.1 * ocfs2-kmp-default-5.14.21-150400.24.100.2 * kselftests-kmp-default-5.14.21-150400.24.100.2 * kernel-default-optional-5.14.21-150400.24.100.2 * kernel-default-extra-debuginfo-5.14.21-150400.24.100.2 * kernel-default-extra-5.14.21-150400.24.100.2 * kernel-default-livepatch-5.14.21-150400.24.100.2 * kernel-syms-5.14.21-150400.24.100.1 * kselftests-kmp-default-debuginfo-5.14.21-150400.24.100.2 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.100.2 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.100.2 * kernel-default-devel-debuginfo-5.14.21-150400.24.100.2 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.100.2 * kernel-default-devel-5.14.21-150400.24.100.2 * kernel-default-livepatch-devel-5.14.21-150400.24.100.2 * reiserfs-kmp-default-5.14.21-150400.24.100.2 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.100.2 * dlm-kmp-default-5.14.21-150400.24.100.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.100.2 * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150400.24.100.2 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_100-default-1-150400.9.3.2 * kernel-livepatch-5_14_21-150400_24_100-default-debuginfo-1-150400.9.3.2 * kernel-livepatch-SLE15-SP4_Update_21-debugsource-1-150400.9.3.2 * openSUSE Leap 15.4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.100.2 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150400.24.100.2 * kernel-zfcpdump-debugsource-5.14.21-150400.24.100.2 * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.14.21-150400.24.100.1 * openSUSE Leap 15.4 (aarch64) * dtb-cavium-5.14.21-150400.24.100.1 * dtb-amd-5.14.21-150400.24.100.1 * dtb-xilinx-5.14.21-150400.24.100.1 * dtb-freescale-5.14.21-150400.24.100.1 * dtb-amlogic-5.14.21-150400.24.100.1 * kselftests-kmp-64kb-5.14.21-150400.24.100.2 * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.100.2 * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.100.2 * dtb-qcom-5.14.21-150400.24.100.1 * dtb-exynos-5.14.21-150400.24.100.1 * kernel-64kb-extra-5.14.21-150400.24.100.2 * dtb-arm-5.14.21-150400.24.100.1 * dtb-lg-5.14.21-150400.24.100.1 * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.100.2 * kernel-64kb-devel-5.14.21-150400.24.100.2 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.100.2 * dtb-sprd-5.14.21-150400.24.100.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.100.2 * gfs2-kmp-64kb-5.14.21-150400.24.100.2 * kernel-64kb-debugsource-5.14.21-150400.24.100.2 * dtb-socionext-5.14.21-150400.24.100.1 * dtb-marvell-5.14.21-150400.24.100.1 * dtb-allwinner-5.14.21-150400.24.100.1 * kernel-64kb-extra-debuginfo-5.14.21-150400.24.100.2 * dtb-rockchip-5.14.21-150400.24.100.1 * dtb-renesas-5.14.21-150400.24.100.1 * cluster-md-kmp-64kb-5.14.21-150400.24.100.2 * dlm-kmp-64kb-5.14.21-150400.24.100.2 * kernel-64kb-optional-5.14.21-150400.24.100.2 * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.100.2 * ocfs2-kmp-64kb-5.14.21-150400.24.100.2 * kernel-64kb-debuginfo-5.14.21-150400.24.100.2 * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.100.2 * dtb-amazon-5.14.21-150400.24.100.1 * dtb-apm-5.14.21-150400.24.100.1 * dtb-broadcom-5.14.21-150400.24.100.1 * dtb-hisilicon-5.14.21-150400.24.100.1 * dtb-nvidia-5.14.21-150400.24.100.1 * kernel-64kb-optional-debuginfo-5.14.21-150400.24.100.2 * dtb-altera-5.14.21-150400.24.100.1 * reiserfs-kmp-64kb-5.14.21-150400.24.100.2 * dtb-apple-5.14.21-150400.24.100.1 * dtb-mediatek-5.14.21-150400.24.100.1 * kernel-64kb-livepatch-devel-5.14.21-150400.24.100.2 * openSUSE Leap 15.4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.100.2 * openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.100.2 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * kernel-default-debuginfo-5.14.21-150400.24.100.2 * kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2 * kernel-default-debugsource-5.14.21-150400.24.100.2 * openSUSE Leap Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.100.2 * openSUSE Leap Micro 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.100.2 * kernel-default-debugsource-5.14.21-150400.24.100.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.100.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.100.2 * kernel-default-debugsource-5.14.21-150400.24.100.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.100.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.100.2 * kernel-default-debugsource-5.14.21-150400.24.100.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.100.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.100.2 * kernel-default-debugsource-5.14.21-150400.24.100.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.100.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.100.2 * kernel-default-debugsource-5.14.21-150400.24.100.2 * Basesystem Module 15-SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.100.2 * Basesystem Module 15-SP4 (aarch64) * kernel-64kb-devel-debuginfo-5.14.21-150400.24.100.2 * kernel-64kb-debuginfo-5.14.21-150400.24.100.2 * kernel-64kb-debugsource-5.14.21-150400.24.100.2 * kernel-64kb-devel-5.14.21-150400.24.100.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.100.2 * Basesystem Module 15-SP4 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.100.2 * kernel-default-debugsource-5.14.21-150400.24.100.2 * kernel-default-devel-debuginfo-5.14.21-150400.24.100.2 * kernel-default-devel-5.14.21-150400.24.100.2 * Basesystem Module 15-SP4 (noarch) * kernel-macros-5.14.21-150400.24.100.2 * kernel-devel-5.14.21-150400.24.100.2 * Basesystem Module 15-SP4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.100.2 * Basesystem Module 15-SP4 (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150400.24.100.2 * kernel-zfcpdump-debugsource-5.14.21-150400.24.100.2 * Development Tools Module 15-SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.100.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-5.14.21-150400.24.100.2 * kernel-obs-build-5.14.21-150400.24.100.2 * kernel-syms-5.14.21-150400.24.100.1 * Development Tools Module 15-SP4 (noarch) * kernel-source-5.14.21-150400.24.100.2 * Legacy Module 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.100.2 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.100.2 * kernel-default-debugsource-5.14.21-150400.24.100.2 * reiserfs-kmp-default-5.14.21-150400.24.100.2 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.100.2 * SUSE Linux Enterprise Live Patching 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.100.2 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-default-livepatch-5.14.21-150400.24.100.2 * kernel-default-debuginfo-5.14.21-150400.24.100.2 * kernel-default-debugsource-5.14.21-150400.24.100.2 * kernel-default-livepatch-devel-5.14.21-150400.24.100.2 * kernel-livepatch-5_14_21-150400_24_100-default-1-150400.9.3.2 * kernel-livepatch-5_14_21-150400_24_100-default-debuginfo-1-150400.9.3.2 * kernel-livepatch-SLE15-SP4_Update_21-debugsource-1-150400.9.3.2 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * gfs2-kmp-default-5.14.21-150400.24.100.2 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.100.2 * dlm-kmp-default-debuginfo-5.14.21-150400.24.100.2 * kernel-default-debuginfo-5.14.21-150400.24.100.2 * kernel-default-debugsource-5.14.21-150400.24.100.2 * cluster-md-kmp-default-5.14.21-150400.24.100.2 * ocfs2-kmp-default-5.14.21-150400.24.100.2 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.100.2 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.100.2 * dlm-kmp-default-5.14.21-150400.24.100.2 * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.100.2 * SUSE Linux Enterprise Workstation Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.100.2 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * kernel-default-debuginfo-5.14.21-150400.24.100.2 * kernel-default-debugsource-5.14.21-150400.24.100.2 * kernel-default-extra-5.14.21-150400.24.100.2 * kernel-default-extra-debuginfo-5.14.21-150400.24.100.2 ## References: * https://www.suse.com/security/cve/CVE-2023-2006.html * https://www.suse.com/security/cve/CVE-2023-25775.html * https://www.suse.com/security/cve/CVE-2023-39197.html * https://www.suse.com/security/cve/CVE-2023-39198.html * https://www.suse.com/security/cve/CVE-2023-4244.html * https://www.suse.com/security/cve/CVE-2023-45863.html * https://www.suse.com/security/cve/CVE-2023-45871.html * https://www.suse.com/security/cve/CVE-2023-46862.html * https://www.suse.com/security/cve/CVE-2023-5158.html * https://www.suse.com/security/cve/CVE-2023-5717.html * https://www.suse.com/security/cve/CVE-2023-6039.html * https://www.suse.com/security/cve/CVE-2023-6176.html * https://bugzilla.suse.com/show_bug.cgi?id=1084909 * https://bugzilla.suse.com/show_bug.cgi?id=1210447 * https://bugzilla.suse.com/show_bug.cgi?id=1214286 * https://bugzilla.suse.com/show_bug.cgi?id=1214976 * https://bugzilla.suse.com/show_bug.cgi?id=1215124 * https://bugzilla.suse.com/show_bug.cgi?id=1215292 * https://bugzilla.suse.com/show_bug.cgi?id=1215420 * https://bugzilla.suse.com/show_bug.cgi?id=1215458 * https://bugzilla.suse.com/show_bug.cgi?id=1215710 * https://bugzilla.suse.com/show_bug.cgi?id=1216058 * https://bugzilla.suse.com/show_bug.cgi?id=1216105 * https://bugzilla.suse.com/show_bug.cgi?id=1216259 * https://bugzilla.suse.com/show_bug.cgi?id=1216584 * https://bugzilla.suse.com/show_bug.cgi?id=1216693 * https://bugzilla.suse.com/show_bug.cgi?id=1216759 * https://bugzilla.suse.com/show_bug.cgi?id=1216844 * https://bugzilla.suse.com/show_bug.cgi?id=1216861 * https://bugzilla.suse.com/show_bug.cgi?id=1216909 * https://bugzilla.suse.com/show_bug.cgi?id=1216959 * https://bugzilla.suse.com/show_bug.cgi?id=1216965 * https://bugzilla.suse.com/show_bug.cgi?id=1216976 * https://bugzilla.suse.com/show_bug.cgi?id=1217036 * https://bugzilla.suse.com/show_bug.cgi?id=1217068 * https://bugzilla.suse.com/show_bug.cgi?id=1217086 * https://bugzilla.suse.com/show_bug.cgi?id=1217124 * https://bugzilla.suse.com/show_bug.cgi?id=1217140 * https://bugzilla.suse.com/show_bug.cgi?id=1217195 * https://bugzilla.suse.com/show_bug.cgi?id=1217200 * https://bugzilla.suse.com/show_bug.cgi?id=1217205 * https://bugzilla.suse.com/show_bug.cgi?id=1217332 * https://bugzilla.suse.com/show_bug.cgi?id=1217366 * https://bugzilla.suse.com/show_bug.cgi?id=1217515 * https://bugzilla.suse.com/show_bug.cgi?id=1217598 * https://bugzilla.suse.com/show_bug.cgi?id=1217599 * https://bugzilla.suse.com/show_bug.cgi?id=1217609 * https://bugzilla.suse.com/show_bug.cgi?id=1217687 * https://bugzilla.suse.com/show_bug.cgi?id=1217731 * https://bugzilla.suse.com/show_bug.cgi?id=1217780 * https://jira.suse.com/browse/PED-3184 * https://jira.suse.com/browse/PED-5021 * https://jira.suse.com/browse/PED-7237 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 20:30:44 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 20:30:44 -0000 Subject: SUSE-SU-2023:4807-1: important: Security update for container-suseconnect Message-ID: <170249944447.27528.5814965142235916008@smelt2.prg2.suse.org> # Security update for container-suseconnect Announcement ID: SUSE-SU-2023:4807-1 Rating: important References: * bsc#1212475 Affected Products: * Containers Module 15-SP4 * Containers Module 15-SP5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one security fix can now be installed. ## Description: This update of container-suseconnect fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4807=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4807=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4807=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4807=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4807=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4807=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4807=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4807=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4807=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4807=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4807=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4807=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4807=1 ## Package List: * SUSE CaaS Platform 4.0 (x86_64) * container-suseconnect-2.4.0-150000.4.46.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.46.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.46.1 * container-suseconnect-debuginfo-2.4.0-150000.4.46.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.46.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.46.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.46.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.46.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.46.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.46.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 13 20:30:46 2023 From: null at suse.de (null at suse.de) Date: Wed, 13 Dec 2023 20:30:46 -0000 Subject: SUSE-RU-2023:3845-2: moderate: Recommended update for sap-installation-wizard Message-ID: <170249944699.27528.6795268356536883736@smelt2.prg2.suse.org> # Recommended update for sap-installation-wizard Announcement ID: SUSE-RU-2023:3845-2 Rating: moderate References: * bsc#1214161 Affected Products: * openSUSE Leap 15.5 * SAP Applications Module 15-SP5 * SAP Business One Module 15-SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for sap-installation-wizard fixes the following issues: NOTE: This update has been retracted because it broke new installation. * Adapt pattern name to prevent stopping SAP Installation Wizard after HANA has been installed. (bsc#1214161) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3845=1 * SAP Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP5-2023-3845=1 * SAP Business One Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Business-One-15-SP5-2023-3845=1 ## Package List: * openSUSE Leap 15.5 (ppc64le x86_64) * bone-installation-wizard-4.5.9-150500.5.6.1 * sap-installation-wizard-4.5.9-150500.5.6.1 * SAP Applications Module 15-SP5 (ppc64le x86_64) * sap-installation-wizard-4.5.9-150500.5.6.1 * SAP Business One Module 15-SP5 (x86_64) * bone-installation-wizard-4.5.9-150500.5.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214161 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Dec 14 08:01:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Dec 2023 09:01:06 +0100 (CET) Subject: SUSE-IU-2023:857-1: Security update of suse-sles-15-sp4-chost-byos-v20231212-hvm-ssd-x86_64 Message-ID: <20231214080106.A9AC0FBA4@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20231212-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:857-1 Image Tags : suse-sles-15-sp4-chost-byos-v20231212-hvm-ssd-x86_64:20231212 Image Release : Severity : important Type : security References : 1170267 1192986 1200528 1210660 1212799 1214781 1216410 1216862 1217031 1217212 1217215 1217573 1217574 CVE-2022-1996 CVE-2023-2137 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20231212-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4602-1 Released: Wed Nov 29 08:41:17 2023 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1170267,1212799,1214781 This update for suseconnect-ng fixes the following issues: - Update to version 1.4.0~git0.b0f7c25bfdfa - Added EULA display for addons (bsc#1170267) - Fix zypper argument for auto-agreeing licenses (bsc#1214781) - Enable building on SLE12 SP5 (jsc#PED-3179) - Fixed `provides` to work with yast2-registration on SLE15 SP4 (bsc#1212799) - Improve error message if product set more than once ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4672-1 Released: Wed Dec 6 14:37:37 2023 Summary: Security update for suse-build-key Type: security Severity: important References: 1216410,1217215 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4705-1 Released: Mon Dec 11 07:21:46 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1192986,1217031 This update for dracut fixes the following issues: - Update to version 055+suse.351.g30f0cda6 - Fix network device naming in udev-rules (bsc#1192986) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4727-1 Released: Tue Dec 12 12:27:39 2023 Summary: Security update for catatonit, containerd, runc Type: security Severity: important References: 1200528,CVE-2022-1996 This update of runc and containerd fixes the following issues: containerd: - Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528) catatonit: - Update to catatonit v0.2.0. * Change license to GPL-2.0-or-later. - Update to catatont v0.1.7 * This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). - Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). runc: - Update to runc v1.1.10. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.10 The following package changes have been done: - containerd-ctr-1.7.8-150000.103.1 updated - containerd-1.7.8-150000.103.1 updated - curl-8.0.1-150400.5.36.1 updated - dracut-055+suse.351.g30f0cda6-150400.3.31.1 updated - gpg2-2.2.27-150300.3.8.1 updated - libcurl4-8.0.1-150400.5.36.1 updated - libsqlite3-0-3.44.0-150000.3.23.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - runc-1.1.10-150000.55.1 updated - suse-build-key-12.0-150000.8.37.1 updated - suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - system-group-kvm-20170617-150400.24.2.1 updated - system-group-wheel-20170617-150400.24.2.1 updated - system-user-lp-20170617-150400.24.2.1 updated - system-user-nobody-20170617-150400.24.2.1 updated From sle-updates at lists.suse.com Thu Dec 14 08:01:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Dec 2023 09:01:15 +0100 (CET) Subject: SUSE-IU-2023:858-1: Security update of sles-15-sp4-chost-byos-v20231212-arm64 Message-ID: <20231214080115.E179BFBA4@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20231212-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:858-1 Image Tags : sles-15-sp4-chost-byos-v20231212-arm64:20231212 Image Release : Severity : important Type : security References : 1170267 1192986 1200528 1210660 1212418 1212759 1212799 1213639 1214546 1214572 1214781 1216410 1216576 1216862 1217031 1217212 1217215 1217573 1217574 CVE-2022-1996 CVE-2023-2137 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20231212-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4602-1 Released: Wed Nov 29 08:41:17 2023 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1170267,1212799,1214781 This update for suseconnect-ng fixes the following issues: - Update to version 1.4.0~git0.b0f7c25bfdfa - Added EULA display for addons (bsc#1170267) - Fix zypper argument for auto-agreeing licenses (bsc#1214781) - Enable building on SLE12 SP5 (jsc#PED-3179) - Fixed `provides` to work with yast2-registration on SLE15 SP4 (bsc#1212799) - Improve error message if product set more than once ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4610-1 Released: Wed Nov 29 14:04:12 2023 Summary: Recommended update for google-guest-configs Type: recommended Severity: moderate References: 1212418,1212759,1214546,1214572 This update for google-guest-configs fixes the following issues: - Update to version 20230808.00 (bsc#1214546, bsc#1214572, bsc#1212418, bsc#1212759) - Replace xxd with dd for google_nvme_id - Setup irq binding for a3 8g vm - dracut: Add a new dracut module for gcp udev rules - src/lib/udev: only create symlinks for GCP devices - Set hostname: consider fully qualified static hostname - Support multiple local SSD controllers - Update OWNERS file - DHCP hostname: don't reset hostname if the hostname hasn't changed ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4620-1 Released: Thu Nov 30 11:13:43 2023 Summary: Recommended update for libhugetlbfs Type: recommended Severity: moderate References: 1213639,1216576 This update for libhugetlbfs fixes the following issue: - Add patch for upstream issue (bsc#1216576, bsc#1213639) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4672-1 Released: Wed Dec 6 14:37:37 2023 Summary: Security update for suse-build-key Type: security Severity: important References: 1216410,1217215 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4705-1 Released: Mon Dec 11 07:21:46 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1192986,1217031 This update for dracut fixes the following issues: - Update to version 055+suse.351.g30f0cda6 - Fix network device naming in udev-rules (bsc#1192986) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4727-1 Released: Tue Dec 12 12:27:39 2023 Summary: Security update for catatonit, containerd, runc Type: security Severity: important References: 1200528,CVE-2022-1996 This update of runc and containerd fixes the following issues: containerd: - Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528) catatonit: - Update to catatonit v0.2.0. * Change license to GPL-2.0-or-later. - Update to catatont v0.1.7 * This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). - Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). runc: - Update to runc v1.1.10. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.10 The following package changes have been done: - containerd-ctr-1.7.8-150000.103.1 updated - containerd-1.7.8-150000.103.1 updated - curl-8.0.1-150400.5.36.1 updated - dracut-055+suse.351.g30f0cda6-150400.3.31.1 updated - google-guest-configs-20230808.00-150400.13.6.1 updated - gpg2-2.2.27-150300.3.8.1 updated - libcurl4-8.0.1-150400.5.36.1 updated - libhugetlbfs-2.20-150000.3.8.1 updated - libsqlite3-0-3.44.0-150000.3.23.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - runc-1.1.10-150000.55.1 updated - suse-build-key-12.0-150000.8.37.1 updated - suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - system-group-kvm-20170617-150400.24.2.1 updated - system-group-wheel-20170617-150400.24.2.1 updated - system-user-lp-20170617-150400.24.2.1 updated - system-user-nobody-20170617-150400.24.2.1 updated From sle-updates at lists.suse.com Thu Dec 14 08:04:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Dec 2023 09:04:31 +0100 (CET) Subject: SUSE-CU-2023:4129-1: Security update of suse/sle15 Message-ID: <20231214080431.6E223FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4129-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.854 Container Release : 6.2.854 Severity : important Type : security References : 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4807-1 Released: Wed Dec 13 18:07:37 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.46.1 updated From sle-updates at lists.suse.com Thu Dec 14 08:05:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Dec 2023 09:05:30 +0100 (CET) Subject: SUSE-CU-2023:4130-1: Security update of suse/sle15 Message-ID: <20231214080530.D8AB1FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4130-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.382 Container Release : 9.5.382 Severity : important Type : security References : 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4807-1 Released: Wed Dec 13 18:07:37 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.46.1 updated From sle-updates at lists.suse.com Thu Dec 14 08:06:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Dec 2023 09:06:18 +0100 (CET) Subject: SUSE-CU-2023:4131-1: Security update of suse/sle15 Message-ID: <20231214080618.4A237FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4131-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.226 , suse/sle15:15.3 , suse/sle15:15.3.17.20.226 Container Release : 17.20.226 Severity : important Type : security References : 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4807-1 Released: Wed Dec 13 18:07:37 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.46.1 updated From sle-updates at lists.suse.com Thu Dec 14 08:08:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Dec 2023 09:08:16 +0100 (CET) Subject: SUSE-CU-2023:4136-1: Security update of suse/sle15 Message-ID: <20231214080816.52A31FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4136-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.128 , suse/sle15:15.4 , suse/sle15:15.4.27.14.128 Container Release : 27.14.128 Severity : important Type : security References : 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4807-1 Released: Wed Dec 13 18:07:37 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.46.1 updated From sle-updates at lists.suse.com Thu Dec 14 08:13:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Dec 2023 09:13:14 +0100 (CET) Subject: SUSE-CU-2023:4168-1: Security update of suse/sle15 Message-ID: <20231214081314.1A13EFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4168-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.66 , suse/sle15:15.5 , suse/sle15:15.5.36.5.66 Container Release : 36.5.66 Severity : important Type : security References : 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4807-1 Released: Wed Dec 13 18:07:37 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.46.1 updated From sle-updates at lists.suse.com Thu Dec 14 08:13:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Dec 2023 09:13:24 +0100 (CET) Subject: SUSE-CU-2023:4169-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20231214081324.4B8FDFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4169-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.2 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.2 Container Release : 9.43.2 Severity : important Type : security References : 1191143 1191143 1204235 1204235 1207012 1207012 1207532 1207532 1210928 1210928 1210930 1210930 1211355 1211355 1211560 1211560 1211649 1211649 1212695 1212695 1212904 1212904 1213469 1213469 1214186 1214186 1214471 1214471 1214601 1214601 1214759 1214759 1215209 1215209 1215514 1215514 1215949 1215949 1216030 1216030 1216041 1216041 1216085 1216085 1216128 1216128 1216380 1216380 1216506 1216506 1216555 1216555 1216690 1216690 1216754 1216754 1217038 1217038 1217223 1217223 1217224 1217224 CVE-2023-22644 CVE-2023-22644 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4737-1 Released: Wed Dec 13 10:20:03 2023 Summary: Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Type: security Severity: important References: 1191143,1204235,1207012,1207532,1210928,1210930,1211355,1211560,1211649,1212695,1212904,1213469,1214186,1214471,1214601,1214759,1215209,1215514,1215949,1216030,1216041,1216085,1216128,1216380,1216506,1216555,1216690,1216754,1217038,1217223,1217224,CVE-2023-22644 Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4758-1 Released: Wed Dec 13 10:33:58 2023 Summary: Security update for SUSE Manager 4.3.10 Release Notes Type: security Severity: important References: 1191143,1204235,1207012,1207532,1210928,1210930,1211355,1211560,1211649,1212695,1212904,1213469,1214186,1214471,1214601,1214759,1215209,1215514,1215949,1216030,1216041,1216085,1216128,1216380,1216506,1216555,1216690,1216754,1217038,1217223,1217224,CVE-2023-22644 Security update for SUSE Manager 4.3.10 Release Notes: - This is a codestream only update The following package changes have been done: - release-notes-susemanager-proxy-4.3.10-150400.3.72.1 updated - apache2-mod_wsgi-4.7.1-150400.3.9.4 updated - spacewalk-backend-4.3.25-150400.3.33.7 updated - python3-spacewalk-client-tools-4.3.17-150400.3.21.6 updated - spacewalk-client-tools-4.3.17-150400.3.21.6 updated - spacewalk-proxy-package-manager-4.3.17-150400.3.23.5 updated - spacewalk-proxy-common-4.3.17-150400.3.23.5 updated - spacewalk-proxy-broker-4.3.17-150400.3.23.5 updated - susemanager-tftpsync-recv-4.3.9-150400.3.9.5 updated - spacewalk-proxy-redirect-4.3.17-150400.3.23.5 updated From null at suse.de Thu Dec 14 08:30:02 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 08:30:02 -0000 Subject: SUSE-SU-2023:4822-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP4) Message-ID: <170254260262.29092.5957511192580607798@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:4822-1 Rating: important References: * bsc#1213584 * bsc#1215097 * bsc#1215442 * bsc#1215519 * bsc#1215971 Cross-References: * CVE-2023-2163 * CVE-2023-3610 * CVE-2023-3777 * CVE-2023-4622 * CVE-2023-5345 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_60 fixes several issues. The following security issues were fixed: * CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213584). * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215097) * CVE-2023-5345: Fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215971) * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215442). * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4822=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4822=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_60-default-8-150400.2.1 * kernel-livepatch-5_14_21-150400_24_60-default-debuginfo-8-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_11-debugsource-8-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_60-default-8-150400.2.1 * kernel-livepatch-5_14_21-150400_24_60-default-debuginfo-8-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_11-debugsource-8-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-3610.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-5345.html * https://bugzilla.suse.com/show_bug.cgi?id=1213584 * https://bugzilla.suse.com/show_bug.cgi?id=1215097 * https://bugzilla.suse.com/show_bug.cgi?id=1215442 * https://bugzilla.suse.com/show_bug.cgi?id=1215519 * https://bugzilla.suse.com/show_bug.cgi?id=1215971 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 08:30:06 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 08:30:06 -0000 Subject: SUSE-SU-2023:4820-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP3) Message-ID: <170254260638.29092.1328240185767129944@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:4820-1 Rating: important References: * bsc#1215097 * bsc#1215442 * bsc#1215519 Cross-References: * CVE-2023-2163 * CVE-2023-3777 * CVE-2023-4622 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_130 fixes several issues. The following security issues were fixed: * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215097) * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215442). * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4820=1 SUSE-2023-4821=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4820=1 SUSE-SLE- Module-Live-Patching-15-SP3-2023-4821=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_34-debugsource-5-150300.2.1 * kernel-livepatch-5_3_18-150300_59_130-default-4-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_35-debugsource-4-150300.2.1 * kernel-livepatch-5_3_18-150300_59_130-default-debuginfo-4-150300.2.1 * kernel-livepatch-5_3_18-150300_59_127-default-5-150300.2.1 * kernel-livepatch-5_3_18-150300_59_127-default-debuginfo-5-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_127-preempt-5-150300.2.1 * kernel-livepatch-5_3_18-150300_59_127-preempt-debuginfo-5-150300.2.1 * kernel-livepatch-5_3_18-150300_59_130-preempt-4-150300.2.1 * kernel-livepatch-5_3_18-150300_59_130-preempt-debuginfo-4-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_127-default-5-150300.2.1 * kernel-livepatch-5_3_18-150300_59_130-default-4-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://bugzilla.suse.com/show_bug.cgi?id=1215097 * https://bugzilla.suse.com/show_bug.cgi?id=1215442 * https://bugzilla.suse.com/show_bug.cgi?id=1215519 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:30:03 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:30:03 -0000 Subject: SUSE-SU-2023:4841-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP5) Message-ID: <170255700306.23207.14763166097159234903@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:4841-1 Rating: important References: * bsc#1213584 * bsc#1215097 * bsc#1215442 * bsc#1215519 * bsc#1215971 Cross-References: * CVE-2023-2163 * CVE-2023-3610 * CVE-2023-3777 * CVE-2023-4622 * CVE-2023-5345 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_12 fixes several issues. The following security issues were fixed: * CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213584). * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215097) * CVE-2023-5345: Fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215971) * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215442). * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4841=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4841=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_12-default-debuginfo-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_12-default-5-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_2-debugsource-5-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_12-default-debuginfo-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_12-default-5-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_2-debugsource-5-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-3610.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-5345.html * https://bugzilla.suse.com/show_bug.cgi?id=1213584 * https://bugzilla.suse.com/show_bug.cgi?id=1215097 * https://bugzilla.suse.com/show_bug.cgi?id=1215442 * https://bugzilla.suse.com/show_bug.cgi?id=1215519 * https://bugzilla.suse.com/show_bug.cgi?id=1215971 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:30:06 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:30:06 -0000 Subject: SUSE-SU-2023:4845-1: important: Security update for the Linux Kernel (Live Patch 38 for SLE 15 SP3) Message-ID: <170255700629.23207.9447958195484155605@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 38 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:4845-1 Rating: important References: * bsc#1210619 Cross-References: * CVE-2023-1829 CVSS scores: * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_141 fixes one issue. The following security issue was fixed: * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-4845=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4840=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4840=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_183-default-2-2.1 * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_141-default-debuginfo-2-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_38-debugsource-2-150300.2.1 * kernel-livepatch-5_3_18-150300_59_141-default-2-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_141-preempt-debuginfo-2-150300.2.1 * kernel-livepatch-5_3_18-150300_59_141-preempt-2-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_141-default-2-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1829.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:30:09 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:30:09 -0000 Subject: SUSE-SU-2023:4839-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP3) Message-ID: <170255700942.23207.14033089851970537960@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:4839-1 Rating: important References: * bsc#1215097 * bsc#1215519 Cross-References: * CVE-2023-2163 * CVE-2023-3777 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_138 fixes several issues. The following security issues were fixed: * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215097) * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4839=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4839=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_138-default-debuginfo-3-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_37-debugsource-3-150300.2.1 * kernel-livepatch-5_3_18-150300_59_138-default-3-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_138-preempt-debuginfo-3-150300.2.1 * kernel-livepatch-5_3_18-150300_59_138-preempt-3-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_138-default-3-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://bugzilla.suse.com/show_bug.cgi?id=1215097 * https://bugzilla.suse.com/show_bug.cgi?id=1215519 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:30:12 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:30:12 -0000 Subject: SUSE-SU-2023:4836-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP3) Message-ID: <170255701257.23207.880536618289756594@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:4836-1 Rating: important References: * bsc#1215097 * bsc#1215442 * bsc#1215519 Cross-References: * CVE-2023-2163 * CVE-2023-3777 * CVE-2023-4622 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_133 fixes several issues. The following security issues were fixed: * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215097) * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215442). * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4837=1 SUSE-2023-4838=1 SUSE-2023-4846=1 SUSE-2023-4836=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4837=1 SUSE-SLE- Module-Live-Patching-15-SP3-2023-4838=1 SUSE-SLE-Module-Live- Patching-15-SP3-2023-4846=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-4836=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_36-debugsource-3-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_26-debugsource-13-150300.2.2 * kernel-livepatch-5_3_18-150300_59_101-default-13-150300.2.2 * kernel-livepatch-SLE15-SP3_Update_29-debugsource-10-150300.2.2 * kernel-livepatch-SLE15-SP3_Update_30-debugsource-9-150300.2.1 * kernel-livepatch-5_3_18-150300_59_101-default-debuginfo-13-150300.2.2 * kernel-livepatch-5_3_18-150300_59_115-default-debuginfo-9-150300.2.1 * kernel-livepatch-5_3_18-150300_59_133-default-debuginfo-3-150300.2.1 * kernel-livepatch-5_3_18-150300_59_112-default-debuginfo-10-150300.2.2 * kernel-livepatch-5_3_18-150300_59_115-default-9-150300.2.1 * kernel-livepatch-5_3_18-150300_59_112-default-10-150300.2.2 * kernel-livepatch-5_3_18-150300_59_133-default-3-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_115-preempt-debuginfo-9-150300.2.1 * kernel-livepatch-5_3_18-150300_59_115-preempt-9-150300.2.1 * kernel-livepatch-5_3_18-150300_59_112-preempt-10-150300.2.2 * kernel-livepatch-5_3_18-150300_59_112-preempt-debuginfo-10-150300.2.2 * kernel-livepatch-5_3_18-150300_59_101-preempt-13-150300.2.2 * kernel-livepatch-5_3_18-150300_59_133-preempt-3-150300.2.1 * kernel-livepatch-5_3_18-150300_59_101-preempt-debuginfo-13-150300.2.2 * kernel-livepatch-5_3_18-150300_59_133-preempt-debuginfo-3-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_112-default-10-150300.2.2 * kernel-livepatch-5_3_18-150300_59_115-default-9-150300.2.1 * kernel-livepatch-5_3_18-150300_59_133-default-3-150300.2.1 * kernel-livepatch-5_3_18-150300_59_101-default-13-150300.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://bugzilla.suse.com/show_bug.cgi?id=1215097 * https://bugzilla.suse.com/show_bug.cgi?id=1215442 * https://bugzilla.suse.com/show_bug.cgi?id=1215519 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:30:15 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:30:15 -0000 Subject: SUSE-SU-2023:4835-1: important: Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP2) Message-ID: <170255701534.23207.15215239047273888111@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:4835-1 Rating: important References: * bsc#1215519 Cross-References: * CVE-2023-2163 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_166 fixes one issue. The following security issue was fixed: * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-4835=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP2_Update_41-debugsource-3-150200.2.1 * kernel-livepatch-5_3_18-150200_24_166-default-debuginfo-3-150200.2.1 * kernel-livepatch-5_3_18-150200_24_166-default-3-150200.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://bugzilla.suse.com/show_bug.cgi?id=1215519 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:30:17 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:30:17 -0000 Subject: SUSE-SU-2023:4833-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP2) Message-ID: <170255701757.23207.13292895686048043497@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:4833-1 Rating: important References: * bsc#1215442 * bsc#1215519 Cross-References: * CVE-2023-2163 * CVE-2023-4622 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_142 fixes several issues. The following security issues were fixed: * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215442). * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-4833=1 SUSE-SLE- Module-Live-Patching-15-SP2-2023-4834=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_139-default-debuginfo-11-150200.2.2 * kernel-livepatch-5_3_18-150200_24_139-default-11-150200.2.2 * kernel-livepatch-SLE15-SP2_Update_32-debugsource-11-150200.2.2 * kernel-livepatch-5_3_18-150200_24_142-default-10-150200.2.2 * kernel-livepatch-SLE15-SP2_Update_33-debugsource-10-150200.2.2 * kernel-livepatch-5_3_18-150200_24_142-default-debuginfo-10-150200.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://bugzilla.suse.com/show_bug.cgi?id=1215442 * https://bugzilla.suse.com/show_bug.cgi?id=1215519 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:30:19 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:30:19 -0000 Subject: SUSE-SU-2023:4831-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP1) Message-ID: <170255701997.23207.7009556406515484998@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP1) Announcement ID: SUSE-SU-2023:4831-1 Rating: important References: * bsc#1215442 Cross-References: * CVE-2023-4622 CVSS scores: * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.12.14-150100_197_134 fixes one issue. The following security issue was fixed: * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215442). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-4831=1 SUSE-SLE- Module-Live-Patching-15-SP1-2023-4832=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_131-default-11-150100.2.2 * kernel-livepatch-4_12_14-150100_197_134-default-10-150100.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-4622.html * https://bugzilla.suse.com/show_bug.cgi?id=1215442 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:30:22 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:30:22 -0000 Subject: SUSE-SU-2023:4844-1: moderate: Security update for python-cryptography Message-ID: <170255702244.23207.8725247405286807443@smelt2.prg2.suse.org> # Security update for python-cryptography Announcement ID: SUSE-SU-2023:4844-1 Rating: moderate References: * bsc#1217592 Cross-References: * CVE-2023-49083 CVSS scores: * CVE-2023-49083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-49083 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Public Cloud Module 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-cryptography fixes the following issues: * CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-4844=1 ## Package List: * Public Cloud Module 15-SP1 (aarch64) * python2-cryptography-debuginfo-3.3.2-150100.7.18.1 * python-cryptography-debugsource-3.3.2-150100.7.18.1 * python2-cryptography-3.3.2-150100.7.18.1 * python-cryptography-debuginfo-3.3.2-150100.7.18.1 * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * python3-cryptography-3.3.2-150100.7.18.1 * Public Cloud Module 15-SP1 (aarch64 x86_64) * python3-cryptography-debuginfo-3.3.2-150100.7.18.1 ## References: * https://www.suse.com/security/cve/CVE-2023-49083.html * https://bugzilla.suse.com/show_bug.cgi?id=1217592 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:30:25 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:30:25 -0000 Subject: SUSE-SU-2023:4843-1: moderate: Security update for python3-cryptography Message-ID: <170255702500.23207.12966299404248707647@smelt2.prg2.suse.org> # Security update for python3-cryptography Announcement ID: SUSE-SU-2023:4843-1 Rating: moderate References: * bsc#1217592 Cross-References: * CVE-2023-49083 CVSS scores: * CVE-2023-49083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-49083 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python3-cryptography fixes the following issues: * CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4843=1 SUSE-2023-4843=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4843=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4843=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4843=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4843=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4843=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4843=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4843=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4843=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4843=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4843=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * python3-cryptography-debugsource-3.3.2-150400.23.1 * python3-cryptography-3.3.2-150400.23.1 * python3-cryptography-debuginfo-3.3.2-150400.23.1 * openSUSE Leap Micro 5.3 (aarch64 ppc64le s390x x86_64) * python3-cryptography-debugsource-3.3.2-150400.23.1 * python3-cryptography-3.3.2-150400.23.1 * python3-cryptography-debuginfo-3.3.2-150400.23.1 * openSUSE Leap Micro 5.4 (aarch64 ppc64le s390x x86_64) * python3-cryptography-debugsource-3.3.2-150400.23.1 * python3-cryptography-3.3.2-150400.23.1 * python3-cryptography-debuginfo-3.3.2-150400.23.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python3-cryptography-debugsource-3.3.2-150400.23.1 * python3-cryptography-3.3.2-150400.23.1 * python3-cryptography-debuginfo-3.3.2-150400.23.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * python3-cryptography-debugsource-3.3.2-150400.23.1 * python3-cryptography-3.3.2-150400.23.1 * python3-cryptography-debuginfo-3.3.2-150400.23.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * python3-cryptography-debugsource-3.3.2-150400.23.1 * python3-cryptography-3.3.2-150400.23.1 * python3-cryptography-debuginfo-3.3.2-150400.23.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * python3-cryptography-debugsource-3.3.2-150400.23.1 * python3-cryptography-3.3.2-150400.23.1 * python3-cryptography-debuginfo-3.3.2-150400.23.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * python3-cryptography-debugsource-3.3.2-150400.23.1 * python3-cryptography-3.3.2-150400.23.1 * python3-cryptography-debuginfo-3.3.2-150400.23.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * python3-cryptography-debugsource-3.3.2-150400.23.1 * python3-cryptography-3.3.2-150400.23.1 * python3-cryptography-debuginfo-3.3.2-150400.23.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-cryptography-debugsource-3.3.2-150400.23.1 * python3-cryptography-3.3.2-150400.23.1 * python3-cryptography-debuginfo-3.3.2-150400.23.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-cryptography-debugsource-3.3.2-150400.23.1 * python3-cryptography-3.3.2-150400.23.1 * python3-cryptography-debuginfo-3.3.2-150400.23.1 ## References: * https://www.suse.com/security/cve/CVE-2023-49083.html * https://bugzilla.suse.com/show_bug.cgi?id=1217592 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:30:28 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:30:28 -0000 Subject: SUSE-SU-2023:4842-1: moderate: Security update for python-cryptography Message-ID: <170255702811.23207.11546440337603700026@smelt2.prg2.suse.org> # Security update for python-cryptography Announcement ID: SUSE-SU-2023:4842-1 Rating: moderate References: * bsc#1217592 Cross-References: * CVE-2023-49083 CVSS scores: * CVE-2023-49083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-49083 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Python 3 Module 15-SP4 * Python 3 Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-cryptography fixes the following issues: * CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4842=1 openSUSE-SLE-15.4-2023-4842=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4842=1 * Python 3 Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-4842=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2023-4842=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * python-cryptography-debugsource-41.0.3-150400.16.12.1 * python311-cryptography-41.0.3-150400.16.12.1 * python311-cryptography-debuginfo-41.0.3-150400.16.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python-cryptography-debugsource-41.0.3-150400.16.12.1 * python311-cryptography-41.0.3-150400.16.12.1 * python311-cryptography-debuginfo-41.0.3-150400.16.12.1 * Python 3 Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python-cryptography-debugsource-41.0.3-150400.16.12.1 * python311-cryptography-41.0.3-150400.16.12.1 * python311-cryptography-debuginfo-41.0.3-150400.16.12.1 * Python 3 Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python-cryptography-debugsource-41.0.3-150400.16.12.1 * python311-cryptography-41.0.3-150400.16.12.1 * python311-cryptography-debuginfo-41.0.3-150400.16.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-49083.html * https://bugzilla.suse.com/show_bug.cgi?id=1217592 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:30:30 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:30:30 -0000 Subject: SUSE-SU-2023:4830-1: moderate: Security update for python-Twisted Message-ID: <170255703094.23207.12418938019151553648@smelt2.prg2.suse.org> # Security update for python-Twisted Announcement ID: SUSE-SU-2023:4830-1 Rating: moderate References: * bsc#1216588 Cross-References: * CVE-2023-46137 CVSS scores: * CVE-2023-46137 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-46137 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Public Cloud Module 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-Twisted fixes the following issues: * CVE-2023-46137: Fixed issue inside serializing pipelined HTTP requests. (bsc#1216588) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-4830=1 ## Package List: * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * python3-Twisted-17.9.0-150000.3.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46137.html * https://bugzilla.suse.com/show_bug.cgi?id=1216588 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:30:34 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:30:34 -0000 Subject: SUSE-SU-2023:4829-1: important: Security update for webkit2gtk3 Message-ID: <170255703417.23207.7049535220402173407@smelt2.prg2.suse.org> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:4829-1 Rating: important References: * bsc#1217844 Cross-References: * CVE-2023-42916 * CVE-2023-42917 CVSS scores: * CVE-2023-42916 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-42916 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-42917 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-42917 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves two vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.42.3 (bsc#1217844): * Fix flickering while playing videos with DMA-BUF sink. * Fix color picker being triggered in the inspector when typing "tan". * Do not special case the "sans" font family name. * Fix build failure with libxml2 version 2.12.0 due to an API change. * Fix several crashes and rendering issues. * Security fixes: CVE-2023-42916, CVE-2023-42917. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4829=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4829=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4829=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * typelib-1_0-WebKit2WebExtension-4_0-2.42.3-150000.3.160.1 * webkit2gtk-4_0-injected-bundles-2.42.3-150000.3.160.1 * webkit2gtk3-devel-2.42.3-150000.3.160.1 * webkit2gtk3-debugsource-2.42.3-150000.3.160.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.3-150000.3.160.1 * typelib-1_0-JavaScriptCore-4_0-2.42.3-150000.3.160.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.3-150000.3.160.1 * libwebkit2gtk-4_0-37-2.42.3-150000.3.160.1 * typelib-1_0-WebKit2-4_0-2.42.3-150000.3.160.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.3-150000.3.160.1 * libjavascriptcoregtk-4_0-18-2.42.3-150000.3.160.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * libwebkit2gtk3-lang-2.42.3-150000.3.160.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit2WebExtension-4_0-2.42.3-150000.3.160.1 * webkit2gtk-4_0-injected-bundles-2.42.3-150000.3.160.1 * webkit2gtk3-devel-2.42.3-150000.3.160.1 * webkit2gtk3-debugsource-2.42.3-150000.3.160.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.3-150000.3.160.1 * typelib-1_0-JavaScriptCore-4_0-2.42.3-150000.3.160.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.3-150000.3.160.1 * libwebkit2gtk-4_0-37-2.42.3-150000.3.160.1 * typelib-1_0-WebKit2-4_0-2.42.3-150000.3.160.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.3-150000.3.160.1 * libjavascriptcoregtk-4_0-18-2.42.3-150000.3.160.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * libwebkit2gtk3-lang-2.42.3-150000.3.160.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * typelib-1_0-WebKit2WebExtension-4_0-2.42.3-150000.3.160.1 * webkit2gtk-4_0-injected-bundles-2.42.3-150000.3.160.1 * webkit2gtk3-devel-2.42.3-150000.3.160.1 * webkit2gtk3-debugsource-2.42.3-150000.3.160.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.3-150000.3.160.1 * typelib-1_0-JavaScriptCore-4_0-2.42.3-150000.3.160.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.3-150000.3.160.1 * libwebkit2gtk-4_0-37-2.42.3-150000.3.160.1 * typelib-1_0-WebKit2-4_0-2.42.3-150000.3.160.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.3-150000.3.160.1 * libjavascriptcoregtk-4_0-18-2.42.3-150000.3.160.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * libwebkit2gtk3-lang-2.42.3-150000.3.160.1 * SUSE CaaS Platform 4.0 (x86_64) * typelib-1_0-WebKit2WebExtension-4_0-2.42.3-150000.3.160.1 * webkit2gtk-4_0-injected-bundles-2.42.3-150000.3.160.1 * webkit2gtk3-devel-2.42.3-150000.3.160.1 * webkit2gtk3-debugsource-2.42.3-150000.3.160.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.3-150000.3.160.1 * typelib-1_0-JavaScriptCore-4_0-2.42.3-150000.3.160.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.3-150000.3.160.1 * libwebkit2gtk-4_0-37-2.42.3-150000.3.160.1 * typelib-1_0-WebKit2-4_0-2.42.3-150000.3.160.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.3-150000.3.160.1 * libjavascriptcoregtk-4_0-18-2.42.3-150000.3.160.1 * SUSE CaaS Platform 4.0 (noarch) * libwebkit2gtk3-lang-2.42.3-150000.3.160.1 ## References: * https://www.suse.com/security/cve/CVE-2023-42916.html * https://www.suse.com/security/cve/CVE-2023-42917.html * https://bugzilla.suse.com/show_bug.cgi?id=1217844 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:30:36 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:30:36 -0000 Subject: SUSE-SU-2023:4828-1: important: Security update for webkit2gtk3 Message-ID: <170255703671.23207.6374112453617336025@smelt2.prg2.suse.org> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:4828-1 Rating: important References: * bsc#1217844 Cross-References: * CVE-2023-42916 * CVE-2023-42917 CVSS scores: * CVE-2023-42916 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-42916 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-42917 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-42917 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.42.3 (bsc#1217844): * Fix flickering while playing videos with DMA-BUF sink. * Fix color picker being triggered in the inspector when typing "tan". * Do not special case the "sans" font family name. * Fix build failure with libxml2 version 2.12.0 due to an API change. * Fix several crashes and rendering issues. * Security fixes: CVE-2023-42916, CVE-2023-42917. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4828=1 openSUSE-SLE-15.4-2023-4828=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4828=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4828=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4828=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4828=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4828=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4828=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4828=1 ## Package List: * openSUSE Leap 15.4 (noarch) * WebKitGTK-6.0-lang-2.42.3-150400.4.67.1 * WebKitGTK-4.0-lang-2.42.3-150400.4.67.1 * WebKitGTK-4.1-lang-2.42.3-150400.4.67.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * webkit2gtk3-debugsource-2.42.3-150400.4.67.1 * libjavascriptcoregtk-4_0-18-2.42.3-150400.4.67.1 * typelib-1_0-JavaScriptCore-6_0-2.42.3-150400.4.67.1 * typelib-1_0-WebKit2-4_1-2.42.3-150400.4.67.1 * webkit2gtk4-minibrowser-2.42.3-150400.4.67.1 * webkit2gtk4-debugsource-2.42.3-150400.4.67.1 * webkitgtk-6_0-injected-bundles-2.42.3-150400.4.67.1 * webkit-jsc-4-debuginfo-2.42.3-150400.4.67.1 * libjavascriptcoregtk-4_1-0-2.42.3-150400.4.67.1 * webkit2gtk3-minibrowser-debuginfo-2.42.3-150400.4.67.1 * webkit2gtk3-soup2-devel-2.42.3-150400.4.67.1 * webkit-jsc-4.1-2.42.3-150400.4.67.1 * webkit2gtk3-soup2-minibrowser-2.42.3-150400.4.67.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.42.3-150400.4.67.1 * webkit2gtk3-devel-2.42.3-150400.4.67.1 * webkit-jsc-4-2.42.3-150400.4.67.1 * typelib-1_0-WebKit-6_0-2.42.3-150400.4.67.1 * libwebkit2gtk-4_1-0-2.42.3-150400.4.67.1 * libwebkit2gtk-4_1-0-debuginfo-2.42.3-150400.4.67.1 * typelib-1_0-JavaScriptCore-4_0-2.42.3-150400.4.67.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.3-150400.4.67.1 * webkit2gtk3-soup2-minibrowser-debuginfo-2.42.3-150400.4.67.1 * webkit-jsc-6.0-2.42.3-150400.4.67.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.42.3-150400.4.67.1 * webkit2gtk3-minibrowser-2.42.3-150400.4.67.1 * webkit2gtk4-devel-2.42.3-150400.4.67.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.3-150400.4.67.1 * webkit-jsc-4.1-debuginfo-2.42.3-150400.4.67.1 * typelib-1_0-JavaScriptCore-4_1-2.42.3-150400.4.67.1 * libjavascriptcoregtk-6_0-1-2.42.3-150400.4.67.1 * webkit2gtk-4_1-injected-bundles-2.42.3-150400.4.67.1 * libwebkit2gtk-4_0-37-2.42.3-150400.4.67.1 * typelib-1_0-WebKit2WebExtension-4_1-2.42.3-150400.4.67.1 * webkit-jsc-6.0-debuginfo-2.42.3-150400.4.67.1 * webkit2gtk-4_0-injected-bundles-2.42.3-150400.4.67.1 * libwebkitgtk-6_0-4-debuginfo-2.42.3-150400.4.67.1 * webkit2gtk3-soup2-debugsource-2.42.3-150400.4.67.1 * webkit2gtk4-minibrowser-debuginfo-2.42.3-150400.4.67.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.42.3-150400.4.67.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.3-150400.4.67.1 * typelib-1_0-WebKit2-4_0-2.42.3-150400.4.67.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.3-150400.4.67.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.42.3-150400.4.67.1 * libwebkitgtk-6_0-4-2.42.3-150400.4.67.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.42.3-150400.4.67.1 * openSUSE Leap 15.4 (x86_64) * libjavascriptcoregtk-4_0-18-32bit-2.42.3-150400.4.67.1 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.42.3-150400.4.67.1 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.42.3-150400.4.67.1 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.42.3-150400.4.67.1 * libjavascriptcoregtk-4_1-0-32bit-2.42.3-150400.4.67.1 * libwebkit2gtk-4_0-37-32bit-2.42.3-150400.4.67.1 * libwebkit2gtk-4_1-0-32bit-2.42.3-150400.4.67.1 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.42.3-150400.4.67.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libjavascriptcoregtk-4_1-0-64bit-2.42.3-150400.4.67.1 * libwebkit2gtk-4_1-0-64bit-debuginfo-2.42.3-150400.4.67.1 * libjavascriptcoregtk-4_0-18-64bit-2.42.3-150400.4.67.1 * libwebkit2gtk-4_1-0-64bit-2.42.3-150400.4.67.1 * libwebkit2gtk-4_0-37-64bit-debuginfo-2.42.3-150400.4.67.1 * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.42.3-150400.4.67.1 * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.42.3-150400.4.67.1 * libwebkit2gtk-4_0-37-64bit-2.42.3-150400.4.67.1 * openSUSE Leap 15.5 (noarch) * WebKitGTK-6.0-lang-2.42.3-150400.4.67.1 * WebKitGTK-4.0-lang-2.42.3-150400.4.67.1 * WebKitGTK-4.1-lang-2.42.3-150400.4.67.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-4_0-18-2.42.3-150400.4.67.1 * webkit2gtk3-debugsource-2.42.3-150400.4.67.1 * typelib-1_0-JavaScriptCore-6_0-2.42.3-150400.4.67.1 * typelib-1_0-WebKit2-4_1-2.42.3-150400.4.67.1 * webkit2gtk4-minibrowser-2.42.3-150400.4.67.1 * webkit2gtk4-debugsource-2.42.3-150400.4.67.1 * webkitgtk-6_0-injected-bundles-2.42.3-150400.4.67.1 * webkit-jsc-4-debuginfo-2.42.3-150400.4.67.1 * libjavascriptcoregtk-4_1-0-2.42.3-150400.4.67.1 * webkit2gtk3-minibrowser-debuginfo-2.42.3-150400.4.67.1 * webkit2gtk3-soup2-devel-2.42.3-150400.4.67.1 * webkit-jsc-4.1-2.42.3-150400.4.67.1 * webkit2gtk3-soup2-minibrowser-2.42.3-150400.4.67.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.42.3-150400.4.67.1 * webkit2gtk3-devel-2.42.3-150400.4.67.1 * webkit-jsc-4-2.42.3-150400.4.67.1 * typelib-1_0-WebKit-6_0-2.42.3-150400.4.67.1 * libwebkit2gtk-4_1-0-2.42.3-150400.4.67.1 * libwebkit2gtk-4_1-0-debuginfo-2.42.3-150400.4.67.1 * typelib-1_0-JavaScriptCore-4_0-2.42.3-150400.4.67.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.3-150400.4.67.1 * webkit-jsc-6.0-2.42.3-150400.4.67.1 * webkit2gtk3-soup2-minibrowser-debuginfo-2.42.3-150400.4.67.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.42.3-150400.4.67.1 * webkit2gtk3-minibrowser-2.42.3-150400.4.67.1 * webkit2gtk4-devel-2.42.3-150400.4.67.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.3-150400.4.67.1 * webkit-jsc-4.1-debuginfo-2.42.3-150400.4.67.1 * typelib-1_0-JavaScriptCore-4_1-2.42.3-150400.4.67.1 * libjavascriptcoregtk-6_0-1-2.42.3-150400.4.67.1 * webkit2gtk-4_1-injected-bundles-2.42.3-150400.4.67.1 * libwebkit2gtk-4_0-37-2.42.3-150400.4.67.1 * typelib-1_0-WebKit2WebExtension-4_1-2.42.3-150400.4.67.1 * webkit-jsc-6.0-debuginfo-2.42.3-150400.4.67.1 * libwebkitgtk-6_0-4-debuginfo-2.42.3-150400.4.67.1 * webkit2gtk-4_0-injected-bundles-2.42.3-150400.4.67.1 * webkit2gtk3-soup2-debugsource-2.42.3-150400.4.67.1 * webkit2gtk4-minibrowser-debuginfo-2.42.3-150400.4.67.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.42.3-150400.4.67.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.3-150400.4.67.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.42.3-150400.4.67.1 * libwebkitgtk-6_0-4-2.42.3-150400.4.67.1 * typelib-1_0-WebKit2-4_0-2.42.3-150400.4.67.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.3-150400.4.67.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.42.3-150400.4.67.1 * openSUSE Leap 15.5 (x86_64) * libjavascriptcoregtk-4_0-18-32bit-2.42.3-150400.4.67.1 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.42.3-150400.4.67.1 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.42.3-150400.4.67.1 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.42.3-150400.4.67.1 * libjavascriptcoregtk-4_1-0-32bit-2.42.3-150400.4.67.1 * libwebkit2gtk-4_0-37-32bit-2.42.3-150400.4.67.1 * libwebkit2gtk-4_1-0-32bit-2.42.3-150400.4.67.1 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.42.3-150400.4.67.1 * Basesystem Module 15-SP4 (noarch) * WebKitGTK-4.0-lang-2.42.3-150400.4.67.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-4_0-18-2.42.3-150400.4.67.1 * typelib-1_0-JavaScriptCore-4_0-2.42.3-150400.4.67.1 * webkit2gtk-4_0-injected-bundles-2.42.3-150400.4.67.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.3-150400.4.67.1 * webkit2gtk3-soup2-debugsource-2.42.3-150400.4.67.1 * webkit2gtk3-soup2-devel-2.42.3-150400.4.67.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.3-150400.4.67.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.3-150400.4.67.1 * typelib-1_0-WebKit2-4_0-2.42.3-150400.4.67.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.3-150400.4.67.1 * libwebkit2gtk-4_0-37-2.42.3-150400.4.67.1 * Basesystem Module 15-SP5 (noarch) * WebKitGTK-4.0-lang-2.42.3-150400.4.67.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-4_0-18-2.42.3-150400.4.67.1 * typelib-1_0-JavaScriptCore-4_0-2.42.3-150400.4.67.1 * webkit2gtk-4_0-injected-bundles-2.42.3-150400.4.67.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.3-150400.4.67.1 * webkit2gtk3-soup2-debugsource-2.42.3-150400.4.67.1 * webkit2gtk3-soup2-devel-2.42.3-150400.4.67.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.3-150400.4.67.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.3-150400.4.67.1 * typelib-1_0-WebKit2-4_0-2.42.3-150400.4.67.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.3-150400.4.67.1 * libwebkit2gtk-4_0-37-2.42.3-150400.4.67.1 * Desktop Applications Module 15-SP4 (noarch) * WebKitGTK-4.1-lang-2.42.3-150400.4.67.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-4_1-0-2.42.3-150400.4.67.1 * libwebkit2gtk-4_1-0-2.42.3-150400.4.67.1 * libwebkit2gtk-4_1-0-debuginfo-2.42.3-150400.4.67.1 * webkit2gtk3-debugsource-2.42.3-150400.4.67.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.42.3-150400.4.67.1 * typelib-1_0-WebKit2-4_1-2.42.3-150400.4.67.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.42.3-150400.4.67.1 * webkit2gtk3-devel-2.42.3-150400.4.67.1 * typelib-1_0-JavaScriptCore-4_1-2.42.3-150400.4.67.1 * webkit2gtk-4_1-injected-bundles-2.42.3-150400.4.67.1 * typelib-1_0-WebKit2WebExtension-4_1-2.42.3-150400.4.67.1 * Desktop Applications Module 15-SP5 (noarch) * WebKitGTK-4.1-lang-2.42.3-150400.4.67.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-4_1-0-2.42.3-150400.4.67.1 * libwebkit2gtk-4_1-0-2.42.3-150400.4.67.1 * libwebkit2gtk-4_1-0-debuginfo-2.42.3-150400.4.67.1 * webkit2gtk3-debugsource-2.42.3-150400.4.67.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.42.3-150400.4.67.1 * typelib-1_0-WebKit2-4_1-2.42.3-150400.4.67.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.42.3-150400.4.67.1 * webkit2gtk3-devel-2.42.3-150400.4.67.1 * typelib-1_0-JavaScriptCore-4_1-2.42.3-150400.4.67.1 * webkit2gtk-4_1-injected-bundles-2.42.3-150400.4.67.1 * typelib-1_0-WebKit2WebExtension-4_1-2.42.3-150400.4.67.1 * Development Tools Module 15-SP4 (noarch) * WebKitGTK-6.0-lang-2.42.3-150400.4.67.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-6_0-1-2.42.3-150400.4.67.1 * libwebkitgtk-6_0-4-debuginfo-2.42.3-150400.4.67.1 * webkitgtk-6_0-injected-bundles-2.42.3-150400.4.67.1 * libwebkitgtk-6_0-4-2.42.3-150400.4.67.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.42.3-150400.4.67.1 * webkit2gtk4-debugsource-2.42.3-150400.4.67.1 * Development Tools Module 15-SP5 (noarch) * WebKitGTK-6.0-lang-2.42.3-150400.4.67.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-6_0-1-2.42.3-150400.4.67.1 * libwebkitgtk-6_0-4-debuginfo-2.42.3-150400.4.67.1 * webkitgtk-6_0-injected-bundles-2.42.3-150400.4.67.1 * libwebkitgtk-6_0-4-2.42.3-150400.4.67.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.42.3-150400.4.67.1 * webkit2gtk4-debugsource-2.42.3-150400.4.67.1 ## References: * https://www.suse.com/security/cve/CVE-2023-42916.html * https://www.suse.com/security/cve/CVE-2023-42917.html * https://bugzilla.suse.com/show_bug.cgi?id=1217844 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:30:39 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:30:39 -0000 Subject: SUSE-SU-2023:4827-1: important: Security update for webkit2gtk3 Message-ID: <170255703991.23207.8906333386806152568@smelt2.prg2.suse.org> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:4827-1 Rating: important References: * bsc#1217844 Cross-References: * CVE-2023-42916 * CVE-2023-42917 CVSS scores: * CVE-2023-42916 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-42916 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-42917 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-42917 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.42.3 (bsc#1217844): * Fix flickering while playing videos with DMA-BUF sink. * Fix color picker being triggered in the inspector when typing "tan". * Do not special case the "sans" font family name. * Fix build failure with libxml2 version 2.12.0 due to an API change. * Fix several crashes and rendering issues. * Security fixes: CVE-2023-42916, CVE-2023-42917. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4827=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4827=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4827=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4827=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4827=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit2WebExtension-4_0-2.42.3-2.161.1 * webkit2gtk3-devel-2.42.3-2.161.1 * webkit2gtk3-debugsource-2.42.3-2.161.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * webkit2gtk-4_0-injected-bundles-2.42.3-2.161.1 * libjavascriptcoregtk-4_0-18-2.42.3-2.161.1 * webkit2gtk3-debugsource-2.42.3-2.161.1 * typelib-1_0-WebKit2-4_0-2.42.3-2.161.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.3-2.161.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.3-2.161.1 * typelib-1_0-JavaScriptCore-4_0-2.42.3-2.161.1 * libwebkit2gtk-4_0-37-2.42.3-2.161.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.3-2.161.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.3-2.161.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * libwebkit2gtk3-lang-2.42.3-2.161.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_0-injected-bundles-2.42.3-2.161.1 * libjavascriptcoregtk-4_0-18-2.42.3-2.161.1 * webkit2gtk3-debugsource-2.42.3-2.161.1 * typelib-1_0-WebKit2-4_0-2.42.3-2.161.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.3-2.161.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.3-2.161.1 * typelib-1_0-JavaScriptCore-4_0-2.42.3-2.161.1 * libwebkit2gtk-4_0-37-2.42.3-2.161.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.3-2.161.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.3-2.161.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * libwebkit2gtk3-lang-2.42.3-2.161.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * webkit2gtk-4_0-injected-bundles-2.42.3-2.161.1 * libjavascriptcoregtk-4_0-18-2.42.3-2.161.1 * webkit2gtk3-debugsource-2.42.3-2.161.1 * typelib-1_0-WebKit2-4_0-2.42.3-2.161.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.3-2.161.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.3-2.161.1 * typelib-1_0-JavaScriptCore-4_0-2.42.3-2.161.1 * libwebkit2gtk-4_0-37-2.42.3-2.161.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.3-2.161.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.3-2.161.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * libwebkit2gtk3-lang-2.42.3-2.161.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libjavascriptcoregtk-4_0-18-32bit-2.42.3-2.161.1 ## References: * https://www.suse.com/security/cve/CVE-2023-42916.html * https://www.suse.com/security/cve/CVE-2023-42917.html * https://bugzilla.suse.com/show_bug.cgi?id=1217844 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:30:42 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:30:42 -0000 Subject: SUSE-SU-2023:4825-1: important: Security update for squid Message-ID: <170255704246.23207.14205879199218292094@smelt2.prg2.suse.org> # Security update for squid Announcement ID: SUSE-SU-2023:4825-1 Rating: important References: * bsc#1217654 * bsc#1217813 * bsc#1217815 Cross-References: * CVE-2023-49285 * CVE-2023-49286 CVSS scores: * CVE-2023-49285 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2023-49285 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-49286 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2023-49286 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for squid fixes the following issues: * CVE-2023-49285: Fixed buffer over read bug on HTTP Message processing flow (bsc#1217813) * CVE-2023-49286: Fixed Denial of Service vulnerability in helper process management (bsc#1217815) * Fix X-Forwarded-For Stack Overflow (bsc#1217654) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4825=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4825=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4825=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4825=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4825=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4825=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4825=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4825=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4825=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4825=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4825=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * squid-debuginfo-4.17-150000.5.46.1 * squid-debugsource-4.17-150000.5.46.1 * squid-4.17-150000.5.46.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * squid-debuginfo-4.17-150000.5.46.1 * squid-debugsource-4.17-150000.5.46.1 * squid-4.17-150000.5.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * squid-debuginfo-4.17-150000.5.46.1 * squid-debugsource-4.17-150000.5.46.1 * squid-4.17-150000.5.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * squid-debuginfo-4.17-150000.5.46.1 * squid-debugsource-4.17-150000.5.46.1 * squid-4.17-150000.5.46.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * squid-debuginfo-4.17-150000.5.46.1 * squid-debugsource-4.17-150000.5.46.1 * squid-4.17-150000.5.46.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * squid-debuginfo-4.17-150000.5.46.1 * squid-debugsource-4.17-150000.5.46.1 * squid-4.17-150000.5.46.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * squid-debuginfo-4.17-150000.5.46.1 * squid-debugsource-4.17-150000.5.46.1 * squid-4.17-150000.5.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * squid-debuginfo-4.17-150000.5.46.1 * squid-debugsource-4.17-150000.5.46.1 * squid-4.17-150000.5.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * squid-debuginfo-4.17-150000.5.46.1 * squid-debugsource-4.17-150000.5.46.1 * squid-4.17-150000.5.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * squid-debuginfo-4.17-150000.5.46.1 * squid-debugsource-4.17-150000.5.46.1 * squid-4.17-150000.5.46.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * squid-debuginfo-4.17-150000.5.46.1 * squid-debugsource-4.17-150000.5.46.1 * squid-4.17-150000.5.46.1 * SUSE CaaS Platform 4.0 (x86_64) * squid-debuginfo-4.17-150000.5.46.1 * squid-debugsource-4.17-150000.5.46.1 * squid-4.17-150000.5.46.1 ## References: * https://www.suse.com/security/cve/CVE-2023-49285.html * https://www.suse.com/security/cve/CVE-2023-49286.html * https://bugzilla.suse.com/show_bug.cgi?id=1217654 * https://bugzilla.suse.com/show_bug.cgi?id=1217813 * https://bugzilla.suse.com/show_bug.cgi?id=1217815 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:30:45 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:30:45 -0000 Subject: SUSE-SU-2023:4824-1: important: Security update for webkit2gtk3 Message-ID: <170255704514.23207.4007348079698278078@smelt2.prg2.suse.org> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:4824-1 Rating: important References: * bsc#1217844 Cross-References: * CVE-2023-42916 * CVE-2023-42917 CVSS scores: * CVE-2023-42916 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-42916 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-42917 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-42917 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.42.3 (bsc#1217844): * Fix flickering while playing videos with DMA-BUF sink. * Fix color picker being triggered in the inspector when typing "tan". * Do not special case the "sans" font family name. * Fix build failure with libxml2 version 2.12.0 due to an API change. * Fix several crashes and rendering issues. * Security fixes: CVE-2023-42916, CVE-2023-42917. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4824=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4824=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4824=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4824=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4824=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4824=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4824=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4824=1 ## Package List: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-debugsource-2.42.3-150200.94.1 * libjavascriptcoregtk-4_0-18-2.42.3-150200.94.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.3-150200.94.1 * webkit2gtk3-devel-2.42.3-150200.94.1 * typelib-1_0-JavaScriptCore-4_0-2.42.3-150200.94.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.3-150200.94.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.3-150200.94.1 * webkit2gtk-4_0-injected-bundles-2.42.3-150200.94.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.3-150200.94.1 * libwebkit2gtk-4_0-37-2.42.3-150200.94.1 * typelib-1_0-WebKit2-4_0-2.42.3-150200.94.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * libwebkit2gtk3-lang-2.42.3-150200.94.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * webkit2gtk3-debugsource-2.42.3-150200.94.1 * libjavascriptcoregtk-4_0-18-2.42.3-150200.94.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.3-150200.94.1 * webkit2gtk3-devel-2.42.3-150200.94.1 * typelib-1_0-JavaScriptCore-4_0-2.42.3-150200.94.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.3-150200.94.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.3-150200.94.1 * webkit2gtk-4_0-injected-bundles-2.42.3-150200.94.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.3-150200.94.1 * libwebkit2gtk-4_0-37-2.42.3-150200.94.1 * typelib-1_0-WebKit2-4_0-2.42.3-150200.94.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * libwebkit2gtk3-lang-2.42.3-150200.94.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * webkit2gtk3-debugsource-2.42.3-150200.94.1 * libjavascriptcoregtk-4_0-18-2.42.3-150200.94.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.3-150200.94.1 * webkit2gtk3-devel-2.42.3-150200.94.1 * typelib-1_0-JavaScriptCore-4_0-2.42.3-150200.94.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.3-150200.94.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.3-150200.94.1 * webkit2gtk-4_0-injected-bundles-2.42.3-150200.94.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.3-150200.94.1 * libwebkit2gtk-4_0-37-2.42.3-150200.94.1 * typelib-1_0-WebKit2-4_0-2.42.3-150200.94.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * libwebkit2gtk3-lang-2.42.3-150200.94.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * webkit2gtk3-debugsource-2.42.3-150200.94.1 * libjavascriptcoregtk-4_0-18-2.42.3-150200.94.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.3-150200.94.1 * webkit2gtk3-devel-2.42.3-150200.94.1 * typelib-1_0-JavaScriptCore-4_0-2.42.3-150200.94.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.3-150200.94.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.3-150200.94.1 * webkit2gtk-4_0-injected-bundles-2.42.3-150200.94.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.3-150200.94.1 * libwebkit2gtk-4_0-37-2.42.3-150200.94.1 * typelib-1_0-WebKit2-4_0-2.42.3-150200.94.1 * SUSE Enterprise Storage 7.1 (noarch) * libwebkit2gtk3-lang-2.42.3-150200.94.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * webkit2gtk3-debugsource-2.42.3-150200.94.1 * libjavascriptcoregtk-4_0-18-2.42.3-150200.94.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.3-150200.94.1 * webkit2gtk3-devel-2.42.3-150200.94.1 * typelib-1_0-JavaScriptCore-4_0-2.42.3-150200.94.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.3-150200.94.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.3-150200.94.1 * webkit2gtk-4_0-injected-bundles-2.42.3-150200.94.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.3-150200.94.1 * libwebkit2gtk-4_0-37-2.42.3-150200.94.1 * typelib-1_0-WebKit2-4_0-2.42.3-150200.94.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * libwebkit2gtk3-lang-2.42.3-150200.94.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * webkit2gtk3-debugsource-2.42.3-150200.94.1 * libjavascriptcoregtk-4_0-18-2.42.3-150200.94.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.3-150200.94.1 * webkit2gtk3-devel-2.42.3-150200.94.1 * typelib-1_0-JavaScriptCore-4_0-2.42.3-150200.94.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.3-150200.94.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.3-150200.94.1 * webkit2gtk-4_0-injected-bundles-2.42.3-150200.94.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.3-150200.94.1 * libwebkit2gtk-4_0-37-2.42.3-150200.94.1 * typelib-1_0-WebKit2-4_0-2.42.3-150200.94.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * libwebkit2gtk3-lang-2.42.3-150200.94.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * webkit2gtk3-debugsource-2.42.3-150200.94.1 * libjavascriptcoregtk-4_0-18-2.42.3-150200.94.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.3-150200.94.1 * webkit2gtk3-devel-2.42.3-150200.94.1 * typelib-1_0-JavaScriptCore-4_0-2.42.3-150200.94.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.3-150200.94.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.3-150200.94.1 * webkit2gtk-4_0-injected-bundles-2.42.3-150200.94.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.3-150200.94.1 * libwebkit2gtk-4_0-37-2.42.3-150200.94.1 * typelib-1_0-WebKit2-4_0-2.42.3-150200.94.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * libwebkit2gtk3-lang-2.42.3-150200.94.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-debugsource-2.42.3-150200.94.1 * libjavascriptcoregtk-4_0-18-2.42.3-150200.94.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.3-150200.94.1 * webkit2gtk3-devel-2.42.3-150200.94.1 * typelib-1_0-JavaScriptCore-4_0-2.42.3-150200.94.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.3-150200.94.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.3-150200.94.1 * webkit2gtk-4_0-injected-bundles-2.42.3-150200.94.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.3-150200.94.1 * libwebkit2gtk-4_0-37-2.42.3-150200.94.1 * typelib-1_0-WebKit2-4_0-2.42.3-150200.94.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * libwebkit2gtk3-lang-2.42.3-150200.94.1 ## References: * https://www.suse.com/security/cve/CVE-2023-42916.html * https://www.suse.com/security/cve/CVE-2023-42917.html * https://bugzilla.suse.com/show_bug.cgi?id=1217844 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:30:48 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:30:48 -0000 Subject: SUSE-RU-2023:4823-1: important: Recommended update for xrdp Message-ID: <170255704844.23207.6224258710352021940@smelt2.prg2.suse.org> # Recommended update for xrdp Announcement ID: SUSE-RU-2023:4823-1 Rating: important References: * bsc#1217759 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for xrdp fixes the following issues: * Fix an issue where the login screen did not show any text in some cases (bsc#1217759) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4823=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4823=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4823=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4823=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpainter0-0.9.13.1-150200.4.30.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.30.1 * xrdp-0.9.13.1-150200.4.30.1 * librfxencode0-0.9.13.1-150200.4.30.1 * xrdp-devel-0.9.13.1-150200.4.30.1 * libpainter0-debuginfo-0.9.13.1-150200.4.30.1 * xrdp-debuginfo-0.9.13.1-150200.4.30.1 * xrdp-debugsource-0.9.13.1-150200.4.30.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libpainter0-0.9.13.1-150200.4.30.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.30.1 * xrdp-0.9.13.1-150200.4.30.1 * librfxencode0-0.9.13.1-150200.4.30.1 * xrdp-devel-0.9.13.1-150200.4.30.1 * libpainter0-debuginfo-0.9.13.1-150200.4.30.1 * xrdp-debuginfo-0.9.13.1-150200.4.30.1 * xrdp-debugsource-0.9.13.1-150200.4.30.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libpainter0-0.9.13.1-150200.4.30.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.30.1 * xrdp-0.9.13.1-150200.4.30.1 * librfxencode0-0.9.13.1-150200.4.30.1 * xrdp-devel-0.9.13.1-150200.4.30.1 * libpainter0-debuginfo-0.9.13.1-150200.4.30.1 * xrdp-debuginfo-0.9.13.1-150200.4.30.1 * xrdp-debugsource-0.9.13.1-150200.4.30.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libpainter0-0.9.13.1-150200.4.30.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.30.1 * xrdp-0.9.13.1-150200.4.30.1 * librfxencode0-0.9.13.1-150200.4.30.1 * xrdp-devel-0.9.13.1-150200.4.30.1 * libpainter0-debuginfo-0.9.13.1-150200.4.30.1 * xrdp-debuginfo-0.9.13.1-150200.4.30.1 * xrdp-debugsource-0.9.13.1-150200.4.30.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1217759 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:30:49 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:30:49 -0000 Subject: SUSE-SU-2023:4757-1: important: Security update for SUSE Manager Salt Bundle Message-ID: <170255704954.23207.15684981796616518462@smelt2.prg2.suse.org> # Security update for SUSE Manager Salt Bundle Announcement ID: SUSE-SU-2023:4757-1 Rating: important References: * bsc#1213351 * bsc#1214477 * bsc#1215157 * jsc#MSQA-708 Cross-References: * CVE-2023-34049 CVSS scores: * CVE-2023-34049 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 An update that solves one vulnerability, contains one feature and has two security fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Security fixes: * CVE-2023-34049: Arbitrary code execution via symlink attack (bsc#1215157) * Non security fixes: * Add python dateutil module to the bundle * Allow all primitive grain types for autosign_grains (bsc#1214477) * Remove non-free RNG schema file (bsc#1213351) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 zypper in -t patch SUSE-EL-9-CLIENT-TOOLS-2023-4757=1 ## Package List: * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-1.30.3 ## References: * https://www.suse.com/security/cve/CVE-2023-34049.html * https://bugzilla.suse.com/show_bug.cgi?id=1213351 * https://bugzilla.suse.com/show_bug.cgi?id=1214477 * https://bugzilla.suse.com/show_bug.cgi?id=1215157 * https://jira.suse.com/browse/MSQA-708 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:30:51 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:30:51 -0000 Subject: SUSE-SU-2023:4754-1: important: Security update for SUSE Manager Salt Bundle Message-ID: <170255705104.23207.14765465119813452299@smelt2.prg2.suse.org> # Security update for SUSE Manager Salt Bundle Announcement ID: SUSE-SU-2023:4754-1 Rating: important References: * bsc#1213351 * bsc#1214477 * bsc#1215157 * jsc#MSQA-708 Cross-References: * CVE-2023-34049 CVSS scores: * CVE-2023-34049 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Manager Client Tools for Debian 12 An update that solves one vulnerability, contains one feature and has two security fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Security fixes: * CVE-2023-34049: Arbitrary code execution via symlink attack (bsc#1215157) * Non security fixes: * Add python dateutil module to the bundle * Allow all primitive grain types for autosign_grains (bsc#1214477) * Remove non-free RNG schema file (bsc#1213351) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Debian 12 zypper in -t patch SUSE-Debian-12-CLIENT-TOOLS-x86_64-2023-4754=1 ## Package List: * SUSE Manager Client Tools for Debian 12 (amd64) * venv-salt-minion-3006.0-2.6.3 ## References: * https://www.suse.com/security/cve/CVE-2023-34049.html * https://bugzilla.suse.com/show_bug.cgi?id=1213351 * https://bugzilla.suse.com/show_bug.cgi?id=1214477 * https://bugzilla.suse.com/show_bug.cgi?id=1215157 * https://jira.suse.com/browse/MSQA-708 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:30:53 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:30:53 -0000 Subject: SUSE-SU-2023:4753-1: important: Security update for SUSE Manager Salt Bundle Message-ID: <170255705370.23207.17289746481936588243@smelt2.prg2.suse.org> # Security update for SUSE Manager Salt Bundle Announcement ID: SUSE-SU-2023:4753-1 Rating: important References: * bsc#1213351 * bsc#1214477 * bsc#1215157 * jsc#MSQA-708 Cross-References: * CVE-2023-34049 CVSS scores: * CVE-2023-34049 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Manager Client Tools for Debian 11 An update that solves one vulnerability, contains one feature and has two security fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Security fixes: * CVE-2023-34049: Arbitrary code execution via symlink attack (bsc#1215157) * Non security fixes: * Add python dateutil module to the bundle * Allow all primitive grain types for autosign_grains (bsc#1214477) * Remove non-free RNG schema file (bsc#1213351) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Debian 11 zypper in -t patch SUSE-Debian-11-CLIENT-TOOLS-x86_64-2023-4753=1 ## Package List: * SUSE Manager Client Tools for Debian 11 (amd64) * venv-salt-minion-3006.0-2.44.4 ## References: * https://www.suse.com/security/cve/CVE-2023-34049.html * https://bugzilla.suse.com/show_bug.cgi?id=1213351 * https://bugzilla.suse.com/show_bug.cgi?id=1214477 * https://bugzilla.suse.com/show_bug.cgi?id=1215157 * https://jira.suse.com/browse/MSQA-708 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:30:58 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:30:58 -0000 Subject: SUSE-SU-2023:4749-1: important: Security update for SUSE Manager Salt Bundle Message-ID: <170255705808.23207.1266836368482869200@smelt2.prg2.suse.org> # Security update for SUSE Manager Salt Bundle Announcement ID: SUSE-SU-2023:4749-1 Rating: important References: * bsc#1213351 * bsc#1214477 * bsc#1215157 * jsc#MSQA-708 Cross-References: * CVE-2023-34049 CVSS scores: * CVE-2023-34049 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 * SUSE Linux Enterprise Desktop 15 SP1 * SUSE Linux Enterprise Desktop 15 SP2 * SUSE Linux Enterprise Desktop 15 SP3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP1 * SUSE Linux Enterprise Real Time 15 SP2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Client Tools for SLE 15 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that solves one vulnerability, contains one feature and has two security fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Security fixes: * CVE-2023-34049: Arbitrary code execution via symlink attack (bsc#1215157) * Non security fixes: * Add python dateutil module to the bundle * Allow all primitive grain types for autosign_grains (bsc#1214477) * Remove non-free RNG schema file (bsc#1213351) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 15 zypper in -t patch SUSE-SLE-Manager-Tools-15-2023-4749=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2023-4749=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-4749=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-4749=1 ## Package List: * SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150000.3.48.2 * SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64) * venv-salt-minion-3006.0-150000.3.48.2 * SUSE Manager Proxy 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150000.3.48.2 * SUSE Manager Server 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150000.3.48.2 ## References: * https://www.suse.com/security/cve/CVE-2023-34049.html * https://bugzilla.suse.com/show_bug.cgi?id=1213351 * https://bugzilla.suse.com/show_bug.cgi?id=1214477 * https://bugzilla.suse.com/show_bug.cgi?id=1215157 * https://jira.suse.com/browse/MSQA-708 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:30:56 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:30:56 -0000 Subject: SUSE-SU-2023:4752-1: important: Security update for SUSE Manager Salt Bundle Message-ID: <170255705642.23207.6251011344796689128@smelt2.prg2.suse.org> # Security update for SUSE Manager Salt Bundle Announcement ID: SUSE-SU-2023:4752-1 Rating: important References: * bsc#1213351 * bsc#1214477 * bsc#1215157 * jsc#MSQA-708 Cross-References: * CVE-2023-34049 CVSS scores: * CVE-2023-34049 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Manager Client Tools for Debian 10 An update that solves one vulnerability, contains one feature and has two security fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Security fixes: * CVE-2023-34049: Arbitrary code execution via symlink attack (bsc#1215157) * Non security fixes: * Add python dateutil module to the bundle * Allow all primitive grain types for autosign_grains (bsc#1214477) * Remove non-free RNG schema file (bsc#1213351) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Debian 10 zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2023-4752=1 ## Package List: * SUSE Manager Client Tools for Debian 10 (amd64) * venv-salt-minion-3006.0-2.46.4 ## References: * https://www.suse.com/security/cve/CVE-2023-34049.html * https://bugzilla.suse.com/show_bug.cgi?id=1213351 * https://bugzilla.suse.com/show_bug.cgi?id=1214477 * https://bugzilla.suse.com/show_bug.cgi?id=1215157 * https://jira.suse.com/browse/MSQA-708 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:01 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:01 -0000 Subject: SUSE-RU-2023:4747-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <170255706135.23207.11141710625169443012@smelt2.prg2.suse.org> # Recommended update for SUSE Manager Client Tools Announcement ID: SUSE-RU-2023:4747-1 Rating: moderate References: * jsc#MSQA-708 Affected Products: * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 An update that contains one feature can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 4.3.25-1 * Update translation strings ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 zypper in -t patch SUSE-EL-9-CLIENT-TOOLS-2023-4747=1 ## Package List: * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 (noarch) * spacecmd-4.3.25-1.24.1 ## References: * https://jira.suse.com/browse/MSQA-708 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:30:59 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:30:59 -0000 Subject: SUSE-SU-2023:4748-1: important: Security update for SUSE Manager Salt Bundle Message-ID: <170255705980.23207.9805084343572302901@smelt2.prg2.suse.org> # Security update for SUSE Manager Salt Bundle Announcement ID: SUSE-SU-2023:4748-1 Rating: important References: * bsc#1213351 * bsc#1214477 * bsc#1215157 * jsc#MSQA-708 Cross-References: * CVE-2023-34049 CVSS scores: * CVE-2023-34049 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Desktop 12 * SUSE Linux Enterprise Desktop 12 SP1 * SUSE Linux Enterprise Desktop 12 SP2 * SUSE Linux Enterprise Desktop 12 SP3 * SUSE Linux Enterprise Desktop 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 * SUSE Manager Client Tools for SLE 12 An update that solves one vulnerability, contains one feature and has two security fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Security fixes: * CVE-2023-34049: Arbitrary code execution via symlink attack (bsc#1215157) * Non security fixes: * Add python dateutil module to the bundle * Allow all primitive grain types for autosign_grains (bsc#1214477) * Remove non-free RNG schema file (bsc#1213351) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 12 zypper in -t patch SUSE-SLE-Manager-Tools-12-2023-4748=1 ## Package List: * SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-3.46.2 ## References: * https://www.suse.com/security/cve/CVE-2023-34049.html * https://bugzilla.suse.com/show_bug.cgi?id=1213351 * https://bugzilla.suse.com/show_bug.cgi?id=1214477 * https://bugzilla.suse.com/show_bug.cgi?id=1215157 * https://jira.suse.com/browse/MSQA-708 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:04 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:04 -0000 Subject: SUSE-SU-2023:4742-1: important: Security update for SUSE Manager Client Tools Message-ID: <170255706447.23207.16915157525058765201@smelt2.prg2.suse.org> # Security update for SUSE Manager Client Tools Announcement ID: SUSE-SU-2023:4742-1 Rating: important References: * bsc#1214477 * bsc#1215157 * jsc#MSQA-708 Cross-References: * CVE-2023-34049 CVSS scores: * CVE-2023-34049 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Manager Client Tools for Debian 10 An update that solves one vulnerability, contains one feature and has one security fix can now be installed. ## Description: This update fixes the following issues: salt: * Security fixes: * CVE-2023-34049: Arbitrary code execution via symlink attack (bsc#1215157) * Non security fixes: * Allow all primitive grain types for autosign_grains (bsc#1214477) spacecmd: * Version 4.3.25-1 * Update translation strings ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Debian 10 zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2023-4742=1 ## Package List: * SUSE Manager Client Tools for Debian 10 (all) * spacecmd-4.3.25-2.60.1 * salt-common-3006.0+ds-1+2.94.1 * salt-minion-3006.0+ds-1+2.94.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34049.html * https://bugzilla.suse.com/show_bug.cgi?id=1214477 * https://bugzilla.suse.com/show_bug.cgi?id=1215157 * https://jira.suse.com/browse/MSQA-708 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:02 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:02 -0000 Subject: SUSE-RU-2023:4743-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <170255706241.23207.16500515686033447158@smelt2.prg2.suse.org> # Recommended update for SUSE Manager Client Tools Announcement ID: SUSE-RU-2023:4743-1 Rating: moderate References: * jsc#MSQA-708 Affected Products: * SUSE Manager Client Tools for Debian 11 An update that contains one feature can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 4.3.25-1 * Update translation strings ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Debian 11 zypper in -t patch SUSE-Debian-11-CLIENT-TOOLS-x86_64-2023-4743=1 ## Package List: * SUSE Manager Client Tools for Debian 11 (all) * spacecmd-4.3.25-2.33.1 ## References: * https://jira.suse.com/browse/MSQA-708 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:06 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:06 -0000 Subject: SUSE-RU-2023:4739-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <170255706675.23207.503344274744391097@smelt2.prg2.suse.org> # Recommended update for SUSE Manager Client Tools Announcement ID: SUSE-RU-2023:4739-1 Rating: moderate References: * jsc#MSQA-708 Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 * SUSE Linux Enterprise Desktop 15 SP1 * SUSE Linux Enterprise Desktop 15 SP2 * SUSE Linux Enterprise Desktop 15 SP3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP1 * SUSE Linux Enterprise Real Time 15 SP2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Client Tools for SLE 15 An update that contains one feature can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 4.3.25-1 * Update translation strings spacewalk-client-tools: * Version 4.3.17-1 * Update translation strings ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 15 zypper in -t patch SUSE-SLE-Manager-Tools-15-2023-4739=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4739=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4739=1 ## Package List: * SUSE Manager Client Tools for SLE 15 (noarch) * python3-spacewalk-client-setup-4.3.17-150000.3.83.1 * python3-spacewalk-client-tools-4.3.17-150000.3.83.1 * spacecmd-4.3.25-150000.3.110.1 * spacewalk-client-setup-4.3.17-150000.3.83.1 * spacewalk-check-4.3.17-150000.3.83.1 * spacewalk-client-tools-4.3.17-150000.3.83.1 * python3-spacewalk-check-4.3.17-150000.3.83.1 * openSUSE Leap 15.4 (noarch) * spacecmd-4.3.25-150000.3.110.1 * openSUSE Leap 15.5 (noarch) * spacecmd-4.3.25-150000.3.110.1 ## References: * https://jira.suse.com/browse/MSQA-708 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:09 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:09 -0000 Subject: SUSE-SU-2023:4737-1: important: Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Message-ID: <170255706963.23207.15971794163743500906@smelt2.prg2.suse.org> # Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Announcement ID: SUSE-SU-2023:4737-1 Rating: important References: * bsc#1191143 * bsc#1204235 * bsc#1207012 * bsc#1207532 * bsc#1210928 * bsc#1210930 * bsc#1211355 * bsc#1211560 * bsc#1211649 * bsc#1212695 * bsc#1212904 * bsc#1213469 * bsc#1214186 * bsc#1214471 * bsc#1214601 * bsc#1214759 * bsc#1215209 * bsc#1215514 * bsc#1215949 * bsc#1216030 * bsc#1216041 * bsc#1216085 * bsc#1216128 * bsc#1216380 * bsc#1216506 * bsc#1216555 * bsc#1216690 * bsc#1216754 * bsc#1217038 * bsc#1217223 * bsc#1217224 * jsc#MSQA-708 * jsc#SUMA-282 Cross-References: * CVE-2023-22644 CVSS scores: * CVE-2023-22644 ( NVD ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that solves one vulnerability, contains two features and has 30 security fixes can now be installed. ## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3 ### Description: This update fixes the following issues: spacecmd: * Version 4.3.25-1 * Update translation strings spacewalk-backend: * Version 4.3.25-1 * Use the new apache2-mod_wsgi package name * Set stricter file permissions for config file * Add table statistics and options to the support config database output * Add CLM data collection to spacewalk-debug spacewalk-client-tools: * Version 4.3.17-1 * Update translation strings spacewalk-proxy: * Version 4.3.17-1 * Use the new apache2-mod_wsgi package name spacewalk-web: * Version 4.3.36-1 * Safeguard request URLs against tempering (bsc#1216754) * Improve datetimepicker input formatting * Improve logging to better capture third-party library issues * Simplify and modernize password generation logic * Update webpack to 5.88.2 * Handle new message from subscription-matcher (bsc#1216506) * Add sanity checks for FQDNs in proxy configuration dialog * Add option to filter packages by build time in CLM (jsc#SUMA-282) susemanager-tftpsync-recv: * Version 4.3.9-1 * Use the new apache2-mod_wsgi package name * Build with Python 3 and clean up references to Python 2 How to apply this update: 1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server. 2. Stop the proxy service: `spacewalk-proxy stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-proxy start` ## Security update for SUSE Manager Server 4.3 ### Description: This update fixes the following issues: billing-data-service: * Version 4.3.2-1 * Relax dependency to csp-billing-adapter-service inter-server-sync: * Version 0.3.1 * Require at least Go 1.20 for building SUSE packages spacecmd: * Version 4.3.25-1 * Update translation strings spacewalk-backend: * Version 4.3.25-1 * Use the new apache2-mod_wsgi package name * Set stricter file permissions for config file * Add table statistics and options to the support config database output * Add CLM data collection to spacewalk-debug spacewalk-client-tools: * Version 4.3.17-1 * Update translation strings spacewalk-java: * Version 4.3.69-1 * Security fixes: * CVE-2023-22644: Sanitize token before logging it (bsc#1210930) * CVE-2023-22644: Fix permissions for logfiles (bsc#1210928) * CVE-2023-22644: Log potential sensitive information only in debug mode (bsc#1210928) * Non security fixes: * Include in API response reboot_suggested and restart_suggested booleans * Fix filter ID comparison when attaching filters to a CLM project (bsc#1215949) * Fix validation of lists with empty defaults in formulas (bsc#1216555) * Safeguard request URLs against tempering (bsc#1216754) * Improve logging to better capture third-party library issues * Fix issue of non-installed package listed as errata package update candidates (bsc#1212904) * Fix issue with reporting database query pagination * Update tomcat jars to version greater than 9.0.75 * Fix notification messages email content (bsc#1216041) * Look for the PAYG CA certificate location in different order to find and import the correct one (bsc#1214759) * Add salt-api socket timeout to abort stuck taskomatic jobs (bsc#1211649) * Fix SUSE Linux Enterprise Micro PAYG detection * Wait for lock to execute SCC sync task (bsc#1216030) * Fix url pointing to SCC (bsc#1216690) * Prevent download when a PAYG Server is not compliant * Fix system.provisionSystem xmlrpc endpoint to calculate host properly (bsc#1215209) * Include "uuid" as system search xmlrpc results (bsc#1216380) * Prevent losing Remote Command action result if returned JSON cannot be parsed * Add PAYG info to UI and rest API * Add management restrictions to SUMA PAYG when dealing with BYOS instances when no SCC credentials are set * Fix issue where bad SCC credentials were preventing other credentials to refresh (bsc#1211355) * Fix conversion to string if branchid is numeric in PXEEvent * Fix token validation for shared (public) child channels (bsc#1216128) * Prevent NullPointerException in updateSystemInfo (bsc#1217224) * Update SCC REST call to register systems in bulk * Enhance hardware data sent to SCC by memory * Fix FQDN machine name mapping on proxy configuration * Fix NullPointerException when creating PXE config for an unmanaged profile (bsc#1217223) * Add option to filter packages by build time in CLM (jsc#SUMA-282) * Consider server id when removing invalid erratas from rhnSet (bsc#1204235,bsc#1207012,bsc#1211560) * Fix createSystemRecord XML-RPC API call so the Cobbler UID is persisted (bsc#1207532) spacewalk-search: * Version 4.3.10-1 * Include "uuid" as system search result attribute (bsc#1216380) spacewalk-web: * Version 4.3.36-1 * Safeguard request URLs against tempering (bsc#1216754) * Improve datetimepicker input formatting * Improve logging to better capture third-party library issues * Simplify and modernize password generation logic * Update webpack to 5.88.2 * Handle new message from subscription-matcher (bsc#1216506) * Add sanity checks for FQDNs in proxy configuration dialog * Add option to filter packages by build time in CLM (jsc#SUMA-282) subscription-matcher: * Version 0.33 * Added missing part numbers (bsc#1216506) * Ignore subscriptions without any associated products (bsc#1216506) * Update Guava to version 32.0 susemanager: * Version 4.3.33-1 * Add bootstrap repository data for SUSE Linux Enterprise Micro 5.5 (bsc#1217038) susemanager-docs_en: * Add SUSE Liberty Linux versions 7 and 8 to the supported features matrix in the Client Configuration Guide * Add support for SUSE Linux Enterprise Micro 5.5 and openSUSE Leap Micro 5.5 clients to the Installation and Upgrade Guide, and to the Client Configuration Guide * Update Twitter handle reference in documentation user interface * Update feature table and add legend in the Configuration Management section of the Client Configuration Guide * Fix parameter name in the Register clients section of the Client Configuration Guide * Fix links to HTML output of SUSE Linux Enterprise Server 15 SP4 documentation * Add note about using short hostname in the Quick Start: SAP guide (bsc#1212695) * Mention the option to install Prometheus on Retail branch servers (bsc#1191143) * Fix link loop and clarify some server upgrade description details in the Installation and Upgrade Guide (bsc#1214471) * SUSE Manager 4.3 is based on SUSE Linux Enterprise 15 SP4; update the installation procedure (bsc#1213469) susemanager-schema: * Version 4.3.22-1 * Drop special versioned schema files * Add unique index for rhnpackagechangelogdata table susemanager-sls: * Version 4.3.37-1 * Disable dnf_rhui_plugin as it breaks our susemanagerplugin (bsc#1214601) * Fix susemanagerplugin to not overwrite header fields set by other plugins * Let the DNF plugin log when a token was set * Retry loading of pillars from DB on connection error (bsc#1214186) * Recognize squashfs build results from KIWI (bsc#1216085) susemanager-sync-data: * Version 4.3.14-1 * SUSE Linux Enterprise 15 SP4 Long Term Service Pack Support (LTSS) * Extended Service Pack Overlay Support (ESPOS) for High Performance Computing 15 SP5 * Long Term Service Pack Support (LTSS) for High Performance Computing 15 SP5 * Update Open Enterprise Server to 2023.4 (bsc#1215514) uyuni-reportdb-schema: * Version 4.3.8-1 * Provide reportdb upgrade schema path structure How to apply this update: 1. Log in as root user to the SUSE Manager Server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` ## Recommended update for apache2-mod_wsgi ### Description: This update fixes the following issues: apache2-mod_wsgi: * Ensure the binaries are included in SUSE Manager Server ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4737=1 openSUSE-SLE-15.4-2023-4737=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4737=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4737=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4737=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-4737=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-4737=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4 * apache2-mod_wsgi-4.7.1-150400.3.9.4 * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4 * apache2-mod_wsgi-4.7.1-150400.3.9.4 * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4 * apache2-mod_wsgi-4.7.1-150400.3.9.4 * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4 * apache2-mod_wsgi-4.7.1-150400.3.9.4 * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4 * SUSE Manager Proxy 4.3 Module 4.3 (x86_64) * apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4 * apache2-mod_wsgi-4.7.1-150400.3.9.4 * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4 * SUSE Manager Proxy 4.3 Module 4.3 (noarch) * spacecmd-4.3.25-150400.3.30.5 * python3-spacewalk-client-tools-4.3.17-150400.3.21.6 * spacewalk-proxy-redirect-4.3.17-150400.3.23.5 * spacewalk-client-setup-4.3.17-150400.3.21.6 * python3-spacewalk-check-4.3.17-150400.3.21.6 * spacewalk-proxy-broker-4.3.17-150400.3.23.5 * spacewalk-proxy-common-4.3.17-150400.3.23.5 * spacewalk-backend-4.3.25-150400.3.33.7 * spacewalk-proxy-salt-4.3.17-150400.3.23.5 * spacewalk-check-4.3.17-150400.3.21.6 * spacewalk-proxy-management-4.3.17-150400.3.23.5 * spacewalk-proxy-package-manager-4.3.17-150400.3.23.5 * python3-spacewalk-client-setup-4.3.17-150400.3.21.6 * spacewalk-client-tools-4.3.17-150400.3.21.6 * spacewalk-base-minimal-4.3.36-150400.3.36.7 * susemanager-tftpsync-recv-4.3.9-150400.3.9.5 * spacewalk-base-minimal-config-4.3.36-150400.3.36.7 * SUSE Manager Server 4.3 Module 4.3 (ppc64le s390x x86_64) * apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4 * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4 * inter-server-sync-0.3.1-150400.3.24.5 * susemanager-tools-4.3.33-150400.3.42.4 * susemanager-4.3.33-150400.3.42.4 * apache2-mod_wsgi-4.7.1-150400.3.9.4 * inter-server-sync-debuginfo-0.3.1-150400.3.24.5 * SUSE Manager Server 4.3 Module 4.3 (noarch) * spacewalk-backend-config-files-tool-4.3.25-150400.3.33.7 * spacewalk-search-4.3.10-150400.3.15.4 * python3-spacewalk-client-tools-4.3.17-150400.3.21.6 * susemanager-sync-data-4.3.14-150400.3.17.5 * spacewalk-backend-config-files-common-4.3.25-150400.3.33.7 * susemanager-docs_en-pdf-4.3-150400.9.50.5 * spacewalk-backend-sql-postgresql-4.3.25-150400.3.33.7 * spacewalk-base-4.3.36-150400.3.36.7 * susemanager-schema-4.3.22-150400.3.30.5 * spacewalk-backend-iss-4.3.25-150400.3.33.7 * spacewalk-taskomatic-4.3.69-150400.3.69.5 * susemanager-docs_en-4.3-150400.9.50.5 * susemanager-sls-4.3.37-150400.3.37.5 * spacewalk-client-tools-4.3.17-150400.3.21.6 * spacecmd-4.3.25-150400.3.30.5 * spacewalk-html-4.3.36-150400.3.36.7 * spacewalk-backend-xmlrpc-4.3.25-150400.3.33.7 * susemanager-schema-utility-4.3.22-150400.3.30.5 * spacewalk-backend-iss-export-4.3.25-150400.3.33.7 * spacewalk-base-minimal-config-4.3.36-150400.3.36.7 * spacewalk-backend-xml-export-libs-4.3.25-150400.3.33.7 * spacewalk-java-config-4.3.69-150400.3.69.5 * spacewalk-backend-config-files-4.3.25-150400.3.33.7 * spacewalk-backend-sql-4.3.25-150400.3.33.7 * uyuni-reportdb-schema-4.3.8-150400.3.9.6 * spacewalk-java-4.3.69-150400.3.69.5 * spacewalk-backend-server-4.3.25-150400.3.33.7 * subscription-matcher-0.33-150400.3.16.3 * spacewalk-java-lib-4.3.69-150400.3.69.5 * spacewalk-base-minimal-4.3.36-150400.3.36.7 * spacewalk-java-postgresql-4.3.69-150400.3.69.5 * billing-data-service-4.3.2-150400.10.12.5 * spacewalk-backend-tools-4.3.25-150400.3.33.7 * spacewalk-backend-applet-4.3.25-150400.3.33.7 * spacewalk-backend-4.3.25-150400.3.33.7 * uyuni-config-modules-4.3.37-150400.3.37.5 * spacewalk-backend-package-push-server-4.3.25-150400.3.33.7 * spacewalk-backend-app-4.3.25-150400.3.33.7 ## References: * https://www.suse.com/security/cve/CVE-2023-22644.html * https://bugzilla.suse.com/show_bug.cgi?id=1191143 * https://bugzilla.suse.com/show_bug.cgi?id=1204235 * https://bugzilla.suse.com/show_bug.cgi?id=1207012 * https://bugzilla.suse.com/show_bug.cgi?id=1207532 * https://bugzilla.suse.com/show_bug.cgi?id=1210928 * https://bugzilla.suse.com/show_bug.cgi?id=1210930 * https://bugzilla.suse.com/show_bug.cgi?id=1211355 * https://bugzilla.suse.com/show_bug.cgi?id=1211560 * https://bugzilla.suse.com/show_bug.cgi?id=1211649 * https://bugzilla.suse.com/show_bug.cgi?id=1212695 * https://bugzilla.suse.com/show_bug.cgi?id=1212904 * https://bugzilla.suse.com/show_bug.cgi?id=1213469 * https://bugzilla.suse.com/show_bug.cgi?id=1214186 * https://bugzilla.suse.com/show_bug.cgi?id=1214471 * https://bugzilla.suse.com/show_bug.cgi?id=1214601 * https://bugzilla.suse.com/show_bug.cgi?id=1214759 * https://bugzilla.suse.com/show_bug.cgi?id=1215209 * https://bugzilla.suse.com/show_bug.cgi?id=1215514 * https://bugzilla.suse.com/show_bug.cgi?id=1215949 * https://bugzilla.suse.com/show_bug.cgi?id=1216030 * https://bugzilla.suse.com/show_bug.cgi?id=1216041 * https://bugzilla.suse.com/show_bug.cgi?id=1216085 * https://bugzilla.suse.com/show_bug.cgi?id=1216128 * https://bugzilla.suse.com/show_bug.cgi?id=1216380 * https://bugzilla.suse.com/show_bug.cgi?id=1216506 * https://bugzilla.suse.com/show_bug.cgi?id=1216555 * https://bugzilla.suse.com/show_bug.cgi?id=1216690 * https://bugzilla.suse.com/show_bug.cgi?id=1216754 * https://bugzilla.suse.com/show_bug.cgi?id=1217038 * https://bugzilla.suse.com/show_bug.cgi?id=1217223 * https://bugzilla.suse.com/show_bug.cgi?id=1217224 * https://jira.suse.com/browse/MSQA-708 * https://jira.suse.com/browse/SUMA-282 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:12 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:12 -0000 Subject: SUSE-SU-2023:4732-1: important: Security update for the Linux Kernel Message-ID: <170255707205.23207.13521442143550716127@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4732-1 Rating: important References: * bsc#1207948 * bsc#1210447 * bsc#1212649 * bsc#1214286 * bsc#1214700 * bsc#1214840 * bsc#1214976 * bsc#1215095 * bsc#1215123 * bsc#1215124 * bsc#1215292 * bsc#1215420 * bsc#1215458 * bsc#1215710 * bsc#1215802 * bsc#1215931 * bsc#1216058 * bsc#1216105 * bsc#1216259 * bsc#1216527 * bsc#1216584 * bsc#1216621 * bsc#1216687 * bsc#1216693 * bsc#1216759 * bsc#1216761 * bsc#1216788 * bsc#1216844 * bsc#1216861 * bsc#1216909 * bsc#1216959 * bsc#1216965 * bsc#1216976 * bsc#1217036 * bsc#1217068 * bsc#1217086 * bsc#1217095 * bsc#1217124 * bsc#1217140 * bsc#1217147 * bsc#1217195 * bsc#1217196 * bsc#1217200 * bsc#1217205 * bsc#1217332 * bsc#1217366 * bsc#1217511 * bsc#1217515 * bsc#1217598 * bsc#1217599 * bsc#1217609 * bsc#1217687 * bsc#1217731 * bsc#1217780 * jsc#PED-3184 * jsc#PED-5021 * jsc#PED-7237 Cross-References: * CVE-2023-2006 * CVE-2023-25775 * CVE-2023-3777 * CVE-2023-39197 * CVE-2023-39198 * CVE-2023-4244 * CVE-2023-45863 * CVE-2023-45871 * CVE-2023-46813 * CVE-2023-46862 * CVE-2023-5158 * CVE-2023-5633 * CVE-2023-5717 * CVE-2023-6039 * CVE-2023-6176 CVSS scores: * CVE-2023-2006 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2006 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25775 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-25775 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4244 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4244 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-46813 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-46813 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-46862 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46862 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5158 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-5158 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-5633 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5633 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6039 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6039 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Real Time Module 15-SP5 An update that solves 15 vulnerabilities, contains three features and has 39 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447). * CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959). * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) * CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). * CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). * CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). * CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). * CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). * CVE-2023-46813: Fixed SEV-ES local priv escalation (bsc#1212649). * CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693). * CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710). * CVE-2023-5633: Fixed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface (bsc#1216527). * CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). * CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068). * CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). The following non-security bugs were fixed: * acpi: fpdt: properly handle invalid fpdt subtables (git-fixes). * acpi: resource: do irq override on tongfang gmxxgxx (git-fixes). * acpi: resource: skip irq override on asus expertbook b1402cva (git-fixes). * acpi: sysfs: fix create_pnp_modalias() and create_of_modalias() (git-fixes). * alsa: hda/realtek - add dell alc295 to pin fall back table (git-fixes). * alsa: hda/realtek - alc287 realtek i2s speaker platform support (git-fixes). * alsa: hda/realtek - enable internal speaker of asus k6500zc (git-fixes). * alsa: hda/realtek: add quirk for asus ux7602zm (git-fixes). * alsa: hda/realtek: add quirks for asus 2024 zenbooks (git-fixes). * alsa: hda/realtek: add quirks for hp laptops (git-fixes). * alsa: hda/realtek: add support dual speaker for dell (git-fixes). * alsa: hda/realtek: enable mute led on hp 255 g10 (git-fixes). * alsa: hda/realtek: enable mute led on hp 255 g8 (git-fixes). * alsa: hda: asus um5302la: added quirks for cs35l41/10431a83 on i2c bus (git- fixes). * alsa: hda: cs35l41: fix unbalanced pm_runtime_get() (git-fixes). * alsa: hda: cs35l41: undo runtime pm changes at driver exit time (git-fixes). * alsa: hda: disable power-save on kontron singlepc (bsc#1217140). * alsa: hda: fix possible null-ptr-deref when assigning a stream (git-fixes). * alsa: hda: intel-dsp-config: fix jsl chromebook quirk detection (git-fixes). * alsa: info: fix potential deadlock at disconnection (git-fixes). * alsa: usb-audio: add quirk flag to enable native dsd for mcintosh devices (git-fixes). * arm/xen: fix xen_vcpu_info allocation alignment (git-fixes). * arm64: add cortex-a520 cpu part definition (git-fixes) * arm64: allow kprobes on el0 handlers (git-fixes) * arm64: armv8_deprecated move emulation functions (git-fixes) * arm64: armv8_deprecated: fix unused-function error (git-fixes) * arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes) * arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes) * arm64: armv8_deprecated: rework deprected instruction handling (git-fixes) * arm64: consistently pass esr_elx to die() (git-fixes) * arm64: die(): pass 'err' as long (git-fixes) * arm64: factor insn read out of call_undef_hook() (git-fixes) * arm64: factor out el1 ssbs emulation hook (git-fixes) * arm64: report el1 undefs better (git-fixes) * arm64: rework bti exception handling (git-fixes) * arm64: rework el0 mrs emulation (git-fixes) * arm64: rework fpac exception handling (git-fixes) * arm64: split el0/el1 undef handlers (git-fixes) * arm: 9321/1: memset: cast the constant byte to unsigned char (git-fixes). * asoc: ams-delta.c: use component after check (git-fixes). * asoc: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes). * asoc: cs35l41: undo runtime pm changes at driver exit time (git-fixes). * asoc: cs35l41: verify pm runtime resume errors in irq handler (git-fixes). * asoc: fsl: fix pm disable depth imbalance in fsl_easrc_probe (git-fixes). * asoc: fsl: mpc5200_dma.c: fix warning of function parameter or member not described (git-fixes). * asoc: hdmi-codec: register hpd callback on component probe (git-fixes). * asoc: intel: skylake: fix mem leak when parsing uuids fails (git-fixes). * asoc: rt5650: fix the wrong result of key button (git-fixes). * asoc: simple-card: fixup asoc_simple_probe() error handling (git-fixes). * asoc: sof: core: ensure sof_ops_free() is still called when probe never ran (git-fixes). * asoc: ti: omap-mcbsp: fix runtime pm underflow warnings (git-fixes). * ata: pata_isapnp: add missing error check for devm_ioport_map() (git-fixes). * atl1c: work around the dma rx overflow issue (git-fixes). * atm: iphase: do pci error checks on own line (git-fixes). * blk-mq: do not clear driver tags own mapping (bsc#1217366). * blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366). * bluetooth: add device 0bda:887b to device tables (git-fixes). * bluetooth: add device 13d3:3571 to device tables (git-fixes). * bluetooth: btusb: add 0bda:b85b for fn-link rtl8852be (git-fixes). * bluetooth: btusb: add date->evt_skb is null check (git-fixes). * bluetooth: btusb: add realtek rtl8852be support id 0x0cb8:0xc559 (git- fixes). * bluetooth: btusb: add rtw8852be device 13d3:3570 to device tables (git- fixes). * btrfs: always log symlinks in full mode (bsc#1214840). * can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes). * can: dev: can_restart(): do not crash kernel if carrier is ok (git-fixes). * can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes). * can: isotp: add local echo tx processing for consecutive frames (git-fixes). * can: isotp: fix race between isotp_sendsmg() and isotp_release() (git- fixes). * can: isotp: fix tx state handling for echo tx processing (git-fixes). * can: isotp: handle wait_event_interruptible() return values (git-fixes). * can: isotp: isotp_bind(): return -einval on incorrect can id formatting (git-fixes). * can: isotp: isotp_sendmsg(): fix tx state detection and wait behavior (git- fixes). * can: isotp: remove re-binding of bound socket (git-fixes). * can: isotp: sanitize can id checks in isotp_bind() (git-fixes). * can: isotp: set max pdu size to 64 kbyte (git-fixes). * can: isotp: split tx timer into transmission and timeout (git-fixes). * can: sja1000: fix comment (git-fixes). * clk: imx: imx8mq: correct error handling path (git-fixes). * clk: imx: imx8qxp: fix elcdif_pll clock (git-fixes). * clk: imx: select mxc_clk for clk_imx8qxp (git-fixes). * clk: keystone: pll: fix a couple null vs is_err() checks (git-fixes). * clk: mediatek: clk-mt2701: add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt6765: add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt6779: add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt6797: add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt7629-eth: add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt7629: add check for mtk_alloc_clk_data (git-fixes). * clk: npcm7xx: fix incorrect kfree (git-fixes). * clk: qcom: clk-rcg2: fix clock rate overflow for high parent frequencies (git-fixes). * clk: qcom: config ipq_apss_6018 should depend on qcom_smem (git-fixes). * clk: qcom: gcc-sm8150: fix gcc_sdcc2_apps_clk_src (git-fixes). * clk: qcom: ipq6018: drop the clk_set_rate_parent flag from pll clocks (git- fixes). * clk: qcom: mmcc-msm8998: do not check halt bit on some branch clks (git- fixes). * clk: qcom: mmcc-msm8998: fix the smmu gdsc (git-fixes). * clk: sanitize possible_parent_show to handle return value of of_clk_get_parent_name (git-fixes). * clk: scmi: free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes). * clk: ti: add ti_dt_clk_name() helper to use clock-output-names (git-fixes). * clk: ti: change ti_clk_register_omap_hw api (git-fixes). * clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes). * clk: ti: update component clocks to use ti_dt_clk_name() (git-fixes). * clk: ti: update pll and clockdomain clocks to use ti_dt_clk_name() (git- fixes). * clocksource/drivers/timer-atmel-tcb: fix initialization on sam9 hardware (git-fixes). * clocksource/drivers/timer-imx-gpt: fix potential memory leak (git-fixes). * crypto: caam/jr - fix chacha20 + poly1305 self test failure (git-fixes). * crypto: caam/qi2 - fix chacha20 + poly1305 self test failure (git-fixes). * crypto: hisilicon/hpre - fix a erroneous check after snprintf() (git-fixes). * disable loongson drivers loongson is a mips architecture, it does not make sense to build loongson drivers on other architectures. * dmaengine: pxa_dma: remove an erroneous bug_on() in pxad_free_desc() (git- fixes). * dmaengine: ste_dma40: fix pm disable depth imbalance in d40_probe (git- fixes). * dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes). * dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes). * docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458). * docs: net: reformat driver.rst from a list to sections (bsc#1215458). * docs: net: use c syntax highlight in driver.rst (bsc#1215458). * documentation: networking: correct possessive "its" (bsc#1215458). * drivers: hv: vmbus: remove unused extern declaration vmbus_ontimer() (git- fixes). * drm/amd/display: avoid null dereference of timing generator (git-fixes). * drm/amd/display: change the dmcub mailbox memory location from fb to inbox (git-fixes). * drm/amd/display: refactor dm_get_plane_scale helper (git-fixes). * drm/amd/display: remove useless check in should_enable_fbc() (git-fixes). * drm/amd/display: use full update for clip size increase of large plane source (git-fixes). * drm/amd/pm: handle non-terminated overdrive commands (git-fixes). * drm/amd: disable aspm for vi w/ all intel systems (git-fixes). * drm/amd: fix ubsan array-index-out-of-bounds for polaris and tonga (git- fixes). * drm/amd: fix ubsan array-index-out-of-bounds for smu7 (git-fixes). * drm/amd: move helper for dynamic speed switch check out of smu13 (git- fixes). * drm/amd: update `update_pcie_parameters` functions to use uint8_t arguments (git-fixes). * drm/amdgpu/vkms: fix a possible null pointer dereference (git-fixes). * drm/amdgpu: add drv_vram_usage_va for virt data exchange (bsc#1215802). * drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git- fixes). * drm/amdgpu: do not use atrm for external devices (git-fixes). * drm/amdgpu: fix a null pointer access when the smc_rreg pointer is null (git-fixes). * drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes). * drm/amdgpu: fix potential null pointer derefernce (git-fixes). * drm/amdgpu: fix software pci_unplug on some chips (git-fixes). * drm/amdgpu: not to save bo in the case of ras err_event_athub (git-fixes). * drm/amdgpu: remove unnecessary domain argument (git-fixes). * drm/amdgpu: reserve fences for vm update (git-fixes). * drm/amdgpu: skip vram reserve on firmware_v2_2 for bare-metal (bsc#1215802). * drm/amdkfd: fix a race condition of vram buffer unref in svm code (git- fixes). * drm/amdkfd: fix shift out-of-bounds issue (git-fixes). * drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes). * drm/bridge: fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes). * drm/bridge: lt8912b: add missing drm_bridge_attach call (git-fixes). * drm/bridge: lt8912b: fix bridge_detach (git-fixes). * drm/bridge: lt8912b: fix crash on bridge detach (git-fixes). * drm/bridge: lt8912b: manually disable hpd only if it was enabled (git- fixes). * drm/bridge: lt8912b: register and attach our dsi device at probe (git- fixes). * drm/bridge: lt8912b: switch to devm mipi-dsi helpers (git-fixes). * drm/bridge: lt9611uxc: fix the race in the error path (git-fixes). * drm/bridge: lt9611uxc: register and attach our dsi device at probe (git- fixes). * drm/bridge: lt9611uxc: switch to devm mipi-dsi helpers (git-fixes). * drm/bridge: tc358768: clean up clock period code (git-fixes). * drm/bridge: tc358768: disable non-continuous clock mode (git-fixes). * drm/bridge: tc358768: fix bit updates (git-fixes). * drm/bridge: tc358768: fix tc358768_ns_to_cnt() (git-fixes). * drm/bridge: tc358768: fix use of uninitialized variable (git-fixes). * drm/bridge: tc358768: print logical values, not raw register values (git- fixes). * drm/bridge: tc358768: remove unused variable (git-fixes). * drm/bridge: tc358768: rename dsibclk to hsbyteclk (git-fixes). * drm/bridge: tc358768: use dev for dbg prints, not priv->dev (git-fixes). * drm/bridge: tc358768: use struct videomode (git-fixes). * drm/dp_mst: fix null deref in get_mst_branch_device_by_guid_helper() (git- fixes). * drm/gma500: fix call trace when psb_gem_mm_init() fails (git-fixes). * drm/gud: use size_add() in call to struct_size() (git-fixes). * drm/i915/pmu: check if pmu is closed before stopping event (git-fixes). * drm/i915: fix potential spectre vulnerability (git-fixes). * drm/i915: flush wc ggtt only on required platforms (git-fixes). * drm/komeda: drop all currently held locks if deadlock happens (git-fixes). * drm/mediatek: fix iommu fault by swapping fbs after updating plane state (git-fixes). * drm/mediatek: fix iommu fault during crtc enabling (git-fixes). * drm/mipi-dsi: create devm device attachment (git-fixes). * drm/mipi-dsi: create devm device registration (git-fixes). * drm/msm/dp: skip validity check for dp cts edid checksum (git-fixes). * drm/msm/dsi: free tx buffer in unbind (git-fixes). * drm/msm/dsi: use msm_gem_kernel_put to free tx buffer (git-fixes). * drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git- fixes). * drm/panel: fix a possible null pointer dereference (git-fixes). * drm/panel: simple: fix innolux g101ice-l01 bus flags (git-fixes). * drm/panel: simple: fix innolux g101ice-l01 timings (git-fixes). * drm/panel: st7703: pick different reset sequence (git-fixes). * drm/qxl: prevent memory leak (git-fixes). * drm/radeon: fix a possible null pointer dereference (git-fixes). * drm/radeon: possible buffer overflow (git-fixes). * drm/rockchip: cdn-dp: fix some error handling paths in cdn_dp_probe() (git- fixes). * drm/rockchip: fix type promotion bug in rockchip_gem_iommu_map() (git- fixes). * drm/rockchip: vop: fix call to crtc reset helper (git-fixes). * drm/rockchip: vop: fix color for rgb888/bgr888 format on vop full (git- fixes). * drm/rockchip: vop: fix reset of state in duplicate state crtc funcs (git- fixes). * drm/syncobj: fix drm_syncobj_wait_flags_wait_available (git-fixes). * drm/ttm: reorder sys manager cleanup step (git-fixes). * drm/vc4: fix typo (git-fixes). * drm/vmwgfx: remove the duplicate bo_free function (bsc#1216527) * drm/vmwgfx: rename vmw_buffer_object to vmw_bo (bsc#1216527) * drm: bridge: it66121: fix invalid connector dereference (git-fixes). * drm: mediatek: mtk_dsi: fix no_eot_packet settings/handling (git-fixes). * drm: vmwgfx_surface.c: copy user-array safely (git-fixes). * dt-bindings: usb: hcd: add missing phy name to example (git-fixes). * dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes). * ensure ia32_emulation is always enabled for kernel-obs-build if ia32_emulation is disabled by default, ensure it is enabled back for obs kernel to allow building 32bit binaries (jsc#ped-3184) [ms: always pass the parameter, no need to grep through the config which may not be very reliable] * fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (git-fixes). * fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes). * fbdev: imsttfb: fix a resource leak in probe (git-fixes). * fbdev: imsttfb: fix double free in probe() (git-fixes). * fbdev: imsttfb: fix error path of imsttfb_probe() (git-fixes). * fbdev: imsttfb: release framebuffer and dealloc cmap on error path (git- fixes). * fbdev: omapfb: drop unused remove function (git-fixes). * fbdev: uvesafb: call cn_del_callback() at the end of uvesafb_exit() (git- fixes). * firewire: core: fix possible memory leak in create_units() (git-fixes). * firmware/imx-dsp: fix use_after_free in imx_dsp_setup_channels() (git- fixes). * fix termination state for idr_for_each_entry_ul() (git-fixes). * fix x86/mm: print the encryption features in hyperv is disabled * gpio: mockup: fix kerneldoc (git-fixes). * gpio: mockup: remove unused field (git-fixes). * gpu: host1x: correct allocated size for contexts (git-fixes). * hid: add quirk for dell pro wireless keyboard and mouse km5221w (git-fixes). * hid: cp2112: fix duplicate workqueue initialization (git-fixes). * hid: hyperv: avoid struct memcpy overrun warning (git-fixes). * hid: hyperv: remove unused struct synthhid_msg (git-fixes). * hid: hyperv: replace one-element array with flexible-array member (git- fixes). * hid: lenovo: detect quirk-free fw on cptkbd and stop applying workaround (git-fixes). * hid: logitech-hidpp: do not restart io, instead defer hid_connect() only (git-fixes). * hid: logitech-hidpp: move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes). * hid: logitech-hidpp: remove hidpp_quirk_no_hidinput quirk (git-fixes). * hid: logitech-hidpp: revert "do not restart communication if not necessary" (git-fixes). * hv: simplify sysctl registration (git-fixes). * hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes). * hv_netvsc: fix race of netvsc and vf register_netdevice (git-fixes). * hv_netvsc: fix race of register_netdevice_notifier and vf register (git- fixes). * hv_netvsc: mark vf as slave before exposing it to user-mode (git-fixes). * hwmon: (coretemp) fix potentially truncated sysfs attribute name (git- fixes). * i2c: aspeed: fix i2c bus hang in slave read (git-fixes). * i2c: core: run atomic i2c xfer when !preemptible (git-fixes). * i2c: designware: disable tx_empty irq while waiting for block length byte (git-fixes). * i2c: dev: copy userspace array safely (git-fixes). * i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git- fixes). * i2c: iproc: handle invalid slave state (git-fixes). * i2c: muxes: i2c-demux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes). * i2c: muxes: i2c-mux-gpmux: use of_get_i2c_adapter_by_node() (git-fixes). * i2c: muxes: i2c-mux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes). * i2c: stm32f7: fix pec handling in case of smbus transfers (git-fixes). * i2c: sun6i-p2wi: prevent potential division by zero (git-fixes). * i3c: fix potential refcount leak in i3c_master_register_new_i3c_devs (git- fixes). * i3c: master: cdns: fix reading status register (git-fixes). * i3c: master: mipi-i3c-hci: fix a kernel panic for accessing dat_data (git- fixes). * i3c: master: svc: fix check wrong status register in irq handler (git- fixes). * i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes). * i3c: master: svc: fix race condition in ibi work thread (git-fixes). * i3c: master: svc: fix sda keep low when polling ibiwon timeout happen (git- fixes). * i3c: master: svc: fix wrong data return when ibi happen during start frame (git-fixes). * i3c: mipi-i3c-hci: fix out of bounds access in hci_dma_irq_handler (git- fixes). * i915/perf: fix null deref bugs with drm_dbg() calls (git-fixes). * idpf: add controlq init and reset checks (bsc#1215458). * idpf: add core init and interrupt request (bsc#1215458). * idpf: add create vport and netdev configuration (bsc#1215458). * idpf: add ethtool callbacks (bsc#1215458). * idpf: add module register and probe functionality (bsc#1215458). * idpf: add ptypes and mac filter support (bsc#1215458). * idpf: add rx splitq napi poll support (bsc#1215458). * idpf: add singleq start_xmit and napi poll (bsc#1215458). * idpf: add splitq start_xmit (bsc#1215458). * idpf: add sriov support and other ndo_ops (bsc#1215458). * idpf: add tx splitq napi poll support (bsc#1215458). * idpf: cancel mailbox work in error path (bsc#1215458). * idpf: configure resources for rx queues (bsc#1215458). * idpf: configure resources for tx queues (bsc#1215458). * idpf: fix potential use-after-free in idpf_tso() (bsc#1215458). * idpf: initialize interrupts and enable vport (bsc#1215458). * idpf: set scheduling mode for completion queue (bsc#1215458). * iio: adc: xilinx-xadc: correct temperature offset/scale for ultrascale (git- fixes). * iio: adc: xilinx-xadc: do not clobber preset voltage/temperature thresholds (git-fixes). * iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes). * input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes). * input: synaptics-rmi4 - handle reset delay when using smbus trsnsport (git- fixes). * input: xpad - add vid for turtle beach controllers (git-fixes). * irqchip/stm32-exti: add missing dt irq flag translation (git-fixes). * kabi/severities: ignore kabi in rxrpc (bsc#1210447) the rxrpc module is built since sle15-sp3 but it is not shipped as part of any sle product, only in leap (in kernel-*-optional). * kernel-binary: suse-module-tools is also required when installed requires(pre) adds dependency for the specific sciptlet. however, suse- module-tools also ships modprobe.d files which may be needed at posttrans time or any time the kernel is on the system for generating ramdisk. add plain requires as well. * kernel-source: move provides after sources * kernel/fork: beware of __put_task_struct() calling context (bsc#1216761). * leds: pwm: do not disable the pwm when the led should be off (git-fixes). * leds: trigger: ledtrig-cpu:: fix 'output may be truncated' issue for 'cpu' (git-fixes). * leds: turris-omnia: do not use smbus calls (git-fixes). * lsm: fix default return value for inode_getsecctx (git-fixes). * lsm: fix default return value for vm_enough_memory (git-fixes). * media: bttv: fix use after free error due to btv->timeout timer (git-fixes). * media: ccs: correctly initialise try compose rectangle (git-fixes). * media: ccs: fix driver quirk struct documentation (git-fixes). * media: cedrus: fix clock/reset sequence (git-fixes). * media: cobalt: use field_get() to extract link width (git-fixes). * media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes). * media: i2c: max9286: fix some redundant of_node_put() calls (git-fixes). * media: imon: fix access to invalid resource for the second interface (git- fixes). * media: lirc: drop trailing space from scancode transmit (git-fixes). * media: qcom: camss: fix missing vfe_lite clocks check (git-fixes). * media: qcom: camss: fix pm_domain_on sequence in probe (git-fixes). * media: qcom: camss: fix vfe-17x vfe_disable_output() (git-fixes). * media: qcom: camss: fix vfe_get() error jump (git-fixes). * media: sharp: fix sharp encoding (git-fixes). * media: siano: drop unnecessary error check for debugfs_create_dir/file() (git-fixes). * media: venus: hfi: add checks to handle capabilities from firmware (git- fixes). * media: venus: hfi: add checks to perform sanity on queue pointers (git- fixes). * media: venus: hfi: fix the check to handle session buffer requirement (git- fixes). * media: venus: hfi_parser: add check to keep the number of codecs within range (git-fixes). * media: vidtv: mux: add check and kfree for kstrdup (git-fixes). * media: vidtv: psi: add check for kstrdup (git-fixes). * media: vivid: avoid integer overflow (git-fixes). * mfd: arizona-spi: set pdata.hpdet_channel for acpi enumerated devs (git- fixes). * mfd: core: ensure disabled devices are skipped without aborting (git-fixes). * mfd: dln2: fix double put in dln2_probe (git-fixes). * misc: fastrpc: clean buffers on remote invocation failures (git-fixes). * misc: pci_endpoint_test: add device id for r-car s4-8 pcie controller (git- fixes). * mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#ped-7237, git-fixes). * mmc: block: be sure to wait while busy in cqe error recovery (git-fixes). * mmc: block: do not lose cache flush during cqe error recovery (git-fixes). * mmc: block: retry commands in cqe error recovery (git-fixes). * mmc: cqhci: fix task clearing in cqe error recovery (git-fixes). * mmc: cqhci: increase recovery halt timeout (git-fixes). * mmc: cqhci: warn of halt or task clear failure (git-fixes). * mmc: meson-gx: remove setting of cmd_cfg_error (git-fixes). * mmc: sdhci-pci-gli: a workaround to allow gl9750 to enter aspm l1.2 (git- fixes). * mmc: sdhci-pci-gli: gl9750: mask the replay timer timeout of aer (git- fixes). * mmc: sdhci_am654: fix start loop index for tap value parsing (git-fixes). * mmc: vub300: fix an error code (git-fixes). * modpost: fix tee module_device_table built on big-endian host (git-fixes). * mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes). * mtd: cfi_cmdset_0001: byte swap otp info (git-fixes). * mtd: rawnand: arasan: include ecc syndrome along with in-band data while checking for ecc failure (git-fixes). * net-memcg: fix scope of sockmem pressure indicators (bsc#1216759). * net: add macro netif_subqueue_completed_wake (bsc#1215458). * net: avoid address overwrite in kernel_connect (bsc#1216861). * net: fix use-after-free in tw_timer_handler (bsc#1217195). * net: ieee802154: adf7242: fix some potential buffer overflow in adf7242_stats_show() (git-fixes). * net: mana: fix return type of mana_start_xmit() (git-fixes). * net: piggy back on the memory barrier in bql when waking queues (bsc#1215458). * net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458). * net: usb: ax88179_178a: fix failed operations during ax88179_reset (git- fixes). * net: usb: smsc95xx: fix uninit-value access in smsc95xx_read_reg (git- fixes). * nfs: fix access to page->mapping (bsc#1216788). * nvme: update firmware version after commit (bsc#1215292). * pci/aspm: fix l1 substate handling in aspm_attr_store_common() (git-fixes). * pci/sysfs: protect driver's d3cold preference from user space (git-fixes). * pci: disable ats for specific intel ipu e2000 devices (bsc#1215458). * pci: extract ats disabling to a helper function (bsc#1215458). * pci: exynos: do not discard .remove() callback (git-fixes). * pci: keystone: do not discard .probe() callback (git-fixes). * pci: keystone: do not discard .remove() callback (git-fixes). * pci: prevent xhci driver from claiming amd vangogh usb3 drd device (git- fixes). * pci: tegra194: use field_get()/field_prep() with link width fields (git- fixes). * pci: use field_get() in sapphire rx 5600 xt pulse quirk (git-fixes). * pci: use field_get() to extract link width (git-fixes). * pci: vmd: correct pci header type register's multi-function check (git- fixes). * pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes). * pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes). * pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes). * pinctrl: avoid reload of p state in list iteration (git-fixes). * platform/x86/intel-uncore-freq: return error on write frequency (bsc#1217147). * platform/x86/intel-uncore-freq: split common and enumeration part (bsc#1217147). * platform/x86/intel-uncore-freq: support for cluster level controls (bsc#1217147). * platform/x86/intel-uncore-freq: tpmi: provide cluster level control (bsc#1217147). * platform/x86/intel-uncore-freq: uncore frequency control via tpmi (bsc#1217147). * platform/x86/intel/tpmi: add tpmi external interface for tpmi feature drivers (bsc#1217147). * platform/x86/intel/tpmi: fix double free reported by smatch (bsc#1217147). * platform/x86/intel/tpmi: process cpu package mapping (bsc#1217147). * platform/x86/intel/uncore-freq: display uncore current frequency (bsc#1217147). * platform/x86/intel/uncore-freq: move to uncore-frequency folder (bsc#1217147). * platform/x86/intel/uncore-freq: use sysfs api to create attributes (bsc#1217147). * platform/x86/intel/vsec: add tpmi id (bsc#1217147). * platform/x86/intel/vsec: enhance and export intel_vsec_add_aux() (bsc#1217147). * platform/x86/intel/vsec: support private data (bsc#1217147). * platform/x86/intel/vsec: use mutex for ida_alloc() and ida_free() (bsc#1217147). * platform/x86/intel: intel tpmi enumeration driver (bsc#1217147). * platform/x86/intel: tpmi: fix double free in tpmi_create_device() (bsc#1217147). * platform/x86: intel-uncore-freq: add client processors (bsc#1217147). * platform/x86: intel-uncore-freq: conditionally create attribute for read frequency (bsc#1217147). * platform/x86: intel-uncore-freq: fix uncore_freq_common_init() error codes (bsc#1217147). * platform/x86: intel-uncore-freq: prevent driver loading in guests (bsc#1217147). * platform/x86: intel-uncore-freq: use sysfs_emit() to instead of scnprintf() (bsc#1217147). * platform/x86: intel-uncore-frequency: move to intel sub-directory (bsc#1217147). * platform/x86: intel-uncore-frequency: use default_groups in kobj_type (bsc#1217147). * platform/x86: thinkpad_acpi: add battery quirk for thinkpad x120e (git- fixes). * platform/x86: wmi: fix opening of char device (git-fixes). * platform/x86: wmi: fix probe failure when failing to register wmi devices (git-fixes). * platform/x86: wmi: remove unnecessary initializations (git-fixes). * pm / devfreq: rockchip-dfi: make pmu regmap mandatory (git-fixes). * pm: hibernate: use __get_safe_page() rather than touching the list (git- fixes). * powerpc/perf/hv-24x7: update domain value check (bsc#1215931). * powerpc/vas: limit open window failure messages in log bufffer (bsc#1216687 ltc#203927). * powerpc: do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). * pwm: brcmstb: utilize appropriate clock apis in suspend/resume (git-fixes). * pwm: fix double shift bug (git-fixes). * pwm: sti: reduce number of allocations and drop usage of chip_data (git- fixes). * quota: fix slow quotaoff (bsc#1216621). * r8152: cancel hw_phy_work if we have an error in probe (git-fixes). * r8152: check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes). * r8152: check for unplug in rtl_phy_patch_request() (git-fixes). * r8152: increase usb control msg timeout to 5000ms as per spec (git-fixes). * r8152: release firmware if we have an error in probe (git-fixes). * r8152: run the unload routine if we have errors during probe (git-fixes). * regmap: debugfs: fix a erroneous check after snprintf() (git-fixes). * regmap: ensure range selector registers are updated after cache sync (git- fixes). * regmap: prevent noinc writes from clobbering cache (git-fixes). * revert "i2c: pxa: move to generic gpio recovery" (git-fixes). * revert "mmc: core: capture correct oemid-bits for emmc cards" (git-fixes). * revert "tracing: fix warning in trace_buffered_event_disable()" (bsc#1217036) * revert amdgpu patches that caused a regression (bsc#1215802) * rpm/check-for-config-changes: add as_wruss to ignored_configs_re add as_wruss as an ignored_configs_re entry in check-for-config-changes to fix build on x86_32. there was a fix submitted to upstream but it was not accepted: https://lore.kernel.org/all/20231031140504.gczuejkmpxsredh3ma at fat_crate.local/ so carry this in ignored_configs_re instead. * rpm/check-for-config-changes: add have_shadow_call_stack to ignored_configs_re not supported by our compiler. * rpm/mkspec-dtb: add riscv64 dtb-allwinner subpackage * run scripts/renamepatches for sle15-sp4 * s390/ap: fix ap bus crash on early config change callback invocation (git- fixes bsc#1217687). * s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609). * s390/cmma: fix detection of dat pages (ltc#203997 bsc#1217086). * s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (ltc#203997 bsc#1217086). * s390/cmma: fix initial kernel address space page table walk (ltc#203997 bsc#1217086). * s390/crashdump: fix tod programmable field size (git-fixes bsc#1217205). * s390/dasd: fix hanging device after request requeue (git-fixes ltc#203629 bsc#1215124). * s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515). * s390/dasd: use correct number of retries for erp requests (git-fixes bsc#1217598). * s390/ipl: add missing ipl_type_eckd_dump case to ipl_init() (git-fixes bsc#1217511). * s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes). * s390/mm: add missing arch_set_page_dat() call to gmap allocations (ltc#203997 bsc#1217086). * s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (ltc#203997 bsc#1217086). * s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200). * s390/ptrace: fix ptrace_get_last_break error handling (git-fixes bsc#1217599). * sbitmap: fix batched wait_cnt accounting (bsc#1217095 bsc#1217196). * sbitmap: fix up kabi for sbitmap_queue_wake_up() (bsc#1217095 bsc#1217196). * sbsa_gwdt: calculate timeout with 64-bit math (git-fixes). * scsi: lpfc: copyright updates for 14.2.0.16 patches (bsc#1217731). * scsi: lpfc: correct maximum pci function value for ras fw logging (bsc#1217731). * scsi: lpfc: eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731). * scsi: lpfc: enhance driver logging for selected discovery events (bsc#1217731). * scsi: lpfc: fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731). * scsi: lpfc: fix possible file string name overflow when updating firmware (bsc#1217731). * scsi: lpfc: introduce log_node_verbose messaging flag (bsc#1217124). * scsi: lpfc: refactor and clean up mailbox command memory free (bsc#1217731). * scsi: lpfc: reject received prlis with only initiator fcn role for npiv ports (bsc#1217124). * scsi: lpfc: remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124). * scsi: lpfc: return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731). * scsi: lpfc: treat ioerr_sli_down i/o completion status the same as pci offline (bsc#1217124). * scsi: lpfc: update lpfc version to 14.2.0.15 (bsc#1217124). * scsi: lpfc: update lpfc version to 14.2.0.16 (bsc#1217731). * scsi: lpfc: validate els ls_acc completion payload (bsc#1217124). * scsi: qla2xxx: fix double free of dsd_list during driver load (git-fixes). * scsi: qla2xxx: use field_get() to extract pcie capability fields (git- fixes). * selftests/efivarfs: create-read: fix a resource leak (git-fixes). * selftests/pidfd: fix ksft print formats (git-fixes). * selftests/resctrl: ensure the benchmark commands fits to its array (git- fixes). * selftests/resctrl: reduce failures due to outliers in mba/mbm tests (git- fixes). * selftests/resctrl: remove duplicate feature check from cmt test (git-fixes). * seq_buf: fix a misleading comment (git-fixes). * serial: exar: revert "serial: exar: add support for sealevel 7xxxc serial cards" (git-fixes). * serial: meson: use platform_get_irq() to get the interrupt (git-fixes). * soc: qcom: llcc: handle a second device without data corruption (git-fixes). * spi: nxp-fspi: use the correct ioremap function (git-fixes). * spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes). * spi: tegra: fix missing irq check in tegra_slink_probe() (git-fixes). * staging: media: ipu3: remove ftrace-like logging (git-fixes). * string.h: add array-wrappers for (v)memdup_user() (git-fixes). * supported.conf: marked idpf supported * thermal: core: prevent potential string overflow (git-fixes). * treewide: spelling fix in comment (git-fixes). * tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes). * tty: 8250: add brainboxes oxford semiconductor-based quirks (git-fixes). * tty: 8250: add support for additional brainboxes px cards (git-fixes). * tty: 8250: add support for additional brainboxes uc cards (git-fixes). * tty: 8250: add support for brainboxes up cards (git-fixes). * tty: 8250: add support for intashield is-100 (git-fixes). * tty: 8250: add support for intashield ix cards (git-fixes). * tty: 8250: fix port count of px-257 (git-fixes). * tty: 8250: fix up px-803/px-857 (git-fixes). * tty: 8250: remove uc-257 and uc-431 (git-fixes). * tty: fix uninit-value access in ppp_sync_receive() (git-fixes). * tty: n_gsm: fix race condition in status line change on dead connections (git-fixes). * tty: serial: meson: fix hard lockup on crtscts mode (git-fixes). * tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes). * tty: vcc: add check for kstrdup() in vcc_probe() (git-fixes). * update ath11k hibernation fix patch set (bsc#1207948) * update metadata s390-ipl-add-missing-secure-has_secure-file-to-ipl-type- unknown (bsc#1214976 git-fixes). * usb: cdnsp: fix deadlock issue during using ncm gadget (git-fixes). * usb: chipidea: fix dma overwrite for tegra (git-fixes). * usb: chipidea: simplify tegra dma alignment code (git-fixes). * usb: dwc2: fix possible null pointer dereference caused by driver concurrency (git-fixes). * usb: dwc2: write hcint with intmask applied (bsc#1214286). * usb: dwc3: fix default mode initialization (git-fixes). * usb: dwc3: qcom: fix acpi platform device leak (git-fixes). * usb: dwc3: qcom: fix resource leaks on probe deferral (git-fixes). * usb: dwc3: qcom: fix software node leak on probe errors (git-fixes). * usb: dwc3: qcom: fix wakeup after probe deferral (git-fixes). * usb: dwc3: set the dma max_seg_size (git-fixes). * usb: gadget: f_ncm: always set current gadget in ncm_bind() (git-fixes). * usb: raw-gadget: properly handle interrupted requests (git-fixes). * usb: serial: option: add fibocom l7xx modules (git-fixes). * usb: serial: option: do not claim interface 4 for zte mf290 (git-fixes). * usb: serial: option: fix fm101r-gl defines (git-fixes). * usb: storage: set 1.50 as the lower bcddevice for older "super top" compatibility (git-fixes). * usb: typec: tcpm: fix null pointer dereference in tcpm_pd_svdm() (git- fixes). * usb: typec: tcpm: skip hard reset when in error recovery (git-fixes). * usb: usbip: fix stub_dev hub disconnect (git-fixes). * virtchnl: add virtchnl version 2 ops (bsc#1215458). * wifi: ath10k: do not touch the ce interrupt registers after power up (git- fixes). * wifi: ath10k: fix clang-specific fortify warning (git-fixes). * wifi: ath11k: debugfs: fix to work with multiple pci devices (git-fixes). * wifi: ath11k: fix dfs radar event locking (git-fixes). * wifi: ath11k: fix gtk offload status event locking (git-fixes). * wifi: ath11k: fix htt pktlog locking (git-fixes). * wifi: ath11k: fix temperature event locking (git-fixes). * wifi: ath9k: fix clang-specific fortify warnings (git-fixes). * wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git- fixes). * wifi: iwlwifi: empty overflow queue during flush (git-fixes). * wifi: iwlwifi: honor the enable_ini value (git-fixes). * wifi: iwlwifi: pcie: synchronize irqs before napi (git-fixes). * wifi: iwlwifi: use fw rate for non-data frames (git-fixes). * wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git- fixes). * wifi: mac80211: fix # of msdu in a-msdu calculation (git-fixes). * wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes). * wifi: rtlwifi: fix edca limit set by bt coexistence (git-fixes). * wifi: rtw88: debug: fix the null vs is_err() bug for debugfs_create_file() (git-fixes). * x86/alternative: add a __alt_reloc_selftest() prototype (git-fixes). * x86/cpu: clear svm feature if disabled by bios (bsc#1214700). * x86/cpu: fix amd erratum #1485 on zen4-based cpus (git-fixes). * x86/fpu: set x86_feature_osxsave feature after enabling osxsave in cr4 (git- fixes). * x86/hyperv: add hv_expose_invariant_tsc define (git-fixes). * x86/hyperv: fix a warning in mshyperv.h (git-fixes). * x86/hyperv: improve code for referencing hyperv_pcpu_input_arg (git-fixes). * x86/hyperv: make hv_get_nmi_reason public (git-fixes). * x86/sev: do not try to parse for the cc blob on non-amd hardware (git- fixes). * x86/sev: fix calculation of end address based on number of pages (git- fixes). * x86/sev: use the ghcb protocol when available for snp cpuid requests (git- fixes). * x86: move gds_ucode_mitigated() declaration to header (git-fixes). * xfs: add attr state machine tracepoints (git-fixes). * xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909). * xfs: constify btree function parameters that are not modified (git-fixes). * xfs: convert agf log flags to unsigned (git-fixes). * xfs: convert agi log flags to unsigned (git-fixes). * xfs: convert attr type flags to unsigned (git-fixes). * xfs: convert bmap extent type flags to unsigned (git-fixes). * xfs: convert bmapi flags to unsigned (git-fixes). * xfs: convert btree buffer log flags to unsigned (git-fixes). * xfs: convert buffer flags to unsigned (git-fixes). * xfs: convert buffer log item flags to unsigned (git-fixes). * xfs: convert da btree operations flags to unsigned (git-fixes). * xfs: convert dquot flags to unsigned (git-fixes). * xfs: convert inode lock flags to unsigned (git-fixes). * xfs: convert log item tracepoint flags to unsigned (git-fixes). * xfs: convert log ticket and iclog flags to unsigned (git-fixes). * xfs: convert quota options flags to unsigned (git-fixes). * xfs: convert scrub type flags to unsigned (git-fixes). * xfs: disambiguate units for ftrace fields tagged "blkno", "block", or "bno" (git-fixes). * xfs: disambiguate units for ftrace fields tagged "count" (git-fixes). * xfs: disambiguate units for ftrace fields tagged "len" (git-fixes). * xfs: disambiguate units for ftrace fields tagged "offset" (git-fixes). * xfs: make the key parameters to all btree key comparison functions const (git-fixes). * xfs: make the key parameters to all btree query range functions const (git- fixes). * xfs: make the keys and records passed to btree inorder functions const (git- fixes). * xfs: make the pointer passed to btree set_root functions const (git-fixes). * xfs: make the start pointer passed to btree alloc_block functions const (git-fixes). * xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes). * xfs: mark the record passed into btree init_key functions as const (git- fixes). * xfs: mark the record passed into xchk_btree functions as const (git-fixes). * xfs: remove xfs_btree_cur_t typedef (git-fixes). * xfs: rename i_disk_size fields in ftrace output (git-fixes). * xfs: resolve fork names in trace output (git-fixes). * xfs: standardize ag block number formatting in ftrace output (git-fixes). * xfs: standardize ag number formatting in ftrace output (git-fixes). * xfs: standardize daddr formatting in ftrace output (git-fixes). * xfs: standardize inode generation formatting in ftrace output (git-fixes). * xfs: standardize inode number formatting in ftrace output (git-fixes). * xfs: standardize remaining xfs_buf length tracepoints (git-fixes). * xfs: standardize rmap owner number formatting in ftrace output (git-fixes). * xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes). * xhci: enable rpm on controllers that support low-power states (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4732=1 openSUSE-SLE-15.5-2023-4732=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4732=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4732=1 * SUSE Real Time Module 15-SP5 zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2023-4732=1 ## Package List: * openSUSE Leap 15.5 (noarch) * kernel-source-rt-5.14.21-150500.13.27.2 * kernel-devel-rt-5.14.21-150500.13.27.2 * openSUSE Leap 15.5 (x86_64) * kernel-rt-optional-5.14.21-150500.13.27.2 * kernel-rt_debug-vdso-5.14.21-150500.13.27.2 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.27.2 * kernel-rt_debug-debuginfo-5.14.21-150500.13.27.2 * reiserfs-kmp-rt-5.14.21-150500.13.27.2 * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.27.2 * kernel-rt-vdso-5.14.21-150500.13.27.2 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.27.2 * gfs2-kmp-rt-5.14.21-150500.13.27.2 * kernel-rt-devel-debuginfo-5.14.21-150500.13.27.2 * cluster-md-kmp-rt-5.14.21-150500.13.27.2 * kernel-rt_debug-devel-5.14.21-150500.13.27.2 * kernel-rt-extra-5.14.21-150500.13.27.2 * dlm-kmp-rt-5.14.21-150500.13.27.2 * kernel-livepatch-5_14_21-150500_13_27-rt-1-150500.11.3.2 * kernel-rt-extra-debuginfo-5.14.21-150500.13.27.2 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.27.2 * kernel-rt-livepatch-devel-5.14.21-150500.13.27.2 * kernel-rt-optional-debuginfo-5.14.21-150500.13.27.2 * kernel-rt_debug-livepatch-devel-5.14.21-150500.13.27.2 * kernel-rt_debug-debugsource-5.14.21-150500.13.27.2 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.27.2 * reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.27.2 * kernel-rt-debuginfo-5.14.21-150500.13.27.2 * kernel-rt-devel-5.14.21-150500.13.27.2 * ocfs2-kmp-rt-5.14.21-150500.13.27.2 * kernel-rt-debugsource-5.14.21-150500.13.27.2 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.27.2 * kernel-syms-rt-5.14.21-150500.13.27.1 * kernel-livepatch-SLE15-SP5-RT_Update_8-debugsource-1-150500.11.3.2 * kernel-livepatch-5_14_21-150500_13_27-rt-debuginfo-1-150500.11.3.2 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.27.2 * kselftests-kmp-rt-debuginfo-5.14.21-150500.13.27.2 * kernel-rt-livepatch-5.14.21-150500.13.27.2 * kselftests-kmp-rt-5.14.21-150500.13.27.2 * openSUSE Leap 15.5 (nosrc x86_64) * kernel-rt_debug-5.14.21-150500.13.27.2 * kernel-rt-5.14.21-150500.13.27.2 * SUSE Linux Enterprise Micro 5.5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.27.2 * SUSE Linux Enterprise Micro 5.5 (x86_64) * kernel-rt-debuginfo-5.14.21-150500.13.27.2 * kernel-rt-debugsource-5.14.21-150500.13.27.2 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_27-rt-1-150500.11.3.2 * kernel-livepatch-5_14_21-150500_13_27-rt-debuginfo-1-150500.11.3.2 * kernel-livepatch-SLE15-SP5-RT_Update_8-debugsource-1-150500.11.3.2 * SUSE Real Time Module 15-SP5 (x86_64) * kernel-rt_debug-vdso-5.14.21-150500.13.27.2 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.27.2 * kernel-rt_debug-debuginfo-5.14.21-150500.13.27.2 * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.27.2 * kernel-rt-vdso-5.14.21-150500.13.27.2 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.27.2 * gfs2-kmp-rt-5.14.21-150500.13.27.2 * kernel-rt-devel-debuginfo-5.14.21-150500.13.27.2 * cluster-md-kmp-rt-5.14.21-150500.13.27.2 * kernel-rt_debug-devel-5.14.21-150500.13.27.2 * dlm-kmp-rt-5.14.21-150500.13.27.2 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.27.2 * kernel-rt_debug-debugsource-5.14.21-150500.13.27.2 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.27.2 * kernel-rt-debuginfo-5.14.21-150500.13.27.2 * ocfs2-kmp-rt-5.14.21-150500.13.27.2 * kernel-rt-devel-5.14.21-150500.13.27.2 * kernel-rt-debugsource-5.14.21-150500.13.27.2 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.27.2 * kernel-syms-rt-5.14.21-150500.13.27.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.27.2 * SUSE Real Time Module 15-SP5 (noarch) * kernel-source-rt-5.14.21-150500.13.27.2 * kernel-devel-rt-5.14.21-150500.13.27.2 * SUSE Real Time Module 15-SP5 (nosrc x86_64) * kernel-rt_debug-5.14.21-150500.13.27.2 * kernel-rt-5.14.21-150500.13.27.2 ## References: * https://www.suse.com/security/cve/CVE-2023-2006.html * https://www.suse.com/security/cve/CVE-2023-25775.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-39197.html * https://www.suse.com/security/cve/CVE-2023-39198.html * https://www.suse.com/security/cve/CVE-2023-4244.html * https://www.suse.com/security/cve/CVE-2023-45863.html * https://www.suse.com/security/cve/CVE-2023-45871.html * https://www.suse.com/security/cve/CVE-2023-46813.html * https://www.suse.com/security/cve/CVE-2023-46862.html * https://www.suse.com/security/cve/CVE-2023-5158.html * https://www.suse.com/security/cve/CVE-2023-5633.html * https://www.suse.com/security/cve/CVE-2023-5717.html * https://www.suse.com/security/cve/CVE-2023-6039.html * https://www.suse.com/security/cve/CVE-2023-6176.html * https://bugzilla.suse.com/show_bug.cgi?id=1207948 * https://bugzilla.suse.com/show_bug.cgi?id=1210447 * https://bugzilla.suse.com/show_bug.cgi?id=1212649 * https://bugzilla.suse.com/show_bug.cgi?id=1214286 * https://bugzilla.suse.com/show_bug.cgi?id=1214700 * https://bugzilla.suse.com/show_bug.cgi?id=1214840 * https://bugzilla.suse.com/show_bug.cgi?id=1214976 * https://bugzilla.suse.com/show_bug.cgi?id=1215095 * https://bugzilla.suse.com/show_bug.cgi?id=1215123 * https://bugzilla.suse.com/show_bug.cgi?id=1215124 * https://bugzilla.suse.com/show_bug.cgi?id=1215292 * https://bugzilla.suse.com/show_bug.cgi?id=1215420 * https://bugzilla.suse.com/show_bug.cgi?id=1215458 * https://bugzilla.suse.com/show_bug.cgi?id=1215710 * https://bugzilla.suse.com/show_bug.cgi?id=1215802 * https://bugzilla.suse.com/show_bug.cgi?id=1215931 * https://bugzilla.suse.com/show_bug.cgi?id=1216058 * https://bugzilla.suse.com/show_bug.cgi?id=1216105 * https://bugzilla.suse.com/show_bug.cgi?id=1216259 * https://bugzilla.suse.com/show_bug.cgi?id=1216527 * https://bugzilla.suse.com/show_bug.cgi?id=1216584 * https://bugzilla.suse.com/show_bug.cgi?id=1216621 * https://bugzilla.suse.com/show_bug.cgi?id=1216687 * https://bugzilla.suse.com/show_bug.cgi?id=1216693 * https://bugzilla.suse.com/show_bug.cgi?id=1216759 * https://bugzilla.suse.com/show_bug.cgi?id=1216761 * https://bugzilla.suse.com/show_bug.cgi?id=1216788 * https://bugzilla.suse.com/show_bug.cgi?id=1216844 * https://bugzilla.suse.com/show_bug.cgi?id=1216861 * https://bugzilla.suse.com/show_bug.cgi?id=1216909 * https://bugzilla.suse.com/show_bug.cgi?id=1216959 * https://bugzilla.suse.com/show_bug.cgi?id=1216965 * https://bugzilla.suse.com/show_bug.cgi?id=1216976 * https://bugzilla.suse.com/show_bug.cgi?id=1217036 * https://bugzilla.suse.com/show_bug.cgi?id=1217068 * https://bugzilla.suse.com/show_bug.cgi?id=1217086 * https://bugzilla.suse.com/show_bug.cgi?id=1217095 * https://bugzilla.suse.com/show_bug.cgi?id=1217124 * https://bugzilla.suse.com/show_bug.cgi?id=1217140 * https://bugzilla.suse.com/show_bug.cgi?id=1217147 * https://bugzilla.suse.com/show_bug.cgi?id=1217195 * https://bugzilla.suse.com/show_bug.cgi?id=1217196 * https://bugzilla.suse.com/show_bug.cgi?id=1217200 * https://bugzilla.suse.com/show_bug.cgi?id=1217205 * https://bugzilla.suse.com/show_bug.cgi?id=1217332 * https://bugzilla.suse.com/show_bug.cgi?id=1217366 * https://bugzilla.suse.com/show_bug.cgi?id=1217511 * https://bugzilla.suse.com/show_bug.cgi?id=1217515 * https://bugzilla.suse.com/show_bug.cgi?id=1217598 * https://bugzilla.suse.com/show_bug.cgi?id=1217599 * https://bugzilla.suse.com/show_bug.cgi?id=1217609 * https://bugzilla.suse.com/show_bug.cgi?id=1217687 * https://bugzilla.suse.com/show_bug.cgi?id=1217731 * https://bugzilla.suse.com/show_bug.cgi?id=1217780 * https://jira.suse.com/browse/PED-3184 * https://jira.suse.com/browse/PED-5021 * https://jira.suse.com/browse/PED-7237 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:08 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:08 -0000 Subject: SUSE-RU-2023:4738-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <170255706868.23207.17803429533432931968@smelt2.prg2.suse.org> # Recommended update for SUSE Manager Client Tools Announcement ID: SUSE-RU-2023:4738-1 Rating: moderate References: * jsc#MSQA-708 Affected Products: * SUSE Linux Enterprise Desktop 12 * SUSE Linux Enterprise Desktop 12 SP1 * SUSE Linux Enterprise Desktop 12 SP2 * SUSE Linux Enterprise Desktop 12 SP3 * SUSE Linux Enterprise Desktop 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 * SUSE Manager Client Tools for SLE 12 An update that contains one feature can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 4.3.25-1 * Update translation strings spacewalk-client-tools: * Version 4.3.17-1 * Update translation strings ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 12 zypper in -t patch SUSE-SLE-Manager-Tools-12-2023-4738=1 ## Package List: * SUSE Manager Client Tools for SLE 12 (noarch) * python2-spacewalk-client-setup-4.3.17-52.92.1 * spacewalk-check-4.3.17-52.92.1 * spacecmd-4.3.25-38.133.1 * python2-spacewalk-check-4.3.17-52.92.1 * python2-spacewalk-client-tools-4.3.17-52.92.1 * spacewalk-client-setup-4.3.17-52.92.1 * spacewalk-client-tools-4.3.17-52.92.1 ## References: * https://jira.suse.com/browse/MSQA-708 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:16 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:16 -0000 Subject: SUSE-SU-2023:4736-1: important: Security update for tiff Message-ID: <170255707654.23207.7762358036508741499@smelt2.prg2.suse.org> # Security update for tiff Announcement ID: SUSE-SU-2023:4736-1 Rating: important References: * bsc#1199483 * bsc#1210231 * bsc#1211478 * bsc#1212398 * bsc#1214680 Cross-References: * CVE-2022-1622 * CVE-2022-40090 * CVE-2023-1916 * CVE-2023-26965 * CVE-2023-2731 CVSS scores: * CVE-2022-1622 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-1622 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-40090 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-40090 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1916 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2023-1916 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2023-26965 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2023-26965 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2731 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2731 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for tiff fixes the following issues: * CVE-2023-2731: Fix null pointer deference in LZWDecode() (bsc#1211478). * CVE-2023-1916: Fix out-of-bounds read in extractImageSection() (bsc#1210231). * CVE-2023-26965: Fix heap-based use after free in loadImage() (bsc#1212398). * CVE-2022-40090: Fix infinite loop in TIFFReadDirectory() (bsc#1214680). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4736=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4736=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4736=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4736=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libtiff-devel-4.0.9-44.74.1 * tiff-debuginfo-4.0.9-44.74.1 * tiff-debugsource-4.0.9-44.74.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libtiff5-debuginfo-32bit-4.0.9-44.74.1 * libtiff5-32bit-4.0.9-44.74.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * tiff-4.0.9-44.74.1 * tiff-debugsource-4.0.9-44.74.1 * libtiff5-debuginfo-4.0.9-44.74.1 * tiff-debuginfo-4.0.9-44.74.1 * libtiff5-4.0.9-44.74.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * tiff-4.0.9-44.74.1 * tiff-debugsource-4.0.9-44.74.1 * libtiff5-debuginfo-4.0.9-44.74.1 * tiff-debuginfo-4.0.9-44.74.1 * libtiff5-4.0.9-44.74.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libtiff5-debuginfo-32bit-4.0.9-44.74.1 * libtiff5-32bit-4.0.9-44.74.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * tiff-4.0.9-44.74.1 * tiff-debugsource-4.0.9-44.74.1 * libtiff5-debuginfo-4.0.9-44.74.1 * tiff-debuginfo-4.0.9-44.74.1 * libtiff5-4.0.9-44.74.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libtiff5-debuginfo-32bit-4.0.9-44.74.1 * libtiff5-32bit-4.0.9-44.74.1 ## References: * https://www.suse.com/security/cve/CVE-2022-1622.html * https://www.suse.com/security/cve/CVE-2022-40090.html * https://www.suse.com/security/cve/CVE-2023-1916.html * https://www.suse.com/security/cve/CVE-2023-26965.html * https://www.suse.com/security/cve/CVE-2023-2731.html * https://bugzilla.suse.com/show_bug.cgi?id=1199483 * https://bugzilla.suse.com/show_bug.cgi?id=1210231 * https://bugzilla.suse.com/show_bug.cgi?id=1211478 * https://bugzilla.suse.com/show_bug.cgi?id=1212398 * https://bugzilla.suse.com/show_bug.cgi?id=1214680 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:17 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:17 -0000 Subject: SUSE-SU-2023:4735-1: important: Security update for the Linux Kernel Message-ID: <170255707766.23207.10946764247874960493@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4735-1 Rating: important References: * bsc#1084909 * bsc#1176950 * bsc#1190208 * bsc#1203496 * bsc#1205462 * bsc#1208787 * bsc#1210780 * bsc#1214037 * bsc#1214285 * bsc#1214408 * bsc#1214764 * bsc#1216031 * bsc#1216058 * bsc#1216259 * bsc#1216584 * bsc#1216759 * bsc#1216965 * bsc#1216976 * bsc#1217036 * bsc#1217087 * bsc#1217206 * bsc#1217519 * bsc#1217525 * bsc#1217603 * bsc#1217604 * bsc#1217607 * jsc#PED-3184 * jsc#PED-5021 Cross-References: * CVE-2023-0461 * CVE-2023-31083 * CVE-2023-39197 * CVE-2023-39198 * CVE-2023-45863 * CVE-2023-45871 * CVE-2023-5717 CVSS scores: * CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Real Time 12 SP5 * SUSE Linux Enterprise Server 12 SP5 An update that solves seven vulnerabilities, contains two features and has 19 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). * CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). * CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). * CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). * CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). * CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). * CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). The following non-security bugs were fixed: * cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214408). * cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214408). * cpu/SMT: Remove topology_smt_supported() (bsc#1214408). * cpu/SMT: Store the current/max number of threads (bsc#1214408). * cpu/hotplug: Create SMT sysfs interface for all arches (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * dm-raid: remove useless checking in raid_message() (git-fixes). * l2tp: fix refcount leakage on PPPoL2TP sockets (git-fixes). * l2tp: fix {pppol2tp, l2tp_dfs}_seq_stop() in case of seq_file overflow (git- fixes). * md/bitmap: always wake up md_thread in timeout_store (git-fixes). * md/bitmap: factor out a helper to set timeout (git-fixes). * md/raid10: Do not add spare disk when recovery fails (git-fixes). * md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes). * md/raid10: clean up md_add_new_disk() (git-fixes). * md/raid10: fix io loss while replacement replace rdev (git-fixes). * md/raid10: fix leak of 'r10bio->remaining' for recovery (git-fixes). * md/raid10: fix memleak for 'conf->bio_split' (git-fixes). * md/raid10: fix memleak of md thread (git-fixes). * md/raid10: fix null-ptr-deref in raid10_sync_request (git-fixes). * md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request (git- fixes). * md/raid10: fix overflow of md/safe_mode_delay (git-fixes). * md/raid10: fix wrong setting of max_corr_read_errors (git-fixes). * md/raid10: improve code of mrdev in raid10_sync_request (git-fixes). * md/raid10: prevent soft lockup while flush writes (git-fixes). * md/raid10: prioritize adding disk to 'removed' mirror (git-fixes). * md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). * md: add new workqueue for delete rdev (git-fixes). * md: avoid signed overflow in slot_store() (git-fixes). * md: do not return existing mddevs from mddev_find_or_alloc (git-fixes). * md: factor out a mddev_alloc_unit helper from mddev_find (git-fixes). * md: fix data corruption for raid456 when reshape restart while grow up (git- fixes). * md: fix deadlock causing by sysfs_notify (git-fixes). * md: fix incorrect declaration about claim_rdev in md_import_device (git- fixes). * md: flush md_rdev_misc_wq for HOT_ADD_DISK case (git-fixes). * md: get sysfs entry after redundancy attr group create (git-fixes). * md: refactor mddev_find_or_alloc (git-fixes). * md: remove lock_bdev / unlock_bdev (git-fixes). * mm, memcg: add mem_cgroup_disabled checks in vmpressure and swap-related functions (bsc#1190208 (MM functional and performance backports) bsc#1216759). * net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759). * net: mana: Configure hwc timeout from hardware (bsc#1214037). * net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764). * powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files. * ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). * s390/cio: unregister device when the only path is gone (git-fixes bsc#1217607). * s390/cmma: fix detection of DAT pages (LTC#203996 bsc#1217087). * s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203996 bsc#1217087). * s390/cmma: fix initial kernel address space page table walk (LTC#203996 bsc#1217087). * s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217206). * s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217519). * s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217604). * s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203996 bsc#1217087). * s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203996 bsc#1217087). * s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217603). * scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes). * scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git- fixes). * tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1216031). * usb-storage: fix deadlock when a scsi command timeouts more than once (git- fixes). * usb: serial: option: add Quectel RM500U-CN modem (git-fixes). * usb: serial: option: add Telit FE990 compositions (git-fixes). * usb: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). * usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git- fixes). * xfs: fix units conversion error in xfs_bmap_del_extent_delay (git-fixes). * xfs: make sure maxlen is still congruent with prod when rounding down (git- fixes). * xfs: reserve data and rt quota at the same time (bsc#1203496). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 12 SP5 zypper in -t patch SUSE-SLE-RT-12-SP5-2023-4735=1 ## Package List: * SUSE Linux Enterprise Real Time 12 SP5 (x86_64) * dlm-kmp-rt-debuginfo-4.12.14-10.154.1 * cluster-md-kmp-rt-4.12.14-10.154.1 * gfs2-kmp-rt-debuginfo-4.12.14-10.154.1 * kernel-rt-base-debuginfo-4.12.14-10.154.1 * cluster-md-kmp-rt-debuginfo-4.12.14-10.154.1 * kernel-rt-debugsource-4.12.14-10.154.1 * kernel-rt_debug-debuginfo-4.12.14-10.154.1 * dlm-kmp-rt-4.12.14-10.154.1 * kernel-rt_debug-devel-debuginfo-4.12.14-10.154.1 * kernel-syms-rt-4.12.14-10.154.1 * ocfs2-kmp-rt-4.12.14-10.154.1 * ocfs2-kmp-rt-debuginfo-4.12.14-10.154.1 * kernel-rt-base-4.12.14-10.154.1 * kernel-rt-devel-debuginfo-4.12.14-10.154.1 * kernel-rt_debug-devel-4.12.14-10.154.1 * gfs2-kmp-rt-4.12.14-10.154.1 * kernel-rt_debug-debugsource-4.12.14-10.154.1 * kernel-rt-devel-4.12.14-10.154.1 * kernel-rt-debuginfo-4.12.14-10.154.1 * SUSE Linux Enterprise Real Time 12 SP5 (noarch) * kernel-devel-rt-4.12.14-10.154.1 * kernel-source-rt-4.12.14-10.154.1 * SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64) * kernel-rt-4.12.14-10.154.1 * kernel-rt_debug-4.12.14-10.154.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0461.html * https://www.suse.com/security/cve/CVE-2023-31083.html * https://www.suse.com/security/cve/CVE-2023-39197.html * https://www.suse.com/security/cve/CVE-2023-39198.html * https://www.suse.com/security/cve/CVE-2023-45863.html * https://www.suse.com/security/cve/CVE-2023-45871.html * https://www.suse.com/security/cve/CVE-2023-5717.html * https://bugzilla.suse.com/show_bug.cgi?id=1084909 * https://bugzilla.suse.com/show_bug.cgi?id=1176950 * https://bugzilla.suse.com/show_bug.cgi?id=1190208 * https://bugzilla.suse.com/show_bug.cgi?id=1203496 * https://bugzilla.suse.com/show_bug.cgi?id=1205462 * https://bugzilla.suse.com/show_bug.cgi?id=1208787 * https://bugzilla.suse.com/show_bug.cgi?id=1210780 * https://bugzilla.suse.com/show_bug.cgi?id=1214037 * https://bugzilla.suse.com/show_bug.cgi?id=1214285 * https://bugzilla.suse.com/show_bug.cgi?id=1214408 * https://bugzilla.suse.com/show_bug.cgi?id=1214764 * https://bugzilla.suse.com/show_bug.cgi?id=1216031 * https://bugzilla.suse.com/show_bug.cgi?id=1216058 * https://bugzilla.suse.com/show_bug.cgi?id=1216259 * https://bugzilla.suse.com/show_bug.cgi?id=1216584 * https://bugzilla.suse.com/show_bug.cgi?id=1216759 * https://bugzilla.suse.com/show_bug.cgi?id=1216965 * https://bugzilla.suse.com/show_bug.cgi?id=1216976 * https://bugzilla.suse.com/show_bug.cgi?id=1217036 * https://bugzilla.suse.com/show_bug.cgi?id=1217087 * https://bugzilla.suse.com/show_bug.cgi?id=1217206 * https://bugzilla.suse.com/show_bug.cgi?id=1217519 * https://bugzilla.suse.com/show_bug.cgi?id=1217525 * https://bugzilla.suse.com/show_bug.cgi?id=1217603 * https://bugzilla.suse.com/show_bug.cgi?id=1217604 * https://bugzilla.suse.com/show_bug.cgi?id=1217607 * https://jira.suse.com/browse/PED-3184 * https://jira.suse.com/browse/PED-5021 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:14 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:14 -0000 Subject: SUSE-SU-2023:4731-1: important: Security update for the Linux Kernel Message-ID: <170255707460.23207.16893238301503163438@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4731-1 Rating: important References: * bsc#1084909 * bsc#1189998 * bsc#1210447 * bsc#1214286 * bsc#1214976 * bsc#1215124 * bsc#1215292 * bsc#1215420 * bsc#1215458 * bsc#1215710 * bsc#1216058 * bsc#1216105 * bsc#1216259 * bsc#1216584 * bsc#1216693 * bsc#1216759 * bsc#1216761 * bsc#1216844 * bsc#1216861 * bsc#1216909 * bsc#1216959 * bsc#1216965 * bsc#1216976 * bsc#1217036 * bsc#1217068 * bsc#1217086 * bsc#1217124 * bsc#1217140 * bsc#1217195 * bsc#1217200 * bsc#1217205 * bsc#1217332 * bsc#1217366 * bsc#1217515 * bsc#1217598 * bsc#1217599 * bsc#1217609 * bsc#1217687 * bsc#1217731 * bsc#1217780 * jsc#PED-3184 * jsc#PED-5021 * jsc#PED-7237 Cross-References: * CVE-2023-2006 * CVE-2023-25775 * CVE-2023-39197 * CVE-2023-39198 * CVE-2023-4244 * CVE-2023-45863 * CVE-2023-45871 * CVE-2023-46862 * CVE-2023-5158 * CVE-2023-5717 * CVE-2023-6039 * CVE-2023-6176 CVSS scores: * CVE-2023-2006 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2006 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25775 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-25775 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4244 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4244 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-46862 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46862 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5158 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-5158 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6039 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6039 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Real Time Module 15-SP4 An update that solves 12 vulnerabilities, contains three features and has 28 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). * CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447). * CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). * CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). * CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068). * CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). * CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710). * CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). * CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). * CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). * CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959). * CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693). The following non-security bugs were fixed: * ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes). * ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes). * ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes). * ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes). * ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes). * ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes). * ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes). * ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes). * ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes). * ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140). * ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes). * ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes). * ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes). * ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes). * ALSA: info: Fix potential deadlock at disconnection (git-fixes). * ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes). * ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes). * ASoC: ams-delta.c: use component after check (git-fixes). * ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes). * ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes). * ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes). * ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes). * ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described (git-fixes). * ASoC: hdmi-codec: register hpd callback on component probe (git-fixes). * ASoC: rt5650: fix the wrong result of key button (git-fixes). * ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes). * ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes). * Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes). * Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git- fixes). * Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git- fixes). * Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes). * Disable Loongson drivers Loongson is a mips architecture, it does not make sense to build Loongson drivers on other architectures. * Documentation: networking: correct possessive "its" (bsc#1215458). * Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git- fixes). * Ensure ia32_emulation is always enabled for kernel-obs-build If ia32_emulation is disabled by default, ensure it is enabled back for OBS kernel to allow building 32bit binaries (jsc#PED-3184) [ms: Always pass the parameter, no need to grep through the config which may not be very reliable] * Fix termination state for idr_for_each_entry_ul() (git-fixes). * HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes). * HID: hyperv: Replace one-element array with flexible-array member (git- fixes). * HID: hyperv: avoid struct memcpy overrun warning (git-fixes). * HID: hyperv: remove unused struct synthhid_msg (git-fixes). * HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround (git-fixes). * HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only (git-fixes). * HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes). * HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes). * HID: logitech-hidpp: Revert "Do not restart communication if not necessary" (git-fixes). * Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes). * Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git- fixes). * Input: xpad - add VID for Turtle Beach controllers (git-fixes). * PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes). * PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes). * PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458). * PCI: Extract ATS disabling to a helper function (bsc#1215458). * PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git- fixes). * PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes). * PCI: Use FIELD_GET() to extract Link Width (git-fixes). * PCI: exynos: Do not discard .remove() callback (git-fixes). * PCI: keystone: Do not discard .probe() callback (git-fixes). * PCI: keystone: Do not discard .remove() callback (git-fixes). * PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git- fixes). * PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes). * PM: hibernate: Use __get_safe_page() rather than touching the list (git- fixes). * USB: dwc2: write HCINT with INTMASK applied (bsc#1214286). * USB: dwc3: qcom: fix ACPI platform device leak (git-fixes). * USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes). * USB: dwc3: qcom: fix software node leak on probe errors (git-fixes). * USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes). * USB: serial: option: add Fibocom L7xx modules (git-fixes). * USB: serial: option: add Luat Air72*U series products (git-fixes). * USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes). * USB: serial: option: fix FM101R-GL defines (git-fixes). * USB: usbip: fix stub_dev hub disconnect (git-fixes). * arm/xen: fix xen_vcpu_info allocation alignment (git-fixes). * arm64: Add Cortex-A520 CPU part definition (git-fixes) * arm64: allow kprobes on EL0 handlers (git-fixes) * arm64: armv8_deprecated move emulation functions (git-fixes) * arm64: armv8_deprecated: fix unused-function error (git-fixes) * arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes) * arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes) * arm64: armv8_deprecated: rework deprected instruction handling (git-fixes) * arm64: consistently pass ESR_ELx to die() (git-fixes) * arm64: die(): pass 'err' as long (git-fixes) * arm64: factor insn read out of call_undef_hook() (git-fixes) * arm64: factor out EL1 SSBS emulation hook (git-fixes) * arm64: report EL1 UNDEFs better (git-fixes) * arm64: rework BTI exception handling (git-fixes) * arm64: rework EL0 MRS emulation (git-fixes) * arm64: rework FPAC exception handling (git-fixes) * arm64: split EL0/EL1 UNDEF handlers (git-fixes) * ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes). * atl1c: Work around the DMA RX overflow issue (git-fixes). * atm: iphase: Do PCI error checks on own line (git-fixes). * blk-mq: Do not clear driver tags own mapping (bsc#1217366). * blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366). * bluetooth: Add device 0bda:887b to device tables (git-fixes). * bluetooth: Add device 13d3:3571 to device tables (git-fixes). * can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes). * can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes). * can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes). * can: isotp: add local echo tx processing for consecutive frames (git-fixes). * can: isotp: fix race between isotp_sendsmg() and isotp_release() (git- fixes). * can: isotp: fix tx state handling for echo tx processing (git-fixes). * can: isotp: handle wait_event_interruptible() return values (git-fixes). * can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting (git-fixes). * can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git- fixes). * can: isotp: remove re-binding of bound socket (git-fixes). * can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes). * can: isotp: set max PDU size to 64 kByte (git-fixes). * can: isotp: split tx timer into transmission and timeout (git-fixes). * can: sja1000: Fix comment (git-fixes). * clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (git-fixes). * clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes). * clk: imx: imx8mq: correct error handling path (git-fixes). * clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes). * clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes). * clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes). * clk: npcm7xx: Fix incorrect kfree (git-fixes). * clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (git-fixes). * clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes). * clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes). * clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git- fixes). * clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git- fixes). * clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes). * clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes). * clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes). * clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes). * clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git- fixes). * clk: ti: change ti_clk_register_omap_hw API (git-fixes). * clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes). * crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes). * crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes). * crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes). * dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git- fixes). * dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git- fixes). * dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes). * dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes). * docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458). * docs: net: reformat driver.rst from a list to sections (bsc#1215458). * docs: net: use C syntax highlight in driver.rst (bsc#1215458). * drm/amd/display: Avoid NULL dereference of timing generator (git-fixes). * drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (git-fixes). * drm/amd/display: remove useless check in should_enable_fbc() (git-fixes). * drm/amd/display: use full update for clip size increase of large plane source (git-fixes). * drm/amd/pm: Handle non-terminated overdrive commands (git-fixes). * drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git- fixes). * drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes). * drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (git-fixes). * drm/amdgpu: Fix potential null pointer derefernce (git-fixes). * drm/amdgpu: do not use ATRM for external devices (git-fixes). * drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes). * drm/amdgpu: fix software pci_unplug on some chips (git-fixes). * drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git- fixes). * drm/amdkfd: Fix shift out-of-bounds issue (git-fixes). * drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes). * drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes). * drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes). * drm/bridge: lt8912b: Fix bridge_detach (git-fixes). * drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes). * drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git- fixes). * drm/bridge: lt8912b: Register and attach our DSI device at probe (git- fixes). * drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes). * drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git- fixes). * drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes). * drm/bridge: lt9611uxc: fix the race in the error path (git-fixes). * drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes). * drm/bridge: tc358768: Fix bit updates (git-fixes). * drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes). * drm/gud: Use size_add() in call to struct_size() (git-fixes). * drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes). * drm/i915: Fix potential spectre vulnerability (git-fixes). * drm/komeda: drop all currently held locks if deadlock happens (git-fixes). * drm/mediatek: Fix iommu fault by swapping FBs after updating plane state (git-fixes). * drm/mediatek: Fix iommu fault during crtc enabling (git-fixes). * drm/mipi-dsi: Create devm device attachment (git-fixes). * drm/mipi-dsi: Create devm device registration (git-fixes). * drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes). * drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git- fixes). * drm/panel: fix a possible null pointer dereference (git-fixes). * drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes). * drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes). * drm/panel: st7703: Pick different reset sequence (git-fixes). * drm/qxl: prevent memory leak (git-fixes). * drm/radeon: possible buffer overflow (git-fixes). * drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git- fixes). * drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git- fixes). * drm/rockchip: vop: Fix call to crtc reset helper (git-fixes). * drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git- fixes). * drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git- fixes). * drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes). * drm/vc4: fix typo (git-fixes). * drm: vmwgfx_surface.c: copy user-array safely (git-fixes). * dt-bindings: usb: hcd: add missing phy name to example (git-fixes). * dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes). * fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes). * fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes). * fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git- fixes). * fbdev: imsttfb: fix a resource leak in probe (git-fixes). * fbdev: imsttfb: fix double free in probe() (git-fixes). * fbdev: omapfb: Drop unused remove function (git-fixes). * firewire: core: fix possible memory leak in create_units() (git-fixes). * firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git- fixes). * gpio: mockup: fix kerneldoc (git-fixes). * gpio: mockup: remove unused field (git-fixes). * hid: cp2112: Fix duplicate workqueue initialization (git-fixes). * hv: simplify sysctl registration (git-fixes). * hv_netvsc: Fix race of register_netdevice_notifier and VF register (git- fixes). * hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes). * hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes). * hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes). * hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git- fixes). * i2c: aspeed: Fix i2c bus hang in slave read (git-fixes). * i2c: core: Run atomic i2c xfer when !preemptible (git-fixes). * i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (git-fixes). * i2c: dev: copy userspace array safely (git-fixes). * i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git- fixes). * i2c: iproc: handle invalid slave state (git-fixes). * i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). * i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes). * i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). * i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes). * i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes). * i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git- fixes). * i3c: master: cdns: Fix reading status register (git-fixes). * i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git- fixes). * i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git- fixes). * i3c: master: svc: fix check wrong status register in irq handler (git- fixes). * i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes). * i3c: master: svc: fix race condition in ibi work thread (git-fixes). * i3c: master: svc: fix wrong data return when IBI happen during start frame (git-fixes). * i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git- fixes). * i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes). * idpf: add RX splitq napi poll support (bsc#1215458). * idpf: add SRIOV support and other ndo_ops (bsc#1215458). * idpf: add TX splitq napi poll support (bsc#1215458). * idpf: add controlq init and reset checks (bsc#1215458). * idpf: add core init and interrupt request (bsc#1215458). * idpf: add create vport and netdev configuration (bsc#1215458). * idpf: add ethtool callbacks (bsc#1215458). * idpf: add module register and probe functionality (bsc#1215458). * idpf: add ptypes and MAC filter support (bsc#1215458). * idpf: add singleq start_xmit and napi poll (bsc#1215458). * idpf: add splitq start_xmit (bsc#1215458). * idpf: cancel mailbox work in error path (bsc#1215458). * idpf: configure resources for RX queues (bsc#1215458). * idpf: configure resources for TX queues (bsc#1215458). * idpf: fix potential use-after-free in idpf_tso() (bsc#1215458). * idpf: initialize interrupts and enable vport (bsc#1215458). * idpf: set scheduling mode for completion queue (bsc#1215458). * iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git- fixes). * iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds (git-fixes). * iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes). * irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes). * kabi/severities: ignore kabi in rxrpc (bsc#1210447) The rxrpc module is built since SLE15-SP3 but it is not shipped as part of any SLE product, only in Leap (in kernel-*-optional). * kernel-binary: suse-module-tools is also required when installed Requires(pre) adds dependency for the specific sciptlet. However, suse- module-tools also ships modprobe.d files which may be needed at posttrans time or any time the kernel is on the system for generating ramdisk. Add plain Requires as well. * kernel-source: Move provides after sources * kernel/fork: beware of __put_task_struct() calling context (bsc#1189998 (PREEMPT_RT prerequisite backports)). * kernel/fork: beware of __put_task_struct() calling context (bsc#1216761). * leds: pwm: Do not disable the PWM when the LED should be off (git-fixes). * leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (git-fixes). * leds: turris-omnia: Do not use SMBUS calls (git-fixes). * lsm: fix default return value for inode_getsecctx (git-fixes). * lsm: fix default return value for vm_enough_memory (git-fixes). * media: bttv: fix use after free error due to btv->timeout timer (git-fixes). * media: ccs: Correctly initialise try compose rectangle (git-fixes). * media: ccs: Fix driver quirk struct documentation (git-fixes). * media: cedrus: Fix clock/reset sequence (git-fixes). * media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes). * media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes). * media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes). * media: imon: fix access to invalid resource for the second interface (git- fixes). * media: lirc: drop trailing space from scancode transmit (git-fixes). * media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes). * media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes). * media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes). * media: qcom: camss: Fix vfe_get() error jump (git-fixes). * media: sharp: fix sharp encoding (git-fixes). * media: siano: Drop unnecessary error check for debugfs_create_dir/file() (git-fixes). * media: venus: hfi: add checks to handle capabilities from firmware (git- fixes). * media: venus: hfi: add checks to perform sanity on queue pointers (git- fixes). * media: venus: hfi: fix the check to handle session buffer requirement (git- fixes). * media: venus: hfi_parser: Add check to keep the number of codecs within range (git-fixes). * media: vidtv: mux: Add check and kfree for kstrdup (git-fixes). * media: vidtv: psi: Add check for kstrdup (git-fixes). * media: vivid: avoid integer overflow (git-fixes). * mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git- fixes). * mfd: core: Ensure disabled devices are skipped without aborting (git-fixes). * mfd: dln2: Fix double put in dln2_probe (git-fixes). * misc: fastrpc: Clean buffers on remote invocation failures (git-fixes). * misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git- fixes). * mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237, git-fixes). * mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes). * mmc: block: Do not lose cache flush during CQE error recovery (git-fixes). * mmc: block: Retry commands in CQE error recovery (git-fixes). * mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes). * mmc: cqhci: Increase recovery halt timeout (git-fixes). * mmc: cqhci: Warn of halt or task clear failure (git-fixes). * mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes). * mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git- fixes). * mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git- fixes). * mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes). * mmc: vub300: fix an error code (git-fixes). * modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes). * mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes). * mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes). * mtd: rawnand: arasan: Include ECC syndrome along with in-band data while checking for ECC failure (git-fixes). * net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759). * net: Avoid address overwrite in kernel_connect (bsc#1216861). * net: add macro netif_subqueue_completed_wake (bsc#1215458). * net: fix use-after-free in tw_timer_handler (bsc#1217195). * net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (git-fixes). * net: mana: Fix return type of mana_start_xmit() (git-fixes). * net: piggy back on the memory barrier in bql when waking queues (bsc#1215458). * net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458). * net: usb: ax88179_178a: fix failed operations during ax88179_reset (git- fixes). * net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git- fixes). * nvme: update firmware version after commit (bsc#1215292). * pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes). * pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes). * pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes). * pinctrl: avoid reload of p state in list iteration (git-fixes). * platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git- fixes). * platform/x86: wmi: Fix opening of char device (git-fixes). * platform/x86: wmi: Fix probe failure when failing to register WMI devices (git-fixes). * platform/x86: wmi: remove unnecessary initializations (git-fixes). * powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). * pwm: Fix double shift bug (git-fixes). * pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes). * pwm: sti: Reduce number of allocations and drop usage of chip_data (git- fixes). * r8152: Cancel hw_phy_work if we have an error in probe (git-fixes). * r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes). * r8152: Check for unplug in rtl_phy_patch_request() (git-fixes). * r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes). * r8152: Release firmware if we have an error in probe (git-fixes). * r8152: Run the unload routine if we have errors during probe (git-fixes). * regmap: Ensure range selector registers are updated after cache sync (git- fixes). * regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes). * regmap: prevent noinc writes from clobbering cache (git-fixes). * s390/ap: fix AP bus crash on early config change callback invocation (git- fixes bsc#1217687). * s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609). * s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086). * s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997 bsc#1217086). * s390/cmma: fix initial kernel address space page table walk (LTC#203997 bsc#1217086). * s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205). * s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124). * s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515). * s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217598). * s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes). * s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203997 bsc#1217086). * s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203997 bsc#1217086). * s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200). * s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217599). * sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes). * scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731). * scsi: lpfc: Correct maximum PCI function value for RAS fw logging (bsc#1217731). * scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731). * scsi: lpfc: Enhance driver logging for selected discovery events (bsc#1217731). * scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731). * scsi: lpfc: Fix possible file string name overflow when updating firmware (bsc#1217731). * scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124). * scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731). * scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV ports (bsc#1217124). * scsi: lpfc: Remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124). * scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731). * scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci offline (bsc#1217124). * scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124). * scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731). * scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124). * scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes). * scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git- fixes). * selftests/efivarfs: create-read: fix a resource leak (git-fixes). * selftests/pidfd: Fix ksft print formats (git-fixes). * selftests/resctrl: Ensure the benchmark commands fits to its array (git- fixes). * selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git- fixes). * selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes). * seq_buf: fix a misleading comment (git-fixes). * serial: exar: Revert "serial: exar: Add support for Sealevel 7xxxC serial cards" (git-fixes). * serial: meson: Use platform_get_irq() to get the interrupt (git-fixes). * soc: qcom: llcc: Handle a second device without data corruption (git-fixes). * spi: nxp-fspi: use the correct ioremap function (git-fixes). * spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes). * spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes). * staging: media: ipu3: remove ftrace-like logging (git-fixes). * string.h: add array-wrappers for (v)memdup_user() (git-fixes). * supported.conf: marked idpf supported * thermal: core: prevent potential string overflow (git-fixes). * treewide: Spelling fix in comment (git-fixes). * tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes). * tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes). * tty: 8250: Add support for Brainboxes UP cards (git-fixes). * tty: 8250: Add support for Intashield IS-100 (git-fixes). * tty: 8250: Add support for Intashield IX cards (git-fixes). * tty: 8250: Add support for additional Brainboxes PX cards (git-fixes). * tty: 8250: Add support for additional Brainboxes UC cards (git-fixes). * tty: 8250: Fix port count of PX-257 (git-fixes). * tty: 8250: Fix up PX-803/PX-857 (git-fixes). * tty: 8250: Remove UC-257 and UC-431 (git-fixes). * tty: Fix uninit-value access in ppp_sync_receive() (git-fixes). * tty: n_gsm: fix race condition in status line change on dead connections (git-fixes). * tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes). * tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes). * tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes). * usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes). * usb: chipidea: Fix DMA overwrite for Tegra (git-fixes). * usb: chipidea: Simplify Tegra DMA alignment code (git-fixes). * usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (git-fixes). * usb: dwc3: Fix default mode initialization (git-fixes). * usb: dwc3: set the dma max_seg_size (git-fixes). * usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes). * usb: raw-gadget: properly handle interrupted requests (git-fixes). * usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility (git-fixes). * usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git- fixes). * usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes). * virtchnl: add virtchnl version 2 ops (bsc#1215458). * wifi: ath10k: Do not touch the CE interrupt registers after power up (git- fixes). * wifi: ath10k: fix clang-specific fortify warning (git-fixes). * wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes). * wifi: ath11k: fix dfs radar event locking (git-fixes). * wifi: ath11k: fix htt pktlog locking (git-fixes). * wifi: ath11k: fix temperature event locking (git-fixes). * wifi: ath9k: fix clang-specific fortify warnings (git-fixes). * wifi: iwlwifi: Use FW rate for non-data frames (git-fixes). * wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git- fixes). * wifi: iwlwifi: empty overflow queue during flush (git-fixes). * wifi: iwlwifi: honor the enable_ini value (git-fixes). * wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes). * wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git- fixes). * wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes). * wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes). * wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes). * wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). * x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes). * x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes). * x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git- fixes). * x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes). * x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes). * x86/hyperv: Make hv_get_nmi_reason public (git-fixes). * x86/hyperv: fix a warning in mshyperv.h (git-fixes). * x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git- fixes). * x86/sev: Fix calculation of end address based on number of pages (git- fixes). * x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git- fixes). * x86: Move gds_ucode_mitigated() declaration to header (git-fixes). * xfs: add attr state machine tracepoints (git-fixes). * xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909). * xfs: constify btree function parameters that are not modified (git-fixes). * xfs: convert AGF log flags to unsigned (git-fixes). * xfs: convert AGI log flags to unsigned (git-fixes). * xfs: convert attr type flags to unsigned (git-fixes). * xfs: convert bmap extent type flags to unsigned (git-fixes). * xfs: convert bmapi flags to unsigned (git-fixes). * xfs: convert btree buffer log flags to unsigned (git-fixes). * xfs: convert buffer flags to unsigned (git-fixes). * xfs: convert buffer log item flags to unsigned (git-fixes). * xfs: convert da btree operations flags to unsigned (git-fixes). * xfs: convert dquot flags to unsigned (git-fixes). * xfs: convert inode lock flags to unsigned (git-fixes). * xfs: convert log item tracepoint flags to unsigned (git-fixes). * xfs: convert log ticket and iclog flags to unsigned (git-fixes). * xfs: convert quota options flags to unsigned (git-fixes). * xfs: convert scrub type flags to unsigned (git-fixes). * xfs: disambiguate units for ftrace fields tagged "blkno", "block", or "bno" (git-fixes). * xfs: disambiguate units for ftrace fields tagged "count" (git-fixes). * xfs: disambiguate units for ftrace fields tagged "len" (git-fixes). * xfs: disambiguate units for ftrace fields tagged "offset" (git-fixes). * xfs: make the key parameters to all btree key comparison functions const (git-fixes). * xfs: make the key parameters to all btree query range functions const (git- fixes). * xfs: make the keys and records passed to btree inorder functions const (git- fixes). * xfs: make the pointer passed to btree set_root functions const (git-fixes). * xfs: make the start pointer passed to btree alloc_block functions const (git-fixes). * xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes). * xfs: mark the record passed into btree init_key functions as const (git- fixes). * xfs: mark the record passed into xchk_btree functions as const (git-fixes). * xfs: remove xfs_btree_cur_t typedef (git-fixes). * xfs: rename i_disk_size fields in ftrace output (git-fixes). * xfs: resolve fork names in trace output (git-fixes). * xfs: standardize AG block number formatting in ftrace output (git-fixes). * xfs: standardize AG number formatting in ftrace output (git-fixes). * xfs: standardize daddr formatting in ftrace output (git-fixes). * xfs: standardize inode generation formatting in ftrace output (git-fixes). * xfs: standardize inode number formatting in ftrace output (git-fixes). * xfs: standardize remaining xfs_buf length tracepoints (git-fixes). * xfs: standardize rmap owner number formatting in ftrace output (git-fixes). * xhci: Enable RPM on controllers that support low-power states (git-fixes). * xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4731=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4731=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4731=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4731=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4731=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4731=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4731=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4731=1 * SUSE Real Time Module 15-SP4 zypper in -t patch SUSE-SLE-Module-RT-15-SP4-2023-4731=1 ## Package List: * openSUSE Leap Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.62.1 * openSUSE Leap Micro 5.3 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.62.1 * kernel-rt-debugsource-5.14.21-150400.15.62.1 * openSUSE Leap Micro 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.62.1 * openSUSE Leap Micro 5.4 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.62.1 * kernel-rt-debugsource-5.14.21-150400.15.62.1 * openSUSE Leap 15.4 (x86_64) * cluster-md-kmp-rt-5.14.21-150400.15.62.1 * dlm-kmp-rt-debuginfo-5.14.21-150400.15.62.1 * kernel-rt-debuginfo-5.14.21-150400.15.62.1 * ocfs2-kmp-rt-5.14.21-150400.15.62.1 * kernel-rt_debug-debuginfo-5.14.21-150400.15.62.1 * kernel-rt-debugsource-5.14.21-150400.15.62.1 * kernel-syms-rt-5.14.21-150400.15.62.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.62.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.62.1 * gfs2-kmp-rt-5.14.21-150400.15.62.1 * kernel-rt_debug-debugsource-5.14.21-150400.15.62.1 * kernel-rt-devel-5.14.21-150400.15.62.1 * kernel-rt_debug-devel-5.14.21-150400.15.62.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.62.1 * kernel-rt-devel-debuginfo-5.14.21-150400.15.62.1 * dlm-kmp-rt-5.14.21-150400.15.62.1 * gfs2-kmp-rt-debuginfo-5.14.21-150400.15.62.1 * openSUSE Leap 15.4 (noarch) * kernel-source-rt-5.14.21-150400.15.62.1 * kernel-devel-rt-5.14.21-150400.15.62.1 * openSUSE Leap 15.4 (nosrc x86_64) * kernel-rt_debug-5.14.21-150400.15.62.1 * kernel-rt-5.14.21-150400.15.62.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.62.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.62.1 * kernel-rt-debugsource-5.14.21-150400.15.62.1 * SUSE Linux Enterprise Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.62.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.62.1 * kernel-rt-debugsource-5.14.21-150400.15.62.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.62.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.62.1 * kernel-rt-debugsource-5.14.21-150400.15.62.1 * SUSE Linux Enterprise Micro 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.62.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.62.1 * kernel-rt-debugsource-5.14.21-150400.15.62.1 * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-5_14_21-150400_15_62-rt-1-150400.1.3.1 * kernel-livepatch-5_14_21-150400_15_62-rt-debuginfo-1-150400.1.3.1 * kernel-livepatch-SLE15-SP4-RT_Update_16-debugsource-1-150400.1.3.1 * SUSE Real Time Module 15-SP4 (x86_64) * cluster-md-kmp-rt-5.14.21-150400.15.62.1 * dlm-kmp-rt-debuginfo-5.14.21-150400.15.62.1 * kernel-rt-debuginfo-5.14.21-150400.15.62.1 * ocfs2-kmp-rt-5.14.21-150400.15.62.1 * kernel-rt_debug-debuginfo-5.14.21-150400.15.62.1 * kernel-rt-debugsource-5.14.21-150400.15.62.1 * kernel-syms-rt-5.14.21-150400.15.62.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.62.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.62.1 * gfs2-kmp-rt-5.14.21-150400.15.62.1 * kernel-rt_debug-debugsource-5.14.21-150400.15.62.1 * kernel-rt-devel-5.14.21-150400.15.62.1 * kernel-rt_debug-devel-5.14.21-150400.15.62.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.62.1 * kernel-rt-devel-debuginfo-5.14.21-150400.15.62.1 * dlm-kmp-rt-5.14.21-150400.15.62.1 * gfs2-kmp-rt-debuginfo-5.14.21-150400.15.62.1 * SUSE Real Time Module 15-SP4 (noarch) * kernel-source-rt-5.14.21-150400.15.62.1 * kernel-devel-rt-5.14.21-150400.15.62.1 * SUSE Real Time Module 15-SP4 (nosrc x86_64) * kernel-rt_debug-5.14.21-150400.15.62.1 * kernel-rt-5.14.21-150400.15.62.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2006.html * https://www.suse.com/security/cve/CVE-2023-25775.html * https://www.suse.com/security/cve/CVE-2023-39197.html * https://www.suse.com/security/cve/CVE-2023-39198.html * https://www.suse.com/security/cve/CVE-2023-4244.html * https://www.suse.com/security/cve/CVE-2023-45863.html * https://www.suse.com/security/cve/CVE-2023-45871.html * https://www.suse.com/security/cve/CVE-2023-46862.html * https://www.suse.com/security/cve/CVE-2023-5158.html * https://www.suse.com/security/cve/CVE-2023-5717.html * https://www.suse.com/security/cve/CVE-2023-6039.html * https://www.suse.com/security/cve/CVE-2023-6176.html * https://bugzilla.suse.com/show_bug.cgi?id=1084909 * https://bugzilla.suse.com/show_bug.cgi?id=1189998 * https://bugzilla.suse.com/show_bug.cgi?id=1210447 * https://bugzilla.suse.com/show_bug.cgi?id=1214286 * https://bugzilla.suse.com/show_bug.cgi?id=1214976 * https://bugzilla.suse.com/show_bug.cgi?id=1215124 * https://bugzilla.suse.com/show_bug.cgi?id=1215292 * https://bugzilla.suse.com/show_bug.cgi?id=1215420 * https://bugzilla.suse.com/show_bug.cgi?id=1215458 * https://bugzilla.suse.com/show_bug.cgi?id=1215710 * https://bugzilla.suse.com/show_bug.cgi?id=1216058 * https://bugzilla.suse.com/show_bug.cgi?id=1216105 * https://bugzilla.suse.com/show_bug.cgi?id=1216259 * https://bugzilla.suse.com/show_bug.cgi?id=1216584 * https://bugzilla.suse.com/show_bug.cgi?id=1216693 * https://bugzilla.suse.com/show_bug.cgi?id=1216759 * https://bugzilla.suse.com/show_bug.cgi?id=1216761 * https://bugzilla.suse.com/show_bug.cgi?id=1216844 * https://bugzilla.suse.com/show_bug.cgi?id=1216861 * https://bugzilla.suse.com/show_bug.cgi?id=1216909 * https://bugzilla.suse.com/show_bug.cgi?id=1216959 * https://bugzilla.suse.com/show_bug.cgi?id=1216965 * https://bugzilla.suse.com/show_bug.cgi?id=1216976 * https://bugzilla.suse.com/show_bug.cgi?id=1217036 * https://bugzilla.suse.com/show_bug.cgi?id=1217068 * https://bugzilla.suse.com/show_bug.cgi?id=1217086 * https://bugzilla.suse.com/show_bug.cgi?id=1217124 * https://bugzilla.suse.com/show_bug.cgi?id=1217140 * https://bugzilla.suse.com/show_bug.cgi?id=1217195 * https://bugzilla.suse.com/show_bug.cgi?id=1217200 * https://bugzilla.suse.com/show_bug.cgi?id=1217205 * https://bugzilla.suse.com/show_bug.cgi?id=1217332 * https://bugzilla.suse.com/show_bug.cgi?id=1217366 * https://bugzilla.suse.com/show_bug.cgi?id=1217515 * https://bugzilla.suse.com/show_bug.cgi?id=1217598 * https://bugzilla.suse.com/show_bug.cgi?id=1217599 * https://bugzilla.suse.com/show_bug.cgi?id=1217609 * https://bugzilla.suse.com/show_bug.cgi?id=1217687 * https://bugzilla.suse.com/show_bug.cgi?id=1217731 * https://bugzilla.suse.com/show_bug.cgi?id=1217780 * https://jira.suse.com/browse/PED-3184 * https://jira.suse.com/browse/PED-5021 * https://jira.suse.com/browse/PED-7237 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:24 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:24 -0000 Subject: SUSE-SU-2023:4730-1: important: Security update for the Linux Kernel Message-ID: <170255708411.23207.9581849466742915243@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4730-1 Rating: important References: * bsc#1084909 * bsc#1207948 * bsc#1210447 * bsc#1214286 * bsc#1214700 * bsc#1214840 * bsc#1214976 * bsc#1215123 * bsc#1215124 * bsc#1215292 * bsc#1215420 * bsc#1215458 * bsc#1215710 * bsc#1215802 * bsc#1215931 * bsc#1216058 * bsc#1216105 * bsc#1216259 * bsc#1216527 * bsc#1216584 * bsc#1216687 * bsc#1216693 * bsc#1216759 * bsc#1216788 * bsc#1216844 * bsc#1216861 * bsc#1216909 * bsc#1216959 * bsc#1216965 * bsc#1216976 * bsc#1217036 * bsc#1217068 * bsc#1217086 * bsc#1217095 * bsc#1217124 * bsc#1217140 * bsc#1217147 * bsc#1217195 * bsc#1217196 * bsc#1217200 * bsc#1217205 * bsc#1217332 * bsc#1217366 * bsc#1217511 * bsc#1217515 * bsc#1217598 * bsc#1217599 * bsc#1217609 * bsc#1217687 * bsc#1217731 * bsc#1217780 * jsc#PED-3184 * jsc#PED-5021 * jsc#PED-7237 Cross-References: * CVE-2023-2006 * CVE-2023-25775 * CVE-2023-39197 * CVE-2023-39198 * CVE-2023-4244 * CVE-2023-45863 * CVE-2023-45871 * CVE-2023-46862 * CVE-2023-5158 * CVE-2023-5633 * CVE-2023-5717 * CVE-2023-6039 * CVE-2023-6176 CVSS scores: * CVE-2023-2006 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2006 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25775 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-25775 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4244 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4244 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-46862 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46862 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5158 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-5158 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-5633 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5633 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6039 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6039 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * Legacy Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves 13 vulnerabilities, contains three features and has 38 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). * CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447). * CVE-2023-5633: Fixed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface (bsc#1216527). * CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). * CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). * CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068). * CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). * CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710). * CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). * CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). * CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). * CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959). * CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693). The following non-security bugs were fixed: * ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes). * ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes). * ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes). * ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes). * ALSA: hda/realtek - ALC287 Realtek I2S speaker platform support (git-fixes). * ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes). * ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes). * ALSA: hda/realtek: Add quirk for ASUS UX7602ZM (git-fixes). * ALSA: hda/realtek: Add quirks for ASUS 2024 Zenbooks (git-fixes). * ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes). * ALSA: hda/realtek: Add support dual speaker for Dell (git-fixes). * ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes). * ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes). * ALSA: hda: ASUS UM5302LA: Added quirks for cs35L41/10431A83 on i2c bus (git- fixes). * ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140). * ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes). * ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes). * ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes). * ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes). * ALSA: info: Fix potential deadlock at disconnection (git-fixes). * ALSA: usb-audio: add quirk flag to enable native DSD for McIntosh devices (git-fixes). * ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes). * ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes). * ASoC: SOF: core: Ensure sof_ops_free() is still called when probe never ran (git-fixes). * ASoC: ams-delta.c: use component after check (git-fixes). * ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes). * ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes). * ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes). * ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes). * ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described (git-fixes). * ASoC: hdmi-codec: register hpd callback on component probe (git-fixes). * ASoC: rt5650: fix the wrong result of key button (git-fixes). * ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes). * ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes). * Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes). * Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git- fixes). * Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git- fixes). * Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes). * Documentation: networking: correct possessive "its" (bsc#1215458). * Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git- fixes). * Fix termination state for idr_for_each_entry_ul() (git-fixes). * HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes). * HID: hyperv: Replace one-element array with flexible-array member (git- fixes). * HID: hyperv: avoid struct memcpy overrun warning (git-fixes). * HID: hyperv: remove unused struct synthhid_msg (git-fixes). * HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround (git-fixes). * HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only (git-fixes). * HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes). * HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes). * HID: logitech-hidpp: Revert "Do not restart communication if not necessary" (git-fixes). * Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes). * Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git- fixes). * Input: xpad - add VID for Turtle Beach controllers (git-fixes). * NFS: Fix access to page->mapping (bsc#1216788). * PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes). * PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes). * PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458). * PCI: Extract ATS disabling to a helper function (bsc#1215458). * PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git- fixes). * PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes). * PCI: Use FIELD_GET() to extract Link Width (git-fixes). * PCI: exynos: Do not discard .remove() callback (git-fixes). * PCI: keystone: Do not discard .probe() callback (git-fixes). * PCI: keystone: Do not discard .remove() callback (git-fixes). * PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git- fixes). * PCI: vmd: Correct PCI Header Type Register's multi-function check (git- fixes). * PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes). * PM: hibernate: Use __get_safe_page() rather than touching the list (git- fixes). * USB: dwc2: write HCINT with INTMASK applied (bsc#1214286). * USB: dwc3: qcom: fix ACPI platform device leak (git-fixes). * USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes). * USB: dwc3: qcom: fix software node leak on probe errors (git-fixes). * USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes). * USB: serial: option: add Fibocom L7xx modules (git-fixes). * USB: serial: option: add Luat Air72*U series products (git-fixes). * USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes). * USB: serial: option: fix FM101R-GL defines (git-fixes). * USB: usbip: fix stub_dev hub disconnect (git-fixes). * arm/xen: fix xen_vcpu_info allocation alignment (git-fixes). * arm64: Add Cortex-A520 CPU part definition (git-fixes) * arm64: allow kprobes on EL0 handlers (git-fixes) * arm64: armv8_deprecated move emulation functions (git-fixes) * arm64: armv8_deprecated: fix unused-function error (git-fixes) * arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes) * arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes) * arm64: armv8_deprecated: rework deprected instruction handling (git-fixes) * arm64: consistently pass ESR_ELx to die() (git-fixes) * arm64: die(): pass 'err' as long (git-fixes) * arm64: factor insn read out of call_undef_hook() (git-fixes) * arm64: factor out EL1 SSBS emulation hook (git-fixes) * arm64: report EL1 UNDEFs better (git-fixes) * arm64: rework BTI exception handling (git-fixes) * arm64: rework EL0 MRS emulation (git-fixes) * arm64: rework FPAC exception handling (git-fixes) * arm64: split EL0/EL1 UNDEF handlers (git-fixes) * ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes). * atl1c: Work around the DMA RX overflow issue (git-fixes). * atm: iphase: Do PCI error checks on own line (git-fixes). * blk-mq: Do not clear driver tags own mapping (bsc#1217366). * blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366). * bluetooth: Add device 0bda:887b to device tables (git-fixes). * bluetooth: Add device 13d3:3571 to device tables (git-fixes). * btrfs: always log symlinks in full mode (bsc#1214840). * can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes). * can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes). * can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes). * can: isotp: add local echo tx processing for consecutive frames (git-fixes). * can: isotp: fix race between isotp_sendsmg() and isotp_release() (git- fixes). * can: isotp: fix tx state handling for echo tx processing (git-fixes). * can: isotp: handle wait_event_interruptible() return values (git-fixes). * can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting (git-fixes). * can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git- fixes). * can: isotp: remove re-binding of bound socket (git-fixes). * can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes). * can: isotp: set max PDU size to 64 kByte (git-fixes). * can: isotp: split tx timer into transmission and timeout (git-fixes). * can: sja1000: Fix comment (git-fixes). * clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (git-fixes). * clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes). * clk: imx: imx8mq: correct error handling path (git-fixes). * clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes). * clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes). * clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes). * clk: npcm7xx: Fix incorrect kfree (git-fixes). * clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (git-fixes). * clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes). * clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes). * clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git- fixes). * clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git- fixes). * clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes). * clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes). * clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes). * clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes). * clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git- fixes). * clk: ti: change ti_clk_register_omap_hw API (git-fixes). * clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes). * clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware (git-fixes). * clocksource/drivers/timer-imx-gpt: Fix potential memory leak (git-fixes). * crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes). * crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes). * crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes). * dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git- fixes). * dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git- fixes). * dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes). * dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes). * drm/amd/display: Avoid NULL dereference of timing generator (git-fixes). * drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (git-fixes). * drm/amd/display: Refactor dm_get_plane_scale helper (git-fixes). * drm/amd/display: remove useless check in should_enable_fbc() (git-fixes). * drm/amd/display: use full update for clip size increase of large plane source (git-fixes). * drm/amd/pm: Handle non-terminated overdrive commands (git-fixes). * drm/amd: Disable ASPM for VI w/ all Intel systems (git-fixes). * drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git- fixes). * drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes). * drm/amd: Move helper for dynamic speed switch check out of smu13 (git- fixes). * drm/amd: Update `update_pcie_parameters` functions to use uint8_t arguments (git-fixes). * drm/amdgpu/vkms: fix a possible null pointer dereference (git-fixes). * drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (git-fixes). * drm/amdgpu: Fix potential null pointer derefernce (git-fixes). * drm/amdgpu: Remove unnecessary domain argument (git-fixes). * drm/amdgpu: Reserve fences for VM update (git-fixes). * drm/amdgpu: add drv_vram_usage_va for virt data exchange (bsc#1215802). * drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git- fixes). * drm/amdgpu: do not use ATRM for external devices (git-fixes). * drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes). * drm/amdgpu: fix software pci_unplug on some chips (git-fixes). * drm/amdgpu: not to save bo in the case of RAS err_event_athub (git-fixes). * drm/amdgpu: skip vram reserve on firmware_v2_2 for bare-metal (bsc#1215802). * drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git- fixes). * drm/amdkfd: Fix shift out-of-bounds issue (git-fixes). * drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes). * drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes). * drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes). * drm/bridge: lt8912b: Fix bridge_detach (git-fixes). * drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes). * drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git- fixes). * drm/bridge: lt8912b: Register and attach our DSI device at probe (git- fixes). * drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes). * drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git- fixes). * drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes). * drm/bridge: lt9611uxc: fix the race in the error path (git-fixes). * drm/bridge: lt9611uxc: fix the race in the error path (git-fixes). * drm/bridge: tc358768: Clean up clock period code (git-fixes). * drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes). * drm/bridge: tc358768: Fix bit updates (git-fixes). * drm/bridge: tc358768: Fix tc358768_ns_to_cnt() (git-fixes). * drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes). * drm/bridge: tc358768: Print logical values, not raw register values (git- fixes). * drm/bridge: tc358768: Rename dsibclk to hsbyteclk (git-fixes). * drm/bridge: tc358768: Use dev for dbg prints, not priv->dev (git-fixes). * drm/bridge: tc358768: Use struct videomode (git-fixes). * drm/bridge: tc358768: remove unused variable (git-fixes). * drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() (git- fixes). * drm/gma500: Fix call trace when psb_gem_mm_init() fails (git-fixes). * drm/gud: Use size_add() in call to struct_size() (git-fixes). * drm/i915: Fix potential spectre vulnerability (git-fixes). * drm/i915: Flush WC GGTT only on required platforms (git-fixes). * drm/komeda: drop all currently held locks if deadlock happens (git-fixes). * drm/mediatek: Fix iommu fault by swapping FBs after updating plane state (git-fixes). * drm/mediatek: Fix iommu fault during crtc enabling (git-fixes). * drm/mipi-dsi: Create devm device attachment (git-fixes). * drm/mipi-dsi: Create devm device registration (git-fixes). * drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes). * drm/msm/dsi: free TX buffer in unbind (git-fixes). * drm/msm/dsi: use msm_gem_kernel_put to free TX buffer (git-fixes). * drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git- fixes). * drm/panel: fix a possible null pointer dereference (git-fixes). * drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes). * drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes). * drm/panel: st7703: Pick different reset sequence (git-fixes). * drm/qxl: prevent memory leak (git-fixes). * drm/radeon: fix a possible null pointer dereference (git-fixes). * drm/radeon: possible buffer overflow (git-fixes). * drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git- fixes). * drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git- fixes). * drm/rockchip: vop: Fix call to crtc reset helper (git-fixes). * drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git- fixes). * drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git- fixes). * drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes). * drm/ttm: Reorder sys manager cleanup step (git-fixes). * drm/vc4: fix typo (git-fixes). * drm/vmwgfx: Remove the duplicate bo_free function (bsc#1216527) * drm/vmwgfx: Rename vmw_buffer_object to vmw_bo (bsc#1216527) * drm: bridge: it66121: Fix invalid connector dereference (git-fixes). * drm: mediatek: mtk_dsi: Fix NO_EOT_PACKET settings/handling (git-fixes). * drm: vmwgfx_surface.c: copy user-array safely (git-fixes). * dt-bindings: usb: hcd: add missing phy name to example (git-fixes). * dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes). * fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (git-fixes). * fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes). * fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes). * fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git- fixes). * fbdev: imsttfb: fix a resource leak in probe (git-fixes). * fbdev: imsttfb: fix double free in probe() (git-fixes). * fbdev: omapfb: Drop unused remove function (git-fixes). * fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() (git- fixes). * firewire: core: fix possible memory leak in create_units() (git-fixes). * gpio: mockup: fix kerneldoc (git-fixes). * gpio: mockup: remove unused field (git-fixes). * gpu: host1x: Correct allocated size for contexts (git-fixes). * hid: cp2112: Fix duplicate workqueue initialization (git-fixes). * hv: simplify sysctl registration (git-fixes). * hv_netvsc: Fix race of register_netdevice_notifier and VF register (git- fixes). * hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes). * hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes). * hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes). * hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git- fixes). * i2c: core: Run atomic i2c xfer when !preemptible (git-fixes). * i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (git-fixes). * i2c: dev: copy userspace array safely (git-fixes). * i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git- fixes). * i2c: iproc: handle invalid slave state (git-fixes). * i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes). * i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git- fixes). * i3c: master: cdns: Fix reading status register (git-fixes). * i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git- fixes). * i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git- fixes). * i3c: master: svc: fix check wrong status register in irq handler (git- fixes). * i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes). * i3c: master: svc: fix race condition in ibi work thread (git-fixes). * i3c: master: svc: fix wrong data return when IBI happen during start frame (git-fixes). * i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git- fixes). * i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes). * idpf: add RX splitq napi poll support (bsc#1215458). * idpf: add SRIOV support and other ndo_ops (bsc#1215458). * idpf: add TX splitq napi poll support (bsc#1215458). * idpf: add controlq init and reset checks (bsc#1215458). * idpf: add core init and interrupt request (bsc#1215458). * idpf: add create vport and netdev configuration (bsc#1215458). * idpf: add ethtool callbacks (bsc#1215458). * idpf: add module register and probe functionality (bsc#1215458). * idpf: add ptypes and MAC filter support (bsc#1215458). * idpf: add singleq start_xmit and napi poll (bsc#1215458). * idpf: add splitq start_xmit (bsc#1215458). * idpf: cancel mailbox work in error path (bsc#1215458). * idpf: configure resources for RX queues (bsc#1215458). * idpf: configure resources for TX queues (bsc#1215458). * idpf: fix potential use-after-free in idpf_tso() (bsc#1215458). * idpf: initialize interrupts and enable vport (bsc#1215458). * idpf: set scheduling mode for completion queue (bsc#1215458). * irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes). * leds: pwm: Do not disable the PWM when the LED should be off (git-fixes). * leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (git-fixes). * leds: turris-omnia: Do not use SMBUS calls (git-fixes). * lsm: fix default return value for inode_getsecctx (git-fixes). * lsm: fix default return value for vm_enough_memory (git-fixes). * media: bttv: fix use after free error due to btv->timeout timer (git-fixes). * media: ccs: Correctly initialise try compose rectangle (git-fixes). * media: ccs: Fix driver quirk struct documentation (git-fixes). * media: cedrus: Fix clock/reset sequence (git-fixes). * media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes). * media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes). * media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes). * media: imon: fix access to invalid resource for the second interface (git- fixes). * media: lirc: drop trailing space from scancode transmit (git-fixes). * media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes). * media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes). * media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes). * media: qcom: camss: Fix vfe_get() error jump (git-fixes). * media: sharp: fix sharp encoding (git-fixes). * media: siano: Drop unnecessary error check for debugfs_create_dir/file() (git-fixes). * media: venus: hfi: add checks to handle capabilities from firmware (git- fixes). * media: venus: hfi: add checks to perform sanity on queue pointers (git- fixes). * media: venus: hfi: fix the check to handle session buffer requirement (git- fixes). * media: venus: hfi_parser: Add check to keep the number of codecs within range (git-fixes). * media: vidtv: mux: Add check and kfree for kstrdup (git-fixes). * media: vidtv: psi: Add check for kstrdup (git-fixes). * media: vivid: avoid integer overflow (git-fixes). * mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git- fixes). * mfd: core: Ensure disabled devices are skipped without aborting (git-fixes). * mfd: dln2: Fix double put in dln2_probe (git-fixes). * misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git- fixes). * mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237, git-fixes). * mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes). * mmc: block: Do not lose cache flush during CQE error recovery (git-fixes). * mmc: block: Retry commands in CQE error recovery (git-fixes). * mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes). * mmc: cqhci: Increase recovery halt timeout (git-fixes). * mmc: cqhci: Warn of halt or task clear failure (git-fixes). * mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes). * mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git- fixes). * mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git- fixes). * mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes). * mmc: vub300: fix an error code (git-fixes). * modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes). * mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes). * mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes). * mtd: rawnand: arasan: Include ECC syndrome along with in-band data while checking for ECC failure (git-fixes). * net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759). * net: Avoid address overwrite in kernel_connect (bsc#1216861). * net: add macro netif_subqueue_completed_wake (bsc#1215458). * net: fix use-after-free in tw_timer_handler (bsc#1217195). * net: mana: Fix return type of mana_start_xmit() (git-fixes). * net: piggy back on the memory barrier in bql when waking queues (bsc#1215458). * net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458). * net: usb: ax88179_178a: fix failed operations during ax88179_reset (git- fixes). * nvme: update firmware version after commit (bsc#1215292). * pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes). * pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes). * pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes). * pinctrl: avoid reload of p state in list iteration (git-fixes). * platform/x86/intel-uncore-freq: Return error on write frequency (bsc#1217147). * platform/x86/intel-uncore-freq: Split common and enumeration part (bsc#1217147). * platform/x86/intel-uncore-freq: Support for cluster level controls (bsc#1217147). * platform/x86/intel-uncore-freq: Uncore frequency control via TPMI (bsc#1217147). * platform/x86/intel-uncore-freq: tpmi: Provide cluster level control (bsc#1217147). * platform/x86/intel/tpmi: ADD tpmi external interface for tpmi feature drivers (bsc#1217147). * platform/x86/intel/tpmi: Fix double free reported by Smatch (bsc#1217147). * platform/x86/intel/tpmi: Process CPU package mapping (bsc#1217147). * platform/x86/intel/uncore-freq: Display uncore current frequency (bsc#1217147). * platform/x86/intel/uncore-freq: Move to uncore-frequency folder (bsc#1217147). * platform/x86/intel/uncore-freq: Use sysfs API to create attributes (bsc#1217147). * platform/x86/intel/vsec: Add TPMI ID (bsc#1217147). * platform/x86/intel/vsec: Enhance and Export intel_vsec_add_aux() (bsc#1217147). * platform/x86/intel/vsec: Support private data (bsc#1217147). * platform/x86/intel/vsec: Use mutex for ida_alloc() and ida_free() (bsc#1217147). * platform/x86/intel: Intel TPMI enumeration driver (bsc#1217147). * platform/x86/intel: tpmi: Fix double free in tpmi_create_device() (bsc#1217147). * platform/x86: intel-uncore-freq: Add client processors (bsc#1217147). * platform/x86: intel-uncore-freq: Conditionally create attribute for read frequency (bsc#1217147). * platform/x86: intel-uncore-freq: Prevent driver loading in guests (bsc#1217147). * platform/x86: intel-uncore-freq: Use sysfs_emit() to instead of scnprintf() (bsc#1217147). * platform/x86: intel-uncore-freq: fix uncore_freq_common_init() error codes (bsc#1217147). * platform/x86: intel-uncore-frequency: Move to intel sub-directory (bsc#1217147). * platform/x86: intel-uncore-frequency: use default_groups in kobj_type (bsc#1217147). * platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git- fixes). * platform/x86: wmi: Fix opening of char device (git-fixes). * platform/x86: wmi: Fix probe failure when failing to register WMI devices (git-fixes). * platform/x86: wmi: remove unnecessary initializations (git-fixes). * powerpc/perf/hv-24x7: Update domain value check (bsc#1215931). * powerpc/vas: Limit open window failure messages in log bufffer (bsc#1216687 ltc#203927). * powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). * pwm: Fix double shift bug (git-fixes). * pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes). * pwm: sti: Reduce number of allocations and drop usage of chip_data (git- fixes). * r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes). * r8152: Check for unplug in rtl_phy_patch_request() (git-fixes). * regmap: Ensure range selector registers are updated after cache sync (git- fixes). * regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes). * regmap: prevent noinc writes from clobbering cache (git-fixes). * s390/ap: fix AP bus crash on early config change callback invocation (git- fixes bsc#1217687). * s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609). * s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086). * s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997 bsc#1217086). * s390/cmma: fix initial kernel address space page table walk (LTC#203997 bsc#1217086). * s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205). * s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124). * s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515). * s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217598). * s390/ipl: add missing IPL_TYPE_ECKD_DUMP case to ipl_init() (git-fixes bsc#1217511). * s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes). * s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203997 bsc#1217086). * s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203997 bsc#1217086). * s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200). * s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217599). * sbitmap: fix batched wait_cnt accounting (bsc#1217095 bsc#1217196). * sbitmap: fix up kABI for sbitmap_queue_wake_up() (bsc#1217095 bsc#1217196). * sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes). * scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731). * scsi: lpfc: Correct maximum PCI function value for RAS fw logging (bsc#1217731). * scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731). * scsi: lpfc: Enhance driver logging for selected discovery events (bsc#1217731). * scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731). * scsi: lpfc: Fix possible file string name overflow when updating firmware (bsc#1217731). * scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124). * scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731). * scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV ports (bsc#1217124). * scsi: lpfc: Remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124). * scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731). * scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci offline (bsc#1217124). * scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124). * scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731). * scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124). * scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes). * scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git- fixes). * selftests/efivarfs: create-read: fix a resource leak (git-fixes). * selftests/pidfd: Fix ksft print formats (git-fixes). * selftests/resctrl: Ensure the benchmark commands fits to its array (git- fixes). * selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git- fixes). * selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes). * seq_buf: fix a misleading comment (git-fixes). * serial: exar: Revert "serial: exar: Add support for Sealevel 7xxxC serial cards" (git-fixes). * serial: meson: Use platform_get_irq() to get the interrupt (git-fixes). * soc: qcom: llcc: Handle a second device without data corruption (git-fixes). * spi: nxp-fspi: use the correct ioremap function (git-fixes). * spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes). * spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes). * staging: media: ipu3: remove ftrace-like logging (git-fixes). * string.h: add array-wrappers for (v)memdup_user() (git-fixes). * supported.conf: marked idpf supported * thermal: core: prevent potential string overflow (git-fixes). * tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes). * tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes). * tty: 8250: Add support for Brainboxes UP cards (git-fixes). * tty: 8250: Add support for Intashield IS-100 (git-fixes). * tty: 8250: Add support for Intashield IX cards (git-fixes). * tty: 8250: Add support for additional Brainboxes PX cards (git-fixes). * tty: 8250: Add support for additional Brainboxes UC cards (git-fixes). * tty: 8250: Fix port count of PX-257 (git-fixes). * tty: 8250: Fix up PX-803/PX-857 (git-fixes). * tty: 8250: Remove UC-257 and UC-431 (git-fixes). * tty: Fix uninit-value access in ppp_sync_receive() (git-fixes). * tty: n_gsm: fix race condition in status line change on dead connections (git-fixes). * tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes). * tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes). * tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes). * usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes). * usb: chipidea: Fix DMA overwrite for Tegra (git-fixes). * usb: chipidea: Simplify Tegra DMA alignment code (git-fixes). * usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (git-fixes). * usb: dwc3: Fix default mode initialization (git-fixes). * usb: dwc3: set the dma max_seg_size (git-fixes). * usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes). * usb: raw-gadget: properly handle interrupted requests (git-fixes). * usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility (git-fixes). * usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git- fixes). * usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes). * virtchnl: add virtchnl version 2 ops (bsc#1215458). * wifi: ath10k: Do not touch the CE interrupt registers after power up (git- fixes). * wifi: ath10k: fix clang-specific fortify warning (git-fixes). * wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes). * wifi: ath11k: fix dfs radar event locking (git-fixes). * wifi: ath11k: fix gtk offload status event locking (git-fixes). * wifi: ath11k: fix htt pktlog locking (git-fixes). * wifi: ath11k: fix temperature event locking (git-fixes). * wifi: ath9k: fix clang-specific fortify warnings (git-fixes). * wifi: iwlwifi: Use FW rate for non-data frames (git-fixes). * wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git- fixes). * wifi: iwlwifi: empty overflow queue during flush (git-fixes). * wifi: iwlwifi: honor the enable_ini value (git-fixes). * wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes). * wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git- fixes). * wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes). * wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes). * wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes). * wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). * x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes). * x86/cpu: Clear SVM feature if disabled by BIOS (bsc#1214700). * x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes). * x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git- fixes). * x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes). * x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes). * x86/hyperv: Make hv_get_nmi_reason public (git-fixes). * x86/hyperv: fix a warning in mshyperv.h (git-fixes). * x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git- fixes). * x86/sev: Fix calculation of end address based on number of pages (git- fixes). * x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git- fixes). * x86: Move gds_ucode_mitigated() declaration to header (git-fixes). * xfs: add attr state machine tracepoints (git-fixes). * xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909). * xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909). * xfs: constify btree function parameters that are not modified (git-fixes). * xfs: convert AGF log flags to unsigned (git-fixes). * xfs: convert AGI log flags to unsigned (git-fixes). * xfs: convert attr type flags to unsigned (git-fixes). * xfs: convert bmap extent type flags to unsigned (git-fixes). * xfs: convert bmapi flags to unsigned (git-fixes). * xfs: convert btree buffer log flags to unsigned (git-fixes). * xfs: convert buffer flags to unsigned (git-fixes). * xfs: convert buffer log item flags to unsigned (git-fixes). * xfs: convert da btree operations flags to unsigned (git-fixes). * xfs: convert dquot flags to unsigned (git-fixes). * xfs: convert inode lock flags to unsigned (git-fixes). * xfs: convert log item tracepoint flags to unsigned (git-fixes). * xfs: convert log ticket and iclog flags to unsigned (git-fixes). * xfs: convert quota options flags to unsigned (git-fixes). * xfs: convert scrub type flags to unsigned (git-fixes). * xfs: disambiguate units for ftrace fields tagged "blkno", "block", or "bno" (git-fixes). * xfs: disambiguate units for ftrace fields tagged "count" (git-fixes). * xfs: disambiguate units for ftrace fields tagged "len" (git-fixes). * xfs: disambiguate units for ftrace fields tagged "offset" (git-fixes). * xfs: make the key parameters to all btree key comparison functions const (git-fixes). * xfs: make the key parameters to all btree query range functions const (git- fixes). * xfs: make the keys and records passed to btree inorder functions const (git- fixes). * xfs: make the pointer passed to btree set_root functions const (git-fixes). * xfs: make the start pointer passed to btree alloc_block functions const (git-fixes). * xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes). * xfs: mark the record passed into btree init_key functions as const (git- fixes). * xfs: mark the record passed into xchk_btree functions as const (git-fixes). * xfs: remove xfs_btree_cur_t typedef (git-fixes). * xfs: rename i_disk_size fields in ftrace output (git-fixes). * xfs: resolve fork names in trace output (git-fixes). * xfs: standardize AG block number formatting in ftrace output (git-fixes). * xfs: standardize AG number formatting in ftrace output (git-fixes). * xfs: standardize daddr formatting in ftrace output (git-fixes). * xfs: standardize inode generation formatting in ftrace output (git-fixes). * xfs: standardize inode number formatting in ftrace output (git-fixes). * xfs: standardize remaining xfs_buf length tracepoints (git-fixes). * xfs: standardize rmap owner number formatting in ftrace output (git-fixes). * xhci: Enable RPM on controllers that support low-power states (git-fixes). * xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4730=1 openSUSE-SLE-15.5-2023-4730=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4730=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4730=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4730=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4730=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4730=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-4730=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4730=1 ## Package List: * openSUSE Leap 15.5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.39.1 * openSUSE Leap 15.5 (noarch) * kernel-macros-5.14.21-150500.55.39.1 * kernel-source-vanilla-5.14.21-150500.55.39.1 * kernel-devel-5.14.21-150500.55.39.1 * kernel-source-5.14.21-150500.55.39.1 * kernel-docs-html-5.14.21-150500.55.39.1 * openSUSE Leap 15.5 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150500.55.39.1 * openSUSE Leap 15.5 (ppc64le x86_64) * kernel-debug-debugsource-5.14.21-150500.55.39.1 * kernel-debug-debuginfo-5.14.21-150500.55.39.1 * kernel-debug-livepatch-devel-5.14.21-150500.55.39.1 * kernel-debug-devel-5.14.21-150500.55.39.1 * kernel-debug-devel-debuginfo-5.14.21-150500.55.39.1 * openSUSE Leap 15.5 (x86_64) * kernel-default-vdso-5.14.21-150500.55.39.1 * kernel-debug-vdso-5.14.21-150500.55.39.1 * kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.39.1 * kernel-debug-vdso-debuginfo-5.14.21-150500.55.39.1 * kernel-kvmsmall-vdso-5.14.21-150500.55.39.1 * kernel-default-vdso-debuginfo-5.14.21-150500.55.39.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * kernel-default-base-rebuild-5.14.21-150500.55.39.1.150500.6.17.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.39.1 * kernel-default-base-5.14.21-150500.55.39.1.150500.6.17.1 * kernel-kvmsmall-devel-5.14.21-150500.55.39.1 * kernel-kvmsmall-debuginfo-5.14.21-150500.55.39.1 * kernel-kvmsmall-livepatch-devel-5.14.21-150500.55.39.1 * kernel-kvmsmall-debugsource-5.14.21-150500.55.39.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.14.21-150500.55.39.1 * kernel-obs-build-5.14.21-150500.55.39.1 * cluster-md-kmp-default-5.14.21-150500.55.39.1 * kernel-default-devel-5.14.21-150500.55.39.1 * kernel-default-extra-debuginfo-5.14.21-150500.55.39.1 * gfs2-kmp-default-5.14.21-150500.55.39.1 * ocfs2-kmp-default-5.14.21-150500.55.39.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.39.1 * kernel-default-livepatch-devel-5.14.21-150500.55.39.1 * kernel-default-extra-5.14.21-150500.55.39.1 * kernel-default-optional-debuginfo-5.14.21-150500.55.39.1 * dlm-kmp-default-debuginfo-5.14.21-150500.55.39.1 * kselftests-kmp-default-debuginfo-5.14.21-150500.55.39.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.39.1 * kernel-default-optional-5.14.21-150500.55.39.1 * kernel-default-debuginfo-5.14.21-150500.55.39.1 * kernel-default-livepatch-5.14.21-150500.55.39.1 * kernel-obs-build-debugsource-5.14.21-150500.55.39.1 * kselftests-kmp-default-5.14.21-150500.55.39.1 * kernel-obs-qa-5.14.21-150500.55.39.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.39.1 * kernel-syms-5.14.21-150500.55.39.1 * reiserfs-kmp-default-5.14.21-150500.55.39.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.39.1 * dlm-kmp-default-5.14.21-150500.55.39.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.39.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.39.1 * openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150500.55.39.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_39-default-1-150500.11.3.1 * kernel-livepatch-SLE15-SP5_Update_8-debugsource-1-150500.11.3.1 * kernel-livepatch-5_14_21-150500_55_39-default-debuginfo-1-150500.11.3.1 * openSUSE Leap 15.5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.39.1 * openSUSE Leap 15.5 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150500.55.39.1 * kernel-zfcpdump-debuginfo-5.14.21-150500.55.39.1 * openSUSE Leap 15.5 (nosrc) * dtb-aarch64-5.14.21-150500.55.39.1 * openSUSE Leap 15.5 (aarch64) * dtb-apple-5.14.21-150500.55.39.1 * dtb-nvidia-5.14.21-150500.55.39.1 * dtb-freescale-5.14.21-150500.55.39.1 * kernel-64kb-livepatch-devel-5.14.21-150500.55.39.1 * dtb-marvell-5.14.21-150500.55.39.1 * dtb-altera-5.14.21-150500.55.39.1 * dtb-hisilicon-5.14.21-150500.55.39.1 * dtb-rockchip-5.14.21-150500.55.39.1 * dlm-kmp-64kb-5.14.21-150500.55.39.1 * dtb-sprd-5.14.21-150500.55.39.1 * dtb-apm-5.14.21-150500.55.39.1 * dlm-kmp-64kb-debuginfo-5.14.21-150500.55.39.1 * kernel-64kb-debugsource-5.14.21-150500.55.39.1 * gfs2-kmp-64kb-5.14.21-150500.55.39.1 * dtb-socionext-5.14.21-150500.55.39.1 * ocfs2-kmp-64kb-5.14.21-150500.55.39.1 * dtb-renesas-5.14.21-150500.55.39.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.39.1 * dtb-lg-5.14.21-150500.55.39.1 * kernel-64kb-extra-debuginfo-5.14.21-150500.55.39.1 * kernel-64kb-optional-debuginfo-5.14.21-150500.55.39.1 * kselftests-kmp-64kb-5.14.21-150500.55.39.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.39.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.39.1 * dtb-amlogic-5.14.21-150500.55.39.1 * dtb-amazon-5.14.21-150500.55.39.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.39.1 * cluster-md-kmp-64kb-5.14.21-150500.55.39.1 * kernel-64kb-extra-5.14.21-150500.55.39.1 * dtb-mediatek-5.14.21-150500.55.39.1 * dtb-allwinner-5.14.21-150500.55.39.1 * dtb-cavium-5.14.21-150500.55.39.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.39.1 * kernel-64kb-optional-5.14.21-150500.55.39.1 * dtb-arm-5.14.21-150500.55.39.1 * dtb-broadcom-5.14.21-150500.55.39.1 * dtb-qcom-5.14.21-150500.55.39.1 * reiserfs-kmp-64kb-5.14.21-150500.55.39.1 * dtb-exynos-5.14.21-150500.55.39.1 * kernel-64kb-devel-5.14.21-150500.55.39.1 * dtb-amd-5.14.21-150500.55.39.1 * dtb-xilinx-5.14.21-150500.55.39.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.39.1 * kernel-64kb-debuginfo-5.14.21-150500.55.39.1 * openSUSE Leap 15.5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.39.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150500.55.39.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64) * kernel-default-base-5.14.21-150500.55.39.1.150500.6.17.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150500.55.39.1 * kernel-default-debugsource-5.14.21-150500.55.39.1 * Basesystem Module 15-SP5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.39.1 * Basesystem Module 15-SP5 (aarch64) * kernel-64kb-debugsource-5.14.21-150500.55.39.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.39.1 * kernel-64kb-devel-5.14.21-150500.55.39.1 * kernel-64kb-debuginfo-5.14.21-150500.55.39.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.39.1 * Basesystem Module 15-SP5 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150500.55.39.1.150500.6.17.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-debuginfo-5.14.21-150500.55.39.1 * kernel-default-devel-5.14.21-150500.55.39.1 * kernel-default-debuginfo-5.14.21-150500.55.39.1 * kernel-default-debugsource-5.14.21-150500.55.39.1 * Basesystem Module 15-SP5 (noarch) * kernel-devel-5.14.21-150500.55.39.1 * kernel-macros-5.14.21-150500.55.39.1 * Basesystem Module 15-SP5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.39.1 * Basesystem Module 15-SP5 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150500.55.39.1 * kernel-zfcpdump-debuginfo-5.14.21-150500.55.39.1 * Development Tools Module 15-SP5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.39.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-syms-5.14.21-150500.55.39.1 * kernel-obs-build-debugsource-5.14.21-150500.55.39.1 * kernel-obs-build-5.14.21-150500.55.39.1 * Development Tools Module 15-SP5 (noarch) * kernel-source-5.14.21-150500.55.39.1 * Legacy Module 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.39.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.39.1 * kernel-default-debuginfo-5.14.21-150500.55.39.1 * reiserfs-kmp-default-5.14.21-150500.55.39.1 * kernel-default-debugsource-5.14.21-150500.55.39.1 * SUSE Linux Enterprise Live Patching 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.39.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-default-debuginfo-5.14.21-150500.55.39.1 * kernel-default-debugsource-5.14.21-150500.55.39.1 * kernel-default-livepatch-5.14.21-150500.55.39.1 * kernel-livepatch-5_14_21-150500_55_39-default-1-150500.11.3.1 * kernel-livepatch-SLE15-SP5_Update_8-debugsource-1-150500.11.3.1 * kernel-default-livepatch-devel-5.14.21-150500.55.39.1 * kernel-livepatch-5_14_21-150500_55_39-default-debuginfo-1-150500.11.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * dlm-kmp-default-debuginfo-5.14.21-150500.55.39.1 * kernel-default-debuginfo-5.14.21-150500.55.39.1 * kernel-default-debugsource-5.14.21-150500.55.39.1 * cluster-md-kmp-default-5.14.21-150500.55.39.1 * dlm-kmp-default-5.14.21-150500.55.39.1 * ocfs2-kmp-default-5.14.21-150500.55.39.1 * gfs2-kmp-default-5.14.21-150500.55.39.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.39.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.39.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.39.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.39.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.39.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * kernel-default-extra-5.14.21-150500.55.39.1 * kernel-default-debuginfo-5.14.21-150500.55.39.1 * kernel-default-debugsource-5.14.21-150500.55.39.1 * kernel-default-extra-debuginfo-5.14.21-150500.55.39.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2006.html * https://www.suse.com/security/cve/CVE-2023-25775.html * https://www.suse.com/security/cve/CVE-2023-39197.html * https://www.suse.com/security/cve/CVE-2023-39198.html * https://www.suse.com/security/cve/CVE-2023-4244.html * https://www.suse.com/security/cve/CVE-2023-45863.html * https://www.suse.com/security/cve/CVE-2023-45871.html * https://www.suse.com/security/cve/CVE-2023-46862.html * https://www.suse.com/security/cve/CVE-2023-5158.html * https://www.suse.com/security/cve/CVE-2023-5633.html * https://www.suse.com/security/cve/CVE-2023-5717.html * https://www.suse.com/security/cve/CVE-2023-6039.html * https://www.suse.com/security/cve/CVE-2023-6176.html * https://bugzilla.suse.com/show_bug.cgi?id=1084909 * https://bugzilla.suse.com/show_bug.cgi?id=1207948 * https://bugzilla.suse.com/show_bug.cgi?id=1210447 * https://bugzilla.suse.com/show_bug.cgi?id=1214286 * https://bugzilla.suse.com/show_bug.cgi?id=1214700 * https://bugzilla.suse.com/show_bug.cgi?id=1214840 * https://bugzilla.suse.com/show_bug.cgi?id=1214976 * https://bugzilla.suse.com/show_bug.cgi?id=1215123 * https://bugzilla.suse.com/show_bug.cgi?id=1215124 * https://bugzilla.suse.com/show_bug.cgi?id=1215292 * https://bugzilla.suse.com/show_bug.cgi?id=1215420 * https://bugzilla.suse.com/show_bug.cgi?id=1215458 * https://bugzilla.suse.com/show_bug.cgi?id=1215710 * https://bugzilla.suse.com/show_bug.cgi?id=1215802 * https://bugzilla.suse.com/show_bug.cgi?id=1215931 * https://bugzilla.suse.com/show_bug.cgi?id=1216058 * https://bugzilla.suse.com/show_bug.cgi?id=1216105 * https://bugzilla.suse.com/show_bug.cgi?id=1216259 * https://bugzilla.suse.com/show_bug.cgi?id=1216527 * https://bugzilla.suse.com/show_bug.cgi?id=1216584 * https://bugzilla.suse.com/show_bug.cgi?id=1216687 * https://bugzilla.suse.com/show_bug.cgi?id=1216693 * https://bugzilla.suse.com/show_bug.cgi?id=1216759 * https://bugzilla.suse.com/show_bug.cgi?id=1216788 * https://bugzilla.suse.com/show_bug.cgi?id=1216844 * https://bugzilla.suse.com/show_bug.cgi?id=1216861 * https://bugzilla.suse.com/show_bug.cgi?id=1216909 * https://bugzilla.suse.com/show_bug.cgi?id=1216959 * https://bugzilla.suse.com/show_bug.cgi?id=1216965 * https://bugzilla.suse.com/show_bug.cgi?id=1216976 * https://bugzilla.suse.com/show_bug.cgi?id=1217036 * https://bugzilla.suse.com/show_bug.cgi?id=1217068 * https://bugzilla.suse.com/show_bug.cgi?id=1217086 * https://bugzilla.suse.com/show_bug.cgi?id=1217095 * https://bugzilla.suse.com/show_bug.cgi?id=1217124 * https://bugzilla.suse.com/show_bug.cgi?id=1217140 * https://bugzilla.suse.com/show_bug.cgi?id=1217147 * https://bugzilla.suse.com/show_bug.cgi?id=1217195 * https://bugzilla.suse.com/show_bug.cgi?id=1217196 * https://bugzilla.suse.com/show_bug.cgi?id=1217200 * https://bugzilla.suse.com/show_bug.cgi?id=1217205 * https://bugzilla.suse.com/show_bug.cgi?id=1217332 * https://bugzilla.suse.com/show_bug.cgi?id=1217366 * https://bugzilla.suse.com/show_bug.cgi?id=1217511 * https://bugzilla.suse.com/show_bug.cgi?id=1217515 * https://bugzilla.suse.com/show_bug.cgi?id=1217598 * https://bugzilla.suse.com/show_bug.cgi?id=1217599 * https://bugzilla.suse.com/show_bug.cgi?id=1217609 * https://bugzilla.suse.com/show_bug.cgi?id=1217687 * https://bugzilla.suse.com/show_bug.cgi?id=1217731 * https://bugzilla.suse.com/show_bug.cgi?id=1217780 * https://jira.suse.com/browse/PED-3184 * https://jira.suse.com/browse/PED-5021 * https://jira.suse.com/browse/PED-7237 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:29 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:29 -0000 Subject: SUSE-RU-2023:4726-1: low: Recommended update for podman Message-ID: <170255708992.23207.952126963227020540@smelt2.prg2.suse.org> # Recommended update for podman Announcement ID: SUSE-RU-2023:4726-1 Rating: low References: * bsc#1210299 Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for podman fixes the following issues: * Build against latest stable Go version (bsc#1210299) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4726=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4726=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4726=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4726=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4726=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4726=1 openSUSE-SLE-15.4-2023-4726=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4726=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4726=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * podman-debuginfo-4.4.4-150400.4.19.1 * podman-4.4.4-150400.4.19.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * podman-cni-config-4.4.4-150400.4.19.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * podman-debuginfo-4.4.4-150400.4.19.1 * podman-4.4.4-150400.4.19.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * podman-cni-config-4.4.4-150400.4.19.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * podman-debuginfo-4.4.4-150400.4.19.1 * podman-4.4.4-150400.4.19.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * podman-cni-config-4.4.4-150400.4.19.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * podman-debuginfo-4.4.4-150400.4.19.1 * podman-4.4.4-150400.4.19.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * podman-cni-config-4.4.4-150400.4.19.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * podman-remote-4.4.4-150400.4.19.1 * podman-debuginfo-4.4.4-150400.4.19.1 * podman-remote-debuginfo-4.4.4-150400.4.19.1 * podman-4.4.4-150400.4.19.1 * Containers Module 15-SP4 (noarch) * podman-docker-4.4.4-150400.4.19.1 * podman-cni-config-4.4.4-150400.4.19.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * podman-remote-4.4.4-150400.4.19.1 * podman-debuginfo-4.4.4-150400.4.19.1 * podman-remote-debuginfo-4.4.4-150400.4.19.1 * podman-4.4.4-150400.4.19.1 * openSUSE Leap 15.4 (noarch) * podman-docker-4.4.4-150400.4.19.1 * podman-cni-config-4.4.4-150400.4.19.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * podman-debuginfo-4.4.4-150400.4.19.1 * podman-4.4.4-150400.4.19.1 * openSUSE Leap Micro 5.3 (noarch) * podman-cni-config-4.4.4-150400.4.19.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * podman-debuginfo-4.4.4-150400.4.19.1 * podman-4.4.4-150400.4.19.1 * openSUSE Leap Micro 5.4 (noarch) * podman-cni-config-4.4.4-150400.4.19.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210299 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:19 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:19 -0000 Subject: SUSE-SU-2023:4734-1: important: Security update for the Linux Kernel Message-ID: <170255707920.23207.15628138680861810661@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4734-1 Rating: important References: * bsc#1084909 * bsc#1207948 * bsc#1210447 * bsc#1214286 * bsc#1214700 * bsc#1214840 * bsc#1214976 * bsc#1215123 * bsc#1215124 * bsc#1215292 * bsc#1215420 * bsc#1215458 * bsc#1215710 * bsc#1215802 * bsc#1215931 * bsc#1216058 * bsc#1216105 * bsc#1216259 * bsc#1216527 * bsc#1216584 * bsc#1216687 * bsc#1216693 * bsc#1216759 * bsc#1216788 * bsc#1216844 * bsc#1216861 * bsc#1216909 * bsc#1216959 * bsc#1216965 * bsc#1216976 * bsc#1217036 * bsc#1217068 * bsc#1217086 * bsc#1217095 * bsc#1217124 * bsc#1217140 * bsc#1217147 * bsc#1217195 * bsc#1217196 * bsc#1217200 * bsc#1217205 * bsc#1217332 * bsc#1217366 * bsc#1217511 * bsc#1217515 * bsc#1217598 * bsc#1217599 * bsc#1217609 * bsc#1217687 * bsc#1217731 * bsc#1217780 * jsc#PED-3184 * jsc#PED-5021 * jsc#PED-7237 Cross-References: * CVE-2023-2006 * CVE-2023-25775 * CVE-2023-39197 * CVE-2023-39198 * CVE-2023-4244 * CVE-2023-45863 * CVE-2023-45871 * CVE-2023-46862 * CVE-2023-5158 * CVE-2023-5633 * CVE-2023-5717 * CVE-2023-6039 * CVE-2023-6176 CVSS scores: * CVE-2023-2006 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2006 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25775 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-25775 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4244 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4244 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-46862 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46862 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5158 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-5158 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-5633 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5633 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6039 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6039 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 13 vulnerabilities, contains three features and has 38 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447). * CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959). * CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). * CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). * CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). * CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). * CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). * CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693). * CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710). * CVE-2023-5633: Fixed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface (bsc#1216527). * CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). * CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068). * CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). The following non-security bugs were fixed: * acpi: fpdt: properly handle invalid fpdt subtables (git-fixes). * acpi: resource: do irq override on tongfang gmxxgxx (git-fixes). * acpi: resource: skip irq override on asus expertbook b1402cva (git-fixes). * acpi: sysfs: fix create_pnp_modalias() and create_of_modalias() (git-fixes). * alsa: hda/realtek - add dell alc295 to pin fall back table (git-fixes). * alsa: hda/realtek - alc287 realtek i2s speaker platform support (git-fixes). * alsa: hda/realtek - enable internal speaker of asus k6500zc (git-fixes). * alsa: hda/realtek: add quirk for asus ux7602zm (git-fixes). * alsa: hda/realtek: add quirks for asus 2024 zenbooks (git-fixes). * alsa: hda/realtek: add quirks for hp laptops (git-fixes). * alsa: hda/realtek: add support dual speaker for dell (git-fixes). * alsa: hda/realtek: enable mute led on hp 255 g10 (git-fixes). * alsa: hda/realtek: enable mute led on hp 255 g8 (git-fixes). * alsa: hda: asus um5302la: added quirks for cs35l41/10431a83 on i2c bus (git- fixes). * alsa: hda: cs35l41: fix unbalanced pm_runtime_get() (git-fixes). * alsa: hda: cs35l41: undo runtime pm changes at driver exit time (git-fixes). * alsa: hda: disable power-save on kontron singlepc (bsc#1217140). * alsa: hda: fix possible null-ptr-deref when assigning a stream (git-fixes). * alsa: hda: intel-dsp-config: fix jsl chromebook quirk detection (git-fixes). * alsa: info: fix potential deadlock at disconnection (git-fixes). * alsa: usb-audio: add quirk flag to enable native dsd for mcintosh devices (git-fixes). * arm/xen: fix xen_vcpu_info allocation alignment (git-fixes). * arm64: add cortex-a520 cpu part definition (git-fixes) * arm64: allow kprobes on el0 handlers (git-fixes) * arm64: armv8_deprecated move emulation functions (git-fixes) * arm64: armv8_deprecated: fix unused-function error (git-fixes) * arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes) * arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes) * arm64: armv8_deprecated: rework deprected instruction handling (git-fixes) * arm64: consistently pass esr_elx to die() (git-fixes) * arm64: die(): pass 'err' as long (git-fixes) * arm64: factor insn read out of call_undef_hook() (git-fixes) * arm64: factor out el1 ssbs emulation hook (git-fixes) * arm64: report el1 undefs better (git-fixes) * arm64: rework bti exception handling (git-fixes) * arm64: rework el0 mrs emulation (git-fixes) * arm64: rework fpac exception handling (git-fixes) * arm64: split el0/el1 undef handlers (git-fixes) * arm: 9321/1: memset: cast the constant byte to unsigned char (git-fixes). * asoc: ams-delta.c: use component after check (git-fixes). * asoc: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes). * asoc: cs35l41: undo runtime pm changes at driver exit time (git-fixes). * asoc: cs35l41: verify pm runtime resume errors in irq handler (git-fixes). * asoc: fsl: fix pm disable depth imbalance in fsl_easrc_probe (git-fixes). * asoc: fsl: mpc5200_dma.c: fix warning of function parameter or member not described (git-fixes). * asoc: hdmi-codec: register hpd callback on component probe (git-fixes). * asoc: intel: skylake: fix mem leak when parsing uuids fails (git-fixes). * asoc: rt5650: fix the wrong result of key button (git-fixes). * asoc: simple-card: fixup asoc_simple_probe() error handling (git-fixes). * asoc: sof: core: ensure sof_ops_free() is still called when probe never ran (git-fixes). * asoc: ti: omap-mcbsp: fix runtime pm underflow warnings (git-fixes). * ata: pata_isapnp: add missing error check for devm_ioport_map() (git-fixes). * atl1c: work around the dma rx overflow issue (git-fixes). * atm: iphase: do pci error checks on own line (git-fixes). * blk-mq: do not clear driver tags own mapping (bsc#1217366). * blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366). * bluetooth: add device 0bda:887b to device tables (git-fixes). * bluetooth: add device 13d3:3571 to device tables (git-fixes). * bluetooth: btusb: add 0bda:b85b for fn-link rtl8852be (git-fixes). * bluetooth: btusb: add date->evt_skb is null check (git-fixes). * bluetooth: btusb: add realtek rtl8852be support id 0x0cb8:0xc559 (git- fixes). * bluetooth: btusb: add rtw8852be device 13d3:3570 to device tables (git- fixes). * btrfs: always log symlinks in full mode (bsc#1214840). * can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes). * can: dev: can_restart(): do not crash kernel if carrier is ok (git-fixes). * can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes). * can: isotp: add local echo tx processing for consecutive frames (git-fixes). * can: isotp: fix race between isotp_sendsmg() and isotp_release() (git- fixes). * can: isotp: fix tx state handling for echo tx processing (git-fixes). * can: isotp: handle wait_event_interruptible() return values (git-fixes). * can: isotp: isotp_bind(): return -einval on incorrect can id formatting (git-fixes). * can: isotp: isotp_sendmsg(): fix tx state detection and wait behavior (git- fixes). * can: isotp: remove re-binding of bound socket (git-fixes). * can: isotp: sanitize can id checks in isotp_bind() (git-fixes). * can: isotp: set max pdu size to 64 kbyte (git-fixes). * can: isotp: split tx timer into transmission and timeout (git-fixes). * can: sja1000: fix comment (git-fixes). * clk: imx: imx8mq: correct error handling path (git-fixes). * clk: imx: imx8qxp: fix elcdif_pll clock (git-fixes). * clk: imx: select mxc_clk for clk_imx8qxp (git-fixes). * clk: keystone: pll: fix a couple null vs is_err() checks (git-fixes). * clk: mediatek: clk-mt2701: add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt6765: add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt6779: add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt6797: add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt7629-eth: add check for mtk_alloc_clk_data (git-fixes). * clk: mediatek: clk-mt7629: add check for mtk_alloc_clk_data (git-fixes). * clk: npcm7xx: fix incorrect kfree (git-fixes). * clk: qcom: clk-rcg2: fix clock rate overflow for high parent frequencies (git-fixes). * clk: qcom: config ipq_apss_6018 should depend on qcom_smem (git-fixes). * clk: qcom: gcc-sm8150: fix gcc_sdcc2_apps_clk_src (git-fixes). * clk: qcom: ipq6018: drop the clk_set_rate_parent flag from pll clocks (git- fixes). * clk: qcom: mmcc-msm8998: do not check halt bit on some branch clks (git- fixes). * clk: qcom: mmcc-msm8998: fix the smmu gdsc (git-fixes). * clk: sanitize possible_parent_show to handle return value of of_clk_get_parent_name (git-fixes). * clk: scmi: free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes). * clk: ti: add ti_dt_clk_name() helper to use clock-output-names (git-fixes). * clk: ti: change ti_clk_register_omap_hw api (git-fixes). * clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes). * clk: ti: update component clocks to use ti_dt_clk_name() (git-fixes). * clk: ti: update pll and clockdomain clocks to use ti_dt_clk_name() (git- fixes). * clocksource/drivers/timer-atmel-tcb: fix initialization on sam9 hardware (git-fixes). * clocksource/drivers/timer-imx-gpt: fix potential memory leak (git-fixes). * crypto: caam/jr - fix chacha20 + poly1305 self test failure (git-fixes). * crypto: caam/qi2 - fix chacha20 + poly1305 self test failure (git-fixes). * crypto: hisilicon/hpre - fix a erroneous check after snprintf() (git-fixes). * disable loongson drivers loongson is a mips architecture, it does not make sense to build loongson drivers on other architectures. * dmaengine: pxa_dma: remove an erroneous bug_on() in pxad_free_desc() (git- fixes). * dmaengine: ste_dma40: fix pm disable depth imbalance in d40_probe (git- fixes). * dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes). * dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes). * doc/readme.suse: adjust heading style (jsc#ped-5021) * underscore all headings as a preparation for markdown conversion. * use title-style capitalization for the document name and sentence-style capitalization for section headings, as recommended in the current suse documentation style guide. * doc/readme.suse: bring information about compiling up to date (jsc#ped-5021) * when building the kernel, do not mention to initially change the current directory to /usr/src/linux because later description discourages it and specifies to use 'make -c /usr/src/linux'. * avoid writing additional details in parentheses, incorporate them instead properly in the text. * fix the obsolete name of /etc/modprobe.d/unsupported-modules -> /etc/modprobe.d/10-unsupported-modules.conf. * drop a note that a newly built kernel should be added to the boot manager because that normally happens automatically when running 'make install'. * update a link to the kernel module packages manual. * when preparing a build for external modules, mention use of the upstream recommended 'make modules_prepare' instead of a pair of 'make prepare' \+ 'make scripts'. * fix some typos+grammar. * doc/readme.suse: bring the overview section up to date (jsc#ped-5021) * update information in the overview section that was no longer accurate. * improve wording and fix some typos+grammar. * doc/readme.suse: convert the document to markdown (jsc#ped-5021) * doc/readme.suse: minor content clean up (jsc#ped-5021) * mark the user's build directory as a variable, not a command: 'make -c $(your_build_dir)' -> 'make -c $your_build_dir'. * unify how to get the current directory: 'm=$(pwd)' -> 'm=$pwd'. * 'git' / 'git' -> 'git'. * doc/readme.suse: reflow text to 80-column width (jsc#ped-5021) * doc/readme.suse: update information about (un)supported modules (jsc#ped-5021) * update the list of taint flags. convert it to a table that matches the upstream documentation format and describe specifically flags that are related to module support status. * fix some typos and wording. * doc/readme.suse: update information about config files (jsc#ped-5021) * use version variables to describe a name of the /boot/config-... file instead of using specific example versions which get outdated quickly. * replace removed silentoldconfig with oldconfig. * mention that oldconfig can automatically pick a base config from "/boot/config-$(uname -r)". * avoid writing additional details in parentheses, incorporate them instead properly in the text. * doc/readme.suse: update information about custom patches (jsc#ped-5021) * replace mention of various patches.* directories with only patches.suse as the typical location for patches. * replace i386 with x86_64 in the example how to define a config addon. * fix some typos and wording. * doc/readme.suse: update information about dud (jsc#ped-5021) remove a dead link to description of device update disks found previously on novell.com. replace it with a short section summarizing what dud is and reference the mkdud + mksusecd tools and their documentation for more information. * doc/readme.suse: update information about module paths (jsc#ped-5021) * use version variables to describe names of the /lib/modules/$version-$release-$flavor/... directories instead of using specific example versions which get outdated quickly. * note: keep the /lib/modules/ prefix instead of using the new /usr/lib/modules/ location for now. the updated readme is expected to be incorporated to various branches that are not yet usrmerged. * doc/readme.suse: update the references list (jsc#ped-5021) * remove the reference to linux documentation project. it has been inactive for years and mostly contains old manuals that are not relevant for contemporary systems and hardware. * update the name and link to lwn.net. the original name "linux weekly news" has been deemphasized over time by its authors. * update the link to kernel newbies website. * update the reference to the linux kernel module programming guide. the document has not been updated for over a decade but it looks its content is still relevant for today. * point kernel module packages manual to the current version. * add a reference to suse soliddriver program. * doc/readme.suse: update title information (jsc#ped-5021) * drop the mention of kernel versions from the readme title. * remove information about the original authors of the document. rely as in case of other readmes on git metadata to get information about all contributions. * strip the table of contents. the document is short and easy to navigate just by scrolling through it. * docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458). * docs: net: reformat driver.rst from a list to sections (bsc#1215458). * docs: net: use c syntax highlight in driver.rst (bsc#1215458). * documentation: networking: correct possessive "its" (bsc#1215458). * drivers: hv: vmbus: remove unused extern declaration vmbus_ontimer() (git- fixes). * drm/amd/display: avoid null dereference of timing generator (git-fixes). * drm/amd/display: change the dmcub mailbox memory location from fb to inbox (git-fixes). * drm/amd/display: refactor dm_get_plane_scale helper (git-fixes). * drm/amd/display: remove useless check in should_enable_fbc() (git-fixes). * drm/amd/display: use full update for clip size increase of large plane source (git-fixes). * drm/amd/pm: handle non-terminated overdrive commands (git-fixes). * drm/amd: disable aspm for vi w/ all intel systems (git-fixes). * drm/amd: fix ubsan array-index-out-of-bounds for polaris and tonga (git- fixes). * drm/amd: fix ubsan array-index-out-of-bounds for smu7 (git-fixes). * drm/amd: move helper for dynamic speed switch check out of smu13 (git- fixes). * drm/amdgpu/vkms: fix a possible null pointer dereference (git-fixes). * drm/amdgpu: add drv_vram_usage_va for virt data exchange (bsc#1215802). * drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git- fixes). * drm/amdgpu: do not use atrm for external devices (git-fixes). * drm/amdgpu: fix a null pointer access when the smc_rreg pointer is null (git-fixes). * drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes). * drm/amdgpu: fix potential null pointer derefernce (git-fixes). * drm/amdgpu: fix software pci_unplug on some chips (git-fixes). * drm/amdgpu: not to save bo in the case of ras err_event_athub (git-fixes). * drm/amdgpu: remove unnecessary domain argument (git-fixes). * drm/amdgpu: reserve fences for vm update (git-fixes). * drm/amdgpu: skip vram reserve on firmware_v2_2 for bare-metal (bsc#1215802). * drm/amdkfd: fix a race condition of vram buffer unref in svm code (git- fixes). * drm/amdkfd: fix shift out-of-bounds issue (git-fixes). * drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes). * drm/bridge: fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes). * drm/bridge: lt8912b: add missing drm_bridge_attach call (git-fixes). * drm/bridge: lt8912b: fix bridge_detach (git-fixes). * drm/bridge: lt8912b: fix crash on bridge detach (git-fixes). * drm/bridge: lt8912b: manually disable hpd only if it was enabled (git- fixes). * drm/bridge: lt8912b: register and attach our dsi device at probe (git- fixes). * drm/bridge: lt8912b: switch to devm mipi-dsi helpers (git-fixes). * drm/bridge: lt9611uxc: fix the race in the error path (git-fixes). * drm/bridge: lt9611uxc: register and attach our dsi device at probe (git- fixes). * drm/bridge: lt9611uxc: switch to devm mipi-dsi helpers (git-fixes). * drm/bridge: tc358768: clean up clock period code (git-fixes). * drm/bridge: tc358768: disable non-continuous clock mode (git-fixes). * drm/bridge: tc358768: fix bit updates (git-fixes). * drm/bridge: tc358768: fix tc358768_ns_to_cnt() (git-fixes). * drm/bridge: tc358768: fix use of uninitialized variable (git-fixes). * drm/bridge: tc358768: print logical values, not raw register values (git- fixes). * drm/bridge: tc358768: remove unused variable (git-fixes). * drm/bridge: tc358768: rename dsibclk to hsbyteclk (git-fixes). * drm/bridge: tc358768: use dev for dbg prints, not priv->dev (git-fixes). * drm/bridge: tc358768: use struct videomode (git-fixes). * drm/dp_mst: fix null deref in get_mst_branch_device_by_guid_helper() (git- fixes). * drm/gma500: fix call trace when psb_gem_mm_init() fails (git-fixes). * drm/gud: use size_add() in call to struct_size() (git-fixes). * drm/i915/pmu: check if pmu is closed before stopping event (git-fixes). * drm/i915: fix potential spectre vulnerability (git-fixes). * drm/i915: flush wc ggtt only on required platforms (git-fixes). * drm/komeda: drop all currently held locks if deadlock happens (git-fixes). * drm/mediatek: fix iommu fault by swapping fbs after updating plane state (git-fixes). * drm/mediatek: fix iommu fault during crtc enabling (git-fixes). * drm/mipi-dsi: create devm device attachment (git-fixes). * drm/mipi-dsi: create devm device registration (git-fixes). * drm/msm/dp: skip validity check for dp cts edid checksum (git-fixes). * drm/msm/dsi: free tx buffer in unbind (git-fixes). * drm/msm/dsi: use msm_gem_kernel_put to free tx buffer (git-fixes). * drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git- fixes). * drm/panel: fix a possible null pointer dereference (git-fixes). * drm/panel: simple: fix innolux g101ice-l01 bus flags (git-fixes). * drm/panel: simple: fix innolux g101ice-l01 timings (git-fixes). * drm/panel: st7703: pick different reset sequence (git-fixes). * drm/qxl: prevent memory leak (git-fixes). * drm/radeon: fix a possible null pointer dereference (git-fixes). * drm/radeon: possible buffer overflow (git-fixes). * drm/rockchip: cdn-dp: fix some error handling paths in cdn_dp_probe() (git- fixes). * drm/rockchip: fix type promotion bug in rockchip_gem_iommu_map() (git- fixes). * drm/rockchip: vop: fix call to crtc reset helper (git-fixes). * drm/rockchip: vop: fix color for rgb888/bgr888 format on vop full (git- fixes). * drm/rockchip: vop: fix reset of state in duplicate state crtc funcs (git- fixes). * drm/syncobj: fix drm_syncobj_wait_flags_wait_available (git-fixes). * drm/ttm: reorder sys manager cleanup step (git-fixes). * drm/vc4: fix typo (git-fixes). * drm/vmwgfx: remove the duplicate bo_free function (bsc#1216527) * drm/vmwgfx: rename vmw_buffer_object to vmw_bo (bsc#1216527) * drm: bridge: it66121: fix invalid connector dereference (git-fixes). * drm: mediatek: mtk_dsi: fix no_eot_packet settings/handling (git-fixes). * drm: vmwgfx_surface.c: copy user-array safely (git-fixes). * dt-bindings: usb: hcd: add missing phy name to example (git-fixes). * dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes). * ensure ia32_emulation is always enabled for kernel-obs-build if ia32_emulation is disabled by default, ensure it is enabled back for obs kernel to allow building 32bit binaries (jsc#ped-3184) [ms: always pass the parameter, no need to grep through the config which may not be very reliable] * fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (git-fixes). * fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes). * fbdev: imsttfb: fix a resource leak in probe (git-fixes). * fbdev: imsttfb: fix double free in probe() (git-fixes). * fbdev: imsttfb: fix error path of imsttfb_probe() (git-fixes). * fbdev: imsttfb: release framebuffer and dealloc cmap on error path (git- fixes). * fbdev: omapfb: drop unused remove function (git-fixes). * fbdev: uvesafb: call cn_del_callback() at the end of uvesafb_exit() (git- fixes). * firewire: core: fix possible memory leak in create_units() (git-fixes). * firmware/imx-dsp: fix use_after_free in imx_dsp_setup_channels() (git- fixes). * fix termination state for idr_for_each_entry_ul() (git-fixes). * fix x86/mm: print the encryption features in hyperv is disabled * gpio: mockup: fix kerneldoc (git-fixes). * gpio: mockup: remove unused field (git-fixes). * gpu: host1x: correct allocated size for contexts (git-fixes). * hid: add quirk for dell pro wireless keyboard and mouse km5221w (git-fixes). * hid: cp2112: fix duplicate workqueue initialization (git-fixes). * hid: hyperv: avoid struct memcpy overrun warning (git-fixes). * hid: hyperv: remove unused struct synthhid_msg (git-fixes). * hid: hyperv: replace one-element array with flexible-array member (git- fixes). * hid: lenovo: detect quirk-free fw on cptkbd and stop applying workaround (git-fixes). * hid: logitech-hidpp: do not restart io, instead defer hid_connect() only (git-fixes). * hid: logitech-hidpp: move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes). * hid: logitech-hidpp: remove hidpp_quirk_no_hidinput quirk (git-fixes). * hid: logitech-hidpp: revert "do not restart communication if not necessary" (git-fixes). * hv: simplify sysctl registration (git-fixes). * hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes). * hv_netvsc: fix race of netvsc and vf register_netdevice (git-fixes). * hv_netvsc: fix race of register_netdevice_notifier and vf register (git- fixes). * hv_netvsc: mark vf as slave before exposing it to user-mode (git-fixes). * hwmon: (coretemp) fix potentially truncated sysfs attribute name (git- fixes). * i2c: aspeed: fix i2c bus hang in slave read (git-fixes). * i2c: core: run atomic i2c xfer when !preemptible (git-fixes). * i2c: designware: disable tx_empty irq while waiting for block length byte (git-fixes). * i2c: dev: copy userspace array safely (git-fixes). * i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git- fixes). * i2c: iproc: handle invalid slave state (git-fixes). * i2c: muxes: i2c-demux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes). * i2c: muxes: i2c-mux-gpmux: use of_get_i2c_adapter_by_node() (git-fixes). * i2c: muxes: i2c-mux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes). * i2c: stm32f7: fix pec handling in case of smbus transfers (git-fixes). * i2c: sun6i-p2wi: prevent potential division by zero (git-fixes). * i3c: fix potential refcount leak in i3c_master_register_new_i3c_devs (git- fixes). * i3c: master: cdns: fix reading status register (git-fixes). * i3c: master: mipi-i3c-hci: fix a kernel panic for accessing dat_data (git- fixes). * i3c: master: svc: fix check wrong status register in irq handler (git- fixes). * i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes). * i3c: master: svc: fix race condition in ibi work thread (git-fixes). * i3c: master: svc: fix sda keep low when polling ibiwon timeout happen (git- fixes). * i3c: master: svc: fix wrong data return when ibi happen during start frame (git-fixes). * i3c: mipi-i3c-hci: fix out of bounds access in hci_dma_irq_handler (git- fixes). * i915/perf: fix null deref bugs with drm_dbg() calls (git-fixes). * idpf: add controlq init and reset checks (bsc#1215458). * idpf: add core init and interrupt request (bsc#1215458). * idpf: add create vport and netdev configuration (bsc#1215458). * idpf: add ethtool callbacks (bsc#1215458). * idpf: add module register and probe functionality (bsc#1215458). * idpf: add ptypes and mac filter support (bsc#1215458). * idpf: add rx splitq napi poll support (bsc#1215458). * idpf: add singleq start_xmit and napi poll (bsc#1215458). * idpf: add splitq start_xmit (bsc#1215458). * idpf: add sriov support and other ndo_ops (bsc#1215458). * idpf: add tx splitq napi poll support (bsc#1215458). * idpf: cancel mailbox work in error path (bsc#1215458). * idpf: configure resources for rx queues (bsc#1215458). * idpf: configure resources for tx queues (bsc#1215458). * idpf: fix potential use-after-free in idpf_tso() (bsc#1215458). * idpf: initialize interrupts and enable vport (bsc#1215458). * idpf: set scheduling mode for completion queue (bsc#1215458). * iio: adc: xilinx-xadc: correct temperature offset/scale for ultrascale (git- fixes). * iio: adc: xilinx-xadc: do not clobber preset voltage/temperature thresholds (git-fixes). * iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes). * input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes). * input: synaptics-rmi4 - handle reset delay when using smbus trsnsport (git- fixes). * input: xpad - add vid for turtle beach controllers (git-fixes). * irqchip/stm32-exti: add missing dt irq flag translation (git-fixes). * kabi/severities: ignore kabi in rxrpc (bsc#1210447) the rxrpc module is built since sle15-sp3 but it is not shipped as part of any sle product, only in leap (in kernel-*-optional). * kernel-binary: suse-module-tools is also required when installed requires(pre) adds dependency for the specific sciptlet. however, suse- module-tools also ships modprobe.d files which may be needed at posttrans time or any time the kernel is on the system for generating ramdisk. add plain requires as well. * kernel-source: move provides after sources * leds: pwm: do not disable the pwm when the led should be off (git-fixes). * leds: trigger: ledtrig-cpu:: fix 'output may be truncated' issue for 'cpu' (git-fixes). * leds: turris-omnia: do not use smbus calls (git-fixes). * lsm: fix default return value for inode_getsecctx (git-fixes). * lsm: fix default return value for vm_enough_memory (git-fixes). * media: bttv: fix use after free error due to btv->timeout timer (git-fixes). * media: ccs: correctly initialise try compose rectangle (git-fixes). * media: ccs: fix driver quirk struct documentation (git-fixes). * media: cedrus: fix clock/reset sequence (git-fixes). * media: cobalt: use field_get() to extract link width (git-fixes). * media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes). * media: i2c: max9286: fix some redundant of_node_put() calls (git-fixes). * media: imon: fix access to invalid resource for the second interface (git- fixes). * media: lirc: drop trailing space from scancode transmit (git-fixes). * media: qcom: camss: fix missing vfe_lite clocks check (git-fixes). * media: qcom: camss: fix pm_domain_on sequence in probe (git-fixes). * media: qcom: camss: fix vfe-17x vfe_disable_output() (git-fixes). * media: qcom: camss: fix vfe_get() error jump (git-fixes). * media: sharp: fix sharp encoding (git-fixes). * media: siano: drop unnecessary error check for debugfs_create_dir/file() (git-fixes). * media: venus: hfi: add checks to handle capabilities from firmware (git- fixes). * media: venus: hfi: add checks to perform sanity on queue pointers (git- fixes). * media: venus: hfi: fix the check to handle session buffer requirement (git- fixes). * media: venus: hfi_parser: add check to keep the number of codecs within range (git-fixes). * media: vidtv: mux: add check and kfree for kstrdup (git-fixes). * media: vidtv: psi: add check for kstrdup (git-fixes). * media: vivid: avoid integer overflow (git-fixes). * mfd: arizona-spi: set pdata.hpdet_channel for acpi enumerated devs (git- fixes). * mfd: core: ensure disabled devices are skipped without aborting (git-fixes). * mfd: dln2: fix double put in dln2_probe (git-fixes). * misc: fastrpc: clean buffers on remote invocation failures (git-fixes). * misc: pci_endpoint_test: add device id for r-car s4-8 pcie controller (git- fixes). * mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#ped-7237, git-fixes). * mmc: block: be sure to wait while busy in cqe error recovery (git-fixes). * mmc: block: do not lose cache flush during cqe error recovery (git-fixes). * mmc: block: retry commands in cqe error recovery (git-fixes). * mmc: cqhci: fix task clearing in cqe error recovery (git-fixes). * mmc: cqhci: increase recovery halt timeout (git-fixes). * mmc: cqhci: warn of halt or task clear failure (git-fixes). * mmc: meson-gx: remove setting of cmd_cfg_error (git-fixes). * mmc: sdhci-pci-gli: a workaround to allow gl9750 to enter aspm l1.2 (git- fixes). * mmc: sdhci-pci-gli: gl9750: mask the replay timer timeout of aer (git- fixes). * mmc: sdhci_am654: fix start loop index for tap value parsing (git-fixes). * mmc: vub300: fix an error code (git-fixes). * modpost: fix tee module_device_table built on big-endian host (git-fixes). * mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes). * mtd: cfi_cmdset_0001: byte swap otp info (git-fixes). * mtd: rawnand: arasan: include ecc syndrome along with in-band data while checking for ecc failure (git-fixes). * net-memcg: fix scope of sockmem pressure indicators (bsc#1216759). * net: add macro netif_subqueue_completed_wake (bsc#1215458). * net: avoid address overwrite in kernel_connect (bsc#1216861). * net: fix use-after-free in tw_timer_handler (bsc#1217195). * net: ieee802154: adf7242: fix some potential buffer overflow in adf7242_stats_show() (git-fixes). * net: mana: fix return type of mana_start_xmit() (git-fixes). * net: piggy back on the memory barrier in bql when waking queues (bsc#1215458). * net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458). * net: usb: ax88179_178a: fix failed operations during ax88179_reset (git- fixes). * net: usb: smsc95xx: fix uninit-value access in smsc95xx_read_reg (git- fixes). * nfs: fix access to page->mapping (bsc#1216788). * nvme: update firmware version after commit (bsc#1215292). * pci/aspm: fix l1 substate handling in aspm_attr_store_common() (git-fixes). * pci/sysfs: protect driver's d3cold preference from user space (git-fixes). * pci: disable ats for specific intel ipu e2000 devices (bsc#1215458). * pci: extract ats disabling to a helper function (bsc#1215458). * pci: exynos: do not discard .remove() callback (git-fixes). * pci: keystone: do not discard .probe() callback (git-fixes). * pci: keystone: do not discard .remove() callback (git-fixes). * pci: prevent xhci driver from claiming amd vangogh usb3 drd device (git- fixes). * pci: tegra194: use field_get()/field_prep() with link width fields (git- fixes). * pci: use field_get() in sapphire rx 5600 xt pulse quirk (git-fixes). * pci: use field_get() to extract link width (git-fixes). * pci: vmd: correct pci header type register's multi-function check (git- fixes). * pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes). * pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes). * pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes). * pinctrl: avoid reload of p state in list iteration (git-fixes). * platform/x86/intel-uncore-freq: return error on write frequency (bsc#1217147). * platform/x86/intel-uncore-freq: split common and enumeration part (bsc#1217147). * platform/x86/intel-uncore-freq: support for cluster level controls (bsc#1217147). * platform/x86/intel-uncore-freq: tpmi: provide cluster level control (bsc#1217147). * platform/x86/intel-uncore-freq: uncore frequency control via tpmi (bsc#1217147). * platform/x86/intel/tpmi: add tpmi external interface for tpmi feature drivers (bsc#1217147). * platform/x86/intel/tpmi: fix double free reported by smatch (bsc#1217147). * platform/x86/intel/tpmi: process cpu package mapping (bsc#1217147). * platform/x86/intel/uncore-freq: display uncore current frequency (bsc#1217147). * platform/x86/intel/uncore-freq: move to uncore-frequency folder (bsc#1217147). * platform/x86/intel/uncore-freq: use sysfs api to create attributes (bsc#1217147). * platform/x86/intel/vsec: add tpmi id (bsc#1217147). * platform/x86/intel/vsec: enhance and export intel_vsec_add_aux() (bsc#1217147). * platform/x86/intel/vsec: support private data (bsc#1217147). * platform/x86/intel/vsec: use mutex for ida_alloc() and ida_free() (bsc#1217147). * platform/x86/intel: intel tpmi enumeration driver (bsc#1217147). * platform/x86/intel: tpmi: fix double free in tpmi_create_device() (bsc#1217147). * platform/x86: intel-uncore-freq: add client processors (bsc#1217147). * platform/x86: intel-uncore-freq: conditionally create attribute for read frequency (bsc#1217147). * platform/x86: intel-uncore-freq: fix uncore_freq_common_init() error codes (bsc#1217147). * platform/x86: intel-uncore-freq: prevent driver loading in guests (bsc#1217147). * platform/x86: intel-uncore-freq: use sysfs_emit() to instead of scnprintf() (bsc#1217147). * platform/x86: intel-uncore-frequency: move to intel sub-directory (bsc#1217147). * platform/x86: intel-uncore-frequency: use default_groups in kobj_type (bsc#1217147). * platform/x86: thinkpad_acpi: add battery quirk for thinkpad x120e (git- fixes). * platform/x86: wmi: fix opening of char device (git-fixes). * platform/x86: wmi: fix probe failure when failing to register wmi devices (git-fixes). * platform/x86: wmi: remove unnecessary initializations (git-fixes). * pm / devfreq: rockchip-dfi: make pmu regmap mandatory (git-fixes). * pm: hibernate: use __get_safe_page() rather than touching the list (git- fixes). * powerpc/perf/hv-24x7: update domain value check (bsc#1215931). * powerpc/vas: limit open window failure messages in log bufffer (bsc#1216687 ltc#203927). * powerpc: do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). * pwm: brcmstb: utilize appropriate clock apis in suspend/resume (git-fixes). * pwm: fix double shift bug (git-fixes). * pwm: sti: reduce number of allocations and drop usage of chip_data (git- fixes). * r8152: cancel hw_phy_work if we have an error in probe (git-fixes). * r8152: check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes). * r8152: check for unplug in rtl_phy_patch_request() (git-fixes). * r8152: increase usb control msg timeout to 5000ms as per spec (git-fixes). * r8152: release firmware if we have an error in probe (git-fixes). * r8152: run the unload routine if we have errors during probe (git-fixes). * regmap: debugfs: fix a erroneous check after snprintf() (git-fixes). * regmap: ensure range selector registers are updated after cache sync (git- fixes). * regmap: prevent noinc writes from clobbering cache (git-fixes). * revert "i2c: pxa: move to generic gpio recovery" (git-fixes). * revert "mmc: core: capture correct oemid-bits for emmc cards" (git-fixes). * revert "tracing: fix warning in trace_buffered_event_disable()" (bsc#1217036) * rpm/check-for-config-changes: add as_wruss to ignored_configs_re add as_wruss as an ignored_configs_re entry in check-for-config-changes to fix build on x86_32. there was a fix submitted to upstream but it was not accepted: https://lore.kernel.org/all/20231031140504.gczuejkmpxsredh3ma at fat_crate.local/ so carry this in ignored_configs_re instead. * rpm/check-for-config-changes: add have_shadow_call_stack to ignored_configs_re not supported by our compiler. * rpm/mkspec-dtb: add riscv64 dtb-allwinner subpackage * run scripts/renamepatches for sle15-sp4 * s390/ap: fix ap bus crash on early config change callback invocation (git- fixes bsc#1217687). * s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609). * s390/cmma: fix detection of dat pages (ltc#203997 bsc#1217086). * s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (ltc#203997 bsc#1217086). * s390/cmma: fix initial kernel address space page table walk (ltc#203997 bsc#1217086). * s390/crashdump: fix tod programmable field size (git-fixes bsc#1217205). * s390/dasd: fix hanging device after request requeue (git-fixes ltc#203629 bsc#1215124). * s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515). * s390/dasd: use correct number of retries for erp requests (git-fixes bsc#1217598). * s390/ipl: add missing ipl_type_eckd_dump case to ipl_init() (git-fixes bsc#1217511). * s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes). * s390/mm: add missing arch_set_page_dat() call to gmap allocations (ltc#203997 bsc#1217086). * s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (ltc#203997 bsc#1217086). * s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200). * s390/ptrace: fix ptrace_get_last_break error handling (git-fixes bsc#1217599). * sbitmap: fix batched wait_cnt accounting (bsc#1217095 bsc#1217196). * sbitmap: fix up kabi for sbitmap_queue_wake_up() (bsc#1217095 bsc#1217196). * sbsa_gwdt: calculate timeout with 64-bit math (git-fixes). * scsi: lpfc: copyright updates for 14.2.0.16 patches (bsc#1217731). * scsi: lpfc: correct maximum pci function value for ras fw logging (bsc#1217731). * scsi: lpfc: eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731). * scsi: lpfc: enhance driver logging for selected discovery events (bsc#1217731). * scsi: lpfc: fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731). * scsi: lpfc: fix possible file string name overflow when updating firmware (bsc#1217731). * scsi: lpfc: introduce log_node_verbose messaging flag (bsc#1217124). * scsi: lpfc: refactor and clean up mailbox command memory free (bsc#1217731). * scsi: lpfc: reject received prlis with only initiator fcn role for npiv ports (bsc#1217124). * scsi: lpfc: remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124). * scsi: lpfc: return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731). * scsi: lpfc: treat ioerr_sli_down i/o completion status the same as pci offline (bsc#1217124). * scsi: lpfc: update lpfc version to 14.2.0.15 (bsc#1217124). * scsi: lpfc: update lpfc version to 14.2.0.16 (bsc#1217731). * scsi: lpfc: validate els ls_acc completion payload (bsc#1217124). * scsi: qla2xxx: fix double free of dsd_list during driver load (git-fixes). * scsi: qla2xxx: use field_get() to extract pcie capability fields (git- fixes). * selftests/efivarfs: create-read: fix a resource leak (git-fixes). * selftests/pidfd: fix ksft print formats (git-fixes). * selftests/resctrl: ensure the benchmark commands fits to its array (git- fixes). * selftests/resctrl: reduce failures due to outliers in mba/mbm tests (git- fixes). * selftests/resctrl: remove duplicate feature check from cmt test (git-fixes). * seq_buf: fix a misleading comment (git-fixes). * serial: exar: revert "serial: exar: add support for sealevel 7xxxc serial cards" (git-fixes). * serial: meson: use platform_get_irq() to get the interrupt (git-fixes). * soc: qcom: llcc: handle a second device without data corruption (git-fixes). * spi: nxp-fspi: use the correct ioremap function (git-fixes). * spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes). * spi: tegra: fix missing irq check in tegra_slink_probe() (git-fixes). * staging: media: ipu3: remove ftrace-like logging (git-fixes). * string.h: add array-wrappers for (v)memdup_user() (git-fixes). * supported.conf: marked idpf supported * thermal: core: prevent potential string overflow (git-fixes). * treewide: spelling fix in comment (git-fixes). * tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes). * tty: 8250: add brainboxes oxford semiconductor-based quirks (git-fixes). * tty: 8250: add support for additional brainboxes px cards (git-fixes). * tty: 8250: add support for additional brainboxes uc cards (git-fixes). * tty: 8250: add support for brainboxes up cards (git-fixes). * tty: 8250: add support for intashield is-100 (git-fixes). * tty: 8250: add support for intashield ix cards (git-fixes). * tty: 8250: fix port count of px-257 (git-fixes). * tty: 8250: fix up px-803/px-857 (git-fixes). * tty: 8250: remove uc-257 and uc-431 (git-fixes). * tty: fix uninit-value access in ppp_sync_receive() (git-fixes). * tty: n_gsm: fix race condition in status line change on dead connections (git-fixes). * tty: serial: meson: fix hard lockup on crtscts mode (git-fixes). * tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes). * tty: vcc: add check for kstrdup() in vcc_probe() (git-fixes). * update metadata patches.suse/s390-ipl-add-missing-secure-has_secure-file-to- ipl-type-unknown (bsc#1214976 git-fixes). * usb: cdnsp: fix deadlock issue during using ncm gadget (git-fixes). * usb: chipidea: fix dma overwrite for tegra (git-fixes). * usb: chipidea: simplify tegra dma alignment code (git-fixes). * usb: dwc2: fix possible null pointer dereference caused by driver concurrency (git-fixes). * usb: dwc2: write hcint with intmask applied (bsc#1214286). * usb: dwc3: fix default mode initialization (git-fixes). * usb: dwc3: qcom: fix acpi platform device leak (git-fixes). * usb: dwc3: qcom: fix resource leaks on probe deferral (git-fixes). * usb: dwc3: qcom: fix software node leak on probe errors (git-fixes). * usb: dwc3: qcom: fix wakeup after probe deferral (git-fixes). * usb: dwc3: set the dma max_seg_size (git-fixes). * usb: gadget: f_ncm: always set current gadget in ncm_bind() (git-fixes). * usb: raw-gadget: properly handle interrupted requests (git-fixes). * usb: serial: option: add fibocom l7xx modules (git-fixes). * usb: serial: option: do not claim interface 4 for zte mf290 (git-fixes). * usb: serial: option: fix fm101r-gl defines (git-fixes). * usb: storage: set 1.50 as the lower bcddevice for older "super top" compatibility (git-fixes). * usb: typec: tcpm: fix null pointer dereference in tcpm_pd_svdm() (git- fixes). * usb: typec: tcpm: skip hard reset when in error recovery (git-fixes). * usb: usbip: fix stub_dev hub disconnect (git-fixes). * virtchnl: add virtchnl version 2 ops (bsc#1215458). * wifi: ath10k: do not touch the ce interrupt registers after power up (git- fixes). * wifi: ath10k: fix clang-specific fortify warning (git-fixes). * wifi: ath11k: debugfs: fix to work with multiple pci devices (git-fixes). * wifi: ath11k: fix dfs radar event locking (git-fixes). * wifi: ath11k: fix gtk offload status event locking (git-fixes). * wifi: ath11k: fix htt pktlog locking (git-fixes). * wifi: ath11k: fix temperature event locking (git-fixes). * wifi: ath9k: fix clang-specific fortify warnings (git-fixes). * wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git- fixes). * wifi: iwlwifi: empty overflow queue during flush (git-fixes). * wifi: iwlwifi: honor the enable_ini value (git-fixes). * wifi: iwlwifi: pcie: synchronize irqs before napi (git-fixes). * wifi: iwlwifi: use fw rate for non-data frames (git-fixes). * wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git- fixes). * wifi: mac80211: fix # of msdu in a-msdu calculation (git-fixes). * wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes). * wifi: rtlwifi: fix edca limit set by bt coexistence (git-fixes). * wifi: rtw88: debug: fix the null vs is_err() bug for debugfs_create_file() (git-fixes). * x86/alternative: add a __alt_reloc_selftest() prototype (git-fixes). * x86/cpu: clear svm feature if disabled by bios (bsc#1214700). * x86/cpu: fix amd erratum #1485 on zen4-based cpus (git-fixes). * x86/fpu: set x86_feature_osxsave feature after enabling osxsave in cr4 (git- fixes). * x86/hyperv: add hv_expose_invariant_tsc define (git-fixes). * x86/hyperv: fix a warning in mshyperv.h (git-fixes). * x86/hyperv: improve code for referencing hyperv_pcpu_input_arg (git-fixes). * x86/hyperv: make hv_get_nmi_reason public (git-fixes). * x86/sev: do not try to parse for the cc blob on non-amd hardware (git- fixes). * x86/sev: fix calculation of end address based on number of pages (git- fixes). * x86/sev: use the ghcb protocol when available for snp cpuid requests (git- fixes). * x86: move gds_ucode_mitigated() declaration to header (git-fixes). * xfs: add attr state machine tracepoints (git-fixes). * xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909). * xfs: constify btree function parameters that are not modified (git-fixes). * xfs: convert agf log flags to unsigned (git-fixes). * xfs: convert agi log flags to unsigned (git-fixes). * xfs: convert attr type flags to unsigned (git-fixes). * xfs: convert bmap extent type flags to unsigned (git-fixes). * xfs: convert bmapi flags to unsigned (git-fixes). * xfs: convert btree buffer log flags to unsigned (git-fixes). * xfs: convert buffer flags to unsigned (git-fixes). * xfs: convert buffer log item flags to unsigned (git-fixes). * xfs: convert da btree operations flags to unsigned (git-fixes). * xfs: convert dquot flags to unsigned (git-fixes). * xfs: convert inode lock flags to unsigned (git-fixes). * xfs: convert log item tracepoint flags to unsigned (git-fixes). * xfs: convert log ticket and iclog flags to unsigned (git-fixes). * xfs: convert quota options flags to unsigned (git-fixes). * xfs: convert scrub type flags to unsigned (git-fixes). * xfs: disambiguate units for ftrace fields tagged "blkno", "block", or "bno" (git-fixes). * xfs: disambiguate units for ftrace fields tagged "count" (git-fixes). * xfs: disambiguate units for ftrace fields tagged "len" (git-fixes). * xfs: disambiguate units for ftrace fields tagged "offset" (git-fixes). * xfs: make the key parameters to all btree key comparison functions const (git-fixes). * xfs: make the key parameters to all btree query range functions const (git- fixes). * xfs: make the keys and records passed to btree inorder functions const (git- fixes). * xfs: make the pointer passed to btree set_root functions const (git-fixes). * xfs: make the start pointer passed to btree alloc_block functions const (git-fixes). * xfs: mark the record passed into btree init_key functions as const (git- fixes). * xfs: mark the record passed into xchk_btree functions as const (git-fixes). * xfs: remove xfs_btree_cur_t typedef (git-fixes). * xfs: rename i_disk_size fields in ftrace output (git-fixes). * xfs: resolve fork names in trace output (git-fixes). * xfs: standardize ag block number formatting in ftrace output (git-fixes). * xfs: standardize ag number formatting in ftrace output (git-fixes). * xfs: standardize daddr formatting in ftrace output (git-fixes). * xfs: standardize inode generation formatting in ftrace output (git-fixes). * xfs: standardize inode number formatting in ftrace output (git-fixes). * xfs: standardize remaining xfs_buf length tracepoints (git-fixes). * xfs: standardize rmap owner number formatting in ftrace output (git-fixes). * xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes). * xhci: enable rpm on controllers that support low-power states (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4734=1 openSUSE-SLE-15.5-2023-4734=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4734=1 ## Package List: * openSUSE Leap 15.5 (aarch64 x86_64) * kernel-azure-debuginfo-5.14.21-150500.33.26.1 * reiserfs-kmp-azure-5.14.21-150500.33.26.1 * kernel-azure-extra-debuginfo-5.14.21-150500.33.26.1 * ocfs2-kmp-azure-5.14.21-150500.33.26.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.26.1 * gfs2-kmp-azure-5.14.21-150500.33.26.1 * kselftests-kmp-azure-5.14.21-150500.33.26.1 * kselftests-kmp-azure-debuginfo-5.14.21-150500.33.26.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150500.33.26.1 * cluster-md-kmp-azure-5.14.21-150500.33.26.1 * dlm-kmp-azure-debuginfo-5.14.21-150500.33.26.1 * kernel-azure-debugsource-5.14.21-150500.33.26.1 * kernel-azure-optional-5.14.21-150500.33.26.1 * gfs2-kmp-azure-debuginfo-5.14.21-150500.33.26.1 * dlm-kmp-azure-5.14.21-150500.33.26.1 * kernel-azure-devel-5.14.21-150500.33.26.1 * kernel-syms-azure-5.14.21-150500.33.26.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150500.33.26.1 * kernel-azure-livepatch-devel-5.14.21-150500.33.26.1 * kernel-azure-optional-debuginfo-5.14.21-150500.33.26.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150500.33.26.1 * kernel-azure-extra-5.14.21-150500.33.26.1 * openSUSE Leap 15.5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.26.1 * openSUSE Leap 15.5 (x86_64) * kernel-azure-vdso-debuginfo-5.14.21-150500.33.26.1 * kernel-azure-vdso-5.14.21-150500.33.26.1 * openSUSE Leap 15.5 (noarch) * kernel-devel-azure-5.14.21-150500.33.26.1 * kernel-source-azure-5.14.21-150500.33.26.1 * Public Cloud Module 15-SP5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.26.1 * Public Cloud Module 15-SP5 (aarch64 x86_64) * kernel-syms-azure-5.14.21-150500.33.26.1 * kernel-azure-debuginfo-5.14.21-150500.33.26.1 * kernel-azure-debugsource-5.14.21-150500.33.26.1 * kernel-azure-devel-5.14.21-150500.33.26.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.26.1 * Public Cloud Module 15-SP5 (noarch) * kernel-devel-azure-5.14.21-150500.33.26.1 * kernel-source-azure-5.14.21-150500.33.26.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2006.html * https://www.suse.com/security/cve/CVE-2023-25775.html * https://www.suse.com/security/cve/CVE-2023-39197.html * https://www.suse.com/security/cve/CVE-2023-39198.html * https://www.suse.com/security/cve/CVE-2023-4244.html * https://www.suse.com/security/cve/CVE-2023-45863.html * https://www.suse.com/security/cve/CVE-2023-45871.html * https://www.suse.com/security/cve/CVE-2023-46862.html * https://www.suse.com/security/cve/CVE-2023-5158.html * https://www.suse.com/security/cve/CVE-2023-5633.html * https://www.suse.com/security/cve/CVE-2023-5717.html * https://www.suse.com/security/cve/CVE-2023-6039.html * https://www.suse.com/security/cve/CVE-2023-6176.html * https://bugzilla.suse.com/show_bug.cgi?id=1084909 * https://bugzilla.suse.com/show_bug.cgi?id=1207948 * https://bugzilla.suse.com/show_bug.cgi?id=1210447 * https://bugzilla.suse.com/show_bug.cgi?id=1214286 * https://bugzilla.suse.com/show_bug.cgi?id=1214700 * https://bugzilla.suse.com/show_bug.cgi?id=1214840 * https://bugzilla.suse.com/show_bug.cgi?id=1214976 * https://bugzilla.suse.com/show_bug.cgi?id=1215123 * https://bugzilla.suse.com/show_bug.cgi?id=1215124 * https://bugzilla.suse.com/show_bug.cgi?id=1215292 * https://bugzilla.suse.com/show_bug.cgi?id=1215420 * https://bugzilla.suse.com/show_bug.cgi?id=1215458 * https://bugzilla.suse.com/show_bug.cgi?id=1215710 * https://bugzilla.suse.com/show_bug.cgi?id=1215802 * https://bugzilla.suse.com/show_bug.cgi?id=1215931 * https://bugzilla.suse.com/show_bug.cgi?id=1216058 * https://bugzilla.suse.com/show_bug.cgi?id=1216105 * https://bugzilla.suse.com/show_bug.cgi?id=1216259 * https://bugzilla.suse.com/show_bug.cgi?id=1216527 * https://bugzilla.suse.com/show_bug.cgi?id=1216584 * https://bugzilla.suse.com/show_bug.cgi?id=1216687 * https://bugzilla.suse.com/show_bug.cgi?id=1216693 * https://bugzilla.suse.com/show_bug.cgi?id=1216759 * https://bugzilla.suse.com/show_bug.cgi?id=1216788 * https://bugzilla.suse.com/show_bug.cgi?id=1216844 * https://bugzilla.suse.com/show_bug.cgi?id=1216861 * https://bugzilla.suse.com/show_bug.cgi?id=1216909 * https://bugzilla.suse.com/show_bug.cgi?id=1216959 * https://bugzilla.suse.com/show_bug.cgi?id=1216965 * https://bugzilla.suse.com/show_bug.cgi?id=1216976 * https://bugzilla.suse.com/show_bug.cgi?id=1217036 * https://bugzilla.suse.com/show_bug.cgi?id=1217068 * https://bugzilla.suse.com/show_bug.cgi?id=1217086 * https://bugzilla.suse.com/show_bug.cgi?id=1217095 * https://bugzilla.suse.com/show_bug.cgi?id=1217124 * https://bugzilla.suse.com/show_bug.cgi?id=1217140 * https://bugzilla.suse.com/show_bug.cgi?id=1217147 * https://bugzilla.suse.com/show_bug.cgi?id=1217195 * https://bugzilla.suse.com/show_bug.cgi?id=1217196 * https://bugzilla.suse.com/show_bug.cgi?id=1217200 * https://bugzilla.suse.com/show_bug.cgi?id=1217205 * https://bugzilla.suse.com/show_bug.cgi?id=1217332 * https://bugzilla.suse.com/show_bug.cgi?id=1217366 * https://bugzilla.suse.com/show_bug.cgi?id=1217511 * https://bugzilla.suse.com/show_bug.cgi?id=1217515 * https://bugzilla.suse.com/show_bug.cgi?id=1217598 * https://bugzilla.suse.com/show_bug.cgi?id=1217599 * https://bugzilla.suse.com/show_bug.cgi?id=1217609 * https://bugzilla.suse.com/show_bug.cgi?id=1217687 * https://bugzilla.suse.com/show_bug.cgi?id=1217731 * https://bugzilla.suse.com/show_bug.cgi?id=1217780 * https://jira.suse.com/browse/PED-3184 * https://jira.suse.com/browse/PED-5021 * https://jira.suse.com/browse/PED-7237 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:26 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:26 -0000 Subject: SUSE-RU-2023:4728-1: important: Initial shipment of package sles-ltss-release Message-ID: <170255708650.23207.8535097360921514013@smelt2.prg2.suse.org> # Initial shipment of package sles-ltss-release Announcement ID: SUSE-RU-2023:4728-1 Rating: important References: * jsc#MSC-698 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 An update that contains one feature can now be installed. ## Description: This patch ships the sles-ltss-release package to SUSE Linux Enterprise Server 15 SP4 customers ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4728=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2023-4728=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * sles-ltss-release-15.4-150400.13.5.3 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * sles-ltss-release-15.4-150400.13.5.3 ## References: * https://jira.suse.com/browse/MSC-698 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:22 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:22 -0000 Subject: SUSE-SU-2023:4733-1: important: Security update for the Linux Kernel Message-ID: <170255708234.23207.16191435567346437223@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4733-1 Rating: important References: * bsc#1084909 * bsc#1210780 * bsc#1214037 * bsc#1214344 * bsc#1214764 * bsc#1215371 * bsc#1216058 * bsc#1216259 * bsc#1216584 * bsc#1216965 * bsc#1216976 * bsc#1217140 * bsc#1217332 * bsc#1217408 * bsc#1217780 * jsc#PED-3184 * jsc#PED-5021 Cross-References: * CVE-2023-31083 * CVE-2023-39197 * CVE-2023-39198 * CVE-2023-45863 * CVE-2023-45871 * CVE-2023-5717 * CVE-2023-6176 CVSS scores: * CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves seven vulnerabilities, contains two features and has eight security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). * CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). * CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). * CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). * CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). * CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). * CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). The following non-security bugs were fixed: * ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140). * Call flush_delayed_fput() from nfsd main-loop (bsc#1217408). * net: mana: Configure hwc timeout from hardware (bsc#1214037). * net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764). * powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4733=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4733=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4733=1 ## Package List: * SUSE Linux Enterprise Micro 5.1 (nosrc x86_64) * kernel-rt-5.3.18-150300.152.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.152.1 * kernel-rt-debugsource-5.3.18-150300.152.1 * SUSE Linux Enterprise Micro 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.152.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.152.1 * kernel-rt-debugsource-5.3.18-150300.152.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.152.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.152.1 * kernel-rt-debugsource-5.3.18-150300.152.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31083.html * https://www.suse.com/security/cve/CVE-2023-39197.html * https://www.suse.com/security/cve/CVE-2023-39198.html * https://www.suse.com/security/cve/CVE-2023-45863.html * https://www.suse.com/security/cve/CVE-2023-45871.html * https://www.suse.com/security/cve/CVE-2023-5717.html * https://www.suse.com/security/cve/CVE-2023-6176.html * https://bugzilla.suse.com/show_bug.cgi?id=1084909 * https://bugzilla.suse.com/show_bug.cgi?id=1210780 * https://bugzilla.suse.com/show_bug.cgi?id=1214037 * https://bugzilla.suse.com/show_bug.cgi?id=1214344 * https://bugzilla.suse.com/show_bug.cgi?id=1214764 * https://bugzilla.suse.com/show_bug.cgi?id=1215371 * https://bugzilla.suse.com/show_bug.cgi?id=1216058 * https://bugzilla.suse.com/show_bug.cgi?id=1216259 * https://bugzilla.suse.com/show_bug.cgi?id=1216584 * https://bugzilla.suse.com/show_bug.cgi?id=1216965 * https://bugzilla.suse.com/show_bug.cgi?id=1216976 * https://bugzilla.suse.com/show_bug.cgi?id=1217140 * https://bugzilla.suse.com/show_bug.cgi?id=1217332 * https://bugzilla.suse.com/show_bug.cgi?id=1217408 * https://bugzilla.suse.com/show_bug.cgi?id=1217780 * https://jira.suse.com/browse/PED-3184 * https://jira.suse.com/browse/PED-5021 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:27 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:27 -0000 Subject: SUSE-SU-2023:4727-1: important: Security update for catatonit, containerd, runc Message-ID: <170255708761.23207.2435115373865362065@smelt2.prg2.suse.org> # Security update for catatonit, containerd, runc Announcement ID: SUSE-SU-2023:4727-1 Rating: important References: * bsc#1200528 Cross-References: * CVE-2022-1996 CVSS scores: * CVE-2022-1996 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2022-1996 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2022-1996 ( NVD ): 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: * Containers Module 15-SP4 * Containers Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update of runc and containerd fixes the following issues: containerd: * Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528) catatonit: * Update to catatonit v0.2.0. * Change license to GPL-2.0-or-later. * Update to catatont v0.1.7 * This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). * Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). runc: * Update to runc v1.1.10. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.10 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4727=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4727=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4727=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4727=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4727=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4727=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4727=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4727=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4727=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4727=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4727=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4727=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4727=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4727=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4727=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4727=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4727=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4727=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4727=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4727=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4727=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4727=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4727=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4727=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4727=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * runc-1.1.10-150000.55.1 * containerd-devel-1.7.8-150000.103.1 * containerd-1.7.8-150000.103.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * runc-1.1.10-150000.55.1 * containerd-devel-1.7.8-150000.103.1 * containerd-1.7.8-150000.103.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * runc-1.1.10-150000.55.1 * containerd-devel-1.7.8-150000.103.1 * containerd-1.7.8-150000.103.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * runc-1.1.10-150000.55.1 * catatonit-0.2.0-150000.3.6.1 * catatonit-debugsource-0.2.0-150000.3.6.1 * containerd-1.7.8-150000.103.1 * catatonit-debuginfo-0.2.0-150000.3.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * runc-1.1.10-150000.55.1 * catatonit-0.2.0-150000.3.6.1 * catatonit-debugsource-0.2.0-150000.3.6.1 * containerd-1.7.8-150000.103.1 * catatonit-debuginfo-0.2.0-150000.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * runc-1.1.10-150000.55.1 * catatonit-0.2.0-150000.3.6.1 * catatonit-debugsource-0.2.0-150000.3.6.1 * containerd-1.7.8-150000.103.1 * catatonit-debuginfo-0.2.0-150000.3.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * runc-1.1.10-150000.55.1 * catatonit-0.2.0-150000.3.6.1 * catatonit-debugsource-0.2.0-150000.3.6.1 * containerd-1.7.8-150000.103.1 * catatonit-debuginfo-0.2.0-150000.3.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * runc-1.1.10-150000.55.1 * catatonit-0.2.0-150000.3.6.1 * catatonit-debugsource-0.2.0-150000.3.6.1 * containerd-1.7.8-150000.103.1 * catatonit-debuginfo-0.2.0-150000.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * runc-1.1.10-150000.55.1 * catatonit-0.2.0-150000.3.6.1 * catatonit-debugsource-0.2.0-150000.3.6.1 * containerd-1.7.8-150000.103.1 * catatonit-debuginfo-0.2.0-150000.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * SUSE CaaS Platform 4.0 (x86_64) * containerd-ctr-1.7.8-150000.103.1 * runc-debuginfo-1.1.10-150000.55.1 * runc-1.1.10-150000.55.1 * catatonit-0.2.0-150000.3.6.1 * catatonit-debugsource-0.2.0-150000.3.6.1 * containerd-1.7.8-150000.103.1 * catatonit-debuginfo-0.2.0-150000.3.6.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * runc-debuginfo-1.1.10-150000.55.1 * containerd-1.7.8-150000.103.1 * runc-1.1.10-150000.55.1 ## References: * https://www.suse.com/security/cve/CVE-2022-1996.html * https://bugzilla.suse.com/show_bug.cgi?id=1200528 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:35 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:35 -0000 Subject: SUSE-RU-2023:4716-1: moderate: Recommended update for git Message-ID: <170255709528.23207.8281407850354171480@smelt2.prg2.suse.org> # Recommended update for git Announcement ID: SUSE-RU-2023:4716-1 Rating: moderate References: * bsc#1216501 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for git fixes the following issues: * Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). * gitweb.cgi AppArmor profile * make the profile a named profile * add local/include to make custom additions easier ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4716=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4716=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4716=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4716=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4716=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4716=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4716=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4716=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4716=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4716=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4716=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4716=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4716=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * git-gui-2.35.3-150300.10.33.1 * git-svn-2.35.3-150300.10.33.1 * git-p4-2.35.3-150300.10.33.1 * gitk-2.35.3-150300.10.33.1 * git-email-2.35.3-150300.10.33.1 * git-2.35.3-150300.10.33.1 * git-core-2.35.3-150300.10.33.1 * git-daemon-debuginfo-2.35.3-150300.10.33.1 * git-web-2.35.3-150300.10.33.1 * git-core-debuginfo-2.35.3-150300.10.33.1 * git-credential-gnome-keyring-2.35.3-150300.10.33.1 * git-credential-gnome-keyring-debuginfo-2.35.3-150300.10.33.1 * git-credential-libsecret-2.35.3-150300.10.33.1 * git-debuginfo-2.35.3-150300.10.33.1 * git-daemon-2.35.3-150300.10.33.1 * git-debugsource-2.35.3-150300.10.33.1 * git-cvs-2.35.3-150300.10.33.1 * git-arch-2.35.3-150300.10.33.1 * git-credential-libsecret-debuginfo-2.35.3-150300.10.33.1 * perl-Git-2.35.3-150300.10.33.1 * openSUSE Leap 15.3 (noarch) * git-doc-2.35.3-150300.10.33.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * git-gui-2.35.3-150300.10.33.1 * git-svn-2.35.3-150300.10.33.1 * git-p4-2.35.3-150300.10.33.1 * gitk-2.35.3-150300.10.33.1 * git-email-2.35.3-150300.10.33.1 * git-2.35.3-150300.10.33.1 * git-core-2.35.3-150300.10.33.1 * git-daemon-debuginfo-2.35.3-150300.10.33.1 * git-web-2.35.3-150300.10.33.1 * git-core-debuginfo-2.35.3-150300.10.33.1 * git-credential-gnome-keyring-2.35.3-150300.10.33.1 * git-credential-gnome-keyring-debuginfo-2.35.3-150300.10.33.1 * git-credential-libsecret-2.35.3-150300.10.33.1 * git-debuginfo-2.35.3-150300.10.33.1 * git-daemon-2.35.3-150300.10.33.1 * git-debugsource-2.35.3-150300.10.33.1 * git-cvs-2.35.3-150300.10.33.1 * git-arch-2.35.3-150300.10.33.1 * git-credential-libsecret-debuginfo-2.35.3-150300.10.33.1 * perl-Git-2.35.3-150300.10.33.1 * openSUSE Leap 15.4 (noarch) * git-doc-2.35.3-150300.10.33.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * git-gui-2.35.3-150300.10.33.1 * git-svn-2.35.3-150300.10.33.1 * git-p4-2.35.3-150300.10.33.1 * gitk-2.35.3-150300.10.33.1 * git-email-2.35.3-150300.10.33.1 * git-2.35.3-150300.10.33.1 * git-core-2.35.3-150300.10.33.1 * git-daemon-debuginfo-2.35.3-150300.10.33.1 * git-web-2.35.3-150300.10.33.1 * git-core-debuginfo-2.35.3-150300.10.33.1 * git-credential-gnome-keyring-2.35.3-150300.10.33.1 * git-credential-gnome-keyring-debuginfo-2.35.3-150300.10.33.1 * git-credential-libsecret-2.35.3-150300.10.33.1 * git-debuginfo-2.35.3-150300.10.33.1 * git-daemon-2.35.3-150300.10.33.1 * git-debugsource-2.35.3-150300.10.33.1 * git-cvs-2.35.3-150300.10.33.1 * git-arch-2.35.3-150300.10.33.1 * git-credential-libsecret-debuginfo-2.35.3-150300.10.33.1 * perl-Git-2.35.3-150300.10.33.1 * openSUSE Leap 15.5 (noarch) * git-doc-2.35.3-150300.10.33.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * git-2.35.3-150300.10.33.1 * git-core-2.35.3-150300.10.33.1 * git-debuginfo-2.35.3-150300.10.33.1 * git-debugsource-2.35.3-150300.10.33.1 * git-core-debuginfo-2.35.3-150300.10.33.1 * perl-Git-2.35.3-150300.10.33.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * git-core-2.35.3-150300.10.33.1 * git-debuginfo-2.35.3-150300.10.33.1 * git-debugsource-2.35.3-150300.10.33.1 * git-core-debuginfo-2.35.3-150300.10.33.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * git-core-2.35.3-150300.10.33.1 * git-debuginfo-2.35.3-150300.10.33.1 * git-debugsource-2.35.3-150300.10.33.1 * git-core-debuginfo-2.35.3-150300.10.33.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * git-gui-2.35.3-150300.10.33.1 * gitk-2.35.3-150300.10.33.1 * git-web-2.35.3-150300.10.33.1 * git-2.35.3-150300.10.33.1 * git-daemon-debuginfo-2.35.3-150300.10.33.1 * git-debuginfo-2.35.3-150300.10.33.1 * git-debugsource-2.35.3-150300.10.33.1 * git-svn-2.35.3-150300.10.33.1 * git-daemon-2.35.3-150300.10.33.1 * git-email-2.35.3-150300.10.33.1 * git-cvs-2.35.3-150300.10.33.1 * git-arch-2.35.3-150300.10.33.1 * perl-Git-2.35.3-150300.10.33.1 * Development Tools Module 15-SP4 (noarch) * git-doc-2.35.3-150300.10.33.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * git-gui-2.35.3-150300.10.33.1 * gitk-2.35.3-150300.10.33.1 * git-web-2.35.3-150300.10.33.1 * git-2.35.3-150300.10.33.1 * git-daemon-debuginfo-2.35.3-150300.10.33.1 * git-debuginfo-2.35.3-150300.10.33.1 * git-debugsource-2.35.3-150300.10.33.1 * git-svn-2.35.3-150300.10.33.1 * git-daemon-2.35.3-150300.10.33.1 * git-email-2.35.3-150300.10.33.1 * git-cvs-2.35.3-150300.10.33.1 * git-arch-2.35.3-150300.10.33.1 * perl-Git-2.35.3-150300.10.33.1 * Development Tools Module 15-SP5 (noarch) * git-doc-2.35.3-150300.10.33.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * git-gui-2.35.3-150300.10.33.1 * git-svn-2.35.3-150300.10.33.1 * gitk-2.35.3-150300.10.33.1 * git-web-2.35.3-150300.10.33.1 * git-2.35.3-150300.10.33.1 * git-core-2.35.3-150300.10.33.1 * git-daemon-debuginfo-2.35.3-150300.10.33.1 * git-core-debuginfo-2.35.3-150300.10.33.1 * git-debuginfo-2.35.3-150300.10.33.1 * git-debugsource-2.35.3-150300.10.33.1 * git-daemon-2.35.3-150300.10.33.1 * git-email-2.35.3-150300.10.33.1 * git-cvs-2.35.3-150300.10.33.1 * git-arch-2.35.3-150300.10.33.1 * perl-Git-2.35.3-150300.10.33.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * git-doc-2.35.3-150300.10.33.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * git-gui-2.35.3-150300.10.33.1 * git-svn-2.35.3-150300.10.33.1 * gitk-2.35.3-150300.10.33.1 * git-web-2.35.3-150300.10.33.1 * git-2.35.3-150300.10.33.1 * git-core-2.35.3-150300.10.33.1 * git-daemon-debuginfo-2.35.3-150300.10.33.1 * git-core-debuginfo-2.35.3-150300.10.33.1 * git-debuginfo-2.35.3-150300.10.33.1 * git-debugsource-2.35.3-150300.10.33.1 * git-daemon-2.35.3-150300.10.33.1 * git-email-2.35.3-150300.10.33.1 * git-cvs-2.35.3-150300.10.33.1 * git-arch-2.35.3-150300.10.33.1 * perl-Git-2.35.3-150300.10.33.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * git-doc-2.35.3-150300.10.33.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * git-gui-2.35.3-150300.10.33.1 * git-svn-2.35.3-150300.10.33.1 * gitk-2.35.3-150300.10.33.1 * git-web-2.35.3-150300.10.33.1 * git-2.35.3-150300.10.33.1 * git-core-2.35.3-150300.10.33.1 * git-daemon-debuginfo-2.35.3-150300.10.33.1 * git-core-debuginfo-2.35.3-150300.10.33.1 * git-debuginfo-2.35.3-150300.10.33.1 * git-debugsource-2.35.3-150300.10.33.1 * git-daemon-2.35.3-150300.10.33.1 * git-email-2.35.3-150300.10.33.1 * git-cvs-2.35.3-150300.10.33.1 * git-arch-2.35.3-150300.10.33.1 * perl-Git-2.35.3-150300.10.33.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * git-doc-2.35.3-150300.10.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * git-gui-2.35.3-150300.10.33.1 * git-svn-2.35.3-150300.10.33.1 * gitk-2.35.3-150300.10.33.1 * git-web-2.35.3-150300.10.33.1 * git-2.35.3-150300.10.33.1 * git-core-2.35.3-150300.10.33.1 * git-daemon-debuginfo-2.35.3-150300.10.33.1 * git-core-debuginfo-2.35.3-150300.10.33.1 * git-debuginfo-2.35.3-150300.10.33.1 * git-debugsource-2.35.3-150300.10.33.1 * git-daemon-2.35.3-150300.10.33.1 * git-email-2.35.3-150300.10.33.1 * git-cvs-2.35.3-150300.10.33.1 * git-arch-2.35.3-150300.10.33.1 * perl-Git-2.35.3-150300.10.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * git-doc-2.35.3-150300.10.33.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * git-gui-2.35.3-150300.10.33.1 * git-svn-2.35.3-150300.10.33.1 * gitk-2.35.3-150300.10.33.1 * git-web-2.35.3-150300.10.33.1 * git-2.35.3-150300.10.33.1 * git-core-2.35.3-150300.10.33.1 * git-daemon-debuginfo-2.35.3-150300.10.33.1 * git-core-debuginfo-2.35.3-150300.10.33.1 * git-debuginfo-2.35.3-150300.10.33.1 * git-debugsource-2.35.3-150300.10.33.1 * git-daemon-2.35.3-150300.10.33.1 * git-email-2.35.3-150300.10.33.1 * git-cvs-2.35.3-150300.10.33.1 * git-arch-2.35.3-150300.10.33.1 * perl-Git-2.35.3-150300.10.33.1 * SUSE Enterprise Storage 7.1 (noarch) * git-doc-2.35.3-150300.10.33.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216501 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:33 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:33 -0000 Subject: SUSE-RU-2023:4720-1: moderate: Recommended update for installation-images Message-ID: <170255709322.23207.6137254824650706667@smelt2.prg2.suse.org> # Recommended update for installation-images Announcement ID: SUSE-RU-2023:4720-1 Rating: moderate References: * bsc#1214329 * bsc#1214688 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two fixes can now be installed. ## Description: This update for installation-images fixes the following issues: * cifs kernel modules have a new location (bsc#1214329) * Drop dependency on Leap-Micro-release-dvd for LeapMicro (bsc#1214688) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4720=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4720=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * install-initrd-SLES-16.58.8-150500.3.3.1 * skelcd-installer-SLES-16.58.8-150500.3.3.1 * installation-images-debuginfodeps-SLES-16.58.8-150500.3.3.1 * installation-images-SLES-16.58.8-150500.3.3.1 * skelcd-installer-net-SLES-16.58.8-150500.3.3.1 * openSUSE Leap 15.5 (noarch) * tftpboot-installation-SLE-15-SP5-aarch64-16.58.8-150500.3.3.1 * tftpboot-installation-SLE-15-SP5-ppc64le-16.58.8-150500.3.3.1 * tftpboot-installation-SLE-15-SP5-s390x-16.58.8-150500.3.3.1 * tftpboot-installation-SLE-15-SP5-x86_64-16.58.8-150500.3.3.1 * Basesystem Module 15-SP5 (noarch) * tftpboot-installation-SLE-15-SP5-aarch64-16.58.8-150500.3.3.1 * tftpboot-installation-SLE-15-SP5-ppc64le-16.58.8-150500.3.3.1 * tftpboot-installation-SLE-15-SP5-s390x-16.58.8-150500.3.3.1 * tftpboot-installation-SLE-15-SP5-x86_64-16.58.8-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214329 * https://bugzilla.suse.com/show_bug.cgi?id=1214688 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:37 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:37 -0000 Subject: SUSE-SU-2023:4714-1: important: Security update for openvswitch Message-ID: <170255709760.23207.4794074281739175865@smelt2.prg2.suse.org> # Security update for openvswitch Announcement ID: SUSE-SU-2023:4714-1 Rating: important References: * bsc#1216002 Cross-References: * CVE-2023-5366 CVSS scores: * CVE-2023-5366 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-5366 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2023-5366: Fixed missing masks on a final stage with ports trie (bsc#1216002). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4714=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4714=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4714=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4714=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4714=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4714=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * openvswitch-ipsec-2.14.2-150300.19.14.1 * ovn-host-20.06.2-150300.19.14.1 * openvswitch-debuginfo-2.14.2-150300.19.14.1 * libovn-20_06-0-20.06.2-150300.19.14.1 * ovn-vtep-debuginfo-20.06.2-150300.19.14.1 * libopenvswitch-2_14-0-2.14.2-150300.19.14.1 * ovn-20.06.2-150300.19.14.1 * ovn-central-debuginfo-20.06.2-150300.19.14.1 * openvswitch-devel-2.14.2-150300.19.14.1 * ovn-debuginfo-20.06.2-150300.19.14.1 * openvswitch-vtep-2.14.2-150300.19.14.1 * ovn-host-debuginfo-20.06.2-150300.19.14.1 * ovn-devel-20.06.2-150300.19.14.1 * ovn-vtep-20.06.2-150300.19.14.1 * openvswitch-pki-2.14.2-150300.19.14.1 * openvswitch-test-debuginfo-2.14.2-150300.19.14.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.14.1 * ovn-docker-20.06.2-150300.19.14.1 * openvswitch-2.14.2-150300.19.14.1 * ovn-central-20.06.2-150300.19.14.1 * openvswitch-debugsource-2.14.2-150300.19.14.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.14.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.14.1 * python3-ovs-2.14.2-150300.19.14.1 * openvswitch-test-2.14.2-150300.19.14.1 * openSUSE Leap 15.3 (noarch) * openvswitch-doc-2.14.2-150300.19.14.1 * ovn-doc-20.06.2-150300.19.14.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * openvswitch-ipsec-2.14.2-150300.19.14.1 * ovn-host-20.06.2-150300.19.14.1 * openvswitch-debuginfo-2.14.2-150300.19.14.1 * libovn-20_06-0-20.06.2-150300.19.14.1 * ovn-vtep-debuginfo-20.06.2-150300.19.14.1 * libopenvswitch-2_14-0-2.14.2-150300.19.14.1 * ovn-20.06.2-150300.19.14.1 * ovn-central-debuginfo-20.06.2-150300.19.14.1 * openvswitch-devel-2.14.2-150300.19.14.1 * ovn-debuginfo-20.06.2-150300.19.14.1 * openvswitch-vtep-2.14.2-150300.19.14.1 * ovn-host-debuginfo-20.06.2-150300.19.14.1 * ovn-devel-20.06.2-150300.19.14.1 * ovn-vtep-20.06.2-150300.19.14.1 * openvswitch-pki-2.14.2-150300.19.14.1 * openvswitch-test-debuginfo-2.14.2-150300.19.14.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.14.1 * ovn-docker-20.06.2-150300.19.14.1 * openvswitch-2.14.2-150300.19.14.1 * ovn-central-20.06.2-150300.19.14.1 * openvswitch-debugsource-2.14.2-150300.19.14.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.14.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.14.1 * python3-ovs-2.14.2-150300.19.14.1 * openvswitch-test-2.14.2-150300.19.14.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * openvswitch-ipsec-2.14.2-150300.19.14.1 * ovn-host-20.06.2-150300.19.14.1 * openvswitch-debuginfo-2.14.2-150300.19.14.1 * libovn-20_06-0-20.06.2-150300.19.14.1 * ovn-vtep-debuginfo-20.06.2-150300.19.14.1 * libopenvswitch-2_14-0-2.14.2-150300.19.14.1 * ovn-20.06.2-150300.19.14.1 * ovn-central-debuginfo-20.06.2-150300.19.14.1 * openvswitch-devel-2.14.2-150300.19.14.1 * ovn-debuginfo-20.06.2-150300.19.14.1 * openvswitch-vtep-2.14.2-150300.19.14.1 * ovn-host-debuginfo-20.06.2-150300.19.14.1 * ovn-devel-20.06.2-150300.19.14.1 * ovn-vtep-20.06.2-150300.19.14.1 * openvswitch-pki-2.14.2-150300.19.14.1 * openvswitch-test-debuginfo-2.14.2-150300.19.14.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.14.1 * ovn-docker-20.06.2-150300.19.14.1 * openvswitch-2.14.2-150300.19.14.1 * ovn-central-20.06.2-150300.19.14.1 * openvswitch-debugsource-2.14.2-150300.19.14.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.14.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.14.1 * python3-ovs-2.14.2-150300.19.14.1 * openvswitch-test-2.14.2-150300.19.14.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * openvswitch-ipsec-2.14.2-150300.19.14.1 * ovn-host-20.06.2-150300.19.14.1 * openvswitch-debuginfo-2.14.2-150300.19.14.1 * libovn-20_06-0-20.06.2-150300.19.14.1 * ovn-vtep-debuginfo-20.06.2-150300.19.14.1 * libopenvswitch-2_14-0-2.14.2-150300.19.14.1 * ovn-20.06.2-150300.19.14.1 * ovn-central-debuginfo-20.06.2-150300.19.14.1 * openvswitch-devel-2.14.2-150300.19.14.1 * ovn-debuginfo-20.06.2-150300.19.14.1 * openvswitch-vtep-2.14.2-150300.19.14.1 * ovn-host-debuginfo-20.06.2-150300.19.14.1 * ovn-devel-20.06.2-150300.19.14.1 * ovn-vtep-20.06.2-150300.19.14.1 * openvswitch-pki-2.14.2-150300.19.14.1 * openvswitch-test-debuginfo-2.14.2-150300.19.14.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.14.1 * ovn-docker-20.06.2-150300.19.14.1 * openvswitch-2.14.2-150300.19.14.1 * ovn-central-20.06.2-150300.19.14.1 * openvswitch-debugsource-2.14.2-150300.19.14.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.14.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.14.1 * python3-ovs-2.14.2-150300.19.14.1 * openvswitch-test-2.14.2-150300.19.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * openvswitch-ipsec-2.14.2-150300.19.14.1 * ovn-host-20.06.2-150300.19.14.1 * openvswitch-debuginfo-2.14.2-150300.19.14.1 * libovn-20_06-0-20.06.2-150300.19.14.1 * ovn-vtep-debuginfo-20.06.2-150300.19.14.1 * libopenvswitch-2_14-0-2.14.2-150300.19.14.1 * ovn-20.06.2-150300.19.14.1 * ovn-central-debuginfo-20.06.2-150300.19.14.1 * openvswitch-devel-2.14.2-150300.19.14.1 * ovn-debuginfo-20.06.2-150300.19.14.1 * openvswitch-vtep-2.14.2-150300.19.14.1 * ovn-host-debuginfo-20.06.2-150300.19.14.1 * ovn-devel-20.06.2-150300.19.14.1 * ovn-vtep-20.06.2-150300.19.14.1 * openvswitch-pki-2.14.2-150300.19.14.1 * openvswitch-test-debuginfo-2.14.2-150300.19.14.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.14.1 * ovn-docker-20.06.2-150300.19.14.1 * openvswitch-2.14.2-150300.19.14.1 * ovn-central-20.06.2-150300.19.14.1 * openvswitch-debugsource-2.14.2-150300.19.14.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.14.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.14.1 * python3-ovs-2.14.2-150300.19.14.1 * openvswitch-test-2.14.2-150300.19.14.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * openvswitch-ipsec-2.14.2-150300.19.14.1 * ovn-host-20.06.2-150300.19.14.1 * openvswitch-debuginfo-2.14.2-150300.19.14.1 * libovn-20_06-0-20.06.2-150300.19.14.1 * ovn-vtep-debuginfo-20.06.2-150300.19.14.1 * libopenvswitch-2_14-0-2.14.2-150300.19.14.1 * ovn-20.06.2-150300.19.14.1 * ovn-central-debuginfo-20.06.2-150300.19.14.1 * openvswitch-devel-2.14.2-150300.19.14.1 * ovn-debuginfo-20.06.2-150300.19.14.1 * openvswitch-vtep-2.14.2-150300.19.14.1 * ovn-host-debuginfo-20.06.2-150300.19.14.1 * ovn-devel-20.06.2-150300.19.14.1 * ovn-vtep-20.06.2-150300.19.14.1 * openvswitch-pki-2.14.2-150300.19.14.1 * openvswitch-test-debuginfo-2.14.2-150300.19.14.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.14.1 * ovn-docker-20.06.2-150300.19.14.1 * openvswitch-2.14.2-150300.19.14.1 * ovn-central-20.06.2-150300.19.14.1 * openvswitch-debugsource-2.14.2-150300.19.14.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.14.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.14.1 * python3-ovs-2.14.2-150300.19.14.1 * openvswitch-test-2.14.2-150300.19.14.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5366.html * https://bugzilla.suse.com/show_bug.cgi?id=1216002 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:31 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:31 -0000 Subject: SUSE-RU-2023:4723-1: moderate: Recommended update for libtirpc Message-ID: <170255709125.23207.1309613435532029792@smelt2.prg2.suse.org> # Recommended update for libtirpc Announcement ID: SUSE-RU-2023:4723-1 Rating: moderate References: * bsc#1216862 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for libtirpc fixes the following issue: * fix sed parsing in specfile (bsc#1216862) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4723=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4723=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4723=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4723=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4723=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4723=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4723=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4723=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4723=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4723=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4723=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4723=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4723=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4723=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4723=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4723=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4723=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4723=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4723=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4723=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libtirpc3-debuginfo-1.3.4-150300.3.23.1 * libtirpc-debugsource-1.3.4-150300.3.23.1 * libtirpc-netconfig-1.3.4-150300.3.23.1 * libtirpc3-1.3.4-150300.3.23.1 * libtirpc-devel-1.3.4-150300.3.23.1 * openSUSE Leap 15.3 (x86_64) * libtirpc3-32bit-debuginfo-1.3.4-150300.3.23.1 * libtirpc3-32bit-1.3.4-150300.3.23.1 * openSUSE Leap 15.3 (aarch64_ilp32) * libtirpc3-64bit-debuginfo-1.3.4-150300.3.23.1 * libtirpc3-64bit-1.3.4-150300.3.23.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libtirpc-netconfig-1.3.4-150300.3.23.1 * libtirpc-debugsource-1.3.4-150300.3.23.1 * libtirpc3-debuginfo-1.3.4-150300.3.23.1 * libtirpc3-1.3.4-150300.3.23.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libtirpc-netconfig-1.3.4-150300.3.23.1 * libtirpc-debugsource-1.3.4-150300.3.23.1 * libtirpc3-debuginfo-1.3.4-150300.3.23.1 * libtirpc3-1.3.4-150300.3.23.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.23.1 * libtirpc-debugsource-1.3.4-150300.3.23.1 * libtirpc-netconfig-1.3.4-150300.3.23.1 * libtirpc3-1.3.4-150300.3.23.1 * libtirpc-devel-1.3.4-150300.3.23.1 * openSUSE Leap 15.4 (x86_64) * libtirpc3-32bit-debuginfo-1.3.4-150300.3.23.1 * libtirpc3-32bit-1.3.4-150300.3.23.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.23.1 * libtirpc-debugsource-1.3.4-150300.3.23.1 * libtirpc-netconfig-1.3.4-150300.3.23.1 * libtirpc3-1.3.4-150300.3.23.1 * libtirpc-devel-1.3.4-150300.3.23.1 * openSUSE Leap 15.5 (x86_64) * libtirpc3-32bit-debuginfo-1.3.4-150300.3.23.1 * libtirpc3-32bit-1.3.4-150300.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libtirpc-netconfig-1.3.4-150300.3.23.1 * libtirpc-debugsource-1.3.4-150300.3.23.1 * libtirpc3-debuginfo-1.3.4-150300.3.23.1 * libtirpc3-1.3.4-150300.3.23.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libtirpc-netconfig-1.3.4-150300.3.23.1 * libtirpc-debugsource-1.3.4-150300.3.23.1 * libtirpc3-debuginfo-1.3.4-150300.3.23.1 * libtirpc3-1.3.4-150300.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libtirpc-netconfig-1.3.4-150300.3.23.1 * libtirpc-debugsource-1.3.4-150300.3.23.1 * libtirpc3-debuginfo-1.3.4-150300.3.23.1 * libtirpc3-1.3.4-150300.3.23.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libtirpc-netconfig-1.3.4-150300.3.23.1 * libtirpc-debugsource-1.3.4-150300.3.23.1 * libtirpc3-debuginfo-1.3.4-150300.3.23.1 * libtirpc3-1.3.4-150300.3.23.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libtirpc-netconfig-1.3.4-150300.3.23.1 * libtirpc-debugsource-1.3.4-150300.3.23.1 * libtirpc3-debuginfo-1.3.4-150300.3.23.1 * libtirpc3-1.3.4-150300.3.23.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.23.1 * libtirpc-debugsource-1.3.4-150300.3.23.1 * libtirpc-netconfig-1.3.4-150300.3.23.1 * libtirpc3-1.3.4-150300.3.23.1 * libtirpc-devel-1.3.4-150300.3.23.1 * Basesystem Module 15-SP4 (x86_64) * libtirpc3-32bit-debuginfo-1.3.4-150300.3.23.1 * libtirpc3-32bit-1.3.4-150300.3.23.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.23.1 * libtirpc-debugsource-1.3.4-150300.3.23.1 * libtirpc-netconfig-1.3.4-150300.3.23.1 * libtirpc3-1.3.4-150300.3.23.1 * libtirpc-devel-1.3.4-150300.3.23.1 * Basesystem Module 15-SP5 (x86_64) * libtirpc3-32bit-debuginfo-1.3.4-150300.3.23.1 * libtirpc3-32bit-1.3.4-150300.3.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.23.1 * libtirpc-debugsource-1.3.4-150300.3.23.1 * libtirpc-netconfig-1.3.4-150300.3.23.1 * libtirpc3-1.3.4-150300.3.23.1 * libtirpc-devel-1.3.4-150300.3.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libtirpc3-32bit-debuginfo-1.3.4-150300.3.23.1 * libtirpc3-32bit-1.3.4-150300.3.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.23.1 * libtirpc-debugsource-1.3.4-150300.3.23.1 * libtirpc-netconfig-1.3.4-150300.3.23.1 * libtirpc3-1.3.4-150300.3.23.1 * libtirpc-devel-1.3.4-150300.3.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libtirpc3-32bit-debuginfo-1.3.4-150300.3.23.1 * libtirpc3-32bit-1.3.4-150300.3.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.23.1 * libtirpc-debugsource-1.3.4-150300.3.23.1 * libtirpc-netconfig-1.3.4-150300.3.23.1 * libtirpc3-1.3.4-150300.3.23.1 * libtirpc-devel-1.3.4-150300.3.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libtirpc3-32bit-debuginfo-1.3.4-150300.3.23.1 * libtirpc3-32bit-1.3.4-150300.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.23.1 * libtirpc-debugsource-1.3.4-150300.3.23.1 * libtirpc-netconfig-1.3.4-150300.3.23.1 * libtirpc3-1.3.4-150300.3.23.1 * libtirpc-devel-1.3.4-150300.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libtirpc3-32bit-debuginfo-1.3.4-150300.3.23.1 * libtirpc3-32bit-1.3.4-150300.3.23.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.23.1 * libtirpc-debugsource-1.3.4-150300.3.23.1 * libtirpc-netconfig-1.3.4-150300.3.23.1 * libtirpc3-1.3.4-150300.3.23.1 * libtirpc-devel-1.3.4-150300.3.23.1 * SUSE Enterprise Storage 7.1 (x86_64) * libtirpc3-32bit-debuginfo-1.3.4-150300.3.23.1 * libtirpc3-32bit-1.3.4-150300.3.23.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libtirpc-netconfig-1.3.4-150300.3.23.1 * libtirpc-debugsource-1.3.4-150300.3.23.1 * libtirpc3-debuginfo-1.3.4-150300.3.23.1 * libtirpc3-1.3.4-150300.3.23.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libtirpc-netconfig-1.3.4-150300.3.23.1 * libtirpc-debugsource-1.3.4-150300.3.23.1 * libtirpc3-debuginfo-1.3.4-150300.3.23.1 * libtirpc3-1.3.4-150300.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libtirpc-netconfig-1.3.4-150300.3.23.1 * libtirpc-debugsource-1.3.4-150300.3.23.1 * libtirpc3-debuginfo-1.3.4-150300.3.23.1 * libtirpc3-1.3.4-150300.3.23.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216862 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:32 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:32 -0000 Subject: SUSE-RU-2023:4721-1: moderate: Recommended update for installation-images Message-ID: <170255709238.23207.7283966071453540173@smelt2.prg2.suse.org> # Recommended update for installation-images Announcement ID: SUSE-RU-2023:4721-1 Rating: moderate References: * bsc#1214329 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for installation-images fixes the following issues: * cifs kernel modules have a new location (bsc#1214329) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4721=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4721=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * installation-images-debuginfodeps-SLES-16.57.27-150400.3.14.2 * skelcd-installer-SLES-16.57.27-150400.3.14.2 * installation-images-SLES-16.57.27-150400.3.14.2 * skelcd-installer-net-SLES-16.57.27-150400.3.14.2 * install-initrd-SLES-16.57.27-150400.3.14.2 * openSUSE Leap 15.4 (noarch) * tftpboot-installation-SLE-15-SP4-x86_64-16.57.27-150400.3.14.2 * tftpboot-installation-SLE-15-SP4-aarch64-16.57.27-150400.3.14.2 * tftpboot-installation-SLE-15-SP4-ppc64le-16.57.27-150400.3.14.2 * tftpboot-installation-SLE-15-SP4-s390x-16.57.27-150400.3.14.2 * Basesystem Module 15-SP4 (noarch) * tftpboot-installation-SLE-15-SP4-s390x-16.57.27-150400.3.14.2 * tftpboot-installation-SLE-15-SP4-aarch64-16.57.27-150400.3.14.2 * tftpboot-installation-SLE-15-SP4-ppc64le-16.57.27-150400.3.14.2 * tftpboot-installation-SLE-15-SP4-x86_64-16.57.27-150400.3.14.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214329 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:46 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:46 -0000 Subject: SUSE-RU-2023:4705-1: moderate: Recommended update for dracut Message-ID: <170255710684.23207.14642813780091440972@smelt2.prg2.suse.org> # Recommended update for dracut Announcement ID: SUSE-RU-2023:4705-1 Rating: moderate References: * bsc#1192986 * bsc#1217031 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two fixes can now be installed. ## Description: This update for dracut fixes the following issues: * Update to version 055+suse.351.g30f0cda6 * Fix network device naming in udev-rules (bsc#1192986) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4705=1 openSUSE-SLE-15.4-2023-4705=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4705=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4705=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4705=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4705=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4705=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4705=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4705=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * dracut-mkinitrd-deprecated-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-extra-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-ima-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-tools-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-debuginfo-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-fips-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-debugsource-055+suse.351.g30f0cda6-150400.3.31.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * dracut-mkinitrd-deprecated-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-debuginfo-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-fips-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-debugsource-055+suse.351.g30f0cda6-150400.3.31.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * dracut-mkinitrd-deprecated-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-debuginfo-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-fips-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-debugsource-055+suse.351.g30f0cda6-150400.3.31.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * dracut-mkinitrd-deprecated-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-debuginfo-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-fips-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-debugsource-055+suse.351.g30f0cda6-150400.3.31.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * dracut-mkinitrd-deprecated-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-debuginfo-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-fips-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-debugsource-055+suse.351.g30f0cda6-150400.3.31.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * dracut-mkinitrd-deprecated-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-debuginfo-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-fips-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-debugsource-055+suse.351.g30f0cda6-150400.3.31.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * dracut-mkinitrd-deprecated-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-debuginfo-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-fips-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-debugsource-055+suse.351.g30f0cda6-150400.3.31.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * dracut-mkinitrd-deprecated-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-ima-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-debuginfo-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-fips-055+suse.351.g30f0cda6-150400.3.31.1 * dracut-debugsource-055+suse.351.g30f0cda6-150400.3.31.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1192986 * https://bugzilla.suse.com/show_bug.cgi?id=1217031 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:43 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:43 -0000 Subject: SUSE-SU-2023:4708-1: important: Security update for go1.20 Message-ID: <170255710394.23207.15294395008903182335@smelt2.prg2.suse.org> # Security update for go1.20 Announcement ID: SUSE-SU-2023:4708-1 Rating: important References: * bsc#1206346 * bsc#1216943 * bsc#1217833 * bsc#1217834 Cross-References: * CVE-2023-39326 * CVE-2023-45284 * CVE-2023-45285 CVSS scores: * CVE-2023-39326 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39326 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-45284 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2023-45284 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-45285 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2023-45285 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities and has one security fix can now be installed. ## Description: This update for go1.20 fixes the following issues: Update to go1.20.12: * CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834). * CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943). * CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833). * cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents * cmd/go: TestScript/mod_get_direct fails with "Filename too long" on Windows ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4708=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4708=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4708=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4708=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.20-doc-1.20.12-150000.1.35.1 * go1.20-race-1.20.12-150000.1.35.1 * go1.20-debuginfo-1.20.12-150000.1.35.1 * go1.20-1.20.12-150000.1.35.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.20-doc-1.20.12-150000.1.35.1 * go1.20-race-1.20.12-150000.1.35.1 * go1.20-debuginfo-1.20.12-150000.1.35.1 * go1.20-1.20.12-150000.1.35.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.20-doc-1.20.12-150000.1.35.1 * go1.20-1.20.12-150000.1.35.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.20-race-1.20.12-150000.1.35.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.20-doc-1.20.12-150000.1.35.1 * go1.20-race-1.20.12-150000.1.35.1 * go1.20-debuginfo-1.20.12-150000.1.35.1 * go1.20-1.20.12-150000.1.35.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39326.html * https://www.suse.com/security/cve/CVE-2023-45284.html * https://www.suse.com/security/cve/CVE-2023-45285.html * https://bugzilla.suse.com/show_bug.cgi?id=1206346 * https://bugzilla.suse.com/show_bug.cgi?id=1216943 * https://bugzilla.suse.com/show_bug.cgi?id=1217833 * https://bugzilla.suse.com/show_bug.cgi?id=1217834 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:45 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:45 -0000 Subject: SUSE-RU-2023:4706-1: moderate: Recommended update for yast2-installation Message-ID: <170255710580.23207.14801213561615889611@smelt2.prg2.suse.org> # Recommended update for yast2-installation Announcement ID: SUSE-RU-2023:4706-1 Rating: moderate References: * bsc#1215884 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for yast2-installation and yast2-update fixes the following issues: * Refresh and reload the repositories activate URL changes (bsc#1215884) * Update yast2-installation to version 4.5.18 * Update yast2-update to version 4.5.4 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4706=1 openSUSE-SLE-15.5-2023-4706=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4706=1 ## Package List: * openSUSE Leap 15.5 (noarch) * yast2-installation-4.5.18-150500.3.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * yast2-update-FACTORY-4.5.4-150500.3.3.1 * yast2-update-4.5.4-150500.3.3.1 * Basesystem Module 15-SP5 (noarch) * yast2-installation-4.5.18-150500.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * yast2-update-4.5.4-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215884 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:54 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:54 -0000 Subject: SUSE-SU-2023:4697-1: important: Security update for gimp Message-ID: <170255711414.23207.9201214350414597454@smelt2.prg2.suse.org> # Security update for gimp Announcement ID: SUSE-SU-2023:4697-1 Rating: important References: * bsc#1217161 * bsc#1217163 Cross-References: * CVE-2023-44442 * CVE-2023-44444 CVSS scores: * CVE-2023-44442 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-44444 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for gimp fixes the following issues: * CVE-2023-44442: Fixed PSD File Parsing Heap-based (bsc#1217161). * CVE-2023-44444: Fixed PSP File Parsing Off-By-One (bsc#1217163). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4697=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4697=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * gimp-debugsource-2.8.18-9.27.1 * gimp-devel-2.8.18-9.27.1 * gimp-devel-debuginfo-2.8.18-9.27.1 * libgimpui-2_0-0-debuginfo-2.8.18-9.27.1 * gimp-debuginfo-2.8.18-9.27.1 * libgimp-2_0-0-2.8.18-9.27.1 * libgimp-2_0-0-debuginfo-2.8.18-9.27.1 * libgimpui-2_0-0-2.8.18-9.27.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * gimp-debugsource-2.8.18-9.27.1 * gimp-plugins-python-2.8.18-9.27.1 * gimp-plugins-python-debuginfo-2.8.18-9.27.1 * gimp-2.8.18-9.27.1 * libgimpui-2_0-0-debuginfo-2.8.18-9.27.1 * gimp-debuginfo-2.8.18-9.27.1 * libgimp-2_0-0-2.8.18-9.27.1 * libgimp-2_0-0-debuginfo-2.8.18-9.27.1 * libgimpui-2_0-0-2.8.18-9.27.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch) * gimp-lang-2.8.18-9.27.1 ## References: * https://www.suse.com/security/cve/CVE-2023-44442.html * https://www.suse.com/security/cve/CVE-2023-44444.html * https://bugzilla.suse.com/show_bug.cgi?id=1217161 * https://bugzilla.suse.com/show_bug.cgi?id=1217163 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:51 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:51 -0000 Subject: SUSE-SU-2023:4698-1: important: Security update for squid Message-ID: <170255711185.23207.10787345974987459324@smelt2.prg2.suse.org> # Security update for squid Announcement ID: SUSE-SU-2023:4698-1 Rating: important References: * bsc#1217654 * bsc#1217813 * bsc#1217815 Cross-References: * CVE-2023-49285 * CVE-2023-49286 CVSS scores: * CVE-2023-49285 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2023-49285 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-49286 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2023-49286 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for squid fixes the following issues: * CVE-2023-49285: Fixed buffer over read bug on HTTP Message processing flow (bsc#1217813) * CVE-2023-49286: Fixed Denial of Service vulnerability in helper process management (bsc#1217815) * Fix X-Forwarded-For Stack Overflow (bsc#1217654) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4698=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4698=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4698=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4698=1 openSUSE-SLE-15.4-2023-4698=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * squid-debugsource-5.7-150400.3.20.1 * squid-debuginfo-5.7-150400.3.20.1 * squid-5.7-150400.3.20.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * squid-debugsource-5.7-150400.3.20.1 * squid-debuginfo-5.7-150400.3.20.1 * squid-5.7-150400.3.20.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * squid-debugsource-5.7-150400.3.20.1 * squid-debuginfo-5.7-150400.3.20.1 * squid-5.7-150400.3.20.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * squid-debugsource-5.7-150400.3.20.1 * squid-debuginfo-5.7-150400.3.20.1 * squid-5.7-150400.3.20.1 ## References: * https://www.suse.com/security/cve/CVE-2023-49285.html * https://www.suse.com/security/cve/CVE-2023-49286.html * https://bugzilla.suse.com/show_bug.cgi?id=1217654 * https://bugzilla.suse.com/show_bug.cgi?id=1217813 * https://bugzilla.suse.com/show_bug.cgi?id=1217815 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:49 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:49 -0000 Subject: SUSE-RU-2023:4700-1: moderate: Recommended update for p11-kit Message-ID: <170255710945.23207.14655798279188257774@smelt2.prg2.suse.org> # Recommended update for p11-kit Announcement ID: SUSE-RU-2023:4700-1 Rating: moderate References: * jsc#PED-6705 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that contains one feature can now be installed. ## Description: This update for p11-kit fixes the following issues: * Ensure that programs using can be compiled with CRYPTOKI_GNU. Fixes GnuTLS builds (jsc#PED-6705). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4700=1 SUSE-2023-4700=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4700=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4700=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4700=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * p11-kit-tools-0.23.22-150500.8.3.1 * p11-kit-0.23.22-150500.8.3.1 * p11-kit-debuginfo-0.23.22-150500.8.3.1 * p11-kit-devel-0.23.22-150500.8.3.1 * p11-kit-tools-debuginfo-0.23.22-150500.8.3.1 * p11-kit-server-debuginfo-0.23.22-150500.8.3.1 * p11-kit-debugsource-0.23.22-150500.8.3.1 * p11-kit-nss-trust-0.23.22-150500.8.3.1 * p11-kit-server-0.23.22-150500.8.3.1 * libp11-kit0-0.23.22-150500.8.3.1 * libp11-kit0-debuginfo-0.23.22-150500.8.3.1 * openSUSE Leap 15.5 (x86_64) * p11-kit-nss-trust-32bit-0.23.22-150500.8.3.1 * libp11-kit0-32bit-0.23.22-150500.8.3.1 * p11-kit-32bit-0.23.22-150500.8.3.1 * libp11-kit0-32bit-debuginfo-0.23.22-150500.8.3.1 * p11-kit-32bit-debuginfo-0.23.22-150500.8.3.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libp11-kit0-64bit-debuginfo-0.23.22-150500.8.3.1 * p11-kit-64bit-debuginfo-0.23.22-150500.8.3.1 * p11-kit-nss-trust-64bit-0.23.22-150500.8.3.1 * libp11-kit0-64bit-0.23.22-150500.8.3.1 * p11-kit-64bit-0.23.22-150500.8.3.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * p11-kit-tools-0.23.22-150500.8.3.1 * p11-kit-0.23.22-150500.8.3.1 * p11-kit-debuginfo-0.23.22-150500.8.3.1 * p11-kit-tools-debuginfo-0.23.22-150500.8.3.1 * p11-kit-debugsource-0.23.22-150500.8.3.1 * libp11-kit0-0.23.22-150500.8.3.1 * libp11-kit0-debuginfo-0.23.22-150500.8.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * p11-kit-tools-0.23.22-150500.8.3.1 * p11-kit-0.23.22-150500.8.3.1 * p11-kit-debuginfo-0.23.22-150500.8.3.1 * p11-kit-devel-0.23.22-150500.8.3.1 * p11-kit-tools-debuginfo-0.23.22-150500.8.3.1 * p11-kit-server-debuginfo-0.23.22-150500.8.3.1 * p11-kit-debugsource-0.23.22-150500.8.3.1 * p11-kit-nss-trust-0.23.22-150500.8.3.1 * p11-kit-server-0.23.22-150500.8.3.1 * libp11-kit0-0.23.22-150500.8.3.1 * libp11-kit0-debuginfo-0.23.22-150500.8.3.1 * Basesystem Module 15-SP5 (x86_64) * libp11-kit0-32bit-debuginfo-0.23.22-150500.8.3.1 * libp11-kit0-32bit-0.23.22-150500.8.3.1 * p11-kit-32bit-debuginfo-0.23.22-150500.8.3.1 * SUSE Package Hub 15 15-SP5 (x86_64) * p11-kit-32bit-debuginfo-0.23.22-150500.8.3.1 * p11-kit-debuginfo-0.23.22-150500.8.3.1 * p11-kit-32bit-0.23.22-150500.8.3.1 * p11-kit-debugsource-0.23.22-150500.8.3.1 ## References: * https://jira.suse.com/browse/PED-6705 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:58 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:58 -0000 Subject: SUSE-RU-2023:4695-1: moderate: Recommended update for lifecycle-data-sle-module-development-tools Message-ID: <170255711870.23207.4623928388445999846@smelt2.prg2.suse.org> # Recommended update for lifecycle-data-sle-module-development-tools Announcement ID: SUSE-RU-2023:4695-1 Rating: moderate References: * bsc#1216578 * jsc#PED-6584 Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature and has one fix can now be installed. ## Description: This update for lifecycle-data-sle-module-development-tools fixes the following issues: * Temporary remove go1.19-openssl EOL, will be readded once we ship get go1.21-openssl yet. (bsc#1216578) * Mark gcc12 EOL date to April 30th of 2024 (6 months after release of gcc13) (jsc#PED-6584) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4695=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4695=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4695=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4695=1 ## Package List: * Development Tools Module 15-SP5 (noarch) * lifecycle-data-sle-module-development-tools-1-150200.3.24.1 * openSUSE Leap 15.4 (noarch) * lifecycle-data-sle-module-development-tools-1-150200.3.24.1 * openSUSE Leap 15.5 (noarch) * lifecycle-data-sle-module-development-tools-1-150200.3.24.1 * Development Tools Module 15-SP4 (noarch) * lifecycle-data-sle-module-development-tools-1-150200.3.24.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216578 * https://jira.suse.com/browse/PED-6584 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:48 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:48 -0000 Subject: SUSE-RU-2023:4701-1: moderate: Recommended update for saptune Message-ID: <170255710853.23207.11236025834575121799@smelt2.prg2.suse.org> # Recommended update for saptune Announcement ID: SUSE-RU-2023:4701-1 Rating: moderate References: * bsc#1209408 * bsc#1215969 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SAP Applications Module 15-SP2 * SAP Applications Module 15-SP1 * SAP Applications Module 15-SP3 * SAP Applications Module 15-SP4 * SAP Applications Module 15-SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two fixes can now be installed. ## Description: This update for saptune (to version 3.1.1) fixes the following issues: * Typo in logfile directory name creates /varlog/saptune instead of /var/log/saptune (bsc#1215969). * SAP Note 2382421: Fix missing handling for Azure systems regarding parameter 'net.ipv4.tcp_timestamps'. This exclude setting was left out during the last SAP Note update by mistake. * Add parameter IGNORE_RELOAD to /etc/sysconfig/saptune to prevent saptune from stopping and starting the system tuning during package update. Related to sapconf bug bsc#1209408. * Create a flag file in preinstall and remove it in posttrans of the package installation to inform saptune that currently a package installation/update takes place so that some special situations can be handled as expected. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4701=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4701=1 * SAP Applications Module 15-SP1 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2023-4701=1 * SAP Applications Module 15-SP2 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2023-4701=1 * SAP Applications Module 15-SP3 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2023-4701=1 * SAP Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-4701=1 * SAP Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP5-2023-4701=1 ## Package List: * openSUSE Leap 15.4 (ppc64le x86_64) * saptune-debuginfo-3.1.1-150100.8.30.1 * saptune-3.1.1-150100.8.30.1 * openSUSE Leap 15.5 (ppc64le x86_64) * saptune-debuginfo-3.1.1-150100.8.30.1 * saptune-3.1.1-150100.8.30.1 * SAP Applications Module 15-SP1 (ppc64le x86_64) * saptune-debuginfo-3.1.1-150100.8.30.1 * saptune-3.1.1-150100.8.30.1 * SAP Applications Module 15-SP2 (ppc64le x86_64) * saptune-debuginfo-3.1.1-150100.8.30.1 * saptune-3.1.1-150100.8.30.1 * SAP Applications Module 15-SP3 (ppc64le x86_64) * saptune-debuginfo-3.1.1-150100.8.30.1 * saptune-3.1.1-150100.8.30.1 * SAP Applications Module 15-SP4 (ppc64le x86_64) * saptune-debuginfo-3.1.1-150100.8.30.1 * saptune-3.1.1-150100.8.30.1 * SAP Applications Module 15-SP5 (ppc64le x86_64) * saptune-debuginfo-3.1.1-150100.8.30.1 * saptune-3.1.1-150100.8.30.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209408 * https://bugzilla.suse.com/show_bug.cgi?id=1215969 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:47 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:47 -0000 Subject: SUSE-RU-2023:4702-1: moderate: Recommended update for saptune Message-ID: <170255710781.23207.13979537617976814526@smelt2.prg2.suse.org> # Recommended update for saptune Announcement ID: SUSE-RU-2023:4702-1 Rating: moderate References: * bsc#1209408 * bsc#1215969 Affected Products: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has two fixes can now be installed. ## Description: This update for saptune (to version 3.1.1) fixes the following issues: * Typo in logfile directory name creates /varlog/saptune instead of /var/log/saptune (bsc#1215969). * SAP Note 2382421: Fix missing handling for Azure systems regarding parameter 'net.ipv4.tcp_timestamps'. This exclude setting was left out during the last SAP Note update by mistake. * Add parameter IGNORE_RELOAD to /etc/sysconfig/saptune to prevent saptune from stopping and starting the system tuning during package update. Related to sapconf bug bsc#1209408. * Create a flag file in preinstall and remove it in posttrans of the package installation to inform saptune that currently a package installation/update takes place so that some special situations can be handled as expected. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SAP-12-SP5-2023-4702=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * saptune-3.1.1-4.18.1 * saptune-debuginfo-3.1.1-4.18.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209408 * https://bugzilla.suse.com/show_bug.cgi?id=1215969 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:56 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:56 -0000 Subject: SUSE-RU-2023:4696-1: moderate: Recommended update for lifecycle-data-sle-module-python3 Message-ID: <170255711661.23207.5340050097268379264@smelt2.prg2.suse.org> # Recommended update for lifecycle-data-sle-module-python3 Announcement ID: SUSE-RU-2023:4696-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 * Python 3 Module 15-SP4 * Python 3 Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for lifecycle-data-sle-module-python3 fixes the following issues: * Initial python3 module lifecycle data ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4696=1 * Python 3 Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-4696=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2023-4696=1 ## Package List: * openSUSE Leap 15.4 (noarch) * lifecycle-data-sle-module-python3-1-150400.9.3.1 * Python 3 Module 15-SP4 (noarch) * lifecycle-data-sle-module-python3-1-150400.9.3.1 * Python 3 Module 15-SP5 (noarch) * lifecycle-data-sle-module-python3-1-150400.9.3.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:50 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:50 -0000 Subject: SUSE-RU-2023:4699-1: moderate: Recommended update for gpg2 Message-ID: <170255711062.23207.1282200623665450499@smelt2.prg2.suse.org> # Recommended update for gpg2 Announcement ID: SUSE-RU-2023:4699-1 Rating: moderate References: * bsc#1217212 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for gpg2 fixes the following issues: * `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4699=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4699=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4699=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4699=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4699=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4699=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4699=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4699=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4699=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4699=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4699=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4699=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4699=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4699=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4699=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * gpg2-debuginfo-2.2.27-150300.3.8.1 * dirmngr-debuginfo-2.2.27-150300.3.8.1 * gpg2-debugsource-2.2.27-150300.3.8.1 * gpg2-2.2.27-150300.3.8.1 * dirmngr-2.2.27-150300.3.8.1 * openSUSE Leap 15.3 (noarch) * gpg2-lang-2.2.27-150300.3.8.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * gpg2-debuginfo-2.2.27-150300.3.8.1 * gpg2-debugsource-2.2.27-150300.3.8.1 * gpg2-2.2.27-150300.3.8.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * gpg2-debuginfo-2.2.27-150300.3.8.1 * gpg2-debugsource-2.2.27-150300.3.8.1 * gpg2-2.2.27-150300.3.8.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * gpg2-debuginfo-2.2.27-150300.3.8.1 * dirmngr-debuginfo-2.2.27-150300.3.8.1 * gpg2-debugsource-2.2.27-150300.3.8.1 * gpg2-2.2.27-150300.3.8.1 * dirmngr-2.2.27-150300.3.8.1 * openSUSE Leap 15.4 (noarch) * gpg2-lang-2.2.27-150300.3.8.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * gpg2-debuginfo-2.2.27-150300.3.8.1 * dirmngr-debuginfo-2.2.27-150300.3.8.1 * gpg2-debugsource-2.2.27-150300.3.8.1 * gpg2-2.2.27-150300.3.8.1 * dirmngr-2.2.27-150300.3.8.1 * openSUSE Leap 15.5 (noarch) * gpg2-lang-2.2.27-150300.3.8.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * gpg2-debuginfo-2.2.27-150300.3.8.1 * gpg2-debugsource-2.2.27-150300.3.8.1 * gpg2-2.2.27-150300.3.8.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * gpg2-debuginfo-2.2.27-150300.3.8.1 * gpg2-debugsource-2.2.27-150300.3.8.1 * gpg2-2.2.27-150300.3.8.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * gpg2-debuginfo-2.2.27-150300.3.8.1 * gpg2-debugsource-2.2.27-150300.3.8.1 * gpg2-2.2.27-150300.3.8.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * gpg2-debuginfo-2.2.27-150300.3.8.1 * gpg2-debugsource-2.2.27-150300.3.8.1 * gpg2-2.2.27-150300.3.8.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * gpg2-debuginfo-2.2.27-150300.3.8.1 * gpg2-debugsource-2.2.27-150300.3.8.1 * gpg2-2.2.27-150300.3.8.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * gpg2-debuginfo-2.2.27-150300.3.8.1 * dirmngr-debuginfo-2.2.27-150300.3.8.1 * gpg2-debugsource-2.2.27-150300.3.8.1 * gpg2-2.2.27-150300.3.8.1 * dirmngr-2.2.27-150300.3.8.1 * Basesystem Module 15-SP4 (noarch) * gpg2-lang-2.2.27-150300.3.8.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * gpg2-debuginfo-2.2.27-150300.3.8.1 * dirmngr-debuginfo-2.2.27-150300.3.8.1 * gpg2-debugsource-2.2.27-150300.3.8.1 * gpg2-2.2.27-150300.3.8.1 * dirmngr-2.2.27-150300.3.8.1 * Basesystem Module 15-SP5 (noarch) * gpg2-lang-2.2.27-150300.3.8.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * gpg2-debuginfo-2.2.27-150300.3.8.1 * gpg2-debugsource-2.2.27-150300.3.8.1 * gpg2-2.2.27-150300.3.8.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * gpg2-debuginfo-2.2.27-150300.3.8.1 * gpg2-debugsource-2.2.27-150300.3.8.1 * gpg2-2.2.27-150300.3.8.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * gpg2-debuginfo-2.2.27-150300.3.8.1 * gpg2-debugsource-2.2.27-150300.3.8.1 * gpg2-2.2.27-150300.3.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1217212 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:07 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:07 -0000 Subject: SUSE-RU-2023:4685-1: moderate: Recommended update for yast2-storage-ng Message-ID: <170255712713.23207.3641315518078180971@smelt2.prg2.suse.org> # Recommended update for yast2-storage-ng Announcement ID: SUSE-RU-2023:4685-1 Rating: moderate References: * bsc#1215022 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for yast2-storage-ng fixes the following issues: * Add new MdLevel value for linear RAIDs to fix error prompt when launching Yast2 partitioner (bsc#1215022) * Update to version 4.5.25 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4685=1 SUSE-2023-4685=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4685=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * yast2-storage-ng-4.5.25-150500.3.8.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * yast2-storage-ng-4.5.25-150500.3.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215022 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:03 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:03 -0000 Subject: SUSE-SU-2023:4690-1: moderate: Security update for poppler Message-ID: <170255712318.23207.11504913384070620553@smelt2.prg2.suse.org> # Security update for poppler Announcement ID: SUSE-SU-2023:4690-1 Rating: moderate References: * bsc#1120956 Cross-References: * CVE-2018-20662 CVSS scores: * CVE-2018-20662 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-20662 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-20662 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2018-20662: PDFDoc setup in PDFDoc.cc allows attackers to cause DOS because of a wrong return value from PDFDoc:setup (bsc#1120956). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4690=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpoppler73-debuginfo-0.62.0-150000.4.34.1 * libpoppler73-0.62.0-150000.4.34.1 * openSUSE Leap 15.4 (x86_64) * libpoppler73-32bit-debuginfo-0.62.0-150000.4.34.1 * libpoppler73-32bit-0.62.0-150000.4.34.1 ## References: * https://www.suse.com/security/cve/CVE-2018-20662.html * https://bugzilla.suse.com/show_bug.cgi?id=1120956 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:05 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:05 -0000 Subject: SUSE-RU-2023:4688-1: moderate: Recommended update for qt6-base Message-ID: <170255712595.23207.14410377942231178494@smelt2.prg2.suse.org> # Recommended update for qt6-base Announcement ID: SUSE-RU-2023:4688-1 Rating: moderate References: * bsc#1215178 Affected Products: * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that has one fix can now be installed. ## Description: This update for qt6-base fixes the following issues: * Regression introduced by a patch that makes qt-creator6 hang in an infinite loop (bsc#1215178) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4688=1 openSUSE-SLE-15.5-2023-4688=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4688=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4688=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * qt6-sql-mysql-6.4.2-150500.3.10.1 * libQt6PrintSupport6-debuginfo-6.4.2-150500.3.10.1 * libQt6DBus6-6.4.2-150500.3.10.1 * qt6-xml-devel-6.4.2-150500.3.10.1 * libQt6Widgets6-debuginfo-6.4.2-150500.3.10.1 * qt6-platformtheme-gtk3-6.4.2-150500.3.10.1 * qt6-platformsupport-private-devel-6.4.2-150500.3.10.1 * qt6-sql-sqlite-debuginfo-6.4.2-150500.3.10.1 * qt6-sql-unixODBC-debuginfo-6.4.2-150500.3.10.1 * qt6-base-common-devel-debuginfo-6.4.2-150500.3.10.1 * qt6-platformtheme-gtk3-debuginfo-6.4.2-150500.3.10.1 * qt6-core-private-devel-6.4.2-150500.3.10.1 * qt6-sql-postgresql-6.4.2-150500.3.10.1 * qt6-openglwidgets-devel-6.4.2-150500.3.10.1 * qt6-sql-unixODBC-6.4.2-150500.3.10.1 * libQt6OpenGLWidgets6-6.4.2-150500.3.10.1 * libQt6OpenGL6-debuginfo-6.4.2-150500.3.10.1 * qt6-network-private-devel-6.4.2-150500.3.10.1 * qt6-base-examples-debuginfo-6.4.2-150500.3.10.1 * qt6-kmssupport-devel-static-6.4.2-150500.3.10.1 * qt6-base-debuginfo-6.4.2-150500.3.10.1 * qt6-networkinformation-glib-6.4.2-150500.3.10.1 * qt6-printsupport-devel-6.4.2-150500.3.10.1 * libQt6Concurrent6-6.4.2-150500.3.10.1 * libQt6Core6-debuginfo-6.4.2-150500.3.10.1 * libQt6Xml6-6.4.2-150500.3.10.1 * libQt6Gui6-debuginfo-6.4.2-150500.3.10.1 * qt6-base-debugsource-6.4.2-150500.3.10.1 * qt6-network-tls-6.4.2-150500.3.10.1 * qt6-opengl-private-devel-6.4.2-150500.3.10.1 * libQt6Sql6-6.4.2-150500.3.10.1 * qt6-sql-mysql-debuginfo-6.4.2-150500.3.10.1 * libQt6Concurrent6-debuginfo-6.4.2-150500.3.10.1 * libQt6Widgets6-6.4.2-150500.3.10.1 * qt6-dbus-devel-6.4.2-150500.3.10.1 * qt6-sql-postgresql-debuginfo-6.4.2-150500.3.10.1 * libQt6OpenGLWidgets6-debuginfo-6.4.2-150500.3.10.1 * qt6-dbus-private-devel-6.4.2-150500.3.10.1 * qt6-kmssupport-private-devel-6.4.2-150500.3.10.1 * qt6-test-devel-6.4.2-150500.3.10.1 * libQt6Test6-debuginfo-6.4.2-150500.3.10.1 * qt6-platformtheme-xdgdesktopportal-debuginfo-6.4.2-150500.3.10.1 * qt6-sql-sqlite-6.4.2-150500.3.10.1 * qt6-concurrent-devel-6.4.2-150500.3.10.1 * qt6-widgets-private-devel-6.4.2-150500.3.10.1 * qt6-gui-devel-6.4.2-150500.3.10.1 * qt6-printsupport-private-devel-6.4.2-150500.3.10.1 * qt6-core-devel-6.4.2-150500.3.10.1 * qt6-networkinformation-nm-debuginfo-6.4.2-150500.3.10.1 * libQt6DBus6-debuginfo-6.4.2-150500.3.10.1 * qt6-printsupport-cups-debuginfo-6.4.2-150500.3.10.1 * libQt6Network6-debuginfo-6.4.2-150500.3.10.1 * libQt6Gui6-6.4.2-150500.3.10.1 * qt6-platformtheme-xdgdesktopportal-6.4.2-150500.3.10.1 * qt6-printsupport-cups-6.4.2-150500.3.10.1 * libQt6Test6-6.4.2-150500.3.10.1 * qt6-gui-private-devel-6.4.2-150500.3.10.1 * qt6-sql-devel-6.4.2-150500.3.10.1 * qt6-xml-private-devel-6.4.2-150500.3.10.1 * libQt6Xml6-debuginfo-6.4.2-150500.3.10.1 * libQt6Core6-6.4.2-150500.3.10.1 * qt6-network-tls-debuginfo-6.4.2-150500.3.10.1 * qt6-platformsupport-devel-static-6.4.2-150500.3.10.1 * qt6-widgets-devel-6.4.2-150500.3.10.1 * libQt6Sql6-debuginfo-6.4.2-150500.3.10.1 * qt6-opengl-devel-6.4.2-150500.3.10.1 * qt6-sql-private-devel-6.4.2-150500.3.10.1 * qt6-base-examples-6.4.2-150500.3.10.1 * qt6-base-docs-qch-6.4.2-150500.3.10.1 * qt6-base-docs-html-6.4.2-150500.3.10.1 * libQt6Network6-6.4.2-150500.3.10.1 * qt6-network-devel-6.4.2-150500.3.10.1 * qt6-test-private-devel-6.4.2-150500.3.10.1 * libQt6OpenGL6-6.4.2-150500.3.10.1 * qt6-networkinformation-nm-6.4.2-150500.3.10.1 * libQt6PrintSupport6-6.4.2-150500.3.10.1 * qt6-networkinformation-glib-debuginfo-6.4.2-150500.3.10.1 * qt6-base-common-devel-6.4.2-150500.3.10.1 * openSUSE Leap 15.5 (noarch) * qt6-docs-common-6.4.2-150500.3.10.1 * qt6-base-devel-6.4.2-150500.3.10.1 * qt6-base-private-devel-6.4.2-150500.3.10.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * qt6-base-debuginfo-6.4.2-150500.3.10.1 * libQt6Core6-debuginfo-6.4.2-150500.3.10.1 * qt6-network-tls-6.4.2-150500.3.10.1 * libQt6DBus6-debuginfo-6.4.2-150500.3.10.1 * libQt6DBus6-6.4.2-150500.3.10.1 * libQt6Gui6-debuginfo-6.4.2-150500.3.10.1 * libQt6Network6-6.4.2-150500.3.10.1 * qt6-base-debugsource-6.4.2-150500.3.10.1 * libQt6Network6-debuginfo-6.4.2-150500.3.10.1 * libQt6Gui6-6.4.2-150500.3.10.1 * libQt6Widgets6-6.4.2-150500.3.10.1 * libQt6OpenGL6-6.4.2-150500.3.10.1 * libQt6Widgets6-debuginfo-6.4.2-150500.3.10.1 * libQt6Core6-6.4.2-150500.3.10.1 * qt6-network-tls-debuginfo-6.4.2-150500.3.10.1 * libQt6OpenGL6-debuginfo-6.4.2-150500.3.10.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * libQt6PrintSupport6-debuginfo-6.4.2-150500.3.10.1 * libQt6DBus6-6.4.2-150500.3.10.1 * qt6-xml-devel-6.4.2-150500.3.10.1 * libQt6Widgets6-debuginfo-6.4.2-150500.3.10.1 * qt6-base-common-devel-debuginfo-6.4.2-150500.3.10.1 * qt6-core-private-devel-6.4.2-150500.3.10.1 * qt6-openglwidgets-devel-6.4.2-150500.3.10.1 * libQt6OpenGLWidgets6-6.4.2-150500.3.10.1 * libQt6OpenGL6-debuginfo-6.4.2-150500.3.10.1 * qt6-kmssupport-devel-static-6.4.2-150500.3.10.1 * qt6-base-debuginfo-6.4.2-150500.3.10.1 * qt6-sql-sqlite-debuginfo-6.4.2-150500.3.10.1 * qt6-printsupport-devel-6.4.2-150500.3.10.1 * libQt6Concurrent6-6.4.2-150500.3.10.1 * libQt6Core6-debuginfo-6.4.2-150500.3.10.1 * libQt6Xml6-6.4.2-150500.3.10.1 * libQt6Gui6-debuginfo-6.4.2-150500.3.10.1 * qt6-base-debugsource-6.4.2-150500.3.10.1 * qt6-network-tls-6.4.2-150500.3.10.1 * qt6-opengl-private-devel-6.4.2-150500.3.10.1 * libQt6Sql6-6.4.2-150500.3.10.1 * libQt6Concurrent6-debuginfo-6.4.2-150500.3.10.1 * libQt6Widgets6-6.4.2-150500.3.10.1 * qt6-dbus-devel-6.4.2-150500.3.10.1 * libQt6OpenGLWidgets6-debuginfo-6.4.2-150500.3.10.1 * qt6-test-devel-6.4.2-150500.3.10.1 * qt6-kmssupport-private-devel-6.4.2-150500.3.10.1 * libQt6Test6-debuginfo-6.4.2-150500.3.10.1 * qt6-sql-sqlite-6.4.2-150500.3.10.1 * qt6-concurrent-devel-6.4.2-150500.3.10.1 * qt6-widgets-private-devel-6.4.2-150500.3.10.1 * qt6-gui-devel-6.4.2-150500.3.10.1 * qt6-core-devel-6.4.2-150500.3.10.1 * libQt6DBus6-debuginfo-6.4.2-150500.3.10.1 * libQt6Network6-debuginfo-6.4.2-150500.3.10.1 * libQt6Gui6-6.4.2-150500.3.10.1 * libQt6Test6-6.4.2-150500.3.10.1 * qt6-gui-private-devel-6.4.2-150500.3.10.1 * qt6-sql-devel-6.4.2-150500.3.10.1 * libQt6Xml6-debuginfo-6.4.2-150500.3.10.1 * libQt6Core6-6.4.2-150500.3.10.1 * qt6-network-tls-debuginfo-6.4.2-150500.3.10.1 * qt6-platformsupport-devel-static-6.4.2-150500.3.10.1 * qt6-widgets-devel-6.4.2-150500.3.10.1 * libQt6Sql6-debuginfo-6.4.2-150500.3.10.1 * qt6-opengl-devel-6.4.2-150500.3.10.1 * libQt6Network6-6.4.2-150500.3.10.1 * qt6-network-devel-6.4.2-150500.3.10.1 * libQt6OpenGL6-6.4.2-150500.3.10.1 * libQt6PrintSupport6-6.4.2-150500.3.10.1 * qt6-base-common-devel-6.4.2-150500.3.10.1 * SUSE Package Hub 15 15-SP5 (noarch) * qt6-base-devel-6.4.2-150500.3.10.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215178 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:09 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:09 -0000 Subject: SUSE-RU-2023:4684-1: moderate: Recommended update for yast2-storage-ng Message-ID: <170255712934.23207.10228697606391637919@smelt2.prg2.suse.org> # Recommended update for yast2-storage-ng Announcement ID: SUSE-RU-2023:4684-1 Rating: moderate References: * bsc#1215022 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for yast2-storage-ng fixes the following issues: * Add new MdLevel value for linear RAIDs to fix error prompt when launching Yast2 partitioner (bsc#1215022) * Update to version 4.4.46 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4684=1 openSUSE-SLE-15.4-2023-4684=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4684=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4684=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4684=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4684=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4684=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4684=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4684=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4684=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * yast2-storage-ng-4.4.46-150400.3.19.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * yast2-storage-ng-4.4.46-150400.3.19.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * yast2-storage-ng-4.4.46-150400.3.19.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * yast2-storage-ng-4.4.46-150400.3.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * yast2-storage-ng-4.4.46-150400.3.19.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * yast2-storage-ng-4.4.46-150400.3.19.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * yast2-storage-ng-4.4.46-150400.3.19.1 * SUSE Manager Proxy 4.3 (x86_64) * yast2-storage-ng-4.4.46-150400.3.19.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * yast2-storage-ng-4.4.46-150400.3.19.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215022 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:16 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:16 -0000 Subject: SUSE-RU-2023:4671-1: moderate: Recommended update for man Message-ID: <170255713637.23207.5324763112630436265@smelt2.prg2.suse.org> # Recommended update for man Announcement ID: SUSE-RU-2023:4671-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Legacy Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that can now be installed. ## Description: This update of man fixes the following problem: * The "man" commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4671=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-4671=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4671=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4671=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4671=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4671=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4671=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4671=1 SUSE-2023-4671=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4671=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4671=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4671=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4671=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4671=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4671=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4671=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4671=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4671=1 ## Package List: * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * man-2.7.6-150100.8.5.1 * groff-full-debuginfo-1.22.4-150400.5.2.2 * libpipeline1-1.4.1-150000.3.2.1 * libpipeline-debugsource-1.4.1-150000.3.2.1 * man-debuginfo-2.7.6-150100.8.5.1 * groff-full-1.22.4-150400.5.2.2 * groff-full-debugsource-1.22.4-150400.5.2.2 * groff-1.22.4-150400.5.2.1 * groff-debugsource-1.22.4-150400.5.2.1 * man-debugsource-2.7.6-150100.8.5.1 * gxditview-debuginfo-1.22.4-150400.5.2.2 * libpipeline-devel-1.4.1-150000.3.2.1 * groff-debuginfo-1.22.4-150400.5.2.1 * libpipeline1-debuginfo-1.4.1-150000.3.2.1 * gxditview-1.22.4-150400.5.2.2 * Basesystem Module 15-SP5 (noarch) * system-user-uucp-20170617-150400.24.2.1 * system-user-bin-20170617-150400.24.2.1 * system-user-man-20170617-150400.24.2.1 * system-user-nobody-20170617-150400.24.2.1 * system-user-games-20170617-150400.24.2.1 * system-user-mail-20170617-150400.24.2.1 * system-user-news-20170617-150400.24.2.1 * system-user-tftp-20170617-150400.24.2.1 * system-user-wwwrun-20170617-150400.24.2.1 * system-user-daemon-20170617-150400.24.2.1 * system-user-lp-20170617-150400.24.2.1 * system-group-hardware-20170617-150400.24.2.1 * system-group-wheel-20170617-150400.24.2.1 * system-group-kvm-20170617-150400.24.2.1 * system-user-tss-20170617-150400.24.2.1 * Legacy Module 15-SP4 (noarch) * system-group-obsolete-20170617-150400.24.2.1 * Legacy Module 15-SP5 (noarch) * system-group-obsolete-20170617-150400.24.2.1 * SUSE Package Hub 15 15-SP4 (noarch) * system-user-games-20170617-150400.24.2.1 * SUSE Package Hub 15 15-SP5 (noarch) * system-user-games-20170617-150400.24.2.1 * Server Applications Module 15-SP4 (noarch) * system-group-libvirt-20170617-150400.24.2.1 * system-user-upsd-20170617-150400.24.2.1 * system-user-qemu-20170617-150400.24.2.1 * system-user-ftp-20170617-150400.24.2.1 * system-user-uuidd-20170617-150400.24.2.1 * Server Applications Module 15-SP5 (noarch) * system-group-libvirt-20170617-150400.24.2.1 * system-user-upsd-20170617-150400.24.2.1 * system-user-qemu-20170617-150400.24.2.1 * system-user-ftp-20170617-150400.24.2.1 * system-user-uuidd-20170617-150400.24.2.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * groff-full-debuginfo-1.22.4-150400.5.2.2 * groff-full-1.22.4-150400.5.2.2 * groff-full-debugsource-1.22.4-150400.5.2.2 * groff-1.22.4-150400.5.2.1 * groff-debugsource-1.22.4-150400.5.2.1 * gxditview-debuginfo-1.22.4-150400.5.2.2 * groff-debuginfo-1.22.4-150400.5.2.1 * gxditview-1.22.4-150400.5.2.2 * openSUSE Leap 15.4 (noarch) * system-group-obsolete-20170617-150400.24.2.1 * system-user-ftp-20170617-150400.24.2.1 * system-group-kvm-20170617-150400.24.2.1 * system-user-mail-20170617-150400.24.2.1 * system-user-news-20170617-150400.24.2.1 * system-user-lp-20170617-150400.24.2.1 * system-user-uucp-20170617-150400.24.2.1 * system-user-man-20170617-150400.24.2.1 * system-user-upsd-20170617-150400.24.2.1 * system-user-wwwrun-20170617-150400.24.2.1 * system-user-qemu-20170617-150400.24.2.1 * system-user-tftp-20170617-150400.24.2.1 * system-group-hardware-20170617-150400.24.2.1 * system-group-libvirt-20170617-150400.24.2.1 * system-user-bin-20170617-150400.24.2.1 * groff-doc-1.22.4-150400.5.2.2 * system-user-nobody-20170617-150400.24.2.1 * system-user-games-20170617-150400.24.2.1 * system-user-daemon-20170617-150400.24.2.1 * system-user-uuidd-20170617-150400.24.2.1 * system-group-wheel-20170617-150400.24.2.1 * system-user-tss-20170617-150400.24.2.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpipeline1-1.4.1-150000.3.2.1 * libpipeline-debugsource-1.4.1-150000.3.2.1 * man-debuginfo-2.7.6-150100.8.5.1 * man-debugsource-2.7.6-150100.8.5.1 * man-2.7.6-150100.8.5.1 * libpipeline-devel-1.4.1-150000.3.2.1 * libpipeline1-debuginfo-1.4.1-150000.3.2.1 * openSUSE Leap Micro 5.3 (x86_64) * groff-1.22.4-150400.5.2.1 * groff-debuginfo-1.22.4-150400.5.2.1 * groff-debugsource-1.22.4-150400.5.2.1 * openSUSE Leap Micro 5.3 (noarch) * system-group-libvirt-20170617-150400.24.2.1 * system-user-nobody-20170617-150400.24.2.1 * system-user-qemu-20170617-150400.24.2.1 * system-user-tftp-20170617-150400.24.2.1 * system-user-lp-20170617-150400.24.2.1 * system-group-hardware-20170617-150400.24.2.1 * system-group-wheel-20170617-150400.24.2.1 * system-group-kvm-20170617-150400.24.2.1 * system-user-tss-20170617-150400.24.2.1 * openSUSE Leap Micro 5.4 (x86_64) * groff-1.22.4-150400.5.2.1 * groff-debuginfo-1.22.4-150400.5.2.1 * groff-debugsource-1.22.4-150400.5.2.1 * openSUSE Leap Micro 5.4 (noarch) * system-group-libvirt-20170617-150400.24.2.1 * system-user-nobody-20170617-150400.24.2.1 * system-user-qemu-20170617-150400.24.2.1 * system-user-tftp-20170617-150400.24.2.1 * system-user-lp-20170617-150400.24.2.1 * system-group-hardware-20170617-150400.24.2.1 * system-group-wheel-20170617-150400.24.2.1 * system-group-kvm-20170617-150400.24.2.1 * system-user-tss-20170617-150400.24.2.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * man-2.7.6-150100.8.5.1 * groff-full-debuginfo-1.22.4-150400.5.2.2 * libpipeline1-1.4.1-150000.3.2.1 * libpipeline-debugsource-1.4.1-150000.3.2.1 * man-debuginfo-2.7.6-150100.8.5.1 * groff-full-1.22.4-150400.5.2.2 * groff-full-debugsource-1.22.4-150400.5.2.2 * groff-1.22.4-150400.5.2.1 * groff-debugsource-1.22.4-150400.5.2.1 * man-debugsource-2.7.6-150100.8.5.1 * gxditview-debuginfo-1.22.4-150400.5.2.2 * libpipeline-devel-1.4.1-150000.3.2.1 * groff-debuginfo-1.22.4-150400.5.2.1 * libpipeline1-debuginfo-1.4.1-150000.3.2.1 * gxditview-1.22.4-150400.5.2.2 * openSUSE Leap 15.5 (noarch) * system-group-obsolete-20170617-150400.24.2.1 * system-user-ftp-20170617-150400.24.2.1 * system-group-kvm-20170617-150400.24.2.1 * system-user-mail-20170617-150400.24.2.1 * system-user-news-20170617-150400.24.2.1 * system-user-lp-20170617-150400.24.2.1 * system-user-uucp-20170617-150400.24.2.1 * system-user-man-20170617-150400.24.2.1 * system-user-upsd-20170617-150400.24.2.1 * system-user-wwwrun-20170617-150400.24.2.1 * system-user-qemu-20170617-150400.24.2.1 * system-user-tftp-20170617-150400.24.2.1 * system-group-hardware-20170617-150400.24.2.1 * system-group-libvirt-20170617-150400.24.2.1 * system-user-bin-20170617-150400.24.2.1 * groff-doc-1.22.4-150400.5.2.2 * system-user-nobody-20170617-150400.24.2.1 * system-user-games-20170617-150400.24.2.1 * system-user-daemon-20170617-150400.24.2.1 * system-user-uuidd-20170617-150400.24.2.1 * system-group-wheel-20170617-150400.24.2.1 * system-user-tss-20170617-150400.24.2.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libpipeline1-1.4.1-150000.3.2.1 * libpipeline-debugsource-1.4.1-150000.3.2.1 * man-debuginfo-2.7.6-150100.8.5.1 * groff-1.22.4-150400.5.2.1 * groff-debugsource-1.22.4-150400.5.2.1 * man-debugsource-2.7.6-150100.8.5.1 * man-2.7.6-150100.8.5.1 * groff-debuginfo-1.22.4-150400.5.2.1 * libpipeline1-debuginfo-1.4.1-150000.3.2.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * system-group-libvirt-20170617-150400.24.2.1 * system-user-man-20170617-150400.24.2.1 * system-user-nobody-20170617-150400.24.2.1 * system-user-qemu-20170617-150400.24.2.1 * system-user-tftp-20170617-150400.24.2.1 * system-user-lp-20170617-150400.24.2.1 * system-group-hardware-20170617-150400.24.2.1 * system-group-wheel-20170617-150400.24.2.1 * system-group-kvm-20170617-150400.24.2.1 * system-user-tss-20170617-150400.24.2.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libpipeline1-1.4.1-150000.3.2.1 * libpipeline-debugsource-1.4.1-150000.3.2.1 * man-debuginfo-2.7.6-150100.8.5.1 * groff-1.22.4-150400.5.2.1 * groff-debugsource-1.22.4-150400.5.2.1 * man-debugsource-2.7.6-150100.8.5.1 * man-2.7.6-150100.8.5.1 * groff-debuginfo-1.22.4-150400.5.2.1 * libpipeline1-debuginfo-1.4.1-150000.3.2.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * system-group-libvirt-20170617-150400.24.2.1 * system-user-man-20170617-150400.24.2.1 * system-user-nobody-20170617-150400.24.2.1 * system-user-qemu-20170617-150400.24.2.1 * system-user-tftp-20170617-150400.24.2.1 * system-user-lp-20170617-150400.24.2.1 * system-group-hardware-20170617-150400.24.2.1 * system-group-wheel-20170617-150400.24.2.1 * system-group-kvm-20170617-150400.24.2.1 * system-user-tss-20170617-150400.24.2.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * system-group-libvirt-20170617-150400.24.2.1 * system-user-nobody-20170617-150400.24.2.1 * system-user-qemu-20170617-150400.24.2.1 * system-user-tftp-20170617-150400.24.2.1 * system-user-lp-20170617-150400.24.2.1 * system-group-hardware-20170617-150400.24.2.1 * system-group-wheel-20170617-150400.24.2.1 * system-group-kvm-20170617-150400.24.2.1 * system-user-tss-20170617-150400.24.2.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * groff-1.22.4-150400.5.2.1 * groff-debuginfo-1.22.4-150400.5.2.1 * groff-debugsource-1.22.4-150400.5.2.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * system-group-libvirt-20170617-150400.24.2.1 * system-user-nobody-20170617-150400.24.2.1 * system-user-qemu-20170617-150400.24.2.1 * system-user-tftp-20170617-150400.24.2.1 * system-user-lp-20170617-150400.24.2.1 * system-group-hardware-20170617-150400.24.2.1 * system-group-wheel-20170617-150400.24.2.1 * system-group-kvm-20170617-150400.24.2.1 * system-user-tss-20170617-150400.24.2.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * groff-1.22.4-150400.5.2.1 * groff-debuginfo-1.22.4-150400.5.2.1 * groff-debugsource-1.22.4-150400.5.2.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * system-group-libvirt-20170617-150400.24.2.1 * system-user-nobody-20170617-150400.24.2.1 * system-user-qemu-20170617-150400.24.2.1 * system-user-tftp-20170617-150400.24.2.1 * system-user-lp-20170617-150400.24.2.1 * system-group-hardware-20170617-150400.24.2.1 * system-group-wheel-20170617-150400.24.2.1 * system-group-kvm-20170617-150400.24.2.1 * system-user-tss-20170617-150400.24.2.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * groff-1.22.4-150400.5.2.1 * groff-debuginfo-1.22.4-150400.5.2.1 * groff-debugsource-1.22.4-150400.5.2.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * man-2.7.6-150100.8.5.1 * groff-full-debuginfo-1.22.4-150400.5.2.2 * libpipeline1-1.4.1-150000.3.2.1 * libpipeline-debugsource-1.4.1-150000.3.2.1 * man-debuginfo-2.7.6-150100.8.5.1 * groff-full-1.22.4-150400.5.2.2 * groff-full-debugsource-1.22.4-150400.5.2.2 * groff-1.22.4-150400.5.2.1 * groff-debugsource-1.22.4-150400.5.2.1 * man-debugsource-2.7.6-150100.8.5.1 * gxditview-debuginfo-1.22.4-150400.5.2.2 * libpipeline-devel-1.4.1-150000.3.2.1 * groff-debuginfo-1.22.4-150400.5.2.1 * libpipeline1-debuginfo-1.4.1-150000.3.2.1 * gxditview-1.22.4-150400.5.2.2 * Basesystem Module 15-SP4 (noarch) * system-user-uucp-20170617-150400.24.2.1 * system-user-bin-20170617-150400.24.2.1 * system-user-man-20170617-150400.24.2.1 * system-user-nobody-20170617-150400.24.2.1 * system-user-games-20170617-150400.24.2.1 * system-user-mail-20170617-150400.24.2.1 * system-user-news-20170617-150400.24.2.1 * system-user-tftp-20170617-150400.24.2.1 * system-user-wwwrun-20170617-150400.24.2.1 * system-user-daemon-20170617-150400.24.2.1 * system-user-lp-20170617-150400.24.2.1 * system-group-hardware-20170617-150400.24.2.1 * system-group-wheel-20170617-150400.24.2.1 * system-group-kvm-20170617-150400.24.2.1 * system-user-tss-20170617-150400.24.2.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:13 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:13 -0000 Subject: SUSE-RU-2023:4674-1: moderate: Recommended update for python-kiwi Message-ID: <170255713350.23207.17434371397658428505@smelt2.prg2.suse.org> # Recommended update for python-kiwi Announcement ID: SUSE-RU-2023:4674-1 Rating: moderate References: * bsc#1214441 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one fix can now be installed. ## Description: This update for python-kiwi fixes the following issue: * Allow to access disk root after sync_data. Related to Issue #1464 , Fixes bsc#1214441 (cherry picked from commit c7ed1cfc290a89a414b0109fafd3e4e39f30195b) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SAP-12-SP5-2023-4674=1 SUSE-SLE- SERVER-12-SP5-2023-4674=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4674=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4674=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kiwi-pxeboot-9.20.6-3.31.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * kiwi-man-pages-9.20.6-3.31.1 * dracut-kiwi-oem-repart-9.20.6-3.31.1 * kiwi-tools-debuginfo-9.20.6-3.31.1 * dracut-kiwi-live-9.20.6-3.31.1 * kiwi-tools-9.20.6-3.31.1 * dracut-kiwi-overlay-9.20.6-3.31.1 * python-kiwi-debugsource-9.20.6-3.31.1 * python3-kiwi-9.20.6-3.31.1 * dracut-kiwi-oem-dump-9.20.6-3.31.1 * dracut-kiwi-lib-9.20.6-3.31.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * kiwi-man-pages-9.20.6-3.31.1 * dracut-kiwi-oem-repart-9.20.6-3.31.1 * kiwi-tools-debuginfo-9.20.6-3.31.1 * dracut-kiwi-live-9.20.6-3.31.1 * kiwi-tools-9.20.6-3.31.1 * dracut-kiwi-overlay-9.20.6-3.31.1 * python-kiwi-debugsource-9.20.6-3.31.1 * python3-kiwi-9.20.6-3.31.1 * dracut-kiwi-oem-dump-9.20.6-3.31.1 * dracut-kiwi-lib-9.20.6-3.31.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * kiwi-man-pages-9.20.6-3.31.1 * dracut-kiwi-oem-repart-9.20.6-3.31.1 * kiwi-tools-debuginfo-9.20.6-3.31.1 * dracut-kiwi-live-9.20.6-3.31.1 * kiwi-tools-9.20.6-3.31.1 * dracut-kiwi-overlay-9.20.6-3.31.1 * python-kiwi-debugsource-9.20.6-3.31.1 * python3-kiwi-9.20.6-3.31.1 * dracut-kiwi-oem-dump-9.20.6-3.31.1 * dracut-kiwi-lib-9.20.6-3.31.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:19 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:19 -0000 Subject: SUSE-RU-2023:4667-1: moderate: Recommended update for ppc64-diag Message-ID: <170255713982.23207.15490770413323826393@smelt2.prg2.suse.org> # Recommended update for ppc64-diag Announcement ID: SUSE-RU-2023:4667-1 Rating: moderate References: * bsc#1216074 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for ppc64-diag fixes the following issue: * Light path diagnostics: Support Enclosure Fault LEDs on new enclosures (bsc#1216074) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4667=1 openSUSE-SLE-15.5-2023-4667=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4667=1 ## Package List: * openSUSE Leap 15.5 (ppc64le) * ppc64-diag-debugsource-2.7.9-150500.3.3.1 * ppc64-diag-debuginfo-2.7.9-150500.3.3.1 * ppc64-diag-2.7.9-150500.3.3.1 * Basesystem Module 15-SP5 (ppc64le) * ppc64-diag-debugsource-2.7.9-150500.3.3.1 * ppc64-diag-debuginfo-2.7.9-150500.3.3.1 * ppc64-diag-2.7.9-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216074 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:18 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:18 -0000 Subject: SUSE-RU-2023:4669-1: critical: Recommended update for regionServiceClientConfigAzure Message-ID: <170255713861.23207.3303591834860347279@smelt2.prg2.suse.org> # Recommended update for regionServiceClientConfigAzure Announcement ID: SUSE-RU-2023:4669-1 Rating: critical References: * bsc#1217537 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for regionServiceClientConfigAzure fixes the following issue: * Update to version 2.0.1 (bsc#1217537) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4669=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4669=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4669=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4669=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4669=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4669=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4669=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4669=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-4669=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-4669=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-4669=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4669=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4669=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4669=1 ## Package List: * openSUSE Leap Micro 5.4 (noarch) * regionServiceClientConfigAzure-2.0.1-150000.3.19.1 * openSUSE Leap 15.4 (noarch) * regionServiceClientConfigAzure-2.0.1-150000.3.19.1 * openSUSE Leap 15.5 (noarch) * regionServiceClientConfigAzure-2.0.1-150000.3.19.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * regionServiceClientConfigAzure-2.0.1-150000.3.19.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * regionServiceClientConfigAzure-2.0.1-150000.3.19.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * regionServiceClientConfigAzure-2.0.1-150000.3.19.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * regionServiceClientConfigAzure-2.0.1-150000.3.19.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * regionServiceClientConfigAzure-2.0.1-150000.3.19.1 * Public Cloud Module 15-SP1 (noarch) * regionServiceClientConfigAzure-2.0.1-150000.3.19.1 * Public Cloud Module 15-SP2 (noarch) * regionServiceClientConfigAzure-2.0.1-150000.3.19.1 * Public Cloud Module 15-SP3 (noarch) * regionServiceClientConfigAzure-2.0.1-150000.3.19.1 * Public Cloud Module 15-SP4 (noarch) * regionServiceClientConfigAzure-2.0.1-150000.3.19.1 * Public Cloud Module 15-SP5 (noarch) * regionServiceClientConfigAzure-2.0.1-150000.3.19.1 * openSUSE Leap Micro 5.3 (noarch) * regionServiceClientConfigAzure-2.0.1-150000.3.19.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1217537 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:17 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:17 -0000 Subject: SUSE-RU-2023:4670-1: critical: Recommended update for regionServiceClientConfigGCE Message-ID: <170255713743.23207.8291182218976827261@smelt2.prg2.suse.org> # Recommended update for regionServiceClientConfigGCE Announcement ID: SUSE-RU-2023:4670-1 Rating: critical References: * bsc#1217538 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for regionServiceClientConfigGCE fixes the following issue: * Update to version 4.0.1 (bsc#1217538) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4670=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4670=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4670=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4670=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4670=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4670=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4670=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4670=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4670=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-4670=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-4670=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-4670=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4670=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4670=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * regionServiceClientConfigGCE-4.0.1-150000.4.12.1 * openSUSE Leap Micro 5.4 (noarch) * regionServiceClientConfigGCE-4.0.1-150000.4.12.1 * openSUSE Leap 15.4 (noarch) * regionServiceClientConfigGCE-4.0.1-150000.4.12.1 * openSUSE Leap 15.5 (noarch) * regionServiceClientConfigGCE-4.0.1-150000.4.12.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * regionServiceClientConfigGCE-4.0.1-150000.4.12.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * regionServiceClientConfigGCE-4.0.1-150000.4.12.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * regionServiceClientConfigGCE-4.0.1-150000.4.12.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * regionServiceClientConfigGCE-4.0.1-150000.4.12.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * regionServiceClientConfigGCE-4.0.1-150000.4.12.1 * Public Cloud Module 15-SP1 (noarch) * regionServiceClientConfigGCE-4.0.1-150000.4.12.1 * Public Cloud Module 15-SP2 (noarch) * regionServiceClientConfigGCE-4.0.1-150000.4.12.1 * Public Cloud Module 15-SP3 (noarch) * regionServiceClientConfigGCE-4.0.1-150000.4.12.1 * Public Cloud Module 15-SP4 (noarch) * regionServiceClientConfigGCE-4.0.1-150000.4.12.1 * Public Cloud Module 15-SP5 (noarch) * regionServiceClientConfigGCE-4.0.1-150000.4.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1217538 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:11 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:11 -0000 Subject: SUSE-RU-2023:4680-1: moderate: Recommended update for selinux-policy Message-ID: <170255713174.23207.5181523432080014879@smelt2.prg2.suse.org> # Recommended update for selinux-policy Announcement ID: SUSE-RU-2023:4680-1 Rating: moderate References: * bsc#1216747 Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that has one fix can now be installed. ## Description: This update for selinux-policy fixes the following issues: * Trigger rebuild of the policy when pcre2 gets updated to avoid regex version mismatch errors (bsc#1216747) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4680=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (noarch) * selinux-policy-20230511+git9.1b35a6ab-150500.3.9.1 * selinux-policy-targeted-20230511+git9.1b35a6ab-150500.3.9.1 * selinux-policy-devel-20230511+git9.1b35a6ab-150500.3.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216747 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:12 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:12 -0000 Subject: SUSE-FU-2023:4678-1: important: Feature update for lvm2 Message-ID: <170255713256.23207.11356241403388287662@smelt2.prg2.suse.org> # Feature update for lvm2 Announcement ID: SUSE-FU-2023:4678-1 Rating: important References: * bsc#1216938 * jsc#PED-6753 * jsc#PED-6754 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains two features and has one fix can now be installed. ## Description: This update for lvm2 fixes the following issues: Updated lvm2 from LVM2.2.03.16 to LVM2.2.03.22 (jsc#PED-6753,jsc#PED-6754): * Version 2.03.22: * Fixed issues with LVM filters no longer working with SUSE Linux Enterprise 15 Service Pack 5 (bsc#1216938) * Fixed pv_major/pv_minor report field types so they are integers, not strings. * Added `lvmdevices --delnotfound` to delete entries for missing devices. * Always use cachepool name for metadata backup LV for `lvconvert --repair`. * Make metadata backup LVs read-only after pool's `lvconvert --repair`. * Improve VDO and Thin support with lvmlockd. * Handle `lvextend --usepolicies` for pools for all activation variants. * Fixed memleak in vgchange autoactivation setup. * Update py-compile building script. * Support conversion from thick to fully provisioned thin LV. * Cache/Thin-pool can use error and zero volumes for testing. * Individual thin volume can be cached, but cannot take snapshot. * Better internal support for handling error and zero target (for testing). * Resize COW above trimmed maximal size is does not return error. * Support parsing of vdo geometry format version 4. * Added lvm.conf thin_restore and cache_restore settings. * Handle multiple mounts while resizing volume with a FS. * Handle leading/trailing spaces in sys_wwid and sys_serial used by deivce_id. * Enhance lvm_import_vdo and use snapshot when converting VDO volume. * Fixed parsing of VDO metadata. * Fixed failing `-S|--select` for non-reporting cmds if using LV info/status fields. * Allow snapshots of raid+integrity LV. * Fixed multisegment RAID1 allocator to prevent using single disk for more legs. * Version 2.03.21: * Fixed activation of vdo-pool for with 0 length headers (converted pools). * Avoid printing internal init messages when creation integration devices. * Allow (write)cache over raid+integrity LV. * Version 2.03.20: * Fixed segfault if using `-S|--select` with log/report_command_log=1 setting. * Configure now fails when requested lvmlockd dependencies are missing. * Added some configure Gentoo enhancements for static builds. * Version 2.03.19: * Configure supports `--with-systemd-run` executed from udev rules. * Enhancement for build with MuslC systemd and non-bash system shells (dash). * Do not reset SYSTEMD_READY variable in udev for PVs on MD and loop devices. * Ensure udev is processing origin LV before its thick snapshots LVs. * Fixed and improve runtime memory size detection for VDO volumes. * Version 2.03.18: * Fixed issues reported by coverity scan. * Fixed warning for thin pool overprovisioning on lvextend (2.03.17). * Added support for writecache metadata_only and pause_writeback settings. * Fixed missing error messages in lvmdbusd. * Version 2.03.17: * Added new options (`--fs, --fsmode`) for FS handling when resizing LVs. * Fixed `lvremove -S|--select LV` to not also remove its historical LV right away. * Fixed lv_active field type to binary so --select and --binary applies properly. * Switch to use mallinfo2 and use it only with glibc. * Error out in lvm shell if using a cmd argument not supported in the shell. * Fixed lvm shell's lastlog command to report previous pre-command failures. * Extend VDO and VDOPOOL without flushing and locking fs. * Added `--valuesonly` option to lvmconfig to print only values without keys. * Updates configure with recent autoconf tooling. * Fixed `lvconvert --test --type vdo-pool` execution. * Added json_std output format for more JSON standard compliant version of output. * Fixed vdo_slab_size_mb value for converted VDO volume. * Fixed many corner cases in device_id, including handling of S/N duplicates. * Fixed various issues in lvmdbusd. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4678=1 openSUSE-SLE-15.5-2023-4678=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4678=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4678=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-4678=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * lvm2-debuginfo-2.03.22-150500.7.9.1 * lvm2-devel-2.03.22-150500.7.9.1 * libdevmapper-event1_03-2.03.22_1.02.196-150500.7.9.1 * device-mapper-devel-2.03.22_1.02.196-150500.7.9.1 * libdevmapper-event1_03-debuginfo-2.03.22_1.02.196-150500.7.9.1 * lvm2-lockd-2.03.22-150500.7.9.1 * lvm2-testsuite-2.03.22-150500.7.9.1 * lvm2-lockd-debuginfo-2.03.22-150500.7.9.1 * device-mapper-2.03.22_1.02.196-150500.7.9.1 * libdevmapper1_03-debuginfo-2.03.22_1.02.196-150500.7.9.1 * lvm2-device-mapper-debugsource-2.03.22-150500.7.9.1 * device-mapper-debuginfo-2.03.22_1.02.196-150500.7.9.1 * liblvm2cmd2_03-debuginfo-2.03.22-150500.7.9.1 * lvm2-2.03.22-150500.7.9.1 * libdevmapper1_03-2.03.22_1.02.196-150500.7.9.1 * lvm2-lvmlockd-debugsource-2.03.22-150500.7.9.1 * liblvm2cmd2_03-2.03.22-150500.7.9.1 * lvm2-debugsource-2.03.22-150500.7.9.1 * lvm2-testsuite-debuginfo-2.03.22-150500.7.9.1 * openSUSE Leap 15.5 (x86_64) * libdevmapper-event1_03-32bit-debuginfo-2.03.22_1.02.196-150500.7.9.1 * libdevmapper1_03-32bit-2.03.22_1.02.196-150500.7.9.1 * device-mapper-devel-32bit-2.03.22_1.02.196-150500.7.9.1 * libdevmapper1_03-32bit-debuginfo-2.03.22_1.02.196-150500.7.9.1 * libdevmapper-event1_03-32bit-2.03.22_1.02.196-150500.7.9.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libdevmapper-event1_03-64bit-2.03.22_1.02.196-150500.7.9.1 * libdevmapper1_03-64bit-debuginfo-2.03.22_1.02.196-150500.7.9.1 * libdevmapper-event1_03-64bit-debuginfo-2.03.22_1.02.196-150500.7.9.1 * libdevmapper1_03-64bit-2.03.22_1.02.196-150500.7.9.1 * device-mapper-devel-64bit-2.03.22_1.02.196-150500.7.9.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * lvm2-debuginfo-2.03.22-150500.7.9.1 * libdevmapper-event1_03-2.03.22_1.02.196-150500.7.9.1 * libdevmapper-event1_03-debuginfo-2.03.22_1.02.196-150500.7.9.1 * device-mapper-2.03.22_1.02.196-150500.7.9.1 * libdevmapper1_03-debuginfo-2.03.22_1.02.196-150500.7.9.1 * device-mapper-debuginfo-2.03.22_1.02.196-150500.7.9.1 * libdevmapper1_03-2.03.22_1.02.196-150500.7.9.1 * liblvm2cmd2_03-debuginfo-2.03.22-150500.7.9.1 * lvm2-2.03.22-150500.7.9.1 * liblvm2cmd2_03-2.03.22-150500.7.9.1 * lvm2-debugsource-2.03.22-150500.7.9.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * lvm2-debuginfo-2.03.22-150500.7.9.1 * lvm2-devel-2.03.22-150500.7.9.1 * libdevmapper-event1_03-2.03.22_1.02.196-150500.7.9.1 * device-mapper-devel-2.03.22_1.02.196-150500.7.9.1 * libdevmapper-event1_03-debuginfo-2.03.22_1.02.196-150500.7.9.1 * device-mapper-2.03.22_1.02.196-150500.7.9.1 * libdevmapper1_03-debuginfo-2.03.22_1.02.196-150500.7.9.1 * device-mapper-debuginfo-2.03.22_1.02.196-150500.7.9.1 * libdevmapper1_03-2.03.22_1.02.196-150500.7.9.1 * liblvm2cmd2_03-debuginfo-2.03.22-150500.7.9.1 * lvm2-2.03.22-150500.7.9.1 * liblvm2cmd2_03-2.03.22-150500.7.9.1 * lvm2-debugsource-2.03.22-150500.7.9.1 * Basesystem Module 15-SP5 (x86_64) * libdevmapper1_03-32bit-debuginfo-2.03.22_1.02.196-150500.7.9.1 * libdevmapper1_03-32bit-2.03.22_1.02.196-150500.7.9.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * lvm2-lvmlockd-debugsource-2.03.22-150500.7.9.1 * lvm2-lockd-debuginfo-2.03.22-150500.7.9.1 * lvm2-lockd-2.03.22-150500.7.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216938 * https://jira.suse.com/browse/PED-6753 * https://jira.suse.com/browse/PED-6754 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:23 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:23 -0000 Subject: SUSE-SU-2023:4664-1: important: Security update for kernel-firmware Message-ID: <170255714374.23207.10894735417210609126@smelt2.prg2.suse.org> # Security update for kernel-firmware Announcement ID: SUSE-SU-2023:4664-1 Rating: important References: * bsc#1215823 * bsc#1215831 Cross-References: * CVE-2021-26345 * CVE-2021-46766 * CVE-2021-46774 * CVE-2022-23820 * CVE-2022-23830 * CVE-2023-20519 * CVE-2023-20521 * CVE-2023-20526 * CVE-2023-20533 * CVE-2023-20566 * CVE-2023-20592 CVSS scores: * CVE-2021-26345 ( SUSE ): 1.6 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2021-26345 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46766 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2021-46766 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-46774 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L * CVE-2021-46774 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-23820 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2022-23820 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-23830 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2022-23830 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-20519 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-20519 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2023-20521 ( SUSE ): 3.3 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L * CVE-2023-20521 ( NVD ): 5.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2023-20526 ( SUSE ): 1.9 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-20526 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20533 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:H * CVE-2023-20533 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-20566 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N * CVE-2023-20566 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-20592 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N * CVE-2023-20592 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for kernel-firmware fixes the following issues: Update AMD ucode to 20231030 (bsc#1215831): * CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. * CVE-2021-46774: Insufficient input validation in ABL may enable a privileged attacker to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation. * CVE-2023-20533: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker using DMA to read/write from/to invalid DRAM address potentially resulting in denial-of-service. 0 CVE-2023-20519: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity. * CVE-2023-20566: Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. * CVE-2023-20521: TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. * CVE-2021-46766: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. * CVE-2022-23830: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity. * CVE-2023-20526: Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. * CVE-2021-26345: Failure to validate the value in APCB may allow an attacker with physical access to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service. * CVE-2023-20592: Issue with INVD instruction aka CacheWarpAttack (bsc#1215823). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4664=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4664=1 SUSE-2023-4664=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4664=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4664=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4664=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4664=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4664=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4664=1 ## Package List: * openSUSE Leap Micro 5.4 (noarch) * kernel-firmware-amdgpu-20220509-150400.4.25.1 * kernel-firmware-realtek-20220509-150400.4.25.1 * kernel-firmware-usb-network-20220509-150400.4.25.1 * kernel-firmware-media-20220509-150400.4.25.1 * kernel-firmware-mediatek-20220509-150400.4.25.1 * kernel-firmware-i915-20220509-150400.4.25.1 * kernel-firmware-atheros-20220509-150400.4.25.1 * kernel-firmware-dpaa2-20220509-150400.4.25.1 * kernel-firmware-serial-20220509-150400.4.25.1 * kernel-firmware-marvell-20220509-150400.4.25.1 * kernel-firmware-intel-20220509-150400.4.25.1 * kernel-firmware-liquidio-20220509-150400.4.25.1 * kernel-firmware-prestera-20220509-150400.4.25.1 * kernel-firmware-mwifiex-20220509-150400.4.25.1 * kernel-firmware-ath11k-20220509-150400.4.25.1 * kernel-firmware-ath10k-20220509-150400.4.25.1 * kernel-firmware-all-20220509-150400.4.25.1 * kernel-firmware-nvidia-20220509-150400.4.25.1 * kernel-firmware-nfp-20220509-150400.4.25.1 * kernel-firmware-brcm-20220509-150400.4.25.1 * kernel-firmware-ueagle-20220509-150400.4.25.1 * kernel-firmware-ti-20220509-150400.4.25.1 * kernel-firmware-platform-20220509-150400.4.25.1 * kernel-firmware-iwlwifi-20220509-150400.4.25.1 * ucode-amd-20220509-150400.4.25.1 * kernel-firmware-qlogic-20220509-150400.4.25.1 * kernel-firmware-network-20220509-150400.4.25.1 * kernel-firmware-radeon-20220509-150400.4.25.1 * kernel-firmware-qcom-20220509-150400.4.25.1 * kernel-firmware-bnx2-20220509-150400.4.25.1 * kernel-firmware-chelsio-20220509-150400.4.25.1 * kernel-firmware-sound-20220509-150400.4.25.1 * kernel-firmware-mellanox-20220509-150400.4.25.1 * kernel-firmware-bluetooth-20220509-150400.4.25.1 * openSUSE Leap 15.4 (noarch) * kernel-firmware-amdgpu-20220509-150400.4.25.1 * kernel-firmware-realtek-20220509-150400.4.25.1 * kernel-firmware-usb-network-20220509-150400.4.25.1 * kernel-firmware-media-20220509-150400.4.25.1 * kernel-firmware-mediatek-20220509-150400.4.25.1 * kernel-firmware-i915-20220509-150400.4.25.1 * kernel-firmware-atheros-20220509-150400.4.25.1 * kernel-firmware-dpaa2-20220509-150400.4.25.1 * kernel-firmware-serial-20220509-150400.4.25.1 * kernel-firmware-marvell-20220509-150400.4.25.1 * kernel-firmware-intel-20220509-150400.4.25.1 * kernel-firmware-20220509-150400.4.25.1 * kernel-firmware-liquidio-20220509-150400.4.25.1 * kernel-firmware-prestera-20220509-150400.4.25.1 * kernel-firmware-ath11k-20220509-150400.4.25.1 * kernel-firmware-mwifiex-20220509-150400.4.25.1 * kernel-firmware-ath10k-20220509-150400.4.25.1 * kernel-firmware-all-20220509-150400.4.25.1 * kernel-firmware-nvidia-20220509-150400.4.25.1 * kernel-firmware-nfp-20220509-150400.4.25.1 * kernel-firmware-brcm-20220509-150400.4.25.1 * kernel-firmware-ueagle-20220509-150400.4.25.1 * kernel-firmware-ti-20220509-150400.4.25.1 * kernel-firmware-platform-20220509-150400.4.25.1 * kernel-firmware-iwlwifi-20220509-150400.4.25.1 * ucode-amd-20220509-150400.4.25.1 * kernel-firmware-qlogic-20220509-150400.4.25.1 * kernel-firmware-network-20220509-150400.4.25.1 * kernel-firmware-radeon-20220509-150400.4.25.1 * kernel-firmware-qcom-20220509-150400.4.25.1 * kernel-firmware-bnx2-20220509-150400.4.25.1 * kernel-firmware-chelsio-20220509-150400.4.25.1 * kernel-firmware-sound-20220509-150400.4.25.1 * kernel-firmware-mellanox-20220509-150400.4.25.1 * kernel-firmware-bluetooth-20220509-150400.4.25.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * kernel-firmware-amdgpu-20220509-150400.4.25.1 * kernel-firmware-realtek-20220509-150400.4.25.1 * kernel-firmware-usb-network-20220509-150400.4.25.1 * kernel-firmware-media-20220509-150400.4.25.1 * kernel-firmware-mediatek-20220509-150400.4.25.1 * kernel-firmware-i915-20220509-150400.4.25.1 * kernel-firmware-atheros-20220509-150400.4.25.1 * kernel-firmware-dpaa2-20220509-150400.4.25.1 * kernel-firmware-serial-20220509-150400.4.25.1 * kernel-firmware-marvell-20220509-150400.4.25.1 * kernel-firmware-intel-20220509-150400.4.25.1 * kernel-firmware-liquidio-20220509-150400.4.25.1 * kernel-firmware-prestera-20220509-150400.4.25.1 * kernel-firmware-mwifiex-20220509-150400.4.25.1 * kernel-firmware-ath11k-20220509-150400.4.25.1 * kernel-firmware-ath10k-20220509-150400.4.25.1 * kernel-firmware-all-20220509-150400.4.25.1 * kernel-firmware-nvidia-20220509-150400.4.25.1 * kernel-firmware-nfp-20220509-150400.4.25.1 * kernel-firmware-brcm-20220509-150400.4.25.1 * kernel-firmware-ueagle-20220509-150400.4.25.1 * kernel-firmware-ti-20220509-150400.4.25.1 * kernel-firmware-platform-20220509-150400.4.25.1 * kernel-firmware-iwlwifi-20220509-150400.4.25.1 * ucode-amd-20220509-150400.4.25.1 * kernel-firmware-qlogic-20220509-150400.4.25.1 * kernel-firmware-network-20220509-150400.4.25.1 * kernel-firmware-radeon-20220509-150400.4.25.1 * kernel-firmware-qcom-20220509-150400.4.25.1 * kernel-firmware-bnx2-20220509-150400.4.25.1 * kernel-firmware-chelsio-20220509-150400.4.25.1 * kernel-firmware-sound-20220509-150400.4.25.1 * kernel-firmware-mellanox-20220509-150400.4.25.1 * kernel-firmware-bluetooth-20220509-150400.4.25.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * kernel-firmware-amdgpu-20220509-150400.4.25.1 * kernel-firmware-realtek-20220509-150400.4.25.1 * kernel-firmware-usb-network-20220509-150400.4.25.1 * kernel-firmware-media-20220509-150400.4.25.1 * kernel-firmware-mediatek-20220509-150400.4.25.1 * kernel-firmware-i915-20220509-150400.4.25.1 * kernel-firmware-atheros-20220509-150400.4.25.1 * kernel-firmware-dpaa2-20220509-150400.4.25.1 * kernel-firmware-serial-20220509-150400.4.25.1 * kernel-firmware-marvell-20220509-150400.4.25.1 * kernel-firmware-intel-20220509-150400.4.25.1 * kernel-firmware-liquidio-20220509-150400.4.25.1 * kernel-firmware-prestera-20220509-150400.4.25.1 * kernel-firmware-mwifiex-20220509-150400.4.25.1 * kernel-firmware-ath11k-20220509-150400.4.25.1 * kernel-firmware-ath10k-20220509-150400.4.25.1 * kernel-firmware-all-20220509-150400.4.25.1 * kernel-firmware-nvidia-20220509-150400.4.25.1 * kernel-firmware-nfp-20220509-150400.4.25.1 * kernel-firmware-brcm-20220509-150400.4.25.1 * kernel-firmware-ueagle-20220509-150400.4.25.1 * kernel-firmware-ti-20220509-150400.4.25.1 * kernel-firmware-platform-20220509-150400.4.25.1 * kernel-firmware-iwlwifi-20220509-150400.4.25.1 * ucode-amd-20220509-150400.4.25.1 * kernel-firmware-qlogic-20220509-150400.4.25.1 * kernel-firmware-network-20220509-150400.4.25.1 * kernel-firmware-radeon-20220509-150400.4.25.1 * kernel-firmware-qcom-20220509-150400.4.25.1 * kernel-firmware-bnx2-20220509-150400.4.25.1 * kernel-firmware-chelsio-20220509-150400.4.25.1 * kernel-firmware-sound-20220509-150400.4.25.1 * kernel-firmware-mellanox-20220509-150400.4.25.1 * kernel-firmware-bluetooth-20220509-150400.4.25.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * kernel-firmware-amdgpu-20220509-150400.4.25.1 * kernel-firmware-realtek-20220509-150400.4.25.1 * kernel-firmware-usb-network-20220509-150400.4.25.1 * kernel-firmware-media-20220509-150400.4.25.1 * kernel-firmware-mediatek-20220509-150400.4.25.1 * kernel-firmware-i915-20220509-150400.4.25.1 * kernel-firmware-atheros-20220509-150400.4.25.1 * kernel-firmware-dpaa2-20220509-150400.4.25.1 * kernel-firmware-serial-20220509-150400.4.25.1 * kernel-firmware-marvell-20220509-150400.4.25.1 * kernel-firmware-intel-20220509-150400.4.25.1 * kernel-firmware-liquidio-20220509-150400.4.25.1 * kernel-firmware-prestera-20220509-150400.4.25.1 * kernel-firmware-mwifiex-20220509-150400.4.25.1 * kernel-firmware-ath11k-20220509-150400.4.25.1 * kernel-firmware-ath10k-20220509-150400.4.25.1 * kernel-firmware-all-20220509-150400.4.25.1 * kernel-firmware-nvidia-20220509-150400.4.25.1 * kernel-firmware-nfp-20220509-150400.4.25.1 * kernel-firmware-brcm-20220509-150400.4.25.1 * kernel-firmware-ueagle-20220509-150400.4.25.1 * kernel-firmware-ti-20220509-150400.4.25.1 * kernel-firmware-platform-20220509-150400.4.25.1 * kernel-firmware-iwlwifi-20220509-150400.4.25.1 * ucode-amd-20220509-150400.4.25.1 * kernel-firmware-qlogic-20220509-150400.4.25.1 * kernel-firmware-network-20220509-150400.4.25.1 * kernel-firmware-radeon-20220509-150400.4.25.1 * kernel-firmware-qcom-20220509-150400.4.25.1 * kernel-firmware-bnx2-20220509-150400.4.25.1 * kernel-firmware-chelsio-20220509-150400.4.25.1 * kernel-firmware-sound-20220509-150400.4.25.1 * kernel-firmware-mellanox-20220509-150400.4.25.1 * kernel-firmware-bluetooth-20220509-150400.4.25.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * kernel-firmware-amdgpu-20220509-150400.4.25.1 * kernel-firmware-realtek-20220509-150400.4.25.1 * kernel-firmware-usb-network-20220509-150400.4.25.1 * kernel-firmware-media-20220509-150400.4.25.1 * kernel-firmware-mediatek-20220509-150400.4.25.1 * kernel-firmware-i915-20220509-150400.4.25.1 * kernel-firmware-atheros-20220509-150400.4.25.1 * kernel-firmware-dpaa2-20220509-150400.4.25.1 * kernel-firmware-serial-20220509-150400.4.25.1 * kernel-firmware-marvell-20220509-150400.4.25.1 * kernel-firmware-intel-20220509-150400.4.25.1 * kernel-firmware-liquidio-20220509-150400.4.25.1 * kernel-firmware-prestera-20220509-150400.4.25.1 * kernel-firmware-mwifiex-20220509-150400.4.25.1 * kernel-firmware-ath11k-20220509-150400.4.25.1 * kernel-firmware-ath10k-20220509-150400.4.25.1 * kernel-firmware-all-20220509-150400.4.25.1 * kernel-firmware-nvidia-20220509-150400.4.25.1 * kernel-firmware-nfp-20220509-150400.4.25.1 * kernel-firmware-brcm-20220509-150400.4.25.1 * kernel-firmware-ueagle-20220509-150400.4.25.1 * kernel-firmware-ti-20220509-150400.4.25.1 * kernel-firmware-platform-20220509-150400.4.25.1 * kernel-firmware-iwlwifi-20220509-150400.4.25.1 * ucode-amd-20220509-150400.4.25.1 * kernel-firmware-qlogic-20220509-150400.4.25.1 * kernel-firmware-network-20220509-150400.4.25.1 * kernel-firmware-radeon-20220509-150400.4.25.1 * kernel-firmware-qcom-20220509-150400.4.25.1 * kernel-firmware-bnx2-20220509-150400.4.25.1 * kernel-firmware-chelsio-20220509-150400.4.25.1 * kernel-firmware-sound-20220509-150400.4.25.1 * kernel-firmware-mellanox-20220509-150400.4.25.1 * kernel-firmware-bluetooth-20220509-150400.4.25.1 * Basesystem Module 15-SP4 (noarch) * kernel-firmware-amdgpu-20220509-150400.4.25.1 * kernel-firmware-realtek-20220509-150400.4.25.1 * kernel-firmware-usb-network-20220509-150400.4.25.1 * kernel-firmware-media-20220509-150400.4.25.1 * kernel-firmware-mediatek-20220509-150400.4.25.1 * kernel-firmware-i915-20220509-150400.4.25.1 * kernel-firmware-atheros-20220509-150400.4.25.1 * kernel-firmware-dpaa2-20220509-150400.4.25.1 * kernel-firmware-serial-20220509-150400.4.25.1 * kernel-firmware-marvell-20220509-150400.4.25.1 * kernel-firmware-intel-20220509-150400.4.25.1 * kernel-firmware-liquidio-20220509-150400.4.25.1 * kernel-firmware-prestera-20220509-150400.4.25.1 * kernel-firmware-mwifiex-20220509-150400.4.25.1 * kernel-firmware-ath11k-20220509-150400.4.25.1 * kernel-firmware-ath10k-20220509-150400.4.25.1 * kernel-firmware-all-20220509-150400.4.25.1 * kernel-firmware-nvidia-20220509-150400.4.25.1 * kernel-firmware-nfp-20220509-150400.4.25.1 * kernel-firmware-brcm-20220509-150400.4.25.1 * kernel-firmware-ueagle-20220509-150400.4.25.1 * kernel-firmware-ti-20220509-150400.4.25.1 * kernel-firmware-platform-20220509-150400.4.25.1 * kernel-firmware-iwlwifi-20220509-150400.4.25.1 * ucode-amd-20220509-150400.4.25.1 * kernel-firmware-qlogic-20220509-150400.4.25.1 * kernel-firmware-network-20220509-150400.4.25.1 * kernel-firmware-radeon-20220509-150400.4.25.1 * kernel-firmware-qcom-20220509-150400.4.25.1 * kernel-firmware-bnx2-20220509-150400.4.25.1 * kernel-firmware-chelsio-20220509-150400.4.25.1 * kernel-firmware-sound-20220509-150400.4.25.1 * kernel-firmware-mellanox-20220509-150400.4.25.1 * kernel-firmware-bluetooth-20220509-150400.4.25.1 * openSUSE Leap Micro 5.3 (noarch) * kernel-firmware-amdgpu-20220509-150400.4.25.1 * kernel-firmware-realtek-20220509-150400.4.25.1 * kernel-firmware-usb-network-20220509-150400.4.25.1 * kernel-firmware-media-20220509-150400.4.25.1 * kernel-firmware-mediatek-20220509-150400.4.25.1 * kernel-firmware-i915-20220509-150400.4.25.1 * kernel-firmware-atheros-20220509-150400.4.25.1 * kernel-firmware-dpaa2-20220509-150400.4.25.1 * kernel-firmware-serial-20220509-150400.4.25.1 * kernel-firmware-marvell-20220509-150400.4.25.1 * kernel-firmware-intel-20220509-150400.4.25.1 * kernel-firmware-liquidio-20220509-150400.4.25.1 * kernel-firmware-prestera-20220509-150400.4.25.1 * kernel-firmware-mwifiex-20220509-150400.4.25.1 * kernel-firmware-ath11k-20220509-150400.4.25.1 * kernel-firmware-ath10k-20220509-150400.4.25.1 * kernel-firmware-all-20220509-150400.4.25.1 * kernel-firmware-nvidia-20220509-150400.4.25.1 * kernel-firmware-nfp-20220509-150400.4.25.1 * kernel-firmware-brcm-20220509-150400.4.25.1 * kernel-firmware-ueagle-20220509-150400.4.25.1 * kernel-firmware-ti-20220509-150400.4.25.1 * kernel-firmware-platform-20220509-150400.4.25.1 * kernel-firmware-iwlwifi-20220509-150400.4.25.1 * ucode-amd-20220509-150400.4.25.1 * kernel-firmware-qlogic-20220509-150400.4.25.1 * kernel-firmware-network-20220509-150400.4.25.1 * kernel-firmware-radeon-20220509-150400.4.25.1 * kernel-firmware-qcom-20220509-150400.4.25.1 * kernel-firmware-bnx2-20220509-150400.4.25.1 * kernel-firmware-chelsio-20220509-150400.4.25.1 * kernel-firmware-sound-20220509-150400.4.25.1 * kernel-firmware-mellanox-20220509-150400.4.25.1 * kernel-firmware-bluetooth-20220509-150400.4.25.1 ## References: * https://www.suse.com/security/cve/CVE-2021-26345.html * https://www.suse.com/security/cve/CVE-2021-46766.html * https://www.suse.com/security/cve/CVE-2021-46774.html * https://www.suse.com/security/cve/CVE-2022-23820.html * https://www.suse.com/security/cve/CVE-2022-23830.html * https://www.suse.com/security/cve/CVE-2023-20519.html * https://www.suse.com/security/cve/CVE-2023-20521.html * https://www.suse.com/security/cve/CVE-2023-20526.html * https://www.suse.com/security/cve/CVE-2023-20533.html * https://www.suse.com/security/cve/CVE-2023-20566.html * https://www.suse.com/security/cve/CVE-2023-20592.html * https://bugzilla.suse.com/show_bug.cgi?id=1215823 * https://bugzilla.suse.com/show_bug.cgi?id=1215831 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:21 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:21 -0000 Subject: SUSE-SU-2023:4665-1: important: Security update for kernel-firmware Message-ID: <170255714105.23207.10348867297646884361@smelt2.prg2.suse.org> # Security update for kernel-firmware Announcement ID: SUSE-SU-2023:4665-1 Rating: important References: * bsc#1215823 * bsc#1215831 Cross-References: * CVE-2021-26345 * CVE-2021-46766 * CVE-2021-46774 * CVE-2022-23820 * CVE-2022-23830 * CVE-2023-20519 * CVE-2023-20521 * CVE-2023-20526 * CVE-2023-20533 * CVE-2023-20566 * CVE-2023-20592 CVSS scores: * CVE-2021-26345 ( SUSE ): 1.6 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2021-26345 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46766 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2021-46766 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-46774 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L * CVE-2021-46774 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-23820 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2022-23820 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-23830 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2022-23830 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-20519 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-20519 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2023-20521 ( SUSE ): 3.3 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L * CVE-2023-20521 ( NVD ): 5.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2023-20526 ( SUSE ): 1.9 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-20526 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20533 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:H * CVE-2023-20533 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-20566 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N * CVE-2023-20566 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-20592 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N * CVE-2023-20592 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for kernel-firmware fixes the following issues: Update AMD ucode to 20231030 (bsc#1215831): * CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. * CVE-2021-46774: Insufficient input validation in ABL may enable a privileged attacker to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation. * CVE-2023-20533: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker using DMA to read/write from/to invalid DRAM address potentially resulting in denial-of-service. 0 CVE-2023-20519: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity. * CVE-2023-20566: Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. * CVE-2023-20521: TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. * CVE-2021-46766: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. * CVE-2022-23830: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity. * CVE-2023-20526: Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. * CVE-2021-26345: Failure to validate the value in APCB may allow an attacker with physical access to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service. * CVE-2023-20592: Issue with INVD instruction aka CacheWarpAttack (bsc#1215823). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4665=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4665=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4665=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4665=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4665=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4665=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * kernel-firmware-20200107-150100.3.40.1 * ucode-amd-20200107-150100.3.40.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * kernel-firmware-20200107-150100.3.40.1 * ucode-amd-20200107-150100.3.40.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * kernel-firmware-20200107-150100.3.40.1 * ucode-amd-20200107-150100.3.40.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * kernel-firmware-20200107-150100.3.40.1 * ucode-amd-20200107-150100.3.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * kernel-firmware-20200107-150100.3.40.1 * ucode-amd-20200107-150100.3.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * kernel-firmware-20200107-150100.3.40.1 * ucode-amd-20200107-150100.3.40.1 * SUSE CaaS Platform 4.0 (noarch) * kernel-firmware-20200107-150100.3.40.1 * ucode-amd-20200107-150100.3.40.1 ## References: * https://www.suse.com/security/cve/CVE-2021-26345.html * https://www.suse.com/security/cve/CVE-2021-46766.html * https://www.suse.com/security/cve/CVE-2021-46774.html * https://www.suse.com/security/cve/CVE-2022-23820.html * https://www.suse.com/security/cve/CVE-2022-23830.html * https://www.suse.com/security/cve/CVE-2023-20519.html * https://www.suse.com/security/cve/CVE-2023-20521.html * https://www.suse.com/security/cve/CVE-2023-20526.html * https://www.suse.com/security/cve/CVE-2023-20533.html * https://www.suse.com/security/cve/CVE-2023-20566.html * https://www.suse.com/security/cve/CVE-2023-20592.html * https://bugzilla.suse.com/show_bug.cgi?id=1215823 * https://bugzilla.suse.com/show_bug.cgi?id=1215831 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:26 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:26 -0000 Subject: SUSE-SU-2023:4662-1: important: Security update for qemu Message-ID: <170255714628.23207.881790933169905664@smelt2.prg2.suse.org> # Security update for qemu Announcement ID: SUSE-SU-2023:4662-1 Rating: important References: * bsc#1188609 * bsc#1212850 * bsc#1213210 * bsc#1213925 * bsc#1215311 Cross-References: * CVE-2021-3638 * CVE-2023-3180 * CVE-2023-3354 CVSS scores: * CVE-2021-3638 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L * CVE-2021-3638 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-3180 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-3180 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-3354 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3354 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for qemu fixes the following issues: * CVE-2021-3638: hw/display/ati_2d: Fix buffer overflow in ati_2d_blt (bsc#1188609) * CVE-2023-3180: virtio-crypto: verify src and dst buffer length for sym request (bsc#1213925) * CVE-2023-3354: io: remove io watch if TLS channel is closed during handshake (bsc#1212850) * [openSUSE] roms/ipxe: Backport 0aa2e4ec9635, in preparation of binutils 2.41 (bsc#1215311) * target/s390x: Fix the "ignored match" case in VSTRS (bsc#1213210) * linux-user/elfload: Enable vxe2 on s390x (bsc#1213210) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4662=1 openSUSE-SLE-15.5-2023-4662=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4662=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4662=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4662=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * qemu-extra-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-gpu-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.9.2 * qemu-block-curl-debuginfo-7.1.0-150500.49.9.2 * qemu-audio-dbus-debuginfo-7.1.0-150500.49.9.2 * qemu-ui-spice-core-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.9.2 * qemu-audio-pa-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.9.2 * qemu-audio-spice-7.1.0-150500.49.9.2 * qemu-tools-debuginfo-7.1.0-150500.49.9.2 * qemu-block-curl-7.1.0-150500.49.9.2 * qemu-ppc-debuginfo-7.1.0-150500.49.9.2 * qemu-ui-curses-7.1.0-150500.49.9.2 * qemu-audio-spice-debuginfo-7.1.0-150500.49.9.2 * qemu-ui-dbus-debuginfo-7.1.0-150500.49.9.2 * qemu-block-ssh-debuginfo-7.1.0-150500.49.9.2 * qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.9.2 * qemu-block-nfs-debuginfo-7.1.0-150500.49.9.2 * qemu-7.1.0-150500.49.9.2 * qemu-arm-7.1.0-150500.49.9.2 * qemu-block-dmg-7.1.0-150500.49.9.2 * qemu-chardev-spice-debuginfo-7.1.0-150500.49.9.2 * qemu-vhost-user-gpu-7.1.0-150500.49.9.2 * qemu-debugsource-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-gpu-pci-debuginfo-7.1.0-150500.49.9.2 * qemu-arm-debuginfo-7.1.0-150500.49.9.2 * qemu-chardev-baum-7.1.0-150500.49.9.2 * qemu-block-dmg-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.9.2 * qemu-accel-qtest-debuginfo-7.1.0-150500.49.9.2 * qemu-chardev-spice-7.1.0-150500.49.9.2 * qemu-ui-curses-debuginfo-7.1.0-150500.49.9.2 * qemu-ui-gtk-7.1.0-150500.49.9.2 * qemu-ui-spice-app-debuginfo-7.1.0-150500.49.9.2 * qemu-extra-7.1.0-150500.49.9.2 * qemu-linux-user-debugsource-7.1.0-150500.49.9.1 * qemu-headless-7.1.0-150500.49.9.2 * qemu-hw-s390x-virtio-gpu-ccw-7.1.0-150500.49.9.2 * qemu-hw-usb-host-debuginfo-7.1.0-150500.49.9.2 * qemu-s390x-debuginfo-7.1.0-150500.49.9.2 * qemu-linux-user-debuginfo-7.1.0-150500.49.9.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-7.1.0-150500.49.9.2 * qemu-ivshmem-tools-debuginfo-7.1.0-150500.49.9.2 * qemu-ksm-7.1.0-150500.49.9.2 * qemu-guest-agent-7.1.0-150500.49.9.2 * qemu-audio-alsa-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-usb-smartcard-debuginfo-7.1.0-150500.49.9.2 * qemu-audio-oss-7.1.0-150500.49.9.2 * qemu-audio-dbus-7.1.0-150500.49.9.2 * qemu-block-ssh-7.1.0-150500.49.9.2 * qemu-linux-user-7.1.0-150500.49.9.1 * qemu-debuginfo-7.1.0-150500.49.9.2 * qemu-audio-pa-7.1.0-150500.49.9.2 * qemu-audio-jack-7.1.0-150500.49.9.2 * qemu-chardev-baum-debuginfo-7.1.0-150500.49.9.2 * qemu-ui-spice-core-7.1.0-150500.49.9.2 * qemu-vhost-user-gpu-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-usb-host-7.1.0-150500.49.9.2 * qemu-ui-opengl-debuginfo-7.1.0-150500.49.9.2 * qemu-block-iscsi-7.1.0-150500.49.9.2 * qemu-ui-spice-app-7.1.0-150500.49.9.2 * qemu-block-iscsi-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-usb-smartcard-7.1.0-150500.49.9.2 * qemu-ppc-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.9.2 * qemu-accel-tcg-x86-7.1.0-150500.49.9.2 * qemu-block-gluster-debuginfo-7.1.0-150500.49.9.2 * qemu-lang-7.1.0-150500.49.9.2 * qemu-ivshmem-tools-7.1.0-150500.49.9.2 * qemu-hw-usb-redirect-7.1.0-150500.49.9.2 * qemu-s390x-7.1.0-150500.49.9.2 * qemu-audio-oss-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-display-qxl-7.1.0-150500.49.9.2 * qemu-audio-alsa-7.1.0-150500.49.9.2 * qemu-tools-7.1.0-150500.49.9.2 * qemu-ui-dbus-7.1.0-150500.49.9.2 * qemu-x86-debuginfo-7.1.0-150500.49.9.2 * qemu-x86-7.1.0-150500.49.9.2 * qemu-ui-gtk-debuginfo-7.1.0-150500.49.9.2 * qemu-ui-opengl-7.1.0-150500.49.9.2 * qemu-block-nfs-7.1.0-150500.49.9.2 * qemu-audio-jack-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-vga-7.1.0-150500.49.9.2 * qemu-accel-qtest-7.1.0-150500.49.9.2 * qemu-guest-agent-debuginfo-7.1.0-150500.49.9.2 * qemu-block-gluster-7.1.0-150500.49.9.2 * openSUSE Leap 15.5 (s390x x86_64 i586) * qemu-kvm-7.1.0-150500.49.9.2 * openSUSE Leap 15.5 (noarch) * qemu-microvm-7.1.0-150500.49.9.2 * qemu-sgabios-8-150500.49.9.2 * qemu-ipxe-1.0.0+-150500.49.9.2 * qemu-vgabios-1.16.0_0_gd239552-150500.49.9.2 * qemu-skiboot-7.1.0-150500.49.9.2 * qemu-SLOF-7.1.0-150500.49.9.2 * qemu-seabios-1.16.0_0_gd239552-150500.49.9.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * qemu-block-rbd-debuginfo-7.1.0-150500.49.9.2 * qemu-block-rbd-7.1.0-150500.49.9.2 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * qemu-hw-display-virtio-gpu-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.9.2 * qemu-7.1.0-150500.49.9.2 * qemu-hw-usb-redirect-7.1.0-150500.49.9.2 * qemu-block-curl-debuginfo-7.1.0-150500.49.9.2 * qemu-chardev-spice-debuginfo-7.1.0-150500.49.9.2 * qemu-guest-agent-7.1.0-150500.49.9.2 * qemu-hw-display-qxl-7.1.0-150500.49.9.2 * qemu-ui-spice-core-debuginfo-7.1.0-150500.49.9.2 * qemu-debugsource-7.1.0-150500.49.9.2 * qemu-tools-7.1.0-150500.49.9.2 * qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.9.2 * qemu-debuginfo-7.1.0-150500.49.9.2 * qemu-audio-spice-7.1.0-150500.49.9.2 * qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.9.2 * qemu-ui-opengl-7.1.0-150500.49.9.2 * qemu-tools-debuginfo-7.1.0-150500.49.9.2 * qemu-block-curl-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-vga-7.1.0-150500.49.9.2 * qemu-ui-spice-core-7.1.0-150500.49.9.2 * qemu-chardev-spice-7.1.0-150500.49.9.2 * qemu-ui-opengl-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.9.2 * qemu-guest-agent-debuginfo-7.1.0-150500.49.9.2 * qemu-audio-spice-debuginfo-7.1.0-150500.49.9.2 * SUSE Linux Enterprise Micro 5.5 (aarch64) * qemu-arm-debuginfo-7.1.0-150500.49.9.2 * qemu-arm-7.1.0-150500.49.9.2 * SUSE Linux Enterprise Micro 5.5 (noarch) * qemu-seabios-1.16.0_0_gd239552-150500.49.9.2 * qemu-vgabios-1.16.0_0_gd239552-150500.49.9.2 * qemu-sgabios-8-150500.49.9.2 * qemu-ipxe-1.0.0+-150500.49.9.2 * SUSE Linux Enterprise Micro 5.5 (s390x) * qemu-s390x-7.1.0-150500.49.9.2 * qemu-s390x-debuginfo-7.1.0-150500.49.9.2 * SUSE Linux Enterprise Micro 5.5 (x86_64) * qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.9.2 * qemu-x86-debuginfo-7.1.0-150500.49.9.2 * qemu-accel-tcg-x86-7.1.0-150500.49.9.2 * qemu-x86-7.1.0-150500.49.9.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * qemu-tools-7.1.0-150500.49.9.2 * qemu-debuginfo-7.1.0-150500.49.9.2 * qemu-debugsource-7.1.0-150500.49.9.2 * qemu-tools-debuginfo-7.1.0-150500.49.9.2 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * qemu-ui-dbus-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-usb-host-debuginfo-7.1.0-150500.49.9.2 * qemu-block-ssh-debuginfo-7.1.0-150500.49.9.2 * qemu-lang-7.1.0-150500.49.9.2 * qemu-7.1.0-150500.49.9.2 * qemu-block-rbd-debuginfo-7.1.0-150500.49.9.2 * qemu-block-curl-debuginfo-7.1.0-150500.49.9.2 * qemu-audio-dbus-debuginfo-7.1.0-150500.49.9.2 * qemu-ksm-7.1.0-150500.49.9.2 * qemu-guest-agent-7.1.0-150500.49.9.2 * qemu-block-rbd-7.1.0-150500.49.9.2 * qemu-debugsource-7.1.0-150500.49.9.2 * qemu-audio-dbus-7.1.0-150500.49.9.2 * qemu-block-ssh-7.1.0-150500.49.9.2 * qemu-chardev-baum-7.1.0-150500.49.9.2 * qemu-debuginfo-7.1.0-150500.49.9.2 * qemu-ui-dbus-7.1.0-150500.49.9.2 * qemu-chardev-baum-debuginfo-7.1.0-150500.49.9.2 * qemu-block-curl-7.1.0-150500.49.9.2 * qemu-hw-usb-host-7.1.0-150500.49.9.2 * qemu-ui-curses-debuginfo-7.1.0-150500.49.9.2 * qemu-block-iscsi-7.1.0-150500.49.9.2 * qemu-block-iscsi-debuginfo-7.1.0-150500.49.9.2 * qemu-guest-agent-debuginfo-7.1.0-150500.49.9.2 * qemu-ui-curses-7.1.0-150500.49.9.2 * Server Applications Module 15-SP5 (aarch64) * qemu-arm-debuginfo-7.1.0-150500.49.9.2 * qemu-arm-7.1.0-150500.49.9.2 * Server Applications Module 15-SP5 (aarch64 ppc64le x86_64) * qemu-chardev-spice-7.1.0-150500.49.9.2 * qemu-chardev-spice-debuginfo-7.1.0-150500.49.9.2 * qemu-ui-gtk-7.1.0-150500.49.9.2 * qemu-ui-opengl-debuginfo-7.1.0-150500.49.9.2 * qemu-audio-spice-7.1.0-150500.49.9.2 * qemu-ui-spice-app-7.1.0-150500.49.9.2 * qemu-ui-spice-app-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-display-qxl-7.1.0-150500.49.9.2 * qemu-ui-spice-core-debuginfo-7.1.0-150500.49.9.2 * qemu-ui-gtk-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.9.2 * qemu-ui-opengl-7.1.0-150500.49.9.2 * qemu-hw-usb-redirect-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-vga-7.1.0-150500.49.9.2 * qemu-ui-spice-core-7.1.0-150500.49.9.2 * qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.9.2 * qemu-audio-spice-debuginfo-7.1.0-150500.49.9.2 * Server Applications Module 15-SP5 (noarch) * qemu-vgabios-1.16.0_0_gd239552-150500.49.9.2 * qemu-ipxe-1.0.0+-150500.49.9.2 * qemu-sgabios-8-150500.49.9.2 * qemu-skiboot-7.1.0-150500.49.9.2 * qemu-SLOF-7.1.0-150500.49.9.2 * qemu-seabios-1.16.0_0_gd239552-150500.49.9.2 * Server Applications Module 15-SP5 (ppc64le) * qemu-ppc-debuginfo-7.1.0-150500.49.9.2 * qemu-ppc-7.1.0-150500.49.9.2 * Server Applications Module 15-SP5 (s390x x86_64) * qemu-hw-display-virtio-gpu-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.9.2 * qemu-kvm-7.1.0-150500.49.9.2 * qemu-hw-display-virtio-gpu-pci-debuginfo-7.1.0-150500.49.9.2 * Server Applications Module 15-SP5 (s390x) * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-7.1.0-150500.49.9.2 * qemu-s390x-7.1.0-150500.49.9.2 * qemu-s390x-debuginfo-7.1.0-150500.49.9.2 * qemu-hw-s390x-virtio-gpu-ccw-7.1.0-150500.49.9.2 * Server Applications Module 15-SP5 (x86_64) * qemu-x86-debuginfo-7.1.0-150500.49.9.2 * qemu-audio-pa-7.1.0-150500.49.9.2 * qemu-x86-7.1.0-150500.49.9.2 * qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.9.2 * qemu-audio-alsa-7.1.0-150500.49.9.2 * qemu-audio-alsa-debuginfo-7.1.0-150500.49.9.2 * qemu-accel-tcg-x86-7.1.0-150500.49.9.2 * qemu-audio-pa-debuginfo-7.1.0-150500.49.9.2 ## References: * https://www.suse.com/security/cve/CVE-2021-3638.html * https://www.suse.com/security/cve/CVE-2023-3180.html * https://www.suse.com/security/cve/CVE-2023-3354.html * https://bugzilla.suse.com/show_bug.cgi?id=1188609 * https://bugzilla.suse.com/show_bug.cgi?id=1212850 * https://bugzilla.suse.com/show_bug.cgi?id=1213210 * https://bugzilla.suse.com/show_bug.cgi?id=1213925 * https://bugzilla.suse.com/show_bug.cgi?id=1215311 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:31 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:31 -0000 Subject: SUSE-SU-2023:4660-1: important: Security update for kernel-firmware Message-ID: <170255715122.23207.5564174118733397323@smelt2.prg2.suse.org> # Security update for kernel-firmware Announcement ID: SUSE-SU-2023:4660-1 Rating: important References: * bsc#1215823 * bsc#1215831 Cross-References: * CVE-2021-26345 * CVE-2021-46766 * CVE-2021-46774 * CVE-2022-23820 * CVE-2022-23830 * CVE-2023-20519 * CVE-2023-20521 * CVE-2023-20526 * CVE-2023-20533 * CVE-2023-20566 * CVE-2023-20592 CVSS scores: * CVE-2021-26345 ( SUSE ): 1.6 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2021-26345 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46766 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2021-46766 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-46774 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L * CVE-2021-46774 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-23820 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2022-23820 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-23830 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2022-23830 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-20519 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-20519 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2023-20521 ( SUSE ): 3.3 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L * CVE-2023-20521 ( NVD ): 5.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2023-20526 ( SUSE ): 1.9 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-20526 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20533 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:H * CVE-2023-20533 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-20566 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N * CVE-2023-20566 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-20592 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N * CVE-2023-20592 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for kernel-firmware fixes the following issues: Update AMD ucode to 20231030 (bsc#1215831): * CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. * CVE-2021-46774: Insufficient input validation in ABL may enable a privileged attacker to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation. * CVE-2023-20533: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker using DMA to read/write from/to invalid DRAM address potentially resulting in denial-of-service. 0 CVE-2023-20519: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity. * CVE-2023-20566: Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. * CVE-2023-20521: TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. * CVE-2021-46766: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. * CVE-2022-23830: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity. * CVE-2023-20526: Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. * CVE-2021-26345: Failure to validate the value in APCB may allow an attacker with physical access to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service. * CVE-2023-20592: Issue with INVD instruction aka CacheWarpAttack (bsc#1215823). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4660=1 openSUSE-SLE-15.5-2023-4660=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4660=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4660=1 ## Package List: * openSUSE Leap 15.5 (noarch) * kernel-firmware-ath10k-20230724-150500.3.9.1 * kernel-firmware-intel-20230724-150500.3.9.1 * kernel-firmware-all-20230724-150500.3.9.1 * kernel-firmware-mediatek-20230724-150500.3.9.1 * kernel-firmware-ath11k-20230724-150500.3.9.1 * kernel-firmware-mwifiex-20230724-150500.3.9.1 * kernel-firmware-radeon-20230724-150500.3.9.1 * kernel-firmware-serial-20230724-150500.3.9.1 * kernel-firmware-atheros-20230724-150500.3.9.1 * kernel-firmware-mellanox-20230724-150500.3.9.1 * kernel-firmware-i915-20230724-150500.3.9.1 * ucode-amd-20230724-150500.3.9.1 * kernel-firmware-marvell-20230724-150500.3.9.1 * kernel-firmware-usb-network-20230724-150500.3.9.1 * kernel-firmware-media-20230724-150500.3.9.1 * kernel-firmware-ti-20230724-150500.3.9.1 * kernel-firmware-bnx2-20230724-150500.3.9.1 * kernel-firmware-chelsio-20230724-150500.3.9.1 * kernel-firmware-platform-20230724-150500.3.9.1 * kernel-firmware-amdgpu-20230724-150500.3.9.1 * kernel-firmware-ueagle-20230724-150500.3.9.1 * kernel-firmware-prestera-20230724-150500.3.9.1 * kernel-firmware-liquidio-20230724-150500.3.9.1 * kernel-firmware-dpaa2-20230724-150500.3.9.1 * kernel-firmware-realtek-20230724-150500.3.9.1 * kernel-firmware-network-20230724-150500.3.9.1 * kernel-firmware-bluetooth-20230724-150500.3.9.1 * kernel-firmware-nvidia-20230724-150500.3.9.1 * kernel-firmware-sound-20230724-150500.3.9.1 * kernel-firmware-20230724-150500.3.9.1 * kernel-firmware-qcom-20230724-150500.3.9.1 * kernel-firmware-iwlwifi-20230724-150500.3.9.1 * kernel-firmware-nfp-20230724-150500.3.9.1 * kernel-firmware-brcm-20230724-150500.3.9.1 * kernel-firmware-qlogic-20230724-150500.3.9.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * kernel-firmware-ath10k-20230724-150500.3.9.1 * kernel-firmware-intel-20230724-150500.3.9.1 * kernel-firmware-all-20230724-150500.3.9.1 * kernel-firmware-mediatek-20230724-150500.3.9.1 * kernel-firmware-ath11k-20230724-150500.3.9.1 * kernel-firmware-mwifiex-20230724-150500.3.9.1 * kernel-firmware-radeon-20230724-150500.3.9.1 * kernel-firmware-serial-20230724-150500.3.9.1 * kernel-firmware-atheros-20230724-150500.3.9.1 * kernel-firmware-mellanox-20230724-150500.3.9.1 * kernel-firmware-i915-20230724-150500.3.9.1 * ucode-amd-20230724-150500.3.9.1 * kernel-firmware-marvell-20230724-150500.3.9.1 * kernel-firmware-usb-network-20230724-150500.3.9.1 * kernel-firmware-media-20230724-150500.3.9.1 * kernel-firmware-ti-20230724-150500.3.9.1 * kernel-firmware-bnx2-20230724-150500.3.9.1 * kernel-firmware-chelsio-20230724-150500.3.9.1 * kernel-firmware-platform-20230724-150500.3.9.1 * kernel-firmware-amdgpu-20230724-150500.3.9.1 * kernel-firmware-ueagle-20230724-150500.3.9.1 * kernel-firmware-prestera-20230724-150500.3.9.1 * kernel-firmware-liquidio-20230724-150500.3.9.1 * kernel-firmware-dpaa2-20230724-150500.3.9.1 * kernel-firmware-realtek-20230724-150500.3.9.1 * kernel-firmware-network-20230724-150500.3.9.1 * kernel-firmware-bluetooth-20230724-150500.3.9.1 * kernel-firmware-nvidia-20230724-150500.3.9.1 * kernel-firmware-sound-20230724-150500.3.9.1 * kernel-firmware-qcom-20230724-150500.3.9.1 * kernel-firmware-iwlwifi-20230724-150500.3.9.1 * kernel-firmware-nfp-20230724-150500.3.9.1 * kernel-firmware-brcm-20230724-150500.3.9.1 * kernel-firmware-qlogic-20230724-150500.3.9.1 * Basesystem Module 15-SP5 (noarch) * kernel-firmware-ath10k-20230724-150500.3.9.1 * kernel-firmware-intel-20230724-150500.3.9.1 * kernel-firmware-all-20230724-150500.3.9.1 * kernel-firmware-mediatek-20230724-150500.3.9.1 * kernel-firmware-ath11k-20230724-150500.3.9.1 * kernel-firmware-mwifiex-20230724-150500.3.9.1 * kernel-firmware-radeon-20230724-150500.3.9.1 * kernel-firmware-serial-20230724-150500.3.9.1 * kernel-firmware-atheros-20230724-150500.3.9.1 * kernel-firmware-mellanox-20230724-150500.3.9.1 * kernel-firmware-i915-20230724-150500.3.9.1 * ucode-amd-20230724-150500.3.9.1 * kernel-firmware-marvell-20230724-150500.3.9.1 * kernel-firmware-usb-network-20230724-150500.3.9.1 * kernel-firmware-media-20230724-150500.3.9.1 * kernel-firmware-ti-20230724-150500.3.9.1 * kernel-firmware-bnx2-20230724-150500.3.9.1 * kernel-firmware-chelsio-20230724-150500.3.9.1 * kernel-firmware-platform-20230724-150500.3.9.1 * kernel-firmware-amdgpu-20230724-150500.3.9.1 * kernel-firmware-ueagle-20230724-150500.3.9.1 * kernel-firmware-prestera-20230724-150500.3.9.1 * kernel-firmware-liquidio-20230724-150500.3.9.1 * kernel-firmware-dpaa2-20230724-150500.3.9.1 * kernel-firmware-realtek-20230724-150500.3.9.1 * kernel-firmware-network-20230724-150500.3.9.1 * kernel-firmware-bluetooth-20230724-150500.3.9.1 * kernel-firmware-nvidia-20230724-150500.3.9.1 * kernel-firmware-sound-20230724-150500.3.9.1 * kernel-firmware-qcom-20230724-150500.3.9.1 * kernel-firmware-iwlwifi-20230724-150500.3.9.1 * kernel-firmware-nfp-20230724-150500.3.9.1 * kernel-firmware-brcm-20230724-150500.3.9.1 * kernel-firmware-qlogic-20230724-150500.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2021-26345.html * https://www.suse.com/security/cve/CVE-2021-46766.html * https://www.suse.com/security/cve/CVE-2021-46774.html * https://www.suse.com/security/cve/CVE-2022-23820.html * https://www.suse.com/security/cve/CVE-2022-23830.html * https://www.suse.com/security/cve/CVE-2023-20519.html * https://www.suse.com/security/cve/CVE-2023-20521.html * https://www.suse.com/security/cve/CVE-2023-20526.html * https://www.suse.com/security/cve/CVE-2023-20533.html * https://www.suse.com/security/cve/CVE-2023-20566.html * https://www.suse.com/security/cve/CVE-2023-20592.html * https://bugzilla.suse.com/show_bug.cgi?id=1215823 * https://bugzilla.suse.com/show_bug.cgi?id=1215831 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:40 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:40 -0000 Subject: SUSE-SU-2023:4653-1: moderate: Security update for curl Message-ID: <170255716080.23207.3660480842199378492@smelt2.prg2.suse.org> # Security update for curl Announcement ID: SUSE-SU-2023:4653-1 Rating: moderate References: * bsc#1217573 * bsc#1217574 Cross-References: * CVE-2023-46218 * CVE-2023-46219 CVSS scores: * CVE-2023-46218 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2023-46218 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-46219 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). * CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4653=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4653=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4653=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4653=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * curl-debugsource-8.0.1-11.80.1 * libcurl4-debuginfo-8.0.1-11.80.1 * curl-8.0.1-11.80.1 * curl-debuginfo-8.0.1-11.80.1 * libcurl4-8.0.1-11.80.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libcurl4-32bit-8.0.1-11.80.1 * libcurl4-debuginfo-32bit-8.0.1-11.80.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * curl-debugsource-8.0.1-11.80.1 * libcurl4-debuginfo-8.0.1-11.80.1 * curl-8.0.1-11.80.1 * curl-debuginfo-8.0.1-11.80.1 * libcurl4-8.0.1-11.80.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libcurl4-32bit-8.0.1-11.80.1 * libcurl4-debuginfo-32bit-8.0.1-11.80.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * curl-debugsource-8.0.1-11.80.1 * libcurl4-debuginfo-8.0.1-11.80.1 * curl-8.0.1-11.80.1 * curl-debuginfo-8.0.1-11.80.1 * libcurl4-8.0.1-11.80.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libcurl4-32bit-8.0.1-11.80.1 * libcurl4-debuginfo-32bit-8.0.1-11.80.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * curl-debuginfo-8.0.1-11.80.1 * curl-debugsource-8.0.1-11.80.1 * libcurl-devel-8.0.1-11.80.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46218.html * https://www.suse.com/security/cve/CVE-2023-46219.html * https://bugzilla.suse.com/show_bug.cgi?id=1217573 * https://bugzilla.suse.com/show_bug.cgi?id=1217574 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:37 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:37 -0000 Subject: SUSE-SU-2023:4655-1: important: Security update for kernel-firmware Message-ID: <170255715747.23207.7433970636896805307@smelt2.prg2.suse.org> # Security update for kernel-firmware Announcement ID: SUSE-SU-2023:4655-1 Rating: important References: * bsc#1215823 * bsc#1215831 Cross-References: * CVE-2021-26345 * CVE-2021-46766 * CVE-2021-46774 * CVE-2022-23820 * CVE-2022-23830 * CVE-2023-20519 * CVE-2023-20521 * CVE-2023-20526 * CVE-2023-20533 * CVE-2023-20566 * CVE-2023-20592 CVSS scores: * CVE-2021-26345 ( SUSE ): 1.6 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2021-26345 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46766 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2021-46766 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-46774 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L * CVE-2021-46774 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-23820 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2022-23820 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-23830 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2022-23830 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-20519 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-20519 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2023-20521 ( SUSE ): 3.3 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L * CVE-2023-20521 ( NVD ): 5.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2023-20526 ( SUSE ): 1.9 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-20526 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20533 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:H * CVE-2023-20533 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-20566 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N * CVE-2023-20566 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-20592 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N * CVE-2023-20592 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for kernel-firmware fixes the following issues: Update AMD ucode to 20231030 (bsc#1215831): * CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. * CVE-2021-46774: Insufficient input validation in ABL may enable a privileged attacker to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation. * CVE-2023-20533: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker using DMA to read/write from/to invalid DRAM address potentially resulting in denial-of-service. 0 CVE-2023-20519: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity. * CVE-2023-20566: Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. * CVE-2023-20521: TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. * CVE-2021-46766: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. * CVE-2022-23830: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity. * CVE-2023-20526: Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. * CVE-2021-26345: Failure to validate the value in APCB may allow an attacker with physical access to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service. * CVE-2023-20592: Issue with INVD instruction aka CacheWarpAttack (bsc#1215823). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4655=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4655=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4655=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-firmware-20190618-5.34.1 * ucode-amd-20190618-5.34.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-firmware-20190618-5.34.1 * ucode-amd-20190618-5.34.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-firmware-20190618-5.34.1 * ucode-amd-20190618-5.34.1 ## References: * https://www.suse.com/security/cve/CVE-2021-26345.html * https://www.suse.com/security/cve/CVE-2021-46766.html * https://www.suse.com/security/cve/CVE-2021-46774.html * https://www.suse.com/security/cve/CVE-2022-23820.html * https://www.suse.com/security/cve/CVE-2022-23830.html * https://www.suse.com/security/cve/CVE-2023-20519.html * https://www.suse.com/security/cve/CVE-2023-20521.html * https://www.suse.com/security/cve/CVE-2023-20526.html * https://www.suse.com/security/cve/CVE-2023-20533.html * https://www.suse.com/security/cve/CVE-2023-20566.html * https://www.suse.com/security/cve/CVE-2023-20592.html * https://bugzilla.suse.com/show_bug.cgi?id=1215823 * https://bugzilla.suse.com/show_bug.cgi?id=1215831 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:33 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:33 -0000 Subject: SUSE-SU-2023:4659-1: moderate: Security update for curl Message-ID: <170255715331.23207.307805639210419257@smelt2.prg2.suse.org> # Security update for curl Announcement ID: SUSE-SU-2023:4659-1 Rating: moderate References: * bsc#1217573 * bsc#1217574 Cross-References: * CVE-2023-46218 * CVE-2023-46219 CVSS scores: * CVE-2023-46218 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2023-46218 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-46219 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). * CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4659=1 openSUSE-SLE-15.4-2023-4659=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4659=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4659=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4659=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4659=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4659=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4659=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4659=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4659=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4659=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4659=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libcurl4-debuginfo-8.0.1-150400.5.36.1 * curl-debuginfo-8.0.1-150400.5.36.1 * curl-debugsource-8.0.1-150400.5.36.1 * curl-8.0.1-150400.5.36.1 * libcurl4-8.0.1-150400.5.36.1 * libcurl-devel-8.0.1-150400.5.36.1 * openSUSE Leap 15.4 (x86_64) * libcurl4-32bit-8.0.1-150400.5.36.1 * libcurl4-32bit-debuginfo-8.0.1-150400.5.36.1 * libcurl-devel-32bit-8.0.1-150400.5.36.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libcurl4-64bit-8.0.1-150400.5.36.1 * libcurl4-64bit-debuginfo-8.0.1-150400.5.36.1 * libcurl-devel-64bit-8.0.1-150400.5.36.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libcurl4-debuginfo-8.0.1-150400.5.36.1 * curl-debuginfo-8.0.1-150400.5.36.1 * curl-debugsource-8.0.1-150400.5.36.1 * curl-8.0.1-150400.5.36.1 * libcurl4-8.0.1-150400.5.36.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libcurl4-debuginfo-8.0.1-150400.5.36.1 * curl-debuginfo-8.0.1-150400.5.36.1 * curl-debugsource-8.0.1-150400.5.36.1 * curl-8.0.1-150400.5.36.1 * libcurl4-8.0.1-150400.5.36.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libcurl4-debuginfo-8.0.1-150400.5.36.1 * curl-debuginfo-8.0.1-150400.5.36.1 * curl-debugsource-8.0.1-150400.5.36.1 * curl-8.0.1-150400.5.36.1 * libcurl4-8.0.1-150400.5.36.1 * libcurl-devel-8.0.1-150400.5.36.1 * openSUSE Leap 15.5 (x86_64) * libcurl4-32bit-8.0.1-150400.5.36.1 * libcurl4-32bit-debuginfo-8.0.1-150400.5.36.1 * libcurl-devel-32bit-8.0.1-150400.5.36.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libcurl4-debuginfo-8.0.1-150400.5.36.1 * curl-debuginfo-8.0.1-150400.5.36.1 * curl-debugsource-8.0.1-150400.5.36.1 * curl-8.0.1-150400.5.36.1 * libcurl4-8.0.1-150400.5.36.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libcurl4-debuginfo-8.0.1-150400.5.36.1 * curl-debuginfo-8.0.1-150400.5.36.1 * curl-debugsource-8.0.1-150400.5.36.1 * curl-8.0.1-150400.5.36.1 * libcurl4-8.0.1-150400.5.36.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libcurl4-debuginfo-8.0.1-150400.5.36.1 * curl-debuginfo-8.0.1-150400.5.36.1 * curl-debugsource-8.0.1-150400.5.36.1 * curl-8.0.1-150400.5.36.1 * libcurl4-8.0.1-150400.5.36.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libcurl4-debuginfo-8.0.1-150400.5.36.1 * curl-debuginfo-8.0.1-150400.5.36.1 * curl-debugsource-8.0.1-150400.5.36.1 * curl-8.0.1-150400.5.36.1 * libcurl4-8.0.1-150400.5.36.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libcurl4-debuginfo-8.0.1-150400.5.36.1 * curl-debuginfo-8.0.1-150400.5.36.1 * curl-debugsource-8.0.1-150400.5.36.1 * curl-8.0.1-150400.5.36.1 * libcurl4-8.0.1-150400.5.36.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libcurl4-debuginfo-8.0.1-150400.5.36.1 * curl-debuginfo-8.0.1-150400.5.36.1 * curl-debugsource-8.0.1-150400.5.36.1 * curl-8.0.1-150400.5.36.1 * libcurl4-8.0.1-150400.5.36.1 * libcurl-devel-8.0.1-150400.5.36.1 * Basesystem Module 15-SP4 (x86_64) * libcurl4-32bit-8.0.1-150400.5.36.1 * libcurl4-32bit-debuginfo-8.0.1-150400.5.36.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libcurl4-debuginfo-8.0.1-150400.5.36.1 * curl-debuginfo-8.0.1-150400.5.36.1 * curl-debugsource-8.0.1-150400.5.36.1 * curl-8.0.1-150400.5.36.1 * libcurl4-8.0.1-150400.5.36.1 * libcurl-devel-8.0.1-150400.5.36.1 * Basesystem Module 15-SP5 (x86_64) * libcurl4-32bit-8.0.1-150400.5.36.1 * libcurl4-32bit-debuginfo-8.0.1-150400.5.36.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46218.html * https://www.suse.com/security/cve/CVE-2023-46219.html * https://bugzilla.suse.com/show_bug.cgi?id=1217573 * https://bugzilla.suse.com/show_bug.cgi?id=1217574 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:42 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:42 -0000 Subject: SUSE-SU-2023:4652-1: important: Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, cont Message-ID: <170255716204.23207.10679904870694428537@smelt2.prg2.suse.org> # Security update for cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont Announcement ID: SUSE-SU-2023:4652-1 Rating: important References: Affected Products: * Containers Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that can now be installed. ## Description: This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller- container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy- container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.58.0 * Release notes https://github.com/kubevirt/containerized-data- importer/releases/tag/v1.58.0 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4652=1 openSUSE-SLE-15.5-2023-4652=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4652=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4652=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * containerized-data-importer-controller-debuginfo-1.58.0-150500.6.6.1 * containerized-data-importer-manifests-1.58.0-150500.6.6.1 * containerized-data-importer-uploadproxy-1.58.0-150500.6.6.1 * containerized-data-importer-operator-debuginfo-1.58.0-150500.6.6.1 * containerized-data-importer-uploadserver-debuginfo-1.58.0-150500.6.6.1 * containerized-data-importer-operator-1.58.0-150500.6.6.1 * containerized-data-importer-cloner-debuginfo-1.58.0-150500.6.6.1 * containerized-data-importer-controller-1.58.0-150500.6.6.1 * containerized-data-importer-uploadproxy-debuginfo-1.58.0-150500.6.6.1 * containerized-data-importer-api-debuginfo-1.58.0-150500.6.6.1 * containerized-data-importer-importer-debuginfo-1.58.0-150500.6.6.1 * containerized-data-importer-api-1.58.0-150500.6.6.1 * containerized-data-importer-cloner-1.58.0-150500.6.6.1 * obs-service-cdi_containers_meta-1.58.0-150500.6.6.1 * containerized-data-importer-uploadserver-1.58.0-150500.6.6.1 * containerized-data-importer-importer-1.58.0-150500.6.6.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * containerized-data-importer-manifests-1.58.0-150500.6.6.1 * Containers Module 15-SP5 (x86_64) * containerized-data-importer-manifests-1.58.0-150500.6.6.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:51 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:51 -0000 Subject: SUSE-SU-2023:4648-1: moderate: Security update for libreoffice Message-ID: <170255717181.23207.182178343649961553@smelt2.prg2.suse.org> # Security update for libreoffice Announcement ID: SUSE-SU-2023:4648-1 Rating: moderate References: * bsc#1209243 * bsc#1212444 * bsc#1215595 * jsc#PED-5199 * jsc#PED-6799 * jsc#PED-6800 Cross-References: * CVE-2023-1183 CVSS scores: * CVE-2023-1183 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N * CVE-2023-1183 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability, contains three features and has two security fixes can now be installed. ## Description: This update for fixes the following issues: libreoffice was updated rom 7.5.4.1 to 7.6.2.1 (jsc#PED-6799, jsc#PED-6800): * For the highlights of changes of version 7.6 please consult the official release notes: * https://wiki.documentfoundation.org/ReleaseNotes/7.6 * You can check for each minor release notes here: * https://wiki.documentfoundation.org/Releases/7.6.2/RC1 * https://wiki.documentfoundation.org/Releases/7.6.1/RC2 * https://wiki.documentfoundation.org/Releases/7.6.1/RC1 * https://wiki.documentfoundation.org/Releases/7.6.0/RC3 * https://wiki.documentfoundation.org/Releases/7.6.0/RC2 * https://wiki.documentfoundation.org/Releases/7.6.0/RC1 * Security issues fixed: * CVE-2023-1183, Fixed arbitrary file write in LibreOffice Base (bsc#1212444, bsc#1209243) * Updated bundled dependencies: * boost version update from 1_80_0 to 1_82_0 * curl version update from 8.0.1 to 8.2.1 * icu4c-data version update from 72_1 to 73_2 * icu4c version update from 72_1 to 73_2 * pdfium version update from 5408 to 5778 * poppler version update from 22.12.0 to 23.06.0 * poppler-data version update from 0.4.11 to 0.4.12 * skia version from m103-b301ff025004c9cd82816c86c547588e6c24b466 to skia-m111-a31e897fb3dcbc96b2b40999751611d029bf5404 * New bundled dependencies: * graphite2-minimal-1.3.14.tgz * harfbuzz-8.0.0.tar.xz * New build dependencies: * frozen-devel * liborcus-0_18-0 * libixion * mdds-2_1 * New runtime dependencies: * `libreoffice-draw` requires `libreoffice-impress` (bsc#1215595) frozen was implemented: * New Libreoffice package dependency libixion was updated to version 0.18.1: * Updated to 0.18.1: * Fixed a 32-bit Linux build issue as discovered on Debian, due to a clash on two 32-bit unsigned integer types being used with std::variant. * Updated to 0.18.0: * Removed the formula_model_access interface from model_context, and switched to using model_context directly everywhere. * Revised formula_tokens_t type to remove use of std::unique_ptr for each formula_token instance. This should improve memory locality when iterating through an array of formula token values. A similar change has also been made to lexer_tokens_t and lexer_token types. * Added 41 built-in functions * Added support for multi-sheet references in Excel A1 and Excel R1C1 grammers. liborcus was updated to version 0.18.1: * Updated to 0.18.1: * sax parser: * added support for optionally skipping multiple BOM's in the beginning of XML stream. This affects all XML-based file format filters such as xls-xml (aka Excel 2003 XML). * xml-map: * fixed a bug where an XML document consisting of simple single-column records were not properly converted to sheet data * xls-xml: * fixed a bug where the filter would always pass border color even when it was not set * buildsystem: * added new configure switches --without-benchmark and --without-doc-example to optinally skip building of these two directories mdds-2_1 was implemented: * New Libreoffice package dependency ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4648=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4648=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * libetonyek-devel-doc-0.1.10-10.11.2 * frozen-devel-1.1.1-8.3.3 * mdds-2_1-devel-2.1.1-8.3.3 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libixion-debugsource-0.18.1-21.3.3 * liborcus-debugsource-0.18.1-18.3.3 * liborcus-devel-0.18.1-18.3.3 * liborcus-0_18-0-0.18.1-18.3.3 * libetonyek-devel-0.1.10-10.11.2 * liborcus-0_18-0-debuginfo-0.18.1-18.3.3 * libetonyek-debugsource-0.1.10-10.11.2 * libetonyek-0_1-1-0.1.10-10.11.2 * libixion-0_18-0-debuginfo-0.18.1-21.3.3 * libixion-0_18-0-0.18.1-21.3.3 * libixion-devel-0.18.1-21.3.3 * SUSE Linux Enterprise Software Development Kit 12 SP5 (x86_64) * libreoffice-debugsource-7.6.2.1-48.47.6 * libreoffice-sdk-debuginfo-7.6.2.1-48.47.6 * libreoffice-sdk-7.6.2.1-48.47.6 * libreoffice-debuginfo-7.6.2.1-48.47.6 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libreoffice-debugsource-7.6.2.1-48.47.6 * libreoffice-draw-debuginfo-7.6.2.1-48.47.6 * libreoffice-librelogo-7.6.2.1-48.47.6 * libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-48.47.6 * libreoffice-impress-debuginfo-7.6.2.1-48.47.6 * libreoffice-pyuno-7.6.2.1-48.47.6 * libreoffice-writer-extensions-7.6.2.1-48.47.6 * libetonyek-0_1-1-0.1.10-10.11.2 * libixion-0_18-0-0.18.1-21.3.3 * libreoffice-writer-7.6.2.1-48.47.6 * libreoffice-debuginfo-7.6.2.1-48.47.6 * libreoffice-writer-debuginfo-7.6.2.1-48.47.6 * libreoffice-calc-debuginfo-7.6.2.1-48.47.6 * libreoffice-draw-7.6.2.1-48.47.6 * libixion-0_18-0-debuginfo-0.18.1-21.3.3 * libreoffice-calc-extensions-7.6.2.1-48.47.6 * libreoffice-gtk3-7.6.2.1-48.47.6 * liborcus-0_18-0-debuginfo-0.18.1-18.3.3 * libreoffice-base-debuginfo-7.6.2.1-48.47.6 * libreoffice-math-debuginfo-7.6.2.1-48.47.6 * libreoffice-pyuno-debuginfo-7.6.2.1-48.47.6 * libreoffice-gtk3-debuginfo-7.6.2.1-48.47.6 * libreoffice-mailmerge-7.6.2.1-48.47.6 * libetonyek-debugsource-0.1.10-10.11.2 * libreoffice-calc-7.6.2.1-48.47.6 * libreoffice-base-drivers-postgresql-7.6.2.1-48.47.6 * libreoffice-base-7.6.2.1-48.47.6 * libetonyek-0_1-1-debuginfo-0.1.10-10.11.2 * libreoffice-officebean-debuginfo-7.6.2.1-48.47.6 * libreoffice-filters-optional-7.6.2.1-48.47.6 * libreoffice-gnome-debuginfo-7.6.2.1-48.47.6 * libreoffice-impress-7.6.2.1-48.47.6 * libixion-debugsource-0.18.1-21.3.3 * liborcus-debugsource-0.18.1-18.3.3 * libreoffice-officebean-7.6.2.1-48.47.6 * liborcus-0_18-0-0.18.1-18.3.3 * libreoffice-7.6.2.1-48.47.6 * libreoffice-math-7.6.2.1-48.47.6 * libreoffice-gnome-7.6.2.1-48.47.6 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch) * libreoffice-l10n-fi-7.6.2.1-48.47.6 * libreoffice-l10n-da-7.6.2.1-48.47.6 * libreoffice-l10n-zh_CN-7.6.2.1-48.47.6 * libreoffice-l10n-ro-7.6.2.1-48.47.6 * libreoffice-l10n-bg-7.6.2.1-48.47.6 * libreoffice-l10n-de-7.6.2.1-48.47.6 * libreoffice-l10n-sk-7.6.2.1-48.47.6 * libreoffice-l10n-ja-7.6.2.1-48.47.6 * libreoffice-l10n-nn-7.6.2.1-48.47.6 * libreoffice-l10n-zu-7.6.2.1-48.47.6 * libreoffice-icon-themes-7.6.2.1-48.47.6 * libreoffice-l10n-uk-7.6.2.1-48.47.6 * libreoffice-l10n-gu-7.6.2.1-48.47.6 * libreoffice-l10n-zh_TW-7.6.2.1-48.47.6 * libreoffice-l10n-nb-7.6.2.1-48.47.6 * libreoffice-l10n-af-7.6.2.1-48.47.6 * libreoffice-l10n-cs-7.6.2.1-48.47.6 * libreoffice-l10n-hr-7.6.2.1-48.47.6 * libreoffice-l10n-lt-7.6.2.1-48.47.6 * libreoffice-l10n-pl-7.6.2.1-48.47.6 * libreoffice-l10n-it-7.6.2.1-48.47.6 * libreoffice-l10n-ar-7.6.2.1-48.47.6 * libreoffice-l10n-en-7.6.2.1-48.47.6 * libreoffice-l10n-es-7.6.2.1-48.47.6 * libreoffice-l10n-ko-7.6.2.1-48.47.6 * libreoffice-l10n-pt_PT-7.6.2.1-48.47.6 * libreoffice-l10n-fr-7.6.2.1-48.47.6 * libreoffice-l10n-hi-7.6.2.1-48.47.6 * libreoffice-l10n-hu-7.6.2.1-48.47.6 * libreoffice-l10n-sv-7.6.2.1-48.47.6 * libreoffice-l10n-ca-7.6.2.1-48.47.6 * libreoffice-l10n-nl-7.6.2.1-48.47.6 * libreoffice-branding-upstream-7.6.2.1-48.47.6 * libreoffice-l10n-pt_BR-7.6.2.1-48.47.6 * libreoffice-l10n-ru-7.6.2.1-48.47.6 * libreoffice-l10n-xh-7.6.2.1-48.47.6 ## References: * https://www.suse.com/security/cve/CVE-2023-1183.html * https://bugzilla.suse.com/show_bug.cgi?id=1209243 * https://bugzilla.suse.com/show_bug.cgi?id=1212444 * https://bugzilla.suse.com/show_bug.cgi?id=1215595 * https://jira.suse.com/browse/PED-5199 * https://jira.suse.com/browse/PED-6799 * https://jira.suse.com/browse/PED-6800 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:33:03 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:33:03 -0000 Subject: SUSE-RU-2023:4640-1: moderate: Recommended update for ipxe Message-ID: <170255718330.23207.4233549067801627080@smelt2.prg2.suse.org> # Recommended update for ipxe Announcement ID: SUSE-RU-2023:4640-1 Rating: moderate References: * jsc#PED-5536 Affected Products: * HPC Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 An update that contains one feature can now be installed. ## Description: This update for ipxe fixes the following issues: * Enabled HTTPS downloads (jsc#PED-5536) * Updated to version 1.21.1+git20231006.ff0f8604 with the following changes: * [arm] Support building as a Linux userspace binary for AArch64 * [crypto] Add support for PKCS#8 private key format * [dhcp] Ignore DHCPNAK unless originating from the selected DHCP server * [dhcp] Request NTP server option * [eap] Define a supplicant model for EAP and EAPoL * [eapol] Send EAPoL-Start packets to trigger EAP authentication * [efi] Accept a command line passed to an iPXE image via LoadOptions * [efi] Add support for executing images via a shim * [efi] Allow autoexec script to be located alongside iPXE binary * [efi] Enable NET_PROTO_LLDP by default * [efi] Provide read-only access to EFI variables via settings mechanism * [efi] Support the initrd autodetection mechanism in newer Linux kernels * [efi] Update to current EDK2 headers * [golan] Add new PCI ID for NVIDIA BlueField-3 network device * [image] Generalise concept of selected image * [libc] Use wall clock time as seed for the (non-cryptographic) RNG * [loong64] Add initial support for LoongArch64 * [ntp] Define NTP server setting * [params] Allow for arbitrary HTTP request headers to be specified * [rng] Allow entropy source to be selected at runtime * [tls] Handle fragmented handshake records (jsc#PED-5536) * [xen] Update to current Xen headers * Added floppy disk image ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4640=1 openSUSE-SLE-15.5-2023-4640=1 * HPC Module 15-SP5 zypper in -t patch SUSE-SLE-Module-HPC-15-SP5-2023-4640=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le x86_64 i586) * ipxe-bootimgs-1.21.1+git20231006.ff0f8604-150500.3.3.1 * HPC Module 15-SP5 (aarch64 x86_64) * ipxe-bootimgs-1.21.1+git20231006.ff0f8604-150500.3.3.1 ## References: * https://jira.suse.com/browse/PED-5536 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:57 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:57 -0000 Subject: SUSE-SU-2023:4646-1: moderate: Security update for haproxy Message-ID: <170255717744.23207.9083049667953453233@smelt2.prg2.suse.org> # Security update for haproxy Announcement ID: SUSE-SU-2023:4646-1 Rating: moderate References: * bsc#1214102 * bsc#1217653 Cross-References: * CVE-2023-40225 * CVE-2023-45539 CVSS scores: * CVE-2023-40225 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-40225 ( NVD ): 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N * CVE-2023-45539 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-45539 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for haproxy fixes the following issues: * CVE-2023-45539: Fixed misinterpretation of a path_end rule with # as part of the URI component (bsc#1217653). * CVE-2023-40225: reject any empty content-length header value (bsc#1214102). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-4646=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * haproxy-debugsource-2.0.31-150100.8.34.1 * haproxy-debuginfo-2.0.31-150100.8.34.1 * haproxy-2.0.31-150100.8.34.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40225.html * https://www.suse.com/security/cve/CVE-2023-45539.html * https://bugzilla.suse.com/show_bug.cgi?id=1214102 * https://bugzilla.suse.com/show_bug.cgi?id=1217653 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:33:02 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:33:02 -0000 Subject: SUSE-RU-2023:4642-1: moderate: Recommended update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed Message-ID: <170255718231.23207.12479117175069272422@smelt2.prg2.suse.org> # Recommended update for kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed Announcement ID: SUSE-RU-2023:4642-1 Rating: moderate References: * bsc#1215981 * bsc#1217370 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two fixes can now be installed. ## Description: This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Changes in kernel-firmware-nvidia-gspx-G06: * update firmware to version 545.29.02 Changes in nvidia-open-driver-G06-signed: * Update to 545.29.02 * added fbdev=1 option for nvidia-drm module, which gives us a proper framebuffer console now ... * nosimplefb kernel option no longer needed with usage of nvidia-drm's fbdev=1 option * nvidia's NVreg_OpenRmEnableUnsupportedGpus=1 option no longer needed; GeForce and Workstation GPUs now officially supported * support added for H100/H800 GPUs (Hopper) * no longer try to overwrite NVreg_OpenRMEnableSupporteGpus driver option setting; apparently it's ignored by the driver (boo#1215981, comment#26) * use different modprobe.d config file to resolve conflict with older driver package (boo#1217370); overwrite NVreg_OpenRMEnableSupporteGpus driver option setting (disable it), since letting it enabled is supposed to break booting (boo#1215981, comment#23) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4642=1 SUSE-2023-4642=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4642=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4642=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4642=1 ## Package List: * openSUSE Leap 15.5 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-545.29.02-150500.11.12.1 * openSUSE Leap 15.5 (x86_64) * nvidia-open-driver-G06-signed-kmp-azure-545.29.02_k5.14.21_150500.33.23-150500.3.18.1 * nvidia-open-driver-G06-signed-azure-devel-545.29.02-150500.3.18.1 * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-545.29.02_k5.14.21_150500.33.23-150500.3.18.1 * openSUSE Leap 15.5 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-debuginfo-545.29.02_k5.14.21_150500.55.36-150500.3.18.1 * nvidia-open-driver-G06-signed-debugsource-545.29.02-150500.3.18.1 * nvidia-open-driver-G06-signed-kmp-default-545.29.02_k5.14.21_150500.55.36-150500.3.18.1 * nvidia-open-driver-G06-signed-default-devel-545.29.02-150500.3.18.1 * openSUSE Leap 15.5 (aarch64) * nvidia-open-driver-G06-signed-kmp-64kb-545.29.02_k5.14.21_150500.55.36-150500.3.18.1 * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-545.29.02_k5.14.21_150500.55.36-150500.3.18.1 * nvidia-open-driver-G06-signed-64kb-devel-545.29.02-150500.3.18.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-545.29.02-150500.11.12.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-debuginfo-545.29.02_k5.14.21_150500.55.36-150500.3.18.1 * nvidia-open-driver-G06-signed-kmp-default-545.29.02_k5.14.21_150500.55.36-150500.3.18.1 * Basesystem Module 15-SP5 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-545.29.02-150500.11.12.1 * Basesystem Module 15-SP5 (aarch64) * nvidia-open-driver-G06-signed-kmp-64kb-545.29.02_k5.14.21_150500.55.36-150500.3.18.1 * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-545.29.02_k5.14.21_150500.55.36-150500.3.18.1 * nvidia-open-driver-G06-signed-64kb-devel-545.29.02-150500.3.18.1 * Basesystem Module 15-SP5 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-debuginfo-545.29.02_k5.14.21_150500.55.36-150500.3.18.1 * nvidia-open-driver-G06-signed-debugsource-545.29.02-150500.3.18.1 * nvidia-open-driver-G06-signed-kmp-default-545.29.02_k5.14.21_150500.55.36-150500.3.18.1 * nvidia-open-driver-G06-signed-default-devel-545.29.02-150500.3.18.1 * Public Cloud Module 15-SP5 (x86_64) * nvidia-open-driver-G06-signed-kmp-azure-545.29.02_k5.14.21_150500.33.23-150500.3.18.1 * nvidia-open-driver-G06-signed-azure-devel-545.29.02-150500.3.18.1 * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-545.29.02_k5.14.21_150500.33.23-150500.3.18.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215981 * https://bugzilla.suse.com/show_bug.cgi?id=1217370 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:42 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:42 -0000 Subject: SUSE-SU-2023:4709-1: important: Security update for go1.21 Message-ID: <170255710217.23207.1962114331128282638@smelt2.prg2.suse.org> # Security update for go1.21 Announcement ID: SUSE-SU-2023:4709-1 Rating: important References: * bsc#1212475 * bsc#1216943 * bsc#1217833 * bsc#1217834 Cross-References: * CVE-2023-39326 * CVE-2023-45284 * CVE-2023-45285 CVSS scores: * CVE-2023-39326 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39326 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-45284 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2023-45284 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-45285 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2023-45285 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities and has one security fix can now be installed. ## Description: This update for go1.21 fixes the following issues: Update to go1.21.5: * CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834). * CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943). * CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833). * cmd/go: go mod download needs to support toolchain upgrades * cmd/compile: invalid pointer found on stack when compiled with -race * os: NTFS deduped file changed from regular to irregular * net: TCPConn.ReadFrom hangs when io.Reader is TCPConn or UnixConn, Linux kernel < 5.1 * cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents * syscall: TestOpenFileLimit unintentionally runs on non-Unix platforms * runtime: self-deadlock on mheap_.lock * crypto/rand: Legacy RtlGenRandom use on Windows ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4709=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4709=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4709=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4709=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.21-race-1.21.5-150000.1.18.1 * go1.21-1.21.5-150000.1.18.1 * go1.21-doc-1.21.5-150000.1.18.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.21-race-1.21.5-150000.1.18.1 * go1.21-1.21.5-150000.1.18.1 * go1.21-doc-1.21.5-150000.1.18.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.21-1.21.5-150000.1.18.1 * go1.21-doc-1.21.5-150000.1.18.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.21-race-1.21.5-150000.1.18.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.21-race-1.21.5-150000.1.18.1 * go1.21-1.21.5-150000.1.18.1 * go1.21-doc-1.21.5-150000.1.18.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39326.html * https://www.suse.com/security/cve/CVE-2023-45284.html * https://www.suse.com/security/cve/CVE-2023-45285.html * https://bugzilla.suse.com/show_bug.cgi?id=1212475 * https://bugzilla.suse.com/show_bug.cgi?id=1216943 * https://bugzilla.suse.com/show_bug.cgi?id=1217833 * https://bugzilla.suse.com/show_bug.cgi?id=1217834 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:39 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:39 -0000 Subject: SUSE-SU-2023:4713-1: moderate: Security update for curl Message-ID: <170255709955.23207.7024376120454976961@smelt2.prg2.suse.org> # Security update for curl Announcement ID: SUSE-SU-2023:4713-1 Rating: moderate References: * bsc#1217573 Cross-References: * CVE-2023-46218 CVSS scores: * CVE-2023-46218 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2023-46218 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4713=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4713=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4713=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * curl-debugsource-7.66.0-150200.4.63.1 * curl-7.66.0-150200.4.63.1 * libcurl4-7.66.0-150200.4.63.1 * curl-debuginfo-7.66.0-150200.4.63.1 * libcurl4-debuginfo-7.66.0-150200.4.63.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * curl-debugsource-7.66.0-150200.4.63.1 * curl-7.66.0-150200.4.63.1 * libcurl4-7.66.0-150200.4.63.1 * curl-debuginfo-7.66.0-150200.4.63.1 * libcurl4-debuginfo-7.66.0-150200.4.63.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * curl-debugsource-7.66.0-150200.4.63.1 * curl-7.66.0-150200.4.63.1 * libcurl4-7.66.0-150200.4.63.1 * curl-debuginfo-7.66.0-150200.4.63.1 * libcurl4-debuginfo-7.66.0-150200.4.63.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46218.html * https://bugzilla.suse.com/show_bug.cgi?id=1217573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:40 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:40 -0000 Subject: SUSE-SU-2023:4710-1: moderate: Security update for hplip Message-ID: <170255710072.23207.5659426614655870027@smelt2.prg2.suse.org> # Security update for hplip Announcement ID: SUSE-SU-2023:4710-1 Rating: moderate References: * bsc#1214399 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one security fix can now be installed. ## Description: This update for hplip fixes the following issues: * Fixed insecure /tmp file paths inside hppsfilter booklet printing (bsc#1214399) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4710=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4710=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4710=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4710=1 openSUSE-SLE-15.4-2023-4710=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4710=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4710=1 ## Package List: * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * hplip-sane-debuginfo-3.21.10-150400.3.11.1 * hplip-devel-3.21.10-150400.3.11.1 * hplip-hpijs-debuginfo-3.21.10-150400.3.11.1 * hplip-sane-3.21.10-150400.3.11.1 * hplip-hpijs-3.21.10-150400.3.11.1 * hplip-debuginfo-3.21.10-150400.3.11.1 * hplip-debugsource-3.21.10-150400.3.11.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * hplip-3.21.10-150400.3.11.1 * hplip-debuginfo-3.21.10-150400.3.11.1 * hplip-debugsource-3.21.10-150400.3.11.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * hplip-3.21.10-150400.3.11.1 * hplip-debuginfo-3.21.10-150400.3.11.1 * hplip-debugsource-3.21.10-150400.3.11.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * hplip-sane-debuginfo-3.21.10-150400.3.11.1 * hplip-3.21.10-150400.3.11.1 * hplip-devel-3.21.10-150400.3.11.1 * hplip-hpijs-debuginfo-3.21.10-150400.3.11.1 * hplip-scan-utils-3.21.10-150400.3.11.1 * hplip-scan-utils-debuginfo-3.21.10-150400.3.11.1 * hplip-sane-3.21.10-150400.3.11.1 * hplip-hpijs-3.21.10-150400.3.11.1 * hplip-debuginfo-3.21.10-150400.3.11.1 * hplip-debugsource-3.21.10-150400.3.11.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * hplip-sane-debuginfo-3.21.10-150400.3.11.1 * hplip-3.21.10-150400.3.11.1 * hplip-devel-3.21.10-150400.3.11.1 * hplip-hpijs-debuginfo-3.21.10-150400.3.11.1 * hplip-scan-utils-3.21.10-150400.3.11.1 * hplip-scan-utils-debuginfo-3.21.10-150400.3.11.1 * hplip-sane-3.21.10-150400.3.11.1 * hplip-hpijs-3.21.10-150400.3.11.1 * hplip-debuginfo-3.21.10-150400.3.11.1 * hplip-debugsource-3.21.10-150400.3.11.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * hplip-sane-debuginfo-3.21.10-150400.3.11.1 * hplip-devel-3.21.10-150400.3.11.1 * hplip-hpijs-debuginfo-3.21.10-150400.3.11.1 * hplip-sane-3.21.10-150400.3.11.1 * hplip-hpijs-3.21.10-150400.3.11.1 * hplip-debuginfo-3.21.10-150400.3.11.1 * hplip-debugsource-3.21.10-150400.3.11.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214399 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:33:01 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:33:01 -0000 Subject: SUSE-RU-2023:4643-1: moderate: Recommended update for xf86-video-intel Message-ID: <170255718131.23207.10116696589198623720@smelt2.prg2.suse.org> # Recommended update for xf86-video-intel Announcement ID: SUSE-RU-2023:4643-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that can now be installed. ## Description: This update for xf86-video-intel fixes the following issues: * use "iris" instead of "crocus" for anything newer than Haswell architecture * Mesa's DRI driver is now called "crocus" (previously "i965"); ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4643=1 openSUSE-SLE-15.5-2023-4643=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4643=1 ## Package List: * openSUSE Leap 15.5 (x86_64 i586) * xf86-video-intel-debuginfo-2.99.917.916_g31486f40-150500.3.3.1 * xf86-video-intel-debugsource-2.99.917.916_g31486f40-150500.3.3.1 * xf86-video-intel-2.99.917.916_g31486f40-150500.3.3.1 * openSUSE Leap 15.5 (x86_64) * xf86-video-intel-32bit-2.99.917.916_g31486f40-150500.3.3.1 * xf86-video-intel-32bit-debuginfo-2.99.917.916_g31486f40-150500.3.3.1 * Basesystem Module 15-SP5 (x86_64) * xf86-video-intel-debuginfo-2.99.917.916_g31486f40-150500.3.3.1 * xf86-video-intel-debugsource-2.99.917.916_g31486f40-150500.3.3.1 * xf86-video-intel-2.99.917.916_g31486f40-150500.3.3.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:59 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:59 -0000 Subject: SUSE-RU-2023:4644-1: moderate: Recommended update for psmisc Message-ID: <170255717987.23207.2968806379577417732@smelt2.prg2.suse.org> # Recommended update for psmisc Announcement ID: SUSE-RU-2023:4644-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for psmisc fixes the following issues: * Fix version number when building the package ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4644=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4644=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4644=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4644=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4644=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4644=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4644=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4644=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4644=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4644=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4644=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4644=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4644=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4644=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4644=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4644=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4644=1 ## Package List: * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * psmisc-debuginfo-23.0-150000.6.25.1 * psmisc-23.0-150000.6.25.1 * psmisc-debugsource-23.0-150000.6.25.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * psmisc-debuginfo-23.0-150000.6.25.1 * psmisc-23.0-150000.6.25.1 * psmisc-debugsource-23.0-150000.6.25.1 * openSUSE Leap 15.4 (noarch) * psmisc-lang-23.0-150000.6.25.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * psmisc-debuginfo-23.0-150000.6.25.1 * psmisc-23.0-150000.6.25.1 * psmisc-debugsource-23.0-150000.6.25.1 * openSUSE Leap 15.5 (noarch) * psmisc-lang-23.0-150000.6.25.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * psmisc-debuginfo-23.0-150000.6.25.1 * psmisc-23.0-150000.6.25.1 * psmisc-debugsource-23.0-150000.6.25.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * psmisc-debuginfo-23.0-150000.6.25.1 * psmisc-23.0-150000.6.25.1 * psmisc-debugsource-23.0-150000.6.25.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * psmisc-debuginfo-23.0-150000.6.25.1 * psmisc-23.0-150000.6.25.1 * psmisc-debugsource-23.0-150000.6.25.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * psmisc-debuginfo-23.0-150000.6.25.1 * psmisc-23.0-150000.6.25.1 * psmisc-debugsource-23.0-150000.6.25.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * psmisc-debuginfo-23.0-150000.6.25.1 * psmisc-23.0-150000.6.25.1 * psmisc-debugsource-23.0-150000.6.25.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * psmisc-debuginfo-23.0-150000.6.25.1 * psmisc-23.0-150000.6.25.1 * psmisc-debugsource-23.0-150000.6.25.1 * Basesystem Module 15-SP4 (noarch) * psmisc-lang-23.0-150000.6.25.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * psmisc-debuginfo-23.0-150000.6.25.1 * psmisc-23.0-150000.6.25.1 * psmisc-debugsource-23.0-150000.6.25.1 * Basesystem Module 15-SP5 (noarch) * psmisc-lang-23.0-150000.6.25.1 * SUSE Manager Proxy 4.2 (x86_64) * psmisc-debuginfo-23.0-150000.6.25.1 * psmisc-23.0-150000.6.25.1 * psmisc-debugsource-23.0-150000.6.25.1 * SUSE Manager Proxy 4.2 (noarch) * psmisc-lang-23.0-150000.6.25.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * psmisc-debuginfo-23.0-150000.6.25.1 * psmisc-23.0-150000.6.25.1 * psmisc-debugsource-23.0-150000.6.25.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * psmisc-lang-23.0-150000.6.25.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * psmisc-debuginfo-23.0-150000.6.25.1 * psmisc-23.0-150000.6.25.1 * psmisc-debugsource-23.0-150000.6.25.1 * SUSE Manager Server 4.2 (noarch) * psmisc-lang-23.0-150000.6.25.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * psmisc-debuginfo-23.0-150000.6.25.1 * psmisc-23.0-150000.6.25.1 * psmisc-debugsource-23.0-150000.6.25.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * psmisc-debuginfo-23.0-150000.6.25.1 * psmisc-23.0-150000.6.25.1 * psmisc-debugsource-23.0-150000.6.25.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * psmisc-debuginfo-23.0-150000.6.25.1 * psmisc-23.0-150000.6.25.1 * psmisc-debugsource-23.0-150000.6.25.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * psmisc-debuginfo-23.0-150000.6.25.1 * psmisc-23.0-150000.6.25.1 * psmisc-debugsource-23.0-150000.6.25.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:33:05 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:33:05 -0000 Subject: SUSE-SU-2023:4634-1: important: Security update for ImageMagick Message-ID: <170255718533.23207.6446295220007579550@smelt2.prg2.suse.org> # Security update for ImageMagick Announcement ID: SUSE-SU-2023:4634-1 Rating: important References: * bsc#1153866 * bsc#1181836 * bsc#1182325 * bsc#1182335 * bsc#1182336 * bsc#1182337 * bsc#1184624 * bsc#1184626 * bsc#1184627 * bsc#1184628 * bsc#1195563 * bsc#1197147 * bsc#1199350 * bsc#1200387 * bsc#1200388 * bsc#1200389 * bsc#1202250 * bsc#1202800 * bsc#1207982 * bsc#1207983 * bsc#1209141 * bsc#1211791 * bsc#1213624 * bsc#1214578 * bsc#1215939 Cross-References: * CVE-2019-17540 * CVE-2020-21679 * CVE-2021-20176 * CVE-2021-20224 * CVE-2021-20241 * CVE-2021-20243 * CVE-2021-20244 * CVE-2021-20246 * CVE-2021-20309 * CVE-2021-20311 * CVE-2021-20312 * CVE-2021-20313 * CVE-2022-0284 * CVE-2022-2719 * CVE-2022-28463 * CVE-2022-32545 * CVE-2022-32546 * CVE-2022-32547 * CVE-2022-44267 * CVE-2022-44268 * CVE-2023-1289 * CVE-2023-34151 * CVE-2023-3745 * CVE-2023-5341 CVSS scores: * CVE-2019-17540 ( SUSE ): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2020-21679 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-20176 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-20176 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-20224 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-20224 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-20241 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-20241 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-20243 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-20243 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-20244 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-20244 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-20246 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-20246 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-20309 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-20309 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-20311 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-20311 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-20312 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-20312 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-20313 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2021-20313 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-0284 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2022-0284 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2022-2719 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-2719 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-28463 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2022-28463 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-32545 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-32545 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-32546 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-32546 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-32547 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-32547 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-44267 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-44267 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-44268 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-44268 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-1289 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1289 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-34151 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-34151 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-3745 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-3745 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-5341 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5341 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves 24 vulnerabilities and has one security fix can now be installed. ## Description: This update for ImageMagick fixes the following issues: Security issues: * CVE-2023-5341: Fixed a heap use-after-free in coders/bmp.c. (bsc#1215939) * CVE-2020-21679: Fixed a buffer overflow in WritePCXImage function in pcx.c which may allow a remote attackers to cause a denial of service. (bsc#1214578) * CVE-2023-3745: Fixed heap out of bounds read in PushCharPixel() in quantum- private.h (bsc#1213624). * CVE-2023-34151: Fixed an undefined behavior issue due to floating point truncation (bsc#1211791). * CVE-2023-1289: Fixed segmentation fault and possible DoS via specially crafted SVG. (bsc#1209141) * CVE-2022-44268: Fixed arbitrary file disclosure when parsing a PNG image (bsc#1207983). * CVE-2022-44267: Fixed a denial of service when parsing a PNG image (bsc#1207982). * CVE-2022-32547: Fixed a load of misaligned address at MagickCore/property.c. (bsc#1200387) * CVE-2022-32546: Fixed an outside the range of representable values of type. (bsc#1200389) * CVE-2022-32545: Fixed an outside the range of representable values of type. (bsc#1200388) * CVE-2022-28463: Fixed buffer overflow in coders/cin.c (bsc#1199350). * CVE-2022-2719: Fixed a reachable assertion that could lead to denial of service via a crafted file (bsc#1202250). * CVE-2022-0284: Fixed heap buffer overread in GetPixelAlpha() in MagickCore/pixel-accessor.h (bsc#1195563). * CVE-2021-3574: Fixed memory leaks with convert command (bsc#1203212). * CVE-2021-20313: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c (bsc#1184628) * CVE-2021-20312: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c (bsc#1184627) * CVE-2021-20311: Division by zero in sRGBTransformImage() in MagickCore/colorspace.c (bsc#1184626) * CVE-2021-20309: Division by zero in WaveImage() of MagickCore/visual- effects. (bsc#1184624) * CVE-2021-20246: Division by zero in ScaleResampleFilter in MagickCore/resample.c (bsc#1182337). * CVE-2021-20244: Division by zero in ImplodeImage in MagickCore/visual- effects.c (bsc#1182325). * CVE-2021-20243: Division by zero in GetResizeFilterWeight in MagickCore/resize.c (bsc#1182336). * CVE-2021-20241: Division by zero in WriteJP2Image() in coders/jp2.c (bsc#1182335). * CVE-2021-20224: Fixed an integer overflow that could be triggered via a crafted file (bsc#1202800). * CVE-2021-20176: Fixed an issue where processing a crafted file could lead to division by zero (bsc#1181836). * CVE-2019-17540: Fixed heap-based buffer overflow in ReadPSInfo in coders/ps.c. (bsc#1153866) Bugfixes: * Use png_get_eXIf_1 when available (bsc#1197147). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4634=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4634=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4634=1 ## Package List: * SUSE CaaS Platform 4.0 (x86_64) * ImageMagick-config-7-SUSE-7.0.7.34-150000.3.123.1 * ImageMagick-debuginfo-7.0.7.34-150000.3.123.1 * ImageMagick-debugsource-7.0.7.34-150000.3.123.1 * libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150000.3.123.1 * libMagickWand-7_Q16HDRI6-7.0.7.34-150000.3.123.1 * libMagick++-7_Q16HDRI4-7.0.7.34-150000.3.123.1 * libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150000.3.123.1 * libMagick++-devel-7.0.7.34-150000.3.123.1 * ImageMagick-7.0.7.34-150000.3.123.1 * ImageMagick-config-7-upstream-7.0.7.34-150000.3.123.1 * perl-PerlMagick-7.0.7.34-150000.3.123.1 * libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150000.3.123.1 * libMagickCore-7_Q16HDRI6-7.0.7.34-150000.3.123.1 * perl-PerlMagick-debuginfo-7.0.7.34-150000.3.123.1 * ImageMagick-devel-7.0.7.34-150000.3.123.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * ImageMagick-config-7-SUSE-7.0.7.34-150000.3.123.1 * ImageMagick-debuginfo-7.0.7.34-150000.3.123.1 * ImageMagick-debugsource-7.0.7.34-150000.3.123.1 * libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150000.3.123.1 * libMagickWand-7_Q16HDRI6-7.0.7.34-150000.3.123.1 * libMagick++-7_Q16HDRI4-7.0.7.34-150000.3.123.1 * libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150000.3.123.1 * libMagick++-devel-7.0.7.34-150000.3.123.1 * ImageMagick-7.0.7.34-150000.3.123.1 * ImageMagick-config-7-upstream-7.0.7.34-150000.3.123.1 * perl-PerlMagick-7.0.7.34-150000.3.123.1 * libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150000.3.123.1 * libMagickCore-7_Q16HDRI6-7.0.7.34-150000.3.123.1 * perl-PerlMagick-debuginfo-7.0.7.34-150000.3.123.1 * ImageMagick-devel-7.0.7.34-150000.3.123.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * ImageMagick-config-7-SUSE-7.0.7.34-150000.3.123.1 * ImageMagick-debuginfo-7.0.7.34-150000.3.123.1 * ImageMagick-debugsource-7.0.7.34-150000.3.123.1 * libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150000.3.123.1 * libMagickWand-7_Q16HDRI6-7.0.7.34-150000.3.123.1 * libMagick++-7_Q16HDRI4-7.0.7.34-150000.3.123.1 * libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150000.3.123.1 * libMagick++-devel-7.0.7.34-150000.3.123.1 * ImageMagick-7.0.7.34-150000.3.123.1 * ImageMagick-config-7-upstream-7.0.7.34-150000.3.123.1 * perl-PerlMagick-7.0.7.34-150000.3.123.1 * libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150000.3.123.1 * libMagickCore-7_Q16HDRI6-7.0.7.34-150000.3.123.1 * perl-PerlMagick-debuginfo-7.0.7.34-150000.3.123.1 * ImageMagick-devel-7.0.7.34-150000.3.123.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * ImageMagick-config-7-SUSE-7.0.7.34-150000.3.123.1 * ImageMagick-debuginfo-7.0.7.34-150000.3.123.1 * ImageMagick-debugsource-7.0.7.34-150000.3.123.1 * libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150000.3.123.1 * libMagickWand-7_Q16HDRI6-7.0.7.34-150000.3.123.1 * libMagick++-7_Q16HDRI4-7.0.7.34-150000.3.123.1 * libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150000.3.123.1 * libMagick++-devel-7.0.7.34-150000.3.123.1 * ImageMagick-7.0.7.34-150000.3.123.1 * ImageMagick-config-7-upstream-7.0.7.34-150000.3.123.1 * perl-PerlMagick-7.0.7.34-150000.3.123.1 * libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150000.3.123.1 * libMagickCore-7_Q16HDRI6-7.0.7.34-150000.3.123.1 * perl-PerlMagick-debuginfo-7.0.7.34-150000.3.123.1 * ImageMagick-devel-7.0.7.34-150000.3.123.1 ## References: * https://www.suse.com/security/cve/CVE-2019-17540.html * https://www.suse.com/security/cve/CVE-2020-21679.html * https://www.suse.com/security/cve/CVE-2021-20176.html * https://www.suse.com/security/cve/CVE-2021-20224.html * https://www.suse.com/security/cve/CVE-2021-20241.html * https://www.suse.com/security/cve/CVE-2021-20243.html * https://www.suse.com/security/cve/CVE-2021-20244.html * https://www.suse.com/security/cve/CVE-2021-20246.html * https://www.suse.com/security/cve/CVE-2021-20309.html * https://www.suse.com/security/cve/CVE-2021-20311.html * https://www.suse.com/security/cve/CVE-2021-20312.html * https://www.suse.com/security/cve/CVE-2021-20313.html * https://www.suse.com/security/cve/CVE-2022-0284.html * https://www.suse.com/security/cve/CVE-2022-2719.html * https://www.suse.com/security/cve/CVE-2022-28463.html * https://www.suse.com/security/cve/CVE-2022-32545.html * https://www.suse.com/security/cve/CVE-2022-32546.html * https://www.suse.com/security/cve/CVE-2022-32547.html * https://www.suse.com/security/cve/CVE-2022-44267.html * https://www.suse.com/security/cve/CVE-2022-44268.html * https://www.suse.com/security/cve/CVE-2023-1289.html * https://www.suse.com/security/cve/CVE-2023-34151.html * https://www.suse.com/security/cve/CVE-2023-3745.html * https://www.suse.com/security/cve/CVE-2023-5341.html * https://bugzilla.suse.com/show_bug.cgi?id=1153866 * https://bugzilla.suse.com/show_bug.cgi?id=1181836 * https://bugzilla.suse.com/show_bug.cgi?id=1182325 * https://bugzilla.suse.com/show_bug.cgi?id=1182335 * https://bugzilla.suse.com/show_bug.cgi?id=1182336 * https://bugzilla.suse.com/show_bug.cgi?id=1182337 * https://bugzilla.suse.com/show_bug.cgi?id=1184624 * https://bugzilla.suse.com/show_bug.cgi?id=1184626 * https://bugzilla.suse.com/show_bug.cgi?id=1184627 * https://bugzilla.suse.com/show_bug.cgi?id=1184628 * https://bugzilla.suse.com/show_bug.cgi?id=1195563 * https://bugzilla.suse.com/show_bug.cgi?id=1197147 * https://bugzilla.suse.com/show_bug.cgi?id=1199350 * https://bugzilla.suse.com/show_bug.cgi?id=1200387 * https://bugzilla.suse.com/show_bug.cgi?id=1200388 * https://bugzilla.suse.com/show_bug.cgi?id=1200389 * https://bugzilla.suse.com/show_bug.cgi?id=1202250 * https://bugzilla.suse.com/show_bug.cgi?id=1202800 * https://bugzilla.suse.com/show_bug.cgi?id=1207982 * https://bugzilla.suse.com/show_bug.cgi?id=1207983 * https://bugzilla.suse.com/show_bug.cgi?id=1209141 * https://bugzilla.suse.com/show_bug.cgi?id=1211791 * https://bugzilla.suse.com/show_bug.cgi?id=1213624 * https://bugzilla.suse.com/show_bug.cgi?id=1214578 * https://bugzilla.suse.com/show_bug.cgi?id=1215939 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:33:04 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:33:04 -0000 Subject: SUSE-RU-2023:4636-1: moderate: Recommended update for osgi-service-log Message-ID: <170255718416.23207.4216586843062178960@smelt2.prg2.suse.org> # Recommended update for osgi-service-log Announcement ID: SUSE-RU-2023:4636-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.5 An update that can now be installed. ## Description: This update for osgi-service-log fixes the following issues: * New package needed to be able to upgrade felix-gogo-command ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4636=1 ## Package List: * openSUSE Leap 15.5 (noarch) * osgi-service-log-1.5.0-150200.5.3.2 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:01 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:01 -0000 Subject: SUSE-SU-2023:4692-1: important: Security update for gimp Message-ID: <170255712131.23207.18398559023355881410@smelt2.prg2.suse.org> # Security update for gimp Announcement ID: SUSE-SU-2023:4692-1 Rating: important References: * bsc#1217160 * bsc#1217161 * bsc#1217162 * bsc#1217163 Cross-References: * CVE-2023-44441 * CVE-2023-44442 * CVE-2023-44443 * CVE-2023-44444 CVSS scores: * CVE-2023-44441 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-44442 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-44443 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-44444 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for gimp fixes the following issues: * CVE-2023-44441: Fixed Heap-based Buffer Overflow in DDS (bsc#1217160). * CVE-2023-44442: Fixed Heap-based Buffer Overflow in PSD (bsc#1217161). * CVE-2023-44443: Fixed Integer Overflow in PSP (bsc#1217162). * CVE-2023-44444: Fixed Off-By-One om PSP (bsc#1217163). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4692=1 openSUSE-SLE-15.4-2023-4692=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4692=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4692=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4692=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4692=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4692=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * gimp-plugin-aa-debuginfo-2.10.30-150400.3.11.1 * gimp-plugin-aa-2.10.30-150400.3.11.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.11.1 * gimp-devel-2.10.30-150400.3.11.1 * gimp-debugsource-2.10.30-150400.3.11.1 * gimp-2.10.30-150400.3.11.1 * gimp-debuginfo-2.10.30-150400.3.11.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.11.1 * libgimpui-2_0-0-2.10.30-150400.3.11.1 * libgimp-2_0-0-2.10.30-150400.3.11.1 * gimp-devel-debuginfo-2.10.30-150400.3.11.1 * openSUSE Leap 15.4 (noarch) * gimp-lang-2.10.30-150400.3.11.1 * openSUSE Leap 15.4 (x86_64) * libgimpui-2_0-0-32bit-2.10.30-150400.3.11.1 * libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.11.1 * libgimp-2_0-0-32bit-2.10.30-150400.3.11.1 * libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.11.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libgimp-2_0-0-64bit-debuginfo-2.10.30-150400.3.11.1 * libgimp-2_0-0-64bit-2.10.30-150400.3.11.1 * libgimpui-2_0-0-64bit-debuginfo-2.10.30-150400.3.11.1 * libgimpui-2_0-0-64bit-2.10.30-150400.3.11.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * gimp-plugin-aa-debuginfo-2.10.30-150400.3.11.1 * gimp-plugin-aa-2.10.30-150400.3.11.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.11.1 * gimp-devel-2.10.30-150400.3.11.1 * gimp-debugsource-2.10.30-150400.3.11.1 * gimp-2.10.30-150400.3.11.1 * gimp-debuginfo-2.10.30-150400.3.11.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.11.1 * libgimpui-2_0-0-2.10.30-150400.3.11.1 * libgimp-2_0-0-2.10.30-150400.3.11.1 * gimp-devel-debuginfo-2.10.30-150400.3.11.1 * openSUSE Leap 15.5 (noarch) * gimp-lang-2.10.30-150400.3.11.1 * openSUSE Leap 15.5 (x86_64) * libgimpui-2_0-0-32bit-2.10.30-150400.3.11.1 * libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.11.1 * libgimp-2_0-0-32bit-2.10.30-150400.3.11.1 * libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.11.1 * SUSE Package Hub 15 15-SP4 (aarch64) * gimp-plugin-aa-debuginfo-2.10.30-150400.3.11.1 * gimp-plugin-aa-2.10.30-150400.3.11.1 * gimp-devel-2.10.30-150400.3.11.1 * gimp-2.10.30-150400.3.11.1 * gimp-devel-debuginfo-2.10.30-150400.3.11.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x) * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.11.1 * gimp-debugsource-2.10.30-150400.3.11.1 * gimp-debuginfo-2.10.30-150400.3.11.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.11.1 * libgimpui-2_0-0-2.10.30-150400.3.11.1 * libgimp-2_0-0-2.10.30-150400.3.11.1 * SUSE Package Hub 15 15-SP4 (noarch) * gimp-lang-2.10.30-150400.3.11.1 * SUSE Package Hub 15 15-SP5 (aarch64) * gimp-plugin-aa-debuginfo-2.10.30-150400.3.11.1 * gimp-plugin-aa-2.10.30-150400.3.11.1 * gimp-devel-2.10.30-150400.3.11.1 * gimp-2.10.30-150400.3.11.1 * gimp-devel-debuginfo-2.10.30-150400.3.11.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.11.1 * gimp-debugsource-2.10.30-150400.3.11.1 * gimp-debuginfo-2.10.30-150400.3.11.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.11.1 * libgimpui-2_0-0-2.10.30-150400.3.11.1 * libgimp-2_0-0-2.10.30-150400.3.11.1 * SUSE Package Hub 15 15-SP5 (noarch) * gimp-lang-2.10.30-150400.3.11.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.11.1 * gimp-devel-2.10.30-150400.3.11.1 * gimp-debugsource-2.10.30-150400.3.11.1 * gimp-2.10.30-150400.3.11.1 * gimp-debuginfo-2.10.30-150400.3.11.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.11.1 * libgimpui-2_0-0-2.10.30-150400.3.11.1 * libgimp-2_0-0-2.10.30-150400.3.11.1 * gimp-devel-debuginfo-2.10.30-150400.3.11.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (noarch) * gimp-lang-2.10.30-150400.3.11.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.11.1 * gimp-devel-2.10.30-150400.3.11.1 * gimp-debugsource-2.10.30-150400.3.11.1 * gimp-2.10.30-150400.3.11.1 * gimp-debuginfo-2.10.30-150400.3.11.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.11.1 * libgimpui-2_0-0-2.10.30-150400.3.11.1 * libgimp-2_0-0-2.10.30-150400.3.11.1 * gimp-devel-debuginfo-2.10.30-150400.3.11.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (noarch) * gimp-lang-2.10.30-150400.3.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-44441.html * https://www.suse.com/security/cve/CVE-2023-44442.html * https://www.suse.com/security/cve/CVE-2023-44443.html * https://www.suse.com/security/cve/CVE-2023-44444.html * https://bugzilla.suse.com/show_bug.cgi?id=1217160 * https://bugzilla.suse.com/show_bug.cgi?id=1217161 * https://bugzilla.suse.com/show_bug.cgi?id=1217162 * https://bugzilla.suse.com/show_bug.cgi?id=1217163 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:31:59 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:31:59 -0000 Subject: SUSE-SU-2023:4693-1: important: Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container Message-ID: <170255711973.23207.6941594469067666543@smelt2.prg2.suse.org> # Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools- container, virt-operator-container Announcement ID: SUSE-SU-2023:4693-1 Rating: important References: Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for kubevirt, virt-api-container, virt-controller-container, virt- handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues: Kubevirt is rebuilt against updated dependencies to fix security issues. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4693=1 openSUSE-SLE-15.4-2023-4693=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4693=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4693=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4693=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4693=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4693=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4693=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4693=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * kubevirt-virt-api-debuginfo-0.54.0-150400.3.26.1 * kubevirt-tests-debuginfo-0.54.0-150400.3.26.1 * kubevirt-virt-launcher-debuginfo-0.54.0-150400.3.26.1 * kubevirt-virt-operator-0.54.0-150400.3.26.1 * kubevirt-container-disk-debuginfo-0.54.0-150400.3.26.1 * kubevirt-virt-api-0.54.0-150400.3.26.1 * kubevirt-virt-launcher-0.54.0-150400.3.26.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.26.1 * kubevirt-container-disk-0.54.0-150400.3.26.1 * kubevirt-manifests-0.54.0-150400.3.26.1 * obs-service-kubevirt_containers_meta-0.54.0-150400.3.26.1 * kubevirt-virt-handler-0.54.0-150400.3.26.1 * kubevirt-virt-controller-0.54.0-150400.3.26.1 * kubevirt-tests-0.54.0-150400.3.26.1 * kubevirt-virtctl-0.54.0-150400.3.26.1 * kubevirt-virt-controller-debuginfo-0.54.0-150400.3.26.1 * kubevirt-virt-handler-debuginfo-0.54.0-150400.3.26.1 * kubevirt-virt-operator-debuginfo-0.54.0-150400.3.26.1 * openSUSE Leap Micro 5.3 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.26.1 * kubevirt-manifests-0.54.0-150400.3.26.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.26.1 * openSUSE Leap Micro 5.4 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.26.1 * kubevirt-manifests-0.54.0-150400.3.26.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.26.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.26.1 * kubevirt-manifests-0.54.0-150400.3.26.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.26.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.26.1 * kubevirt-manifests-0.54.0-150400.3.26.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.26.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.26.1 * kubevirt-manifests-0.54.0-150400.3.26.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.26.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.26.1 * kubevirt-manifests-0.54.0-150400.3.26.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.26.1 * Containers Module 15-SP4 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.26.1 * kubevirt-manifests-0.54.0-150400.3.26.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.26.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:14 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:14 -0000 Subject: SUSE-SU-2023:4672-1: important: Security update for suse-build-key Message-ID: <170255713434.23207.15776907361786292177@smelt2.prg2.suse.org> # Security update for suse-build-key Announcement ID: SUSE-SU-2023:4672-1 Rating: important References: * bsc#1216410 * bsc#1217215 * jsc#PED-2777 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature and has two security fixes can now be installed. ## Description: This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). \- suse-build-key- import.service \- suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4672=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4672=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4672=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4672=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4672=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4672=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4672=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4672=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4672=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4672=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4672=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4672=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4672=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4672=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4672=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4672=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4672=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4672=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4672=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4672=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4672=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4672=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4672=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4672=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4672=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * suse-build-key-12.0-150000.8.37.1 * openSUSE Leap Micro 5.4 (noarch) * suse-build-key-12.0-150000.8.37.1 * openSUSE Leap 15.4 (noarch) * suse-build-key-12.0-150000.8.37.1 * openSUSE Leap 15.5 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * suse-build-key-12.0-150000.8.37.1 * Basesystem Module 15-SP4 (noarch) * suse-build-key-12.0-150000.8.37.1 * Basesystem Module 15-SP5 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Enterprise Storage 7.1 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE CaaS Platform 4.0 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * suse-build-key-12.0-150000.8.37.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * suse-build-key-12.0-150000.8.37.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216410 * https://bugzilla.suse.com/show_bug.cgi?id=1217215 * https://jira.suse.com/browse/PED-2777 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:28 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:28 -0000 Subject: SUSE-SU-2023:4661-1: important: Security update for openvswitch Message-ID: <170255714830.23207.4462817482019202066@smelt2.prg2.suse.org> # Security update for openvswitch Announcement ID: SUSE-SU-2023:4661-1 Rating: important References: * bsc#1216002 Cross-References: * CVE-2023-5366 CVSS scores: * CVE-2023-5366 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-5366 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2023-5366: Fixed missing masks on a final stage with ports trie (bsc#1216002). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4661=1 SUSE-2023-4661=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4661=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4661=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4661=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4661=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4661=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * openvswitch-vtep-2.14.2-150400.24.17.1 * openvswitch-2.14.2-150400.24.17.1 * ovn-docker-20.06.2-150400.24.17.1 * python3-ovs-2.14.2-150400.24.17.1 * ovn-20.06.2-150400.24.17.1 * openvswitch-devel-2.14.2-150400.24.17.1 * openvswitch-debuginfo-2.14.2-150400.24.17.1 * libopenvswitch-2_14-0-2.14.2-150400.24.17.1 * openvswitch-debugsource-2.14.2-150400.24.17.1 * ovn-central-20.06.2-150400.24.17.1 * ovn-host-20.06.2-150400.24.17.1 * openvswitch-test-debuginfo-2.14.2-150400.24.17.1 * openvswitch-vtep-debuginfo-2.14.2-150400.24.17.1 * ovn-debuginfo-20.06.2-150400.24.17.1 * openvswitch-ipsec-2.14.2-150400.24.17.1 * ovn-vtep-debuginfo-20.06.2-150400.24.17.1 * ovn-central-debuginfo-20.06.2-150400.24.17.1 * libovn-20_06-0-debuginfo-20.06.2-150400.24.17.1 * libovn-20_06-0-20.06.2-150400.24.17.1 * openvswitch-test-2.14.2-150400.24.17.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.17.1 * ovn-host-debuginfo-20.06.2-150400.24.17.1 * ovn-devel-20.06.2-150400.24.17.1 * openvswitch-pki-2.14.2-150400.24.17.1 * ovn-vtep-20.06.2-150400.24.17.1 * openSUSE Leap 15.4 (noarch) * openvswitch-doc-2.14.2-150400.24.17.1 * ovn-doc-20.06.2-150400.24.17.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * openvswitch-vtep-2.14.2-150400.24.17.1 * openvswitch-2.14.2-150400.24.17.1 * ovn-docker-20.06.2-150400.24.17.1 * python3-ovs-2.14.2-150400.24.17.1 * ovn-20.06.2-150400.24.17.1 * openvswitch-devel-2.14.2-150400.24.17.1 * openvswitch-debuginfo-2.14.2-150400.24.17.1 * libopenvswitch-2_14-0-2.14.2-150400.24.17.1 * openvswitch-debugsource-2.14.2-150400.24.17.1 * ovn-central-20.06.2-150400.24.17.1 * ovn-host-20.06.2-150400.24.17.1 * openvswitch-test-debuginfo-2.14.2-150400.24.17.1 * openvswitch-vtep-debuginfo-2.14.2-150400.24.17.1 * ovn-debuginfo-20.06.2-150400.24.17.1 * openvswitch-ipsec-2.14.2-150400.24.17.1 * ovn-vtep-debuginfo-20.06.2-150400.24.17.1 * ovn-central-debuginfo-20.06.2-150400.24.17.1 * libovn-20_06-0-debuginfo-20.06.2-150400.24.17.1 * libovn-20_06-0-20.06.2-150400.24.17.1 * openvswitch-test-2.14.2-150400.24.17.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.17.1 * ovn-host-debuginfo-20.06.2-150400.24.17.1 * ovn-devel-20.06.2-150400.24.17.1 * openvswitch-pki-2.14.2-150400.24.17.1 * ovn-vtep-20.06.2-150400.24.17.1 * openSUSE Leap 15.5 (noarch) * openvswitch-doc-2.14.2-150400.24.17.1 * ovn-doc-20.06.2-150400.24.17.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * openvswitch-vtep-2.14.2-150400.24.17.1 * openvswitch-2.14.2-150400.24.17.1 * ovn-docker-20.06.2-150400.24.17.1 * python3-ovs-2.14.2-150400.24.17.1 * ovn-20.06.2-150400.24.17.1 * openvswitch-devel-2.14.2-150400.24.17.1 * openvswitch-debuginfo-2.14.2-150400.24.17.1 * libopenvswitch-2_14-0-2.14.2-150400.24.17.1 * openvswitch-debugsource-2.14.2-150400.24.17.1 * ovn-central-20.06.2-150400.24.17.1 * ovn-host-20.06.2-150400.24.17.1 * openvswitch-test-debuginfo-2.14.2-150400.24.17.1 * openvswitch-vtep-debuginfo-2.14.2-150400.24.17.1 * ovn-debuginfo-20.06.2-150400.24.17.1 * openvswitch-ipsec-2.14.2-150400.24.17.1 * ovn-vtep-debuginfo-20.06.2-150400.24.17.1 * ovn-central-debuginfo-20.06.2-150400.24.17.1 * libovn-20_06-0-debuginfo-20.06.2-150400.24.17.1 * libovn-20_06-0-20.06.2-150400.24.17.1 * openvswitch-test-2.14.2-150400.24.17.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.17.1 * ovn-host-debuginfo-20.06.2-150400.24.17.1 * ovn-devel-20.06.2-150400.24.17.1 * openvswitch-pki-2.14.2-150400.24.17.1 * ovn-vtep-20.06.2-150400.24.17.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * openvswitch-debuginfo-2.14.2-150400.24.17.1 * openvswitch-debugsource-2.14.2-150400.24.17.1 * python3-ovs-2.14.2-150400.24.17.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * openvswitch-debuginfo-2.14.2-150400.24.17.1 * openvswitch-debugsource-2.14.2-150400.24.17.1 * python3-ovs-2.14.2-150400.24.17.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openvswitch-vtep-2.14.2-150400.24.17.1 * openvswitch-2.14.2-150400.24.17.1 * ovn-docker-20.06.2-150400.24.17.1 * python3-ovs-2.14.2-150400.24.17.1 * ovn-20.06.2-150400.24.17.1 * openvswitch-devel-2.14.2-150400.24.17.1 * openvswitch-debuginfo-2.14.2-150400.24.17.1 * libopenvswitch-2_14-0-2.14.2-150400.24.17.1 * openvswitch-debugsource-2.14.2-150400.24.17.1 * ovn-central-20.06.2-150400.24.17.1 * ovn-host-20.06.2-150400.24.17.1 * openvswitch-test-debuginfo-2.14.2-150400.24.17.1 * openvswitch-vtep-debuginfo-2.14.2-150400.24.17.1 * ovn-debuginfo-20.06.2-150400.24.17.1 * openvswitch-ipsec-2.14.2-150400.24.17.1 * ovn-vtep-debuginfo-20.06.2-150400.24.17.1 * ovn-central-debuginfo-20.06.2-150400.24.17.1 * libovn-20_06-0-debuginfo-20.06.2-150400.24.17.1 * libovn-20_06-0-20.06.2-150400.24.17.1 * openvswitch-test-2.14.2-150400.24.17.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.17.1 * ovn-host-debuginfo-20.06.2-150400.24.17.1 * ovn-devel-20.06.2-150400.24.17.1 * openvswitch-pki-2.14.2-150400.24.17.1 * ovn-vtep-20.06.2-150400.24.17.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5366.html * https://bugzilla.suse.com/show_bug.cgi?id=1216002 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:35 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:35 -0000 Subject: SUSE-SU-2023:4656-1: moderate: Security update for traceroute Message-ID: <170255715516.23207.12572091791343487907@smelt2.prg2.suse.org> # Security update for traceroute Announcement ID: SUSE-SU-2023:4656-1 Rating: moderate References: * bsc#1216591 Cross-References: * CVE-2023-46316 CVSS scores: * CVE-2023-46316 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-46316 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for traceroute fixes the following issues: * CVE-2023-46316: wrapper scripts do not properly parse command lines (bsc#1216591). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4656=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4656=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4656=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * traceroute-debuginfo-2.0.19-3.6.1 * traceroute-2.0.19-3.6.1 * traceroute-debugsource-2.0.19-3.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * traceroute-debuginfo-2.0.19-3.6.1 * traceroute-2.0.19-3.6.1 * traceroute-debugsource-2.0.19-3.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * traceroute-debuginfo-2.0.19-3.6.1 * traceroute-2.0.19-3.6.1 * traceroute-debugsource-2.0.19-3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46316.html * https://bugzilla.suse.com/show_bug.cgi?id=1216591 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:44 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:44 -0000 Subject: SUSE-SU-2023:4651-1: important: Security update for webkit2gtk3 Message-ID: <170255716405.23207.8354501115421307733@smelt2.prg2.suse.org> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:4651-1 Rating: important References: * bsc#1216778 * bsc#1217210 Cross-References: * CVE-2022-32919 * CVE-2022-32933 * CVE-2022-46705 * CVE-2022-46725 * CVE-2023-32359 * CVE-2023-41983 * CVE-2023-42852 CVSS scores: * CVE-2022-32919 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2022-32933 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2022-46705 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-46705 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-46725 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-46725 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-32359 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-32359 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-41983 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-41983 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-42852 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-42852 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.42.2 (bsc#1217210): * CVE-2023-41983: Processing web content may lead to a denial-of-service. * CVE-2023-42852: Processing web content may lead to arbitrary code execution. Already previously fixed: * CVE-2022-32919: Visiting a website that frames malicious content may lead to UI spoofing (fixed already in 2.38.4). * CVE-2022-32933: A website may be able to track the websites a user visited in private browsing mode (fixed already in 2.38.0). * CVE-2022-46705: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4). * CVE-2022-46725: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4). * CVE-2023-32359: A user???s password may be read aloud by a text-to-speech accessibility feature (fixed already in 2.42.0). Bug fixes: * Disable DMABuf renderer for NVIDIA proprietary drivers (bsc#1216778). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4651=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4651=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4651=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4651=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4651=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-devel-2.42.2-2.158.2 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-2.158.2 * webkit2gtk3-debugsource-2.42.2-2.158.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-2.158.2 * libjavascriptcoregtk-4_0-18-2.42.2-2.158.2 * typelib-1_0-JavaScriptCore-4_0-2.42.2-2.158.2 * typelib-1_0-WebKit2-4_0-2.42.2-2.158.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-2.158.2 * webkit2gtk3-debugsource-2.42.2-2.158.2 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-2.158.2 * webkit2gtk-4_0-injected-bundles-2.42.2-2.158.2 * libwebkit2gtk-4_0-37-2.42.2-2.158.2 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-2.158.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * libwebkit2gtk3-lang-2.42.2-2.158.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-2.158.2 * libjavascriptcoregtk-4_0-18-2.42.2-2.158.2 * typelib-1_0-JavaScriptCore-4_0-2.42.2-2.158.2 * typelib-1_0-WebKit2-4_0-2.42.2-2.158.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-2.158.2 * webkit2gtk3-debugsource-2.42.2-2.158.2 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-2.158.2 * webkit2gtk-4_0-injected-bundles-2.42.2-2.158.2 * libwebkit2gtk-4_0-37-2.42.2-2.158.2 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-2.158.2 * SUSE Linux Enterprise Server 12 SP5 (noarch) * libwebkit2gtk3-lang-2.42.2-2.158.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-2.158.2 * libjavascriptcoregtk-4_0-18-2.42.2-2.158.2 * typelib-1_0-JavaScriptCore-4_0-2.42.2-2.158.2 * typelib-1_0-WebKit2-4_0-2.42.2-2.158.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-2.158.2 * webkit2gtk3-debugsource-2.42.2-2.158.2 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-2.158.2 * webkit2gtk-4_0-injected-bundles-2.42.2-2.158.2 * libwebkit2gtk-4_0-37-2.42.2-2.158.2 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-2.158.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * libwebkit2gtk3-lang-2.42.2-2.158.2 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libjavascriptcoregtk-4_0-18-32bit-2.42.2-2.158.2 ## References: * https://www.suse.com/security/cve/CVE-2022-32919.html * https://www.suse.com/security/cve/CVE-2022-32933.html * https://www.suse.com/security/cve/CVE-2022-46705.html * https://www.suse.com/security/cve/CVE-2022-46725.html * https://www.suse.com/security/cve/CVE-2023-32359.html * https://www.suse.com/security/cve/CVE-2023-41983.html * https://www.suse.com/security/cve/CVE-2023-42852.html * https://bugzilla.suse.com/show_bug.cgi?id=1216778 * https://bugzilla.suse.com/show_bug.cgi?id=1217210 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:46 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:46 -0000 Subject: SUSE-SU-2023:4650-1: moderate: Security update for curl Message-ID: <170255716667.23207.13394448144306882529@smelt2.prg2.suse.org> # Security update for curl Announcement ID: SUSE-SU-2023:4650-1 Rating: moderate References: * bsc#1215889 * bsc#1217573 Cross-References: * CVE-2023-38546 * CVE-2023-46218 CVSS scores: * CVE-2023-38546 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-38546 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-46218 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2023-46218 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves two vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2023-38546: Fixed a cookie injection with none file (bsc#1215889). * CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4650=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4650=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4650=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * curl-debuginfo-7.60.0-150000.56.1 * curl-debugsource-7.60.0-150000.56.1 * libcurl-devel-7.60.0-150000.56.1 * curl-7.60.0-150000.56.1 * libcurl4-debuginfo-7.60.0-150000.56.1 * libcurl4-7.60.0-150000.56.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libcurl4-32bit-debuginfo-7.60.0-150000.56.1 * libcurl4-32bit-7.60.0-150000.56.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * curl-debuginfo-7.60.0-150000.56.1 * curl-debugsource-7.60.0-150000.56.1 * libcurl-devel-7.60.0-150000.56.1 * curl-7.60.0-150000.56.1 * libcurl4-debuginfo-7.60.0-150000.56.1 * libcurl4-7.60.0-150000.56.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libcurl4-32bit-debuginfo-7.60.0-150000.56.1 * libcurl4-32bit-7.60.0-150000.56.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * curl-debuginfo-7.60.0-150000.56.1 * curl-debugsource-7.60.0-150000.56.1 * libcurl-devel-7.60.0-150000.56.1 * curl-7.60.0-150000.56.1 * libcurl4-debuginfo-7.60.0-150000.56.1 * libcurl4-7.60.0-150000.56.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libcurl4-32bit-debuginfo-7.60.0-150000.56.1 * libcurl4-32bit-7.60.0-150000.56.1 * SUSE CaaS Platform 4.0 (x86_64) * libcurl4-32bit-7.60.0-150000.56.1 * curl-debuginfo-7.60.0-150000.56.1 * libcurl4-32bit-debuginfo-7.60.0-150000.56.1 * curl-debugsource-7.60.0-150000.56.1 * libcurl-devel-7.60.0-150000.56.1 * curl-7.60.0-150000.56.1 * libcurl4-debuginfo-7.60.0-150000.56.1 * libcurl4-7.60.0-150000.56.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38546.html * https://www.suse.com/security/cve/CVE-2023-46218.html * https://bugzilla.suse.com/show_bug.cgi?id=1215889 * https://bugzilla.suse.com/show_bug.cgi?id=1217573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:48 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:48 -0000 Subject: SUSE-SU-2023:4649-1: important: Security update for openssl-3 Message-ID: <170255716801.23207.9169004259455318671@smelt2.prg2.suse.org> # Security update for openssl-3 Announcement ID: SUSE-SU-2023:4649-1 Rating: important References: * bsc#1194187 * bsc#1207472 * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). Bug fixes: * The default /etc/ssl/openssl3.cnf file will include any configuration files that other packages might place into /etc/ssl/engines3.d/ and /etc/ssl/engdef3.d/. * Create the two new necessary directores for the above. [bsc#1194187, bsc#1207472] ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4649=1 SUSE-2023-4649=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4649=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4649=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4649=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4649=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4649=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4649=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4649=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * openssl-3-debugsource-3.0.8-150400.4.42.1 * libopenssl-3-devel-3.0.8-150400.4.42.1 * libopenssl3-3.0.8-150400.4.42.1 * openssl-3-debuginfo-3.0.8-150400.4.42.1 * openssl-3-3.0.8-150400.4.42.1 * libopenssl3-debuginfo-3.0.8-150400.4.42.1 * openSUSE Leap 15.4 (x86_64) * libopenssl-3-devel-32bit-3.0.8-150400.4.42.1 * libopenssl3-32bit-debuginfo-3.0.8-150400.4.42.1 * libopenssl3-32bit-3.0.8-150400.4.42.1 * openSUSE Leap 15.4 (noarch) * openssl-3-doc-3.0.8-150400.4.42.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libopenssl3-64bit-3.0.8-150400.4.42.1 * libopenssl-3-devel-64bit-3.0.8-150400.4.42.1 * libopenssl3-64bit-debuginfo-3.0.8-150400.4.42.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libopenssl3-3.0.8-150400.4.42.1 * libopenssl3-debuginfo-3.0.8-150400.4.42.1 * openssl-3-debugsource-3.0.8-150400.4.42.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libopenssl3-3.0.8-150400.4.42.1 * libopenssl3-debuginfo-3.0.8-150400.4.42.1 * openssl-3-debugsource-3.0.8-150400.4.42.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libopenssl3-3.0.8-150400.4.42.1 * libopenssl3-debuginfo-3.0.8-150400.4.42.1 * openssl-3-debugsource-3.0.8-150400.4.42.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libopenssl3-3.0.8-150400.4.42.1 * libopenssl3-debuginfo-3.0.8-150400.4.42.1 * openssl-3-debugsource-3.0.8-150400.4.42.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openssl-3-debugsource-3.0.8-150400.4.42.1 * libopenssl-3-devel-3.0.8-150400.4.42.1 * libopenssl3-3.0.8-150400.4.42.1 * openssl-3-debuginfo-3.0.8-150400.4.42.1 * openssl-3-3.0.8-150400.4.42.1 * libopenssl3-debuginfo-3.0.8-150400.4.42.1 * openSUSE Leap Micro 5.3 (aarch64 ppc64le s390x x86_64) * libopenssl3-3.0.8-150400.4.42.1 * libopenssl3-debuginfo-3.0.8-150400.4.42.1 * openssl-3-debugsource-3.0.8-150400.4.42.1 * openSUSE Leap Micro 5.4 (aarch64 ppc64le s390x x86_64) * libopenssl3-3.0.8-150400.4.42.1 * libopenssl3-debuginfo-3.0.8-150400.4.42.1 * openssl-3-debugsource-3.0.8-150400.4.42.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1194187 * https://bugzilla.suse.com/show_bug.cgi?id=1207472 * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 12:32:54 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 12:32:54 -0000 Subject: SUSE-SU-2023:4647-1: moderate: Security update for haproxy Message-ID: <170255717447.23207.16558586458388625671@smelt2.prg2.suse.org> # Security update for haproxy Announcement ID: SUSE-SU-2023:4647-1 Rating: moderate References: * bsc#1217653 Cross-References: * CVE-2023-45539 CVSS scores: * CVE-2023-45539 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-45539 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for haproxy fixes the following issues: * CVE-2023-45539: Fixed misinterpretation of a path_end rule with # as part of the URI component (bsc#1217653). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4647=1 openSUSE-SLE-15.4-2023-4647=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4647=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4647=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4647=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4647=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4647=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4647=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4647=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4647=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-4647=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-4647=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.19.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.19.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.19.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.19.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.19.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.19.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.19.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.19.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.19.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.19.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.19.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.19.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.19.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.19.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.19.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.19.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.19.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.19.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.19.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.19.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.19.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.19.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45539.html * https://bugzilla.suse.com/show_bug.cgi?id=1217653 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 16:30:02 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 16:30:02 -0000 Subject: SUSE-SU-2023:4867-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP5) Message-ID: <170257140257.26504.4178849285083965755@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:4867-1 Rating: important References: * bsc#1215097 * bsc#1215519 Cross-References: * CVE-2023-2163 * CVE-2023-3777 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_31 fixes several issues. The following security issues were fixed: * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215097) * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4867=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4867=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4864=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4864=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_92-default-debuginfo-2-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_19-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_92-default-2-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_92-default-debuginfo-2-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_19-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_92-default-2-150400.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_6-debugsource-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_31-default-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_31-default-debuginfo-2-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_6-debugsource-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_31-default-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_31-default-debuginfo-2-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://bugzilla.suse.com/show_bug.cgi?id=1215097 * https://bugzilla.suse.com/show_bug.cgi?id=1215519 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 16:30:05 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 16:30:05 -0000 Subject: SUSE-SU-2023:4863-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP5) Message-ID: <170257140514.26504.2032297494071160031@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:4863-1 Rating: important References: * bsc#1215097 * bsc#1215442 * bsc#1215519 * bsc#1215971 Cross-References: * CVE-2023-2163 * CVE-2023-3777 * CVE-2023-4622 * CVE-2023-5345 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_28 fixes several issues. The following security issues were fixed: * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215097) * CVE-2023-5345: Fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215971) * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215442). * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4863=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4863=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_28-default-3-150500.2.1 * kernel-livepatch-5_14_21-150500_55_28-default-debuginfo-3-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_5-debugsource-3-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_28-default-3-150500.2.1 * kernel-livepatch-5_14_21-150500_55_28-default-debuginfo-3-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_5-debugsource-3-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-5345.html * https://bugzilla.suse.com/show_bug.cgi?id=1215097 * https://bugzilla.suse.com/show_bug.cgi?id=1215442 * https://bugzilla.suse.com/show_bug.cgi?id=1215519 * https://bugzilla.suse.com/show_bug.cgi?id=1215971 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 16:30:08 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 16:30:08 -0000 Subject: SUSE-SU-2023:4862-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP3) Message-ID: <170257140830.26504.632385960380912340@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:4862-1 Rating: important References: * bsc#1215097 * bsc#1215442 * bsc#1215519 Cross-References: * CVE-2023-2163 * CVE-2023-3777 * CVE-2023-4622 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_109 fixes several issues. The following security issues were fixed: * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215097) * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215442). * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4862=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4862=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_109-default-debuginfo-11-150300.2.2 * kernel-livepatch-5_3_18-150300_59_109-default-11-150300.2.2 * kernel-livepatch-SLE15-SP3_Update_28-debugsource-11-150300.2.2 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_109-preempt-debuginfo-11-150300.2.2 * kernel-livepatch-5_3_18-150300_59_109-preempt-11-150300.2.2 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_109-default-11-150300.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://bugzilla.suse.com/show_bug.cgi?id=1215097 * https://bugzilla.suse.com/show_bug.cgi?id=1215442 * https://bugzilla.suse.com/show_bug.cgi?id=1215519 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 16:30:10 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 16:30:10 -0000 Subject: SUSE-SU-2023:4866-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP2) Message-ID: <170257141054.26504.12513409142286291139@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:4866-1 Rating: important References: * bsc#1215442 * bsc#1215519 Cross-References: * CVE-2023-2163 * CVE-2023-4622 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_154 fixes several issues. The following security issues were fixed: * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215442). * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-4866=1 SUSE-SLE- Module-Live-Patching-15-SP2-2023-4861=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_154-default-6-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_37-debugsource-6-150200.2.1 * kernel-livepatch-5_3_18-150200_24_154-default-debuginfo-6-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_34-debugsource-9-150200.2.1 * kernel-livepatch-5_3_18-150200_24_145-default-debuginfo-9-150200.2.1 * kernel-livepatch-5_3_18-150200_24_145-default-9-150200.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://bugzilla.suse.com/show_bug.cgi?id=1215442 * https://bugzilla.suse.com/show_bug.cgi?id=1215519 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 16:30:12 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 16:30:12 -0000 Subject: SUSE-SU-2023:4849-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP4) Message-ID: <170257141271.26504.9756999369900393789@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:4849-1 Rating: important References: * bsc#1213584 * bsc#1215097 * bsc#1215442 * bsc#1215519 Cross-References: * CVE-2023-2163 * CVE-2023-3610 * CVE-2023-3777 * CVE-2023-4622 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_33 fixes several issues. The following security issues were fixed: * CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213584). * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215097) * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215442). * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4849=1 SUSE-2023-4850=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4849=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-4850=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_33-default-13-150400.2.2 * kernel-livepatch-5_14_21-150400_24_33-default-debuginfo-13-150400.2.2 * kernel-livepatch-5_14_21-150400_24_28-default-debuginfo-14-150400.2.2 * kernel-livepatch-5_14_21-150400_24_28-default-14-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_5-debugsource-13-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_4-debugsource-14-150400.2.2 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_33-default-13-150400.2.2 * kernel-livepatch-5_14_21-150400_24_33-default-debuginfo-13-150400.2.2 * kernel-livepatch-5_14_21-150400_24_28-default-debuginfo-14-150400.2.2 * kernel-livepatch-5_14_21-150400_24_28-default-14-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_5-debugsource-13-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_4-debugsource-14-150400.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-3610.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://bugzilla.suse.com/show_bug.cgi?id=1213584 * https://bugzilla.suse.com/show_bug.cgi?id=1215097 * https://bugzilla.suse.com/show_bug.cgi?id=1215442 * https://bugzilla.suse.com/show_bug.cgi?id=1215519 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 16:30:15 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 16:30:15 -0000 Subject: SUSE-SU-2023:4848-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP5) Message-ID: <170257141540.26504.3348555352075840837@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:4848-1 Rating: important References: * bsc#1213584 * bsc#1215097 * bsc#1215442 * bsc#1215519 * bsc#1215971 Cross-References: * CVE-2023-2163 * CVE-2023-3610 * CVE-2023-3777 * CVE-2023-4622 * CVE-2023-5345 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_19 fixes several issues. The following security issues were fixed: * CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213584). * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215097) * CVE-2023-5345: Fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215971) * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215442). * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4857=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4857=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4848=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-4851=1 SUSE-SLE-Module-Live- Patching-15-SP4-2023-4858=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-4859=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-4865=1 SUSE-SLE-Module-Live- Patching-15-SP4-2023-4856=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4851=1 SUSE-2023-4858=1 SUSE-2023-4859=1 SUSE-2023-4865=1 SUSE-2023-4856=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_19-default-4-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_3-debugsource-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_19-default-debuginfo-4-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_19-default-4-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_3-debugsource-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_19-default-debuginfo-4-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-SLE15-SP4-RT_Update_1-debugsource-12-150400.2.2 * kernel-livepatch-5_14_21-150400_15_5-rt-debuginfo-12-150400.2.2 * kernel-livepatch-5_14_21-150400_15_5-rt-12-150400.2.2 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_14-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_55-default-debuginfo-9-150400.2.1 * kernel-livepatch-5_14_21-150400_24_46-default-10-150400.2.2 * kernel-livepatch-5_14_21-150400_24_38-default-debuginfo-12-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_13-debugsource-6-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_6-debugsource-12-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_10-debugsource-9-150400.2.1 * kernel-livepatch-5_14_21-150400_24_69-default-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_66-default-debuginfo-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_46-default-debuginfo-10-150400.2.2 * kernel-livepatch-5_14_21-150400_24_66-default-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_55-default-9-150400.2.1 * kernel-livepatch-5_14_21-150400_24_38-default-12-150400.2.2 * kernel-livepatch-5_14_21-150400_24_69-default-debuginfo-5-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_8-debugsource-10-150400.2.2 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_14-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_55-default-debuginfo-9-150400.2.1 * kernel-livepatch-5_14_21-150400_24_46-default-10-150400.2.2 * kernel-livepatch-5_14_21-150400_24_38-default-debuginfo-12-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_13-debugsource-6-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_6-debugsource-12-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_10-debugsource-9-150400.2.1 * kernel-livepatch-5_14_21-150400_24_69-default-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_66-default-debuginfo-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_46-default-debuginfo-10-150400.2.2 * kernel-livepatch-5_14_21-150400_24_66-default-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_55-default-9-150400.2.1 * kernel-livepatch-5_14_21-150400_24_38-default-12-150400.2.2 * kernel-livepatch-5_14_21-150400_24_69-default-debuginfo-5-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_8-debugsource-10-150400.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-3610.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-5345.html * https://bugzilla.suse.com/show_bug.cgi?id=1213584 * https://bugzilla.suse.com/show_bug.cgi?id=1215097 * https://bugzilla.suse.com/show_bug.cgi?id=1215442 * https://bugzilla.suse.com/show_bug.cgi?id=1215519 * https://bugzilla.suse.com/show_bug.cgi?id=1215971 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 16:30:17 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 16:30:17 -0000 Subject: SUSE-SU-2023:4847-1: important: Security update for the Linux Kernel (Live Patch 44 for SLE 12 SP5) Message-ID: <170257141756.26504.9676377094295234483@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 44 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:4847-1 Rating: important References: * bsc#1215442 Cross-References: * CVE-2023-4622 CVSS scores: * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_162 fixes one issue. The following security issue was fixed: * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215442). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-4847=1 SUSE-SLE-Live- Patching-12-SP5-2023-4853=1 SUSE-SLE-Live-Patching-12-SP5-2023-4854=1 SUSE-SLE- Live-Patching-12-SP5-2023-4855=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_147-default-10-2.2 * kgraft-patch-4_12_14-122_150-default-10-2.2 * kgraft-patch-4_12_14-122_162-default-6-2.1 * kgraft-patch-4_12_14-122_153-default-8-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4622.html * https://bugzilla.suse.com/show_bug.cgi?id=1215442 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 16:30:20 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 16:30:20 -0000 Subject: SUSE-SU-2023:4870-1: moderate: Security update for cosign Message-ID: <170257142071.26504.1445692521388071489@smelt2.prg2.suse.org> # Security update for cosign Announcement ID: SUSE-SU-2023:4870-1 Rating: moderate References: * bsc#1216933 * jsc#SLE-23879 Cross-References: * CVE-2023-46737 CVSS scores: * CVE-2023-46737 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-46737 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for cosign fixes the following issues: Updated to 2.2.1 (jsc#SLE-23879) * Enhancements: * CVE-2023-46737: Possible endless data attack from attacker-controlled registry (bsc#1216933) * feat: Support basic auth and bearer auth login to registry (#3310) * add support for ignoring certificates with pkcs11 (#3334) * Support ReplaceOp in Signatures (#3315) * feat: added ability to get image digest back via triangulate (#3255) * feat: add `--only` flag in `cosign copy` to copy sign, att & sbom (#3247) * feat: add support attaching a Rekor bundle to a container (#3246) * feat: add support outputting rekor response on signing (#3248) * feat: improve dockerfile verify subcommand (#3264) * Add guard flag for experimental OCI 1.1 verify. (#3272) * Deprecate SBOM attachments (#3256) * feat: dedent line in cosign copy doc (#3244) * feat: add platform flag to cosign copy command (#3234) * Add SLSA 1.0 attestation support to cosign. Closes #2860 (#3219) * attest: pass OCI remote opts to att resolver. (#3225) * Bug Fixes: * Merge pull request from GHSA-vfp6-jrw2-99g9 * fix: allow cosign download sbom when image is absent (#3245) * ci: add a OCI registry test for referrers support (#3253) * Fix ReplaceSignatures (#3292) * Stop using deprecated in_toto.ProvenanceStatement (#3243) * Fixes #3236, disable SCT checking for a cosign verification when using .. (#3237) * fix: update error in `SignedEntity` to be more descriptive (#3233) * Fail timestamp verification if no root is provided (#3224) * Documentation: * Add some docs about verifying in an air-gapped environment (#3321) * Update CONTRIBUTING.md (#3268) * docs: improves the Contribution guidelines (#3257) * Remove security policy (#3230) * Others: * Set go to min 1.21 and update dependencies (#3327) * Update contact for code of conduct (#3266) * Update .ko.yaml (#3240) Updated to 2.2.0 (jsc#SLE-23879) * Enhancements * switch to uploading DSSE types to rekor instead of intoto (#3113) * add 'cosign sign' command-line parameters for mTLS (#3052) * improve error messages around bundle != payload hash (#3146) * make VerifyImageAttestation function public (#3156) * Switch to cryptoutils function for SANS (#3185) * Handle HTTP_1_1_REQUIRED errors in github provider (#3172) * Bug Fixes * Fix nondeterminsitic timestamps (#3121) * Documentation * doc: Add example of sign-blob with key in env var (#3152) * add deprecation notice for cosign-releases GCS bucket (#3148) * update doc links (#3186) Updated to 2.1.1 (jsc#SLE-23879) * Bug Fixes * wait for the workers become available again to continue the execution (#3084) * fix help text when in a container (#3082) Updated to 2.1.0 (jsc#SLE-23879) * Breaking Change: The predicate is now a required flag in the attest commands, set via the --type flag. * Enhancements * Verify sigs and attestations in parallel (#3066) * Deep inspect attestations when filtering download (#3031) * refactor bundle validation code, add support for DSSE rekor type (#3016) * Allow overriding remote options (#3049) * feat: adds no cert found on sig exit code (#3038) * Make predicate a required flag in attest commands (#3033) * Added support for attaching Time stamp authority Response in attach command (#3001) * Add sign --sign-container-identity CLI (#2984) * Feature: Allow cosign to sign digests before they are uploaded. (#2959) * accepts attachment-tag-prefix for cosign copy (#3014) * Feature: adds '\--allow-insecure-registry' for cosign load (#3000) * download attestation: support --platform flag (#2980) * Cleanup: Add Digest to the SignedEntity interface. (#2960) * verify command: support keyless verification using only a provided certificate chain with non-fulcio roots (#2845) * verify: use workers to limit the paralellism when verifying images with --max-workers flag (#3069) * Bug Fixes * Fix pkg/cosign/errors (#3050) * Fix: update doc to refer to github-actions oidc provider (#3040) * Fix: prefer GitHub OIDC provider if enabled (#3044) * Fix --sig-only in cosign copy (#3074) * Documentation * Fix links to sigstore/docs in markdown files (#3064) Update to 2.0.2 (jsc#SLE-23879) * Enhancements * Update sigstore/sigstore to v1.6.2 to pick up TUF CDN change (#2891) * feat: Make cosign copy faster (#2901) * remove sget (#2885) * Require a payload to be provided with a signature (#2785) * Bug Fixes * cmd: Change error message from KeyParseError to PubKeyParseError for verify-blob. (#2876) * Use SOURCE_DATE_EPOCH for OCI CreatedAt times (#2878) * Documentation * Remove experimental warning from Fulcio flags (#2923) * add missing oidc provider (#2922) * Add zot as a supported registry (#2920) * deprecates kms_support docs (#2900) * chore(docs) deprecate note for usage docs (#2906) * adds note of deprecation for examples.md docs (#2899) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4870=1 openSUSE-SLE-15.4-2023-4870=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4870=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4870=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4870=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * cosign-2.2.1-150400.3.14.1 * cosign-debuginfo-2.2.1-150400.3.14.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * cosign-2.2.1-150400.3.14.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cosign-2.2.1-150400.3.14.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * cosign-2.2.1-150400.3.14.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46737.html * https://bugzilla.suse.com/show_bug.cgi?id=1216933 * https://jira.suse.com/browse/SLE-23879 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 16:30:23 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 16:30:23 -0000 Subject: SUSE-SU-2023:4869-1: important: Security update for tiff Message-ID: <170257142364.26504.3772524355411805108@smelt2.prg2.suse.org> # Security update for tiff Announcement ID: SUSE-SU-2023:4869-1 Rating: important References: * bsc#1199483 * bsc#1210231 * bsc#1211478 * bsc#1212398 * bsc#1214680 Cross-References: * CVE-2022-1622 * CVE-2022-40090 * CVE-2023-1916 * CVE-2023-26965 * CVE-2023-2731 CVSS scores: * CVE-2022-1622 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-1622 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-40090 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-40090 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1916 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2023-1916 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2023-26965 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2023-26965 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2731 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2731 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for tiff fixes the following issues: * CVE-2023-2731: Fix null pointer deference in LZWDecode() (bsc#1211478). * CVE-2023-1916: Fix out-of-bounds read in extractImageSection() (bsc#1210231). * CVE-2023-26965: Fix heap-based use after free in loadImage() (bsc#1212398). * CVE-2022-40090: Fix infinite loop in TIFFReadDirectory() (bsc#1214680). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4869=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4869=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4869=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4869=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4869=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4869=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4869=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4869=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4869=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4869=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4869=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4869=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4869=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4869=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4869=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4869=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4869=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4869=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4869=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4869=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4869=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4869=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4869=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4869=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4869=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4869=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff-devel-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debugsource-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libtiff5-32bit-4.0.9-150000.45.35.1 * libtiff5-32bit-debuginfo-4.0.9-150000.45.35.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff-devel-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debugsource-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libtiff5-32bit-4.0.9-150000.45.35.1 * libtiff5-32bit-debuginfo-4.0.9-150000.45.35.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff-devel-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debugsource-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libtiff5-32bit-4.0.9-150000.45.35.1 * libtiff5-32bit-debuginfo-4.0.9-150000.45.35.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff-devel-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debugsource-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libtiff5-32bit-4.0.9-150000.45.35.1 * libtiff5-32bit-debuginfo-4.0.9-150000.45.35.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff-devel-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debugsource-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libtiff5-32bit-4.0.9-150000.45.35.1 * libtiff5-32bit-debuginfo-4.0.9-150000.45.35.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff-devel-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debugsource-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libtiff5-32bit-4.0.9-150000.45.35.1 * libtiff5-32bit-debuginfo-4.0.9-150000.45.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff-devel-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debugsource-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libtiff5-32bit-4.0.9-150000.45.35.1 * libtiff5-32bit-debuginfo-4.0.9-150000.45.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff-devel-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debugsource-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libtiff5-32bit-4.0.9-150000.45.35.1 * libtiff5-32bit-debuginfo-4.0.9-150000.45.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff-devel-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debugsource-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libtiff5-32bit-4.0.9-150000.45.35.1 * libtiff5-32bit-debuginfo-4.0.9-150000.45.35.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff-devel-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debugsource-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * SUSE Enterprise Storage 7.1 (x86_64) * libtiff5-32bit-4.0.9-150000.45.35.1 * libtiff5-32bit-debuginfo-4.0.9-150000.45.35.1 * SUSE CaaS Platform 4.0 (x86_64) * libtiff5-32bit-debuginfo-4.0.9-150000.45.35.1 * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff-devel-4.0.9-150000.45.35.1 * libtiff5-32bit-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debugsource-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * tiff-debugsource-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * openSUSE Leap 15.4 (x86_64) * libtiff5-32bit-debuginfo-4.0.9-150000.45.35.1 * libtiff5-32bit-4.0.9-150000.45.35.1 * libtiff-devel-32bit-4.0.9-150000.45.35.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff-devel-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debugsource-4.0.9-150000.45.35.1 * tiff-4.0.9-150000.45.35.1 * openSUSE Leap 15.5 (x86_64) * libtiff5-32bit-debuginfo-4.0.9-150000.45.35.1 * libtiff5-32bit-4.0.9-150000.45.35.1 * libtiff-devel-32bit-4.0.9-150000.45.35.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff-devel-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debugsource-4.0.9-150000.45.35.1 * tiff-4.0.9-150000.45.35.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff-devel-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debugsource-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * Basesystem Module 15-SP4 (x86_64) * libtiff5-32bit-4.0.9-150000.45.35.1 * libtiff5-32bit-debuginfo-4.0.9-150000.45.35.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff-devel-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debugsource-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * Basesystem Module 15-SP5 (x86_64) * libtiff5-32bit-4.0.9-150000.45.35.1 * libtiff5-32bit-debuginfo-4.0.9-150000.45.35.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * tiff-debugsource-4.0.9-150000.45.35.1 * tiff-debuginfo-4.0.9-150000.45.35.1 * tiff-4.0.9-150000.45.35.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * tiff-debugsource-4.0.9-150000.45.35.1 * tiff-debuginfo-4.0.9-150000.45.35.1 * tiff-4.0.9-150000.45.35.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * tiff-debuginfo-4.0.9-150000.45.35.1 * libtiff-devel-4.0.9-150000.45.35.1 * libtiff5-debuginfo-4.0.9-150000.45.35.1 * tiff-debugsource-4.0.9-150000.45.35.1 * libtiff5-4.0.9-150000.45.35.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libtiff5-32bit-4.0.9-150000.45.35.1 * libtiff5-32bit-debuginfo-4.0.9-150000.45.35.1 ## References: * https://www.suse.com/security/cve/CVE-2022-1622.html * https://www.suse.com/security/cve/CVE-2022-40090.html * https://www.suse.com/security/cve/CVE-2023-1916.html * https://www.suse.com/security/cve/CVE-2023-26965.html * https://www.suse.com/security/cve/CVE-2023-2731.html * https://bugzilla.suse.com/show_bug.cgi?id=1199483 * https://bugzilla.suse.com/show_bug.cgi?id=1210231 * https://bugzilla.suse.com/show_bug.cgi?id=1211478 * https://bugzilla.suse.com/show_bug.cgi?id=1212398 * https://bugzilla.suse.com/show_bug.cgi?id=1214680 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 16:30:26 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 16:30:26 -0000 Subject: SUSE-SU-2023:4868-1: important: Security update for tracker-miners Message-ID: <170257142627.26504.7926110793192122201@smelt2.prg2.suse.org> # Security update for tracker-miners Announcement ID: SUSE-SU-2023:4868-1 Rating: important References: * bsc#1216199 * jsc#PED-6193 Cross-References: * CVE-2023-5557 CVSS scores: * CVE-2023-5557 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L * CVE-2023-5557 ( NVD ): 7.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for tracker-miners fixes the following issues: * CVE-2023-5557: Fixed a sandbox escape by adding seccomp rules and applying it to the whole process (bsc#1216199) * rebuild against current ICU 73. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4868=1 openSUSE-SLE-15.4-2023-4868=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4868=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4868=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4868=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4868=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4868=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * tracker-miners-3.2.2-150400.3.7.1 * tracker-miners-debugsource-3.2.2-150400.3.7.1 * tracker-miners-debuginfo-3.2.2-150400.3.7.1 * tracker-miner-files-debuginfo-3.2.2-150400.3.7.1 * tracker-miner-files-3.2.2-150400.3.7.1 * openSUSE Leap 15.4 (noarch) * tracker-miners-lang-3.2.2-150400.3.7.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * tracker-miners-3.2.2-150400.3.7.1 * tracker-miners-debugsource-3.2.2-150400.3.7.1 * tracker-miners-debuginfo-3.2.2-150400.3.7.1 * tracker-miner-files-debuginfo-3.2.2-150400.3.7.1 * tracker-miner-files-3.2.2-150400.3.7.1 * openSUSE Leap 15.5 (noarch) * tracker-miners-lang-3.2.2-150400.3.7.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * tracker-miners-3.2.2-150400.3.7.1 * tracker-miners-debugsource-3.2.2-150400.3.7.1 * tracker-miners-debuginfo-3.2.2-150400.3.7.1 * tracker-miner-files-debuginfo-3.2.2-150400.3.7.1 * tracker-miner-files-3.2.2-150400.3.7.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * tracker-miners-3.2.2-150400.3.7.1 * tracker-miners-debugsource-3.2.2-150400.3.7.1 * tracker-miners-debuginfo-3.2.2-150400.3.7.1 * tracker-miner-files-debuginfo-3.2.2-150400.3.7.1 * tracker-miner-files-3.2.2-150400.3.7.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (noarch) * tracker-miners-lang-3.2.2-150400.3.7.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (noarch) * tracker-miners-lang-3.2.2-150400.3.7.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5557.html * https://bugzilla.suse.com/show_bug.cgi?id=1216199 * https://jira.suse.com/browse/PED-6193 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 16:30:29 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 16:30:29 -0000 Subject: SUSE-RU-2023:4860-1: moderate: Recommended update for yast2-x11 Message-ID: <170257142962.26504.7403745983195885091@smelt2.prg2.suse.org> # Recommended update for yast2-x11 Announcement ID: SUSE-RU-2023:4860-1 Rating: moderate References: * bsc#1216197 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for yast2-x11 fixes the following issue: * Prevent testX from hanging if no supported WM can be started (bsc#1216197) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4860=1 openSUSE-SLE-15.5-2023-4860=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4860=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * yast2-x11-debuginfo-4.5.2-150500.3.5.1 * yast2-x11-4.5.2-150500.3.5.1 * yast2-x11-debugsource-4.5.2-150500.3.5.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * yast2-x11-debuginfo-4.5.2-150500.3.5.1 * yast2-x11-4.5.2-150500.3.5.1 * yast2-x11-debugsource-4.5.2-150500.3.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216197 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 16:30:30 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 16:30:30 -0000 Subject: SUSE-RU-2023:4852-1: moderate: Recommended update for libpulp Message-ID: <170257143092.26504.1398319662842097629@smelt2.prg2.suse.org> # Recommended update for libpulp Announcement ID: SUSE-RU-2023:4852-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that can now be installed. ## Description: This update for libpulp fixes the following issues: * Updated to version 0.3.1 * Add timestamp information on `ulp patches` ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4852=1 openSUSE-SLE-15.4-2023-4852=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4852=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4852=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4852=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * libpulp0-0.3.1-150400.3.23.1 * libpulp-tools-0.3.1-150400.3.23.1 * libpulp-tools-debuginfo-0.3.1-150400.3.23.1 * libpulp-debugsource-0.3.1-150400.3.23.1 * libpulp-debuginfo-0.3.1-150400.3.23.1 * libpulp0-debuginfo-0.3.1-150400.3.23.1 * openSUSE Leap 15.5 (x86_64) * libpulp0-0.3.1-150400.3.23.1 * libpulp-tools-0.3.1-150400.3.23.1 * libpulp-tools-debuginfo-0.3.1-150400.3.23.1 * libpulp-debugsource-0.3.1-150400.3.23.1 * libpulp-debuginfo-0.3.1-150400.3.23.1 * libpulp0-debuginfo-0.3.1-150400.3.23.1 * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * libpulp0-0.3.1-150400.3.23.1 * libpulp-tools-0.3.1-150400.3.23.1 * libpulp-tools-debuginfo-0.3.1-150400.3.23.1 * libpulp-debugsource-0.3.1-150400.3.23.1 * libpulp-debuginfo-0.3.1-150400.3.23.1 * libpulp0-debuginfo-0.3.1-150400.3.23.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * libpulp0-0.3.1-150400.3.23.1 * libpulp-tools-0.3.1-150400.3.23.1 * libpulp-tools-debuginfo-0.3.1-150400.3.23.1 * libpulp-debugsource-0.3.1-150400.3.23.1 * libpulp-debuginfo-0.3.1-150400.3.23.1 * libpulp0-debuginfo-0.3.1-150400.3.23.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 20:30:04 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 20:30:04 -0000 Subject: SUSE-SU-2023:4872-1: important: Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP4) Message-ID: <170258580494.11970.14384975724539721026@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:4872-1 Rating: important References: * bsc#1213584 * bsc#1215097 * bsc#1215442 * bsc#1215519 * bsc#1215971 Cross-References: * CVE-2023-2163 * CVE-2023-3610 * CVE-2023-3777 * CVE-2023-4622 * CVE-2023-5345 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_81 fixes several issues. The following security issues were fixed: * CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213584). * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215097) * CVE-2023-5345: Fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215971) * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215442). * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4872=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4872=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_81-default-debuginfo-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_81-default-4-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_16-debugsource-4-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_81-default-debuginfo-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_81-default-4-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_16-debugsource-4-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-3610.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-5345.html * https://bugzilla.suse.com/show_bug.cgi?id=1213584 * https://bugzilla.suse.com/show_bug.cgi?id=1215097 * https://bugzilla.suse.com/show_bug.cgi?id=1215442 * https://bugzilla.suse.com/show_bug.cgi?id=1215519 * https://bugzilla.suse.com/show_bug.cgi?id=1215971 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 20:30:07 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 20:30:07 -0000 Subject: SUSE-SU-2023:4871-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP3) Message-ID: <170258580777.11970.1884868725009030360@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:4871-1 Rating: important References: * bsc#1215097 * bsc#1215442 * bsc#1215519 Cross-References: * CVE-2023-2163 * CVE-2023-3777 * CVE-2023-4622 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_106 fixes several issues. The following security issues were fixed: * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215097) * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215442). * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4871=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4871=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_27-debugsource-11-150300.2.2 * kernel-livepatch-5_3_18-150300_59_106-default-11-150300.2.2 * kernel-livepatch-5_3_18-150300_59_106-default-debuginfo-11-150300.2.2 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_106-preempt-debuginfo-11-150300.2.2 * kernel-livepatch-5_3_18-150300_59_106-preempt-11-150300.2.2 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_106-default-11-150300.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://bugzilla.suse.com/show_bug.cgi?id=1215097 * https://bugzilla.suse.com/show_bug.cgi?id=1215442 * https://bugzilla.suse.com/show_bug.cgi?id=1215519 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 20:30:10 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 20:30:10 -0000 Subject: SUSE-SU-2023:4875-1: important: Security update for gstreamer-plugins-bad Message-ID: <170258581020.11970.4305235228324911960@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4875-1 Rating: important References: * bsc#1217211 Cross-References: * CVE-2023-44429 CVSS scores: * CVE-2023-44429 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-44429: Fixed GStreamer AV1 Codec Parsing Heap-based Buffer Overflow (bsc#1217211). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4875=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4875=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4875=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4875=1 ## Package List: * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * libgsttranscoder-1_0-0-debuginfo-1.20.1-150400.3.12.1 * libgsttranscoder-1_0-0-1.20.1-150400.3.12.1 * gstreamer-plugins-bad-debugsource-1.20.1-150400.3.12.1 * gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.12.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libgstplayer-1_0-0-1.20.1-150400.3.12.1 * libgsturidownloader-1_0-0-1.20.1-150400.3.12.1 * gstreamer-plugins-bad-debugsource-1.20.1-150400.3.12.1 * libgstcodecs-1_0-0-1.20.1-150400.3.12.1 * typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.12.1 * typelib-1_0-GstTranscoder-1_0-1.20.1-150400.3.12.1 * libgstmpegts-1_0-0-1.20.1-150400.3.12.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.20.1-150400.3.12.1 * gstreamer-transcoder-1.20.1-150400.3.12.1 * libgstisoff-1_0-0-debuginfo-1.20.1-150400.3.12.1 * libgstphotography-1_0-0-1.20.1-150400.3.12.1 * libgstcodecparsers-1_0-0-debuginfo-1.20.1-150400.3.12.1 * libgstsctp-1_0-0-1.20.1-150400.3.12.1 * gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.12.1 * libgsttranscoder-1_0-0-debuginfo-1.20.1-150400.3.12.1 * libgsturidownloader-1_0-0-debuginfo-1.20.1-150400.3.12.1 * libgstwayland-1_0-0-1.20.1-150400.3.12.1 * libgstwayland-1_0-0-debuginfo-1.20.1-150400.3.12.1 * typelib-1_0-GstVulkanXCB-1_0-1.20.1-150400.3.12.1 * gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.12.1 * gstreamer-plugins-bad-devel-1.20.1-150400.3.12.1 * gstreamer-transcoder-devel-1.20.1-150400.3.12.1 * libgstva-1_0-0-debuginfo-1.20.1-150400.3.12.1 * libgstinsertbin-1_0-0-1.20.1-150400.3.12.1 * libgstvulkan-1_0-0-1.20.1-150400.3.12.1 * libgstplayer-1_0-0-debuginfo-1.20.1-150400.3.12.1 * typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.12.1 * libgstbadaudio-1_0-0-debuginfo-1.20.1-150400.3.12.1 * typelib-1_0-GstVulkanWayland-1_0-1.20.1-150400.3.12.1 * typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.12.1 * libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.12.1 * libgstcodecparsers-1_0-0-1.20.1-150400.3.12.1 * libgstphotography-1_0-0-debuginfo-1.20.1-150400.3.12.1 * gstreamer-transcoder-debuginfo-1.20.1-150400.3.12.1 * libgstsctp-1_0-0-debuginfo-1.20.1-150400.3.12.1 * libgstmpegts-1_0-0-debuginfo-1.20.1-150400.3.12.1 * typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.12.1 * libgstplay-1_0-0-1.20.1-150400.3.12.1 * libgstadaptivedemux-1_0-0-1.20.1-150400.3.12.1 * libgstplay-1_0-0-debuginfo-1.20.1-150400.3.12.1 * libgstisoff-1_0-0-1.20.1-150400.3.12.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.20.1-150400.3.12.1 * gstreamer-plugins-bad-1.20.1-150400.3.12.1 * typelib-1_0-GstPlay-1_0-1.20.1-150400.3.12.1 * typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.12.1 * libgstbadaudio-1_0-0-1.20.1-150400.3.12.1 * libgsttranscoder-1_0-0-1.20.1-150400.3.12.1 * libgstvulkan-1_0-0-debuginfo-1.20.1-150400.3.12.1 * typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.12.1 * libgstadaptivedemux-1_0-0-debuginfo-1.20.1-150400.3.12.1 * libgstwebrtc-1_0-0-debuginfo-1.20.1-150400.3.12.1 * libgstwebrtc-1_0-0-1.20.1-150400.3.12.1 * libgstcodecs-1_0-0-debuginfo-1.20.1-150400.3.12.1 * libgstva-1_0-0-1.20.1-150400.3.12.1 * typelib-1_0-GstVulkan-1_0-1.20.1-150400.3.12.1 * libgstinsertbin-1_0-0-debuginfo-1.20.1-150400.3.12.1 * openSUSE Leap 15.4 (x86_64) * libgstva-1_0-0-32bit-1.20.1-150400.3.12.1 * libgstwebrtc-1_0-0-32bit-1.20.1-150400.3.12.1 * libgstcodecparsers-1_0-0-32bit-1.20.1-150400.3.12.1 * libgstbasecamerabinsrc-1_0-0-32bit-1.20.1-150400.3.12.1 * gstreamer-plugins-bad-32bit-debuginfo-1.20.1-150400.3.12.1 * libgstcodecs-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1 * libgstplay-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1 * libgstvulkan-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1 * libgstcodecs-1_0-0-32bit-1.20.1-150400.3.12.1 * libgstsctp-1_0-0-32bit-1.20.1-150400.3.12.1 * gstreamer-plugins-bad-32bit-1.20.1-150400.3.12.1 * libgstplayer-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1 * libgstvulkan-1_0-0-32bit-1.20.1-150400.3.12.1 * libgstbadaudio-1_0-0-32bit-1.20.1-150400.3.12.1 * libgstplay-1_0-0-32bit-1.20.1-150400.3.12.1 * libgstwayland-1_0-0-32bit-1.20.1-150400.3.12.1 * libgsturidownloader-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1 * libgstinsertbin-1_0-0-32bit-1.20.1-150400.3.12.1 * libgstplayer-1_0-0-32bit-1.20.1-150400.3.12.1 * libgstphotography-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1 * libgsturidownloader-1_0-0-32bit-1.20.1-150400.3.12.1 * libgstva-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1 * libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1 * libgstadaptivedemux-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1 * libgstcodecparsers-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1 * libgstsctp-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1 * libgstbadaudio-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1 * gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.20.1-150400.3.12.1 * libgstphotography-1_0-0-32bit-1.20.1-150400.3.12.1 * libgstadaptivedemux-1_0-0-32bit-1.20.1-150400.3.12.1 * libgstisoff-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1 * gstreamer-plugins-bad-chromaprint-32bit-1.20.1-150400.3.12.1 * libgstinsertbin-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1 * libgstmpegts-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1 * libgstwebrtc-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1 * libgstmpegts-1_0-0-32bit-1.20.1-150400.3.12.1 * libgstisoff-1_0-0-32bit-1.20.1-150400.3.12.1 * libgstwayland-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1 * openSUSE Leap 15.4 (noarch) * gstreamer-plugins-bad-lang-1.20.1-150400.3.12.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libgstsctp-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1 * libgstmpegts-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1 * gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.20.1-150400.3.12.1 * libgstbadaudio-1_0-0-64bit-1.20.1-150400.3.12.1 * libgstcodecs-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1 * gstreamer-plugins-bad-chromaprint-64bit-1.20.1-150400.3.12.1 * libgstplay-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1 * libgstplayer-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1 * libgstvulkan-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1 * libgstadaptivedemux-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1 * libgstva-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1 * libgstcodecparsers-1_0-0-64bit-1.20.1-150400.3.12.1 * libgstbasecamerabinsrc-1_0-0-64bit-1.20.1-150400.3.12.1 * libgstwebrtc-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1 * libgstwebrtc-1_0-0-64bit-1.20.1-150400.3.12.1 * libgstisoff-1_0-0-64bit-1.20.1-150400.3.12.1 * libgstcodecparsers-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1 * libgsturidownloader-1_0-0-64bit-1.20.1-150400.3.12.1 * libgstisoff-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1 * libgstbadaudio-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1 * libgstplayer-1_0-0-64bit-1.20.1-150400.3.12.1 * gstreamer-plugins-bad-64bit-1.20.1-150400.3.12.1 * gstreamer-plugins-bad-64bit-debuginfo-1.20.1-150400.3.12.1 * libgstadaptivedemux-1_0-0-64bit-1.20.1-150400.3.12.1 * libgstplay-1_0-0-64bit-1.20.1-150400.3.12.1 * libgstcodecs-1_0-0-64bit-1.20.1-150400.3.12.1 * libgsturidownloader-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1 * libgstwayland-1_0-0-64bit-1.20.1-150400.3.12.1 * libgstwayland-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1 * libgstphotography-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1 * libgstmpegts-1_0-0-64bit-1.20.1-150400.3.12.1 * libgstsctp-1_0-0-64bit-1.20.1-150400.3.12.1 * libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1 * libgstphotography-1_0-0-64bit-1.20.1-150400.3.12.1 * libgstvulkan-1_0-0-64bit-1.20.1-150400.3.12.1 * libgstva-1_0-0-64bit-1.20.1-150400.3.12.1 * libgstinsertbin-1_0-0-64bit-1.20.1-150400.3.12.1 * libgstinsertbin-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libgstplayer-1_0-0-1.20.1-150400.3.12.1 * libgstphotography-1_0-0-debuginfo-1.20.1-150400.3.12.1 * libgstplayer-1_0-0-debuginfo-1.20.1-150400.3.12.1 * gstreamer-plugins-bad-debugsource-1.20.1-150400.3.12.1 * gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.12.1 * libgstplay-1_0-0-1.20.1-150400.3.12.1 * libgstplay-1_0-0-debuginfo-1.20.1-150400.3.12.1 * libgstphotography-1_0-0-1.20.1-150400.3.12.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libgsturidownloader-1_0-0-1.20.1-150400.3.12.1 * gstreamer-plugins-bad-debugsource-1.20.1-150400.3.12.1 * libgstcodecs-1_0-0-1.20.1-150400.3.12.1 * typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.12.1 * libgstmpegts-1_0-0-1.20.1-150400.3.12.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.20.1-150400.3.12.1 * libgstisoff-1_0-0-debuginfo-1.20.1-150400.3.12.1 * libgstsctp-1_0-0-1.20.1-150400.3.12.1 * libgstcodecparsers-1_0-0-debuginfo-1.20.1-150400.3.12.1 * gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.12.1 * libgsturidownloader-1_0-0-debuginfo-1.20.1-150400.3.12.1 * libgstwayland-1_0-0-1.20.1-150400.3.12.1 * libgstwayland-1_0-0-debuginfo-1.20.1-150400.3.12.1 * gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.12.1 * gstreamer-plugins-bad-devel-1.20.1-150400.3.12.1 * libgstva-1_0-0-debuginfo-1.20.1-150400.3.12.1 * libgstinsertbin-1_0-0-1.20.1-150400.3.12.1 * libgstvulkan-1_0-0-1.20.1-150400.3.12.1 * typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.12.1 * libgstbadaudio-1_0-0-debuginfo-1.20.1-150400.3.12.1 * typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.12.1 * libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.12.1 * libgstcodecparsers-1_0-0-1.20.1-150400.3.12.1 * libgstsctp-1_0-0-debuginfo-1.20.1-150400.3.12.1 * libgstmpegts-1_0-0-debuginfo-1.20.1-150400.3.12.1 * typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.12.1 * libgstadaptivedemux-1_0-0-1.20.1-150400.3.12.1 * libgstisoff-1_0-0-1.20.1-150400.3.12.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.20.1-150400.3.12.1 * gstreamer-plugins-bad-1.20.1-150400.3.12.1 * typelib-1_0-GstPlay-1_0-1.20.1-150400.3.12.1 * typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.12.1 * libgstbadaudio-1_0-0-1.20.1-150400.3.12.1 * libgstvulkan-1_0-0-debuginfo-1.20.1-150400.3.12.1 * typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.12.1 * libgstadaptivedemux-1_0-0-debuginfo-1.20.1-150400.3.12.1 * libgstwebrtc-1_0-0-debuginfo-1.20.1-150400.3.12.1 * libgstwebrtc-1_0-0-1.20.1-150400.3.12.1 * libgstcodecs-1_0-0-debuginfo-1.20.1-150400.3.12.1 * libgstva-1_0-0-1.20.1-150400.3.12.1 * libgstinsertbin-1_0-0-debuginfo-1.20.1-150400.3.12.1 * Desktop Applications Module 15-SP4 (noarch) * gstreamer-plugins-bad-lang-1.20.1-150400.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-44429.html * https://bugzilla.suse.com/show_bug.cgi?id=1217211 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 20:30:14 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 20:30:14 -0000 Subject: SUSE-SU-2023:4874-1: important: Security update for gstreamer-plugins-bad Message-ID: <170258581419.11970.224588957083837619@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4874-1 Rating: important References: * bsc#1217211 Cross-References: * CVE-2023-44429 CVSS scores: * CVE-2023-44429 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-44429: Fixed GStreamer AV1 Codec Parsing Heap-based Buffer Overflow (bsc#1217211). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4874=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4874=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4874=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4874=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libgstcuda-1_0-0-debuginfo-1.22.0-150500.3.12.1 * typelib-1_0-GstPlay-1_0-1.22.0-150500.3.12.1 * libgstmpegts-1_0-0-1.22.0-150500.3.12.1 * gstreamer-transcoder-devel-1.22.0-150500.3.12.1 * libgstwebrtcnice-1_0-0-debuginfo-1.22.0-150500.3.12.1 * typelib-1_0-GstCodecs-1_0-1.22.0-150500.3.12.1 * libgstphotography-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgstplay-1_0-0-1.22.0-150500.3.12.1 * typelib-1_0-GstPlayer-1_0-1.22.0-150500.3.12.1 * gstreamer-plugins-bad-chromaprint-1.22.0-150500.3.12.1 * libgstplay-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgstva-1_0-0-1.22.0-150500.3.12.1 * typelib-1_0-GstInsertBin-1_0-1.22.0-150500.3.12.1 * typelib-1_0-GstMpegts-1_0-1.22.0-150500.3.12.1 * libgstsctp-1_0-0-1.22.0-150500.3.12.1 * libgstcodecs-1_0-0-1.22.0-150500.3.12.1 * libgstsctp-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgstinsertbin-1_0-0-1.22.0-150500.3.12.1 * libgsturidownloader-1_0-0-1.22.0-150500.3.12.1 * gstreamer-transcoder-debuginfo-1.22.0-150500.3.12.1 * libgstwayland-1_0-0-1.22.0-150500.3.12.1 * libgstcodecparsers-1_0-0-debuginfo-1.22.0-150500.3.12.1 * typelib-1_0-CudaGst-1_0-1.22.0-150500.3.12.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-150500.3.12.1 * libgstwayland-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgstbadaudio-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgsttranscoder-1_0-0-1.22.0-150500.3.12.1 * libgstvulkan-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgstcodecparsers-1_0-0-1.22.0-150500.3.12.1 * typelib-1_0-GstTranscoder-1_0-1.22.0-150500.3.12.1 * libgstcodecs-1_0-0-debuginfo-1.22.0-150500.3.12.1 * gstreamer-plugins-bad-devel-1.22.0-150500.3.12.1 * gstreamer-transcoder-1.22.0-150500.3.12.1 * libgstva-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-150500.3.12.1 * typelib-1_0-GstVa-1_0-1.22.0-150500.3.12.1 * typelib-1_0-GstVulkanXCB-1_0-1.22.0-150500.3.12.1 * libgstcuda-1_0-0-1.22.0-150500.3.12.1 * libgstisoff-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgstbasecamerabinsrc-1_0-0-1.22.0-150500.3.12.1 * libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgstvulkan-1_0-0-1.22.0-150500.3.12.1 * libgstwebrtc-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgstphotography-1_0-0-1.22.0-150500.3.12.1 * gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.12.1 * libgstisoff-1_0-0-1.22.0-150500.3.12.1 * typelib-1_0-GstWebRTC-1_0-1.22.0-150500.3.12.1 * gstreamer-plugins-bad-debugsource-1.22.0-150500.3.12.1 * libgstmpegts-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgstplayer-1_0-0-1.22.0-150500.3.12.1 * libgstplayer-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgstinsertbin-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgstadaptivedemux-1_0-0-1.22.0-150500.3.12.1 * typelib-1_0-GstVulkan-1_0-1.22.0-150500.3.12.1 * libgstwebrtcnice-1_0-0-1.22.0-150500.3.12.1 * typelib-1_0-GstCuda-1_0-1.22.0-150500.3.12.1 * libgstwebrtc-1_0-0-1.22.0-150500.3.12.1 * typelib-1_0-GstBadAudio-1_0-1.22.0-150500.3.12.1 * typelib-1_0-GstVulkanWayland-1_0-1.22.0-150500.3.12.1 * libgstbadaudio-1_0-0-1.22.0-150500.3.12.1 * libgsturidownloader-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgstadaptivedemux-1_0-0-debuginfo-1.22.0-150500.3.12.1 * gstreamer-plugins-bad-1.22.0-150500.3.12.1 * openSUSE Leap 15.5 (x86_64) * libgstsctp-1_0-0-32bit-1.22.0-150500.3.12.1 * libgsturidownloader-1_0-0-32bit-debuginfo-1.22.0-150500.3.12.1 * libgstplay-1_0-0-32bit-1.22.0-150500.3.12.1 * libgstwebrtc-1_0-0-32bit-debuginfo-1.22.0-150500.3.12.1 * libgsturidownloader-1_0-0-32bit-1.22.0-150500.3.12.1 * libgstmpegts-1_0-0-32bit-debuginfo-1.22.0-150500.3.12.1 * libgstplay-1_0-0-32bit-debuginfo-1.22.0-150500.3.12.1 * libgstwebrtcnice-1_0-0-32bit-1.22.0-150500.3.12.1 * libgstwebrtcnice-1_0-0-32bit-debuginfo-1.22.0-150500.3.12.1 * libgstbadaudio-1_0-0-32bit-debuginfo-1.22.0-150500.3.12.1 * libgstmpegts-1_0-0-32bit-1.22.0-150500.3.12.1 * libgstsctp-1_0-0-32bit-debuginfo-1.22.0-150500.3.12.1 * libgstinsertbin-1_0-0-32bit-debuginfo-1.22.0-150500.3.12.1 * gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.22.0-150500.3.12.1 * libgstwebrtc-1_0-0-32bit-1.22.0-150500.3.12.1 * libgstcodecparsers-1_0-0-32bit-1.22.0-150500.3.12.1 * gstreamer-plugins-bad-chromaprint-32bit-1.22.0-150500.3.12.1 * libgstwayland-1_0-0-32bit-1.22.0-150500.3.12.1 * libgstisoff-1_0-0-32bit-1.22.0-150500.3.12.1 * libgstcuda-1_0-0-32bit-1.22.0-150500.3.12.1 * libgstadaptivedemux-1_0-0-32bit-1.22.0-150500.3.12.1 * libgstvulkan-1_0-0-32bit-debuginfo-1.22.0-150500.3.12.1 * libgstcodecs-1_0-0-32bit-1.22.0-150500.3.12.1 * libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.22.0-150500.3.12.1 * libgstphotography-1_0-0-32bit-1.22.0-150500.3.12.1 * libgstwayland-1_0-0-32bit-debuginfo-1.22.0-150500.3.12.1 * libgstvulkan-1_0-0-32bit-1.22.0-150500.3.12.1 * libgstcuda-1_0-0-32bit-debuginfo-1.22.0-150500.3.12.1 * libgstcodecs-1_0-0-32bit-debuginfo-1.22.0-150500.3.12.1 * gstreamer-plugins-bad-32bit-1.22.0-150500.3.12.1 * libgstadaptivedemux-1_0-0-32bit-debuginfo-1.22.0-150500.3.12.1 * gstreamer-plugins-bad-32bit-debuginfo-1.22.0-150500.3.12.1 * libgstphotography-1_0-0-32bit-debuginfo-1.22.0-150500.3.12.1 * libgstplayer-1_0-0-32bit-debuginfo-1.22.0-150500.3.12.1 * libgstcodecparsers-1_0-0-32bit-debuginfo-1.22.0-150500.3.12.1 * libgstisoff-1_0-0-32bit-debuginfo-1.22.0-150500.3.12.1 * libgstbadaudio-1_0-0-32bit-1.22.0-150500.3.12.1 * libgstplayer-1_0-0-32bit-1.22.0-150500.3.12.1 * libgstbasecamerabinsrc-1_0-0-32bit-1.22.0-150500.3.12.1 * libgstinsertbin-1_0-0-32bit-1.22.0-150500.3.12.1 * libgstva-1_0-0-32bit-1.22.0-150500.3.12.1 * libgstva-1_0-0-32bit-debuginfo-1.22.0-150500.3.12.1 * openSUSE Leap 15.5 (noarch) * gstreamer-plugins-bad-lang-1.22.0-150500.3.12.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libgsturidownloader-1_0-0-64bit-1.22.0-150500.3.12.1 * libgstcodecs-1_0-0-64bit-debuginfo-1.22.0-150500.3.12.1 * libgstmpegts-1_0-0-64bit-1.22.0-150500.3.12.1 * gstreamer-plugins-bad-64bit-1.22.0-150500.3.12.1 * libgstva-1_0-0-64bit-debuginfo-1.22.0-150500.3.12.1 * libgstwebrtc-1_0-0-64bit-1.22.0-150500.3.12.1 * libgstwebrtc-1_0-0-64bit-debuginfo-1.22.0-150500.3.12.1 * libgstinsertbin-1_0-0-64bit-1.22.0-150500.3.12.1 * gstreamer-plugins-bad-64bit-debuginfo-1.22.0-150500.3.12.1 * libgstisoff-1_0-0-64bit-1.22.0-150500.3.12.1 * libgstsctp-1_0-0-64bit-debuginfo-1.22.0-150500.3.12.1 * libgstcodecparsers-1_0-0-64bit-debuginfo-1.22.0-150500.3.12.1 * libgstisoff-1_0-0-64bit-debuginfo-1.22.0-150500.3.12.1 * libgstbadaudio-1_0-0-64bit-debuginfo-1.22.0-150500.3.12.1 * libgstphotography-1_0-0-64bit-debuginfo-1.22.0-150500.3.12.1 * libgstsctp-1_0-0-64bit-1.22.0-150500.3.12.1 * libgstcuda-1_0-0-64bit-1.22.0-150500.3.12.1 * libgstcodecparsers-1_0-0-64bit-1.22.0-150500.3.12.1 * libgstwayland-1_0-0-64bit-1.22.0-150500.3.12.1 * libgstphotography-1_0-0-64bit-1.22.0-150500.3.12.1 * libgstplay-1_0-0-64bit-1.22.0-150500.3.12.1 * libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.22.0-150500.3.12.1 * libgstadaptivedemux-1_0-0-64bit-1.22.0-150500.3.12.1 * libgstplayer-1_0-0-64bit-debuginfo-1.22.0-150500.3.12.1 * libgstwayland-1_0-0-64bit-debuginfo-1.22.0-150500.3.12.1 * gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.22.0-150500.3.12.1 * libgstplayer-1_0-0-64bit-1.22.0-150500.3.12.1 * libgstinsertbin-1_0-0-64bit-debuginfo-1.22.0-150500.3.12.1 * libgsturidownloader-1_0-0-64bit-debuginfo-1.22.0-150500.3.12.1 * libgstadaptivedemux-1_0-0-64bit-debuginfo-1.22.0-150500.3.12.1 * libgstcodecs-1_0-0-64bit-1.22.0-150500.3.12.1 * libgstbadaudio-1_0-0-64bit-1.22.0-150500.3.12.1 * libgstwebrtcnice-1_0-0-64bit-debuginfo-1.22.0-150500.3.12.1 * libgstcuda-1_0-0-64bit-debuginfo-1.22.0-150500.3.12.1 * libgstbasecamerabinsrc-1_0-0-64bit-1.22.0-150500.3.12.1 * libgstvulkan-1_0-0-64bit-debuginfo-1.22.0-150500.3.12.1 * libgstplay-1_0-0-64bit-debuginfo-1.22.0-150500.3.12.1 * libgstva-1_0-0-64bit-1.22.0-150500.3.12.1 * libgstvulkan-1_0-0-64bit-1.22.0-150500.3.12.1 * libgstwebrtcnice-1_0-0-64bit-1.22.0-150500.3.12.1 * gstreamer-plugins-bad-chromaprint-64bit-1.22.0-150500.3.12.1 * libgstmpegts-1_0-0-64bit-debuginfo-1.22.0-150500.3.12.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libgstplay-1_0-0-1.22.0-150500.3.12.1 * libgstphotography-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgstphotography-1_0-0-1.22.0-150500.3.12.1 * gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.12.1 * gstreamer-plugins-bad-debugsource-1.22.0-150500.3.12.1 * libgstplay-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgstplayer-1_0-0-1.22.0-150500.3.12.1 * libgstplayer-1_0-0-debuginfo-1.22.0-150500.3.12.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libgstcuda-1_0-0-debuginfo-1.22.0-150500.3.12.1 * typelib-1_0-GstPlay-1_0-1.22.0-150500.3.12.1 * libgstmpegts-1_0-0-1.22.0-150500.3.12.1 * libgstwebrtcnice-1_0-0-debuginfo-1.22.0-150500.3.12.1 * typelib-1_0-GstCodecs-1_0-1.22.0-150500.3.12.1 * typelib-1_0-GstPlayer-1_0-1.22.0-150500.3.12.1 * gstreamer-plugins-bad-chromaprint-1.22.0-150500.3.12.1 * typelib-1_0-GstMpegts-1_0-1.22.0-150500.3.12.1 * libgstva-1_0-0-1.22.0-150500.3.12.1 * typelib-1_0-GstInsertBin-1_0-1.22.0-150500.3.12.1 * libgstsctp-1_0-0-1.22.0-150500.3.12.1 * libgstcodecs-1_0-0-1.22.0-150500.3.12.1 * libgstsctp-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgstinsertbin-1_0-0-1.22.0-150500.3.12.1 * libgsturidownloader-1_0-0-1.22.0-150500.3.12.1 * libgstwayland-1_0-0-1.22.0-150500.3.12.1 * libgstcodecparsers-1_0-0-debuginfo-1.22.0-150500.3.12.1 * typelib-1_0-CudaGst-1_0-1.22.0-150500.3.12.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-150500.3.12.1 * libgstwayland-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgstbadaudio-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgsttranscoder-1_0-0-1.22.0-150500.3.12.1 * libgstvulkan-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgstcodecparsers-1_0-0-1.22.0-150500.3.12.1 * libgstcodecs-1_0-0-debuginfo-1.22.0-150500.3.12.1 * gstreamer-plugins-bad-devel-1.22.0-150500.3.12.1 * libgstva-1_0-0-debuginfo-1.22.0-150500.3.12.1 * typelib-1_0-GstVa-1_0-1.22.0-150500.3.12.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgstcuda-1_0-0-1.22.0-150500.3.12.1 * libgstisoff-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgstbasecamerabinsrc-1_0-0-1.22.0-150500.3.12.1 * libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgstvulkan-1_0-0-1.22.0-150500.3.12.1 * libgstwebrtc-1_0-0-debuginfo-1.22.0-150500.3.12.1 * gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.12.1 * libgstisoff-1_0-0-1.22.0-150500.3.12.1 * typelib-1_0-GstWebRTC-1_0-1.22.0-150500.3.12.1 * gstreamer-plugins-bad-debugsource-1.22.0-150500.3.12.1 * libgstmpegts-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgstinsertbin-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgstadaptivedemux-1_0-0-1.22.0-150500.3.12.1 * libgstwebrtcnice-1_0-0-1.22.0-150500.3.12.1 * typelib-1_0-GstCuda-1_0-1.22.0-150500.3.12.1 * libgstwebrtc-1_0-0-1.22.0-150500.3.12.1 * typelib-1_0-GstBadAudio-1_0-1.22.0-150500.3.12.1 * libgstbadaudio-1_0-0-1.22.0-150500.3.12.1 * libgsturidownloader-1_0-0-debuginfo-1.22.0-150500.3.12.1 * libgstadaptivedemux-1_0-0-debuginfo-1.22.0-150500.3.12.1 * gstreamer-plugins-bad-1.22.0-150500.3.12.1 * Desktop Applications Module 15-SP5 (noarch) * gstreamer-plugins-bad-lang-1.22.0-150500.3.12.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.12.1 * gstreamer-plugins-bad-debugsource-1.22.0-150500.3.12.1 * libgsttranscoder-1_0-0-1.22.0-150500.3.12.1 * libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-44429.html * https://bugzilla.suse.com/show_bug.cgi?id=1217211 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 14 20:30:18 2023 From: null at suse.de (null at suse.de) Date: Thu, 14 Dec 2023 20:30:18 -0000 Subject: SUSE-SU-2023:4873-1: moderate: Security update for xrdp Message-ID: <170258581813.11970.6495151750256944986@smelt2.prg2.suse.org> # Security update for xrdp Announcement ID: SUSE-SU-2023:4873-1 Rating: moderate References: * bsc#1214805 * bsc#1215803 * bsc#1217759 Cross-References: * CVE-2023-40184 * CVE-2023-42822 CVSS scores: * CVE-2023-40184 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-40184 ( NVD ): 2.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2023-42822 ( SUSE ): 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N * CVE-2023-42822 ( NVD ): 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for xrdp fixes the following issues: * CVE-2023-42822: Fixed unchecked access to font glyph info (bsc#1215803). * CVE-2023-40184: Fixed restriction bypass via improper session handling (bsc#1214805). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4873=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4873=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4873=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * xrdp-0.9.10-3.16.1 * xrdp-debugsource-0.9.10-3.16.1 * xrdp-debuginfo-0.9.10-3.16.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * xrdp-0.9.10-3.16.1 * xrdp-debugsource-0.9.10-3.16.1 * xrdp-debuginfo-0.9.10-3.16.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * xrdp-0.9.10-3.16.1 * xrdp-debugsource-0.9.10-3.16.1 * xrdp-debuginfo-0.9.10-3.16.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40184.html * https://www.suse.com/security/cve/CVE-2023-42822.html * https://bugzilla.suse.com/show_bug.cgi?id=1214805 * https://bugzilla.suse.com/show_bug.cgi?id=1215803 * https://bugzilla.suse.com/show_bug.cgi?id=1217759 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Dec 15 08:01:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Dec 2023 09:01:06 +0100 (CET) Subject: SUSE-IU-2023:870-1: Security update of suse-sles-15-sp4-chost-byos-v20231212-x86_64-gen2 Message-ID: <20231215080106.85818FBA9@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20231212-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:870-1 Image Tags : suse-sles-15-sp4-chost-byos-v20231212-x86_64-gen2:20231212 Image Release : Severity : important Type : security References : 1170267 1192986 1200528 1210660 1212799 1214781 1216410 1216862 1217031 1217212 1217215 1217573 1217574 CVE-2022-1996 CVE-2023-2137 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20231212-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4602-1 Released: Wed Nov 29 08:41:17 2023 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1170267,1212799,1214781 This update for suseconnect-ng fixes the following issues: - Update to version 1.4.0~git0.b0f7c25bfdfa - Added EULA display for addons (bsc#1170267) - Fix zypper argument for auto-agreeing licenses (bsc#1214781) - Enable building on SLE12 SP5 (jsc#PED-3179) - Fixed `provides` to work with yast2-registration on SLE15 SP4 (bsc#1212799) - Improve error message if product set more than once ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4672-1 Released: Wed Dec 6 14:37:37 2023 Summary: Security update for suse-build-key Type: security Severity: important References: 1216410,1217215 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4705-1 Released: Mon Dec 11 07:21:46 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1192986,1217031 This update for dracut fixes the following issues: - Update to version 055+suse.351.g30f0cda6 - Fix network device naming in udev-rules (bsc#1192986) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4727-1 Released: Tue Dec 12 12:27:39 2023 Summary: Security update for catatonit, containerd, runc Type: security Severity: important References: 1200528,CVE-2022-1996 This update of runc and containerd fixes the following issues: containerd: - Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528) catatonit: - Update to catatonit v0.2.0. * Change license to GPL-2.0-or-later. - Update to catatont v0.1.7 * This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). - Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). runc: - Update to runc v1.1.10. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.10 The following package changes have been done: - containerd-ctr-1.7.8-150000.103.1 updated - containerd-1.7.8-150000.103.1 updated - curl-8.0.1-150400.5.36.1 updated - dracut-055+suse.351.g30f0cda6-150400.3.31.1 updated - gpg2-2.2.27-150300.3.8.1 updated - libcurl4-8.0.1-150400.5.36.1 updated - libsqlite3-0-3.44.0-150000.3.23.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - runc-1.1.10-150000.55.1 updated - suse-build-key-12.0-150000.8.37.1 updated - suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - system-group-kvm-20170617-150400.24.2.1 updated - system-group-wheel-20170617-150400.24.2.1 updated - system-user-lp-20170617-150400.24.2.1 updated - system-user-nobody-20170617-150400.24.2.1 updated From sle-updates at lists.suse.com Fri Dec 15 08:01:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Dec 2023 09:01:09 +0100 (CET) Subject: SUSE-IU-2023:871-1: Security update of suse-sles-15-sp5-chost-byos-v20231213-x86_64-gen2 Message-ID: <20231215080109.9DB7BFBA9@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20231213-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:871-1 Image Tags : suse-sles-15-sp5-chost-byos-v20231213-x86_64-gen2:20231213 Image Release : Severity : important Type : security References : 1041742 1111622 1170175 1176785 1184753 1199282 1200528 1203760 1206480 1206667 1206684 1207325 1209998 1210286 1210557 1210660 1211427 1212101 1212422 1213915 1214052 1214460 1215427 1215947 1215979 1216091 1216377 1216410 1216419 1216664 1216862 1217212 1217215 1217573 1217574 CVE-2022-1996 CVE-2022-40897 CVE-2023-2137 CVE-2023-22745 CVE-2023-38470 CVE-2023-38473 CVE-2023-4039 CVE-2023-45803 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20231213-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:526-1 Released: Mon Feb 27 13:52:39 2023 Summary: Security update for tpm2-0-tss Type: security Severity: moderate References: 1207325,CVE-2023-22745 This update for tpm2-0-tss fixes the following issues: - CVE-2023-22745: Fixed a memory safety issue that could be exploited by local attackers with TPM access (bsc#1207325). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4460-1 Released: Thu Nov 16 15:00:20 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1210286 This update for rsyslog fixes the following issue: - fix rsyslog crash in imrelp (bsc#1210286) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4467-1 Released: Thu Nov 16 17:57:51 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1216377,CVE-2023-45803 This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4503-1 Released: Tue Nov 21 13:25:12 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1215947,1216419,CVE-2023-38470,CVE-2023-38473 This update for avahi fixes the following issues: - CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947). - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4517-1 Released: Tue Nov 21 17:30:27 2023 Summary: Security update for python3-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4534-1 Released: Thu Nov 23 08:13:57 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4583-1 Released: Mon Nov 27 10:16:11 2023 Summary: Feature update for python-psutil Type: feature Severity: moderate References: 1111622,1170175,1176785,1184753,1199282 This update for python-psutil, python-requests fixes the following issues: - update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043) - Fix tests: setuptools changed the builddir library path and does not find the module from it. Use the installed platlib instead and exclude psutil.tests only later. - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS - Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192) - Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4672-1 Released: Wed Dec 6 14:37:37 2023 Summary: Security update for suse-build-key Type: security Severity: important References: 1216410,1217215 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4727-1 Released: Tue Dec 12 12:27:39 2023 Summary: Security update for catatonit, containerd, runc Type: security Severity: important References: 1200528,CVE-2022-1996 This update of runc and containerd fixes the following issues: containerd: - Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528) catatonit: - Update to catatonit v0.2.0. * Change license to GPL-2.0-or-later. - Update to catatont v0.1.7 * This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). - Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). runc: - Update to runc v1.1.10. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.10 The following package changes have been done: - containerd-ctr-1.7.8-150000.103.1 updated - containerd-1.7.8-150000.103.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - curl-8.0.1-150400.5.36.1 updated - dracut-055+suse.375.g1167ed75-150500.3.15.1 updated - gpg2-2.2.27-150300.3.8.1 updated - grub2-i386-pc-2.06-150500.29.11.1 updated - grub2-x86_64-efi-2.06-150500.29.11.1 updated - grub2-2.06-150500.29.11.1 updated - kernel-default-5.14.21-150500.55.39.1 updated - libavahi-client3-0.8-150400.7.10.1 updated - libavahi-common3-0.8-150400.7.10.1 updated - libcurl4-8.0.1-150400.5.36.1 updated - libdevmapper1_03-2.03.22_1.02.196-150500.7.9.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libopeniscsiusr0-0.2.0-150500.46.3.1 updated - libopenssl1_1-1.1.1l-150500.17.22.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - libsqlite3-0-3.44.0-150000.3.23.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libtss2-esys0-3.1.0-150400.3.3.1 added - libtss2-fapi1-3.1.0-150400.3.3.1 added - libtss2-mu0-3.1.0-150400.3.3.1 added - libtss2-rc0-3.1.0-150400.3.3.1 added - libtss2-sys1-3.1.0-150400.3.3.1 added - libtss2-tctildr0-3.1.0-150400.3.3.1 added - libxml2-2-2.10.3-150500.5.11.1 updated - libzypp-17.31.22-150400.3.43.1 updated - open-iscsi-2.1.9-150500.46.3.1 updated - openssl-1_1-1.1.1l-150500.17.22.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - python3-requests-2.25.1-150300.3.6.1 updated - python3-setuptools-44.1.1-150400.9.6.1 updated - python3-urllib3-1.25.10-150300.4.9.1 updated - rsyslog-module-relp-8.2306.0-150400.5.21.1 updated - rsyslog-8.2306.0-150400.5.21.1 updated - runc-1.1.10-150000.55.1 updated - samba-client-libs-4.17.12+git.427.2619dc0bed-150500.3.14.1 updated - suse-build-key-12.0-150000.8.37.1 updated - suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - system-group-kvm-20170617-150400.24.2.1 updated - system-group-wheel-20170617-150400.24.2.1 updated - system-user-nobody-20170617-150400.24.2.1 updated - tpm2.0-tools-5.2-150400.4.6 added - vim-data-common-9.0.2103-150500.20.6.1 updated - vim-9.0.2103-150500.20.6.1 updated - xen-libs-4.17.2_08-150500.3.15.1 updated - zypper-1.14.66-150400.3.35.1 updated From sle-updates at lists.suse.com Fri Dec 15 08:01:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Dec 2023 09:01:11 +0100 (CET) Subject: SUSE-IU-2023:872-1: Security update of suse-sles-15-sp5-chost-byos-v20231213-hvm-ssd-x86_64 Message-ID: <20231215080111.A7823FBA9@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20231213-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:872-1 Image Tags : suse-sles-15-sp5-chost-byos-v20231213-hvm-ssd-x86_64:20231213 Image Release : Severity : important Type : security References : 1041742 1111622 1170175 1176785 1184753 1199282 1200528 1203760 1206480 1206667 1206684 1207325 1209998 1210286 1210557 1210660 1211427 1212101 1212422 1213915 1214052 1214460 1215427 1215947 1215979 1216091 1216377 1216410 1216419 1216664 1216862 1217212 1217215 1217573 1217574 CVE-2022-1996 CVE-2022-40897 CVE-2023-2137 CVE-2023-22745 CVE-2023-38470 CVE-2023-38473 CVE-2023-4039 CVE-2023-45803 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20231213-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:526-1 Released: Mon Feb 27 13:52:39 2023 Summary: Security update for tpm2-0-tss Type: security Severity: moderate References: 1207325,CVE-2023-22745 This update for tpm2-0-tss fixes the following issues: - CVE-2023-22745: Fixed a memory safety issue that could be exploited by local attackers with TPM access (bsc#1207325). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4460-1 Released: Thu Nov 16 15:00:20 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1210286 This update for rsyslog fixes the following issue: - fix rsyslog crash in imrelp (bsc#1210286) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4467-1 Released: Thu Nov 16 17:57:51 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1216377,CVE-2023-45803 This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4503-1 Released: Tue Nov 21 13:25:12 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1215947,1216419,CVE-2023-38470,CVE-2023-38473 This update for avahi fixes the following issues: - CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947). - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4517-1 Released: Tue Nov 21 17:30:27 2023 Summary: Security update for python3-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4534-1 Released: Thu Nov 23 08:13:57 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4583-1 Released: Mon Nov 27 10:16:11 2023 Summary: Feature update for python-psutil Type: feature Severity: moderate References: 1111622,1170175,1176785,1184753,1199282 This update for python-psutil, python-requests fixes the following issues: - update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043) - Fix tests: setuptools changed the builddir library path and does not find the module from it. Use the installed platlib instead and exclude psutil.tests only later. - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS - Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192) - Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4672-1 Released: Wed Dec 6 14:37:37 2023 Summary: Security update for suse-build-key Type: security Severity: important References: 1216410,1217215 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4727-1 Released: Tue Dec 12 12:27:39 2023 Summary: Security update for catatonit, containerd, runc Type: security Severity: important References: 1200528,CVE-2022-1996 This update of runc and containerd fixes the following issues: containerd: - Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528) catatonit: - Update to catatonit v0.2.0. * Change license to GPL-2.0-or-later. - Update to catatont v0.1.7 * This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). - Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). runc: - Update to runc v1.1.10. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.10 The following package changes have been done: - containerd-ctr-1.7.8-150000.103.1 updated - containerd-1.7.8-150000.103.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - curl-8.0.1-150400.5.36.1 updated - dracut-055+suse.375.g1167ed75-150500.3.15.1 updated - gpg2-2.2.27-150300.3.8.1 updated - grub2-i386-pc-2.06-150500.29.11.1 updated - grub2-x86_64-efi-2.06-150500.29.11.1 updated - grub2-x86_64-xen-2.06-150500.29.11.1 updated - grub2-2.06-150500.29.11.1 updated - kernel-default-5.14.21-150500.55.39.1 updated - libavahi-client3-0.8-150400.7.10.1 updated - libavahi-common3-0.8-150400.7.10.1 updated - libcurl4-8.0.1-150400.5.36.1 updated - libdevmapper1_03-2.03.22_1.02.196-150500.7.9.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libopeniscsiusr0-0.2.0-150500.46.3.1 updated - libopenssl1_1-1.1.1l-150500.17.22.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - libsqlite3-0-3.44.0-150000.3.23.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libtss2-esys0-3.1.0-150400.3.3.1 added - libtss2-fapi1-3.1.0-150400.3.3.1 added - libtss2-mu0-3.1.0-150400.3.3.1 added - libtss2-rc0-3.1.0-150400.3.3.1 added - libtss2-sys1-3.1.0-150400.3.3.1 added - libtss2-tctildr0-3.1.0-150400.3.3.1 added - libxml2-2-2.10.3-150500.5.11.1 updated - libzypp-17.31.22-150400.3.43.1 updated - open-iscsi-2.1.9-150500.46.3.1 updated - openssl-1_1-1.1.1l-150500.17.22.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - python3-requests-2.25.1-150300.3.6.1 updated - python3-setuptools-44.1.1-150400.9.6.1 updated - python3-urllib3-1.25.10-150300.4.9.1 updated - rsyslog-module-relp-8.2306.0-150400.5.21.1 updated - rsyslog-8.2306.0-150400.5.21.1 updated - runc-1.1.10-150000.55.1 updated - samba-client-libs-4.17.12+git.427.2619dc0bed-150500.3.14.1 updated - suse-build-key-12.0-150000.8.37.1 updated - suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - system-group-kvm-20170617-150400.24.2.1 updated - system-group-wheel-20170617-150400.24.2.1 updated - system-user-nobody-20170617-150400.24.2.1 updated - tpm2.0-tools-5.2-150400.4.6 added - vim-data-common-9.0.2103-150500.20.6.1 updated - vim-9.0.2103-150500.20.6.1 updated - xen-libs-4.17.2_08-150500.3.15.1 updated - xen-tools-domU-4.17.2_08-150500.3.15.1 updated - zypper-1.14.66-150400.3.35.1 updated From sle-updates at lists.suse.com Fri Dec 15 08:01:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Dec 2023 09:01:15 +0100 (CET) Subject: SUSE-IU-2023:873-1: Security update of sles-15-sp5-chost-byos-v20231213-arm64 Message-ID: <20231215080115.CB900FBA9@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20231213-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:873-1 Image Tags : sles-15-sp5-chost-byos-v20231213-arm64:20231213 Image Release : Severity : important Type : security References : 1041742 1111622 1170175 1176785 1184753 1199282 1200528 1203760 1206480 1206667 1206684 1207325 1209998 1210286 1210557 1210660 1211427 1212101 1212418 1212422 1212759 1213639 1213915 1214052 1214460 1214546 1214572 1215427 1215947 1215979 1216091 1216377 1216410 1216419 1216576 1216664 1216862 1217212 1217215 1217573 1217574 CVE-2022-1996 CVE-2022-40897 CVE-2023-2137 CVE-2023-22745 CVE-2023-38470 CVE-2023-38473 CVE-2023-4039 CVE-2023-45803 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container sles-15-sp5-chost-byos-v20231213-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:526-1 Released: Mon Feb 27 13:52:39 2023 Summary: Security update for tpm2-0-tss Type: security Severity: moderate References: 1207325,CVE-2023-22745 This update for tpm2-0-tss fixes the following issues: - CVE-2023-22745: Fixed a memory safety issue that could be exploited by local attackers with TPM access (bsc#1207325). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4460-1 Released: Thu Nov 16 15:00:20 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1210286 This update for rsyslog fixes the following issue: - fix rsyslog crash in imrelp (bsc#1210286) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4467-1 Released: Thu Nov 16 17:57:51 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1216377,CVE-2023-45803 This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4503-1 Released: Tue Nov 21 13:25:12 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1215947,1216419,CVE-2023-38470,CVE-2023-38473 This update for avahi fixes the following issues: - CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947). - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4517-1 Released: Tue Nov 21 17:30:27 2023 Summary: Security update for python3-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4534-1 Released: Thu Nov 23 08:13:57 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4583-1 Released: Mon Nov 27 10:16:11 2023 Summary: Feature update for python-psutil Type: feature Severity: moderate References: 1111622,1170175,1176785,1184753,1199282 This update for python-psutil, python-requests fixes the following issues: - update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043) - Fix tests: setuptools changed the builddir library path and does not find the module from it. Use the installed platlib instead and exclude psutil.tests only later. - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS - Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192) - Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4610-1 Released: Wed Nov 29 14:04:12 2023 Summary: Recommended update for google-guest-configs Type: recommended Severity: moderate References: 1212418,1212759,1214546,1214572 This update for google-guest-configs fixes the following issues: - Update to version 20230808.00 (bsc#1214546, bsc#1214572, bsc#1212418, bsc#1212759) - Replace xxd with dd for google_nvme_id - Setup irq binding for a3 8g vm - dracut: Add a new dracut module for gcp udev rules - src/lib/udev: only create symlinks for GCP devices - Set hostname: consider fully qualified static hostname - Support multiple local SSD controllers - Update OWNERS file - DHCP hostname: don't reset hostname if the hostname hasn't changed ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4620-1 Released: Thu Nov 30 11:13:43 2023 Summary: Recommended update for libhugetlbfs Type: recommended Severity: moderate References: 1213639,1216576 This update for libhugetlbfs fixes the following issue: - Add patch for upstream issue (bsc#1216576, bsc#1213639) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4672-1 Released: Wed Dec 6 14:37:37 2023 Summary: Security update for suse-build-key Type: security Severity: important References: 1216410,1217215 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4727-1 Released: Tue Dec 12 12:27:39 2023 Summary: Security update for catatonit, containerd, runc Type: security Severity: important References: 1200528,CVE-2022-1996 This update of runc and containerd fixes the following issues: containerd: - Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528) catatonit: - Update to catatonit v0.2.0. * Change license to GPL-2.0-or-later. - Update to catatont v0.1.7 * This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). - Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). runc: - Update to runc v1.1.10. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.10 The following package changes have been done: - containerd-ctr-1.7.8-150000.103.1 updated - containerd-1.7.8-150000.103.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - curl-8.0.1-150400.5.36.1 updated - dracut-055+suse.375.g1167ed75-150500.3.15.1 updated - google-guest-configs-20230808.00-150400.13.6.1 updated - gpg2-2.2.27-150300.3.8.1 updated - grub2-i386-pc-2.06-150500.29.11.1 updated - grub2-x86_64-efi-2.06-150500.29.11.1 updated - grub2-2.06-150500.29.11.1 updated - kernel-default-5.14.21-150500.55.39.1 updated - libavahi-client3-0.8-150400.7.10.1 updated - libavahi-common3-0.8-150400.7.10.1 updated - libcurl4-8.0.1-150400.5.36.1 updated - libdevmapper1_03-2.03.22_1.02.196-150500.7.9.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libhugetlbfs-2.20-150000.3.8.1 updated - libopeniscsiusr0-0.2.0-150500.46.3.1 updated - libopenssl1_1-1.1.1l-150500.17.22.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - libsqlite3-0-3.44.0-150000.3.23.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libtss2-esys0-3.1.0-150400.3.3.1 added - libtss2-fapi1-3.1.0-150400.3.3.1 added - libtss2-mu0-3.1.0-150400.3.3.1 added - libtss2-rc0-3.1.0-150400.3.3.1 added - libtss2-sys1-3.1.0-150400.3.3.1 added - libtss2-tctildr0-3.1.0-150400.3.3.1 added - libxml2-2-2.10.3-150500.5.11.1 updated - libzypp-17.31.22-150400.3.43.1 updated - nvme-cli-2.4+31.gf7ec09-150500.4.12.1 updated - open-iscsi-2.1.9-150500.46.3.1 updated - openssl-1_1-1.1.1l-150500.17.22.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - python3-requests-2.25.1-150300.3.6.1 updated - python3-setuptools-44.1.1-150400.9.6.1 updated - python3-urllib3-1.25.10-150300.4.9.1 updated - rsyslog-module-relp-8.2306.0-150400.5.21.1 updated - rsyslog-8.2306.0-150400.5.21.1 updated - runc-1.1.10-150000.55.1 updated - samba-client-libs-4.17.12+git.427.2619dc0bed-150500.3.14.1 updated - suse-build-key-12.0-150000.8.37.1 updated - suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - system-group-kvm-20170617-150400.24.2.1 updated - system-group-wheel-20170617-150400.24.2.1 updated - system-user-nobody-20170617-150400.24.2.1 updated - tpm2.0-tools-5.2-150400.4.6 added - vim-data-common-9.0.2103-150500.20.6.1 updated - vim-9.0.2103-150500.20.6.1 updated - xen-libs-4.17.2_08-150500.3.15.1 updated - zypper-1.14.66-150400.3.35.1 updated From sle-updates at lists.suse.com Fri Dec 15 08:03:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Dec 2023 09:03:22 +0100 (CET) Subject: SUSE-CU-2023:4179-1: Security update of suse/389-ds Message-ID: <20231215080322.A6B07FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4179-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.67 , suse/389-ds:latest Container Release : 16.67 Severity : moderate Type : security References : 1217592 CVE-2023-49083 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4843-1 Released: Thu Dec 14 12:22:44 2023 Summary: Security update for python3-cryptography Type: security Severity: moderate References: 1217592,CVE-2023-49083 This update for python3-cryptography fixes the following issues: - CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). The following package changes have been done: - python3-cryptography-3.3.2-150400.23.1 updated From sle-updates at lists.suse.com Fri Dec 15 08:03:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Dec 2023 09:03:38 +0100 (CET) Subject: SUSE-CU-2023:4181-1: Security update of suse/nginx Message-ID: <20231215080338.3C2EAFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4181-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-5.59 , suse/nginx:latest Container Release : 5.59 Severity : important Type : security References : 1199483 1210231 1211478 1212398 1214680 CVE-2022-1622 CVE-2022-40090 CVE-2023-1916 CVE-2023-26965 CVE-2023-2731 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4869-1 Released: Thu Dec 14 16:26:23 2023 Summary: Security update for tiff Type: security Severity: important References: 1199483,1210231,1211478,1212398,1214680,CVE-2022-1622,CVE-2022-40090,CVE-2023-1916,CVE-2023-26965,CVE-2023-2731 This update for tiff fixes the following issues: - CVE-2023-2731: Fix null pointer deference in LZWDecode() (bsc#1211478). - CVE-2023-1916: Fix out-of-bounds read in extractImageSection() (bsc#1210231). - CVE-2023-26965: Fix heap-based use after free in loadImage() (bsc#1212398). - CVE-2022-40090: Fix infinite loop in TIFFReadDirectory() (bsc#1214680). The following package changes have been done: - libtiff5-4.0.9-150000.45.35.1 updated From sle-updates at lists.suse.com Fri Dec 15 08:03:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Dec 2023 09:03:54 +0100 (CET) Subject: SUSE-CU-2023:4183-1: Recommended update of suse/rmt-server Message-ID: <20231215080354.47EE6FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4183-1 Container Tags : suse/rmt-server:2.14 , suse/rmt-server:2.14-11.53 , suse/rmt-server:latest Container Release : 11.53 Severity : moderate Type : recommended References : 1216862 1217212 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - gpg2-2.2.27-150300.3.8.1 updated - container:sles15-image-15.0.0-36.5.66 updated From null at suse.de Fri Dec 15 08:30:04 2023 From: null at suse.de (null at suse.de) Date: Fri, 15 Dec 2023 08:30:04 -0000 Subject: SUSE-RU-2023:4876-1: moderate: Recommended update for obs-service-recompress Message-ID: <170262900408.3386.11818810327482685266@smelt2.prg2.suse.org> # Recommended update for obs-service-recompress Announcement ID: SUSE-RU-2023:4876-1 Rating: moderate References: * bsc#1216361 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that has one fix can now be installed. ## Description: This update for obs-service-recompress fixes the following issues: * add zstd compression support (bsc#1216361) * do not follow symlinks (https://github.com/openSUSE/obs-service- recompress/issues/9) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4876=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4876=1 ## Package List: * openSUSE Leap 15.4 (noarch) * obs-service-recompress-0.5.2-150000.3.3.1 * openSUSE Leap 15.5 (noarch) * obs-service-recompress-0.5.2-150000.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216361 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Dec 15 12:30:03 2023 From: null at suse.de (null at suse.de) Date: Fri, 15 Dec 2023 12:30:03 -0000 Subject: SUSE-SU-2023:4882-1: important: Security update for the Linux Kernel Message-ID: <170264340371.24372.2395333369144824157@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4882-1 Rating: important References: * bsc#1084909 * bsc#1208787 * bsc#1210780 * bsc#1216058 * bsc#1216259 * bsc#1216584 * bsc#1216965 * bsc#1216976 * jsc#PED-3184 * jsc#PED-5021 Cross-References: * CVE-2023-0461 * CVE-2023-31083 * CVE-2023-39197 * CVE-2023-39198 * CVE-2023-45863 * CVE-2023-45871 * CVE-2023-5717 CVSS scores: * CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that solves seven vulnerabilities, contains two features and has one security fix can now be installed. ## Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). * CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). * CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). * CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). * CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). * CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). * CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4882=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-4882=1 * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-4882=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4882=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4882=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4882=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (nosrc) * kernel-default-4.12.14-150100.197.165.1 * kernel-kvmsmall-4.12.14-150100.197.165.1 * kernel-debug-4.12.14-150100.197.165.1 * kernel-zfcpdump-4.12.14-150100.197.165.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-base-4.12.14-150100.197.165.1 * kernel-debug-base-debuginfo-4.12.14-150100.197.165.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kernel-default-base-debuginfo-4.12.14-150100.197.165.1 * openSUSE Leap 15.4 (x86_64) * kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.165.1 * kernel-kvmsmall-base-4.12.14-150100.197.165.1 * openSUSE Leap 15.4 (s390x) * kernel-default-man-4.12.14-150100.197.165.1 * kernel-zfcpdump-man-4.12.14-150100.197.165.1 * SUSE Linux Enterprise Live Patching 15-SP1 (nosrc) * kernel-default-4.12.14-150100.197.165.1 * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_165-default-1-150100.3.5.1 * kernel-default-debugsource-4.12.14-150100.197.165.1 * kernel-default-livepatch-4.12.14-150100.197.165.1 * kernel-default-debuginfo-4.12.14-150100.197.165.1 * kernel-default-livepatch-devel-4.12.14-150100.197.165.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-4.12.14-150100.197.165.1 * ocfs2-kmp-default-4.12.14-150100.197.165.1 * dlm-kmp-default-4.12.14-150100.197.165.1 * kernel-default-debuginfo-4.12.14-150100.197.165.1 * ocfs2-kmp-default-debuginfo-4.12.14-150100.197.165.1 * gfs2-kmp-default-debuginfo-4.12.14-150100.197.165.1 * cluster-md-kmp-default-4.12.14-150100.197.165.1 * cluster-md-kmp-default-debuginfo-4.12.14-150100.197.165.1 * dlm-kmp-default-debuginfo-4.12.14-150100.197.165.1 * gfs2-kmp-default-4.12.14-150100.197.165.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (nosrc) * kernel-default-4.12.14-150100.197.165.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 nosrc x86_64) * kernel-default-4.12.14-150100.197.165.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * kernel-default-base-debuginfo-4.12.14-150100.197.165.1 * kernel-default-devel-4.12.14-150100.197.165.1 * kernel-default-debugsource-4.12.14-150100.197.165.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.165.1 * kernel-default-debuginfo-4.12.14-150100.197.165.1 * kernel-obs-build-4.12.14-150100.197.165.1 * kernel-obs-build-debugsource-4.12.14-150100.197.165.1 * kernel-syms-4.12.14-150100.197.165.1 * kernel-default-base-4.12.14-150100.197.165.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * kernel-devel-4.12.14-150100.197.165.1 * kernel-source-4.12.14-150100.197.165.1 * kernel-macros-4.12.14-150100.197.165.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.165.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-150100.197.165.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * kernel-default-base-debuginfo-4.12.14-150100.197.165.1 * kernel-default-devel-4.12.14-150100.197.165.1 * kernel-default-debugsource-4.12.14-150100.197.165.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.165.1 * reiserfs-kmp-default-4.12.14-150100.197.165.1 * kernel-default-debuginfo-4.12.14-150100.197.165.1 * kernel-obs-build-4.12.14-150100.197.165.1 * kernel-obs-build-debugsource-4.12.14-150100.197.165.1 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.165.1 * kernel-syms-4.12.14-150100.197.165.1 * kernel-default-base-4.12.14-150100.197.165.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * kernel-devel-4.12.14-150100.197.165.1 * kernel-source-4.12.14-150100.197.165.1 * kernel-macros-4.12.14-150100.197.165.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.165.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x) * kernel-zfcpdump-debugsource-4.12.14-150100.197.165.1 * kernel-zfcpdump-debuginfo-4.12.14-150100.197.165.1 * kernel-default-man-4.12.14-150100.197.165.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc) * kernel-zfcpdump-4.12.14-150100.197.165.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le x86_64) * kernel-default-4.12.14-150100.197.165.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * kernel-default-base-debuginfo-4.12.14-150100.197.165.1 * kernel-default-devel-4.12.14-150100.197.165.1 * kernel-default-debugsource-4.12.14-150100.197.165.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.165.1 * reiserfs-kmp-default-4.12.14-150100.197.165.1 * kernel-default-debuginfo-4.12.14-150100.197.165.1 * kernel-obs-build-4.12.14-150100.197.165.1 * kernel-obs-build-debugsource-4.12.14-150100.197.165.1 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.165.1 * kernel-syms-4.12.14-150100.197.165.1 * kernel-default-base-4.12.14-150100.197.165.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * kernel-devel-4.12.14-150100.197.165.1 * kernel-source-4.12.14-150100.197.165.1 * kernel-macros-4.12.14-150100.197.165.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.165.1 * SUSE CaaS Platform 4.0 (nosrc x86_64) * kernel-default-4.12.14-150100.197.165.1 * SUSE CaaS Platform 4.0 (x86_64) * kernel-default-base-debuginfo-4.12.14-150100.197.165.1 * kernel-default-devel-4.12.14-150100.197.165.1 * kernel-default-debugsource-4.12.14-150100.197.165.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.165.1 * reiserfs-kmp-default-4.12.14-150100.197.165.1 * kernel-default-debuginfo-4.12.14-150100.197.165.1 * kernel-obs-build-4.12.14-150100.197.165.1 * kernel-obs-build-debugsource-4.12.14-150100.197.165.1 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.165.1 * kernel-syms-4.12.14-150100.197.165.1 * kernel-default-base-4.12.14-150100.197.165.1 * SUSE CaaS Platform 4.0 (noarch) * kernel-devel-4.12.14-150100.197.165.1 * kernel-source-4.12.14-150100.197.165.1 * kernel-macros-4.12.14-150100.197.165.1 * SUSE CaaS Platform 4.0 (noarch nosrc) * kernel-docs-4.12.14-150100.197.165.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0461.html * https://www.suse.com/security/cve/CVE-2023-31083.html * https://www.suse.com/security/cve/CVE-2023-39197.html * https://www.suse.com/security/cve/CVE-2023-39198.html * https://www.suse.com/security/cve/CVE-2023-45863.html * https://www.suse.com/security/cve/CVE-2023-45871.html * https://www.suse.com/security/cve/CVE-2023-5717.html * https://bugzilla.suse.com/show_bug.cgi?id=1084909 * https://bugzilla.suse.com/show_bug.cgi?id=1208787 * https://bugzilla.suse.com/show_bug.cgi?id=1210780 * https://bugzilla.suse.com/show_bug.cgi?id=1216058 * https://bugzilla.suse.com/show_bug.cgi?id=1216259 * https://bugzilla.suse.com/show_bug.cgi?id=1216584 * https://bugzilla.suse.com/show_bug.cgi?id=1216965 * https://bugzilla.suse.com/show_bug.cgi?id=1216976 * https://jira.suse.com/browse/PED-3184 * https://jira.suse.com/browse/PED-5021 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Dec 15 12:30:10 2023 From: null at suse.de (null at suse.de) Date: Fri, 15 Dec 2023 12:30:10 -0000 Subject: SUSE-SU-2023:4883-1: important: Security update for the Linux Kernel Message-ID: <170264341088.24372.13026304029400181585@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4883-1 Rating: important References: * bsc#1176950 * bsc#1190208 * bsc#1203496 * bsc#1205462 * bsc#1208787 * bsc#1210780 * bsc#1214037 * bsc#1214285 * bsc#1214408 * bsc#1214764 * bsc#1216031 * bsc#1216058 * bsc#1216259 * bsc#1216584 * bsc#1216759 * bsc#1216965 * bsc#1216976 * bsc#1217036 * bsc#1217087 * bsc#1217206 * bsc#1217519 * bsc#1217525 * bsc#1217603 * bsc#1217604 * bsc#1217607 * jsc#PED-3184 * jsc#PED-5021 Cross-References: * CVE-2023-0461 * CVE-2023-31083 * CVE-2023-39197 * CVE-2023-39198 * CVE-2023-45863 * CVE-2023-45871 * CVE-2023-5717 CVSS scores: * CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves seven vulnerabilities, contains two features and has 18 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). * CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). * CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). * CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). * CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). * CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). * CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). The following non-security bugs were fixed: * cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214408). * cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214408). * cpu/SMT: Remove topology_smt_supported() (bsc#1214408). * cpu/SMT: Store the current/max number of threads (bsc#1214408). * cpu/hotplug: Create SMT sysfs interface for all arches (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * dm-raid: remove useless checking in raid_message() (git-fixes). * l2tp: fix refcount leakage on PPPoL2TP sockets (git-fixes). * l2tp: fix {pppol2tp, l2tp_dfs}_seq_stop() in case of seq_file overflow (git- fixes). * md/bitmap: always wake up md_thread in timeout_store (git-fixes). * md/bitmap: factor out a helper to set timeout (git-fixes). * md/raid10: Do not add spare disk when recovery fails (git-fixes). * md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes). * md/raid10: clean up md_add_new_disk() (git-fixes). * md/raid10: fix io loss while replacement replace rdev (git-fixes). * md/raid10: fix leak of 'r10bio->remaining' for recovery (git-fixes). * md/raid10: fix memleak for 'conf->bio_split' (git-fixes). * md/raid10: fix memleak of md thread (git-fixes). * md/raid10: fix null-ptr-deref in raid10_sync_request (git-fixes). * md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request (git- fixes). * md/raid10: fix overflow of md/safe_mode_delay (git-fixes). * md/raid10: fix wrong setting of max_corr_read_errors (git-fixes). * md/raid10: improve code of mrdev in raid10_sync_request (git-fixes). * md/raid10: prevent soft lockup while flush writes (git-fixes). * md/raid10: prioritize adding disk to 'removed' mirror (git-fixes). * md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). * md: add new workqueue for delete rdev (git-fixes). * md: avoid signed overflow in slot_store() (git-fixes). * md: do not return existing mddevs from mddev_find_or_alloc (git-fixes). * md: factor out a mddev_alloc_unit helper from mddev_find (git-fixes). * md: fix data corruption for raid456 when reshape restart while grow up (git- fixes). * md: fix deadlock causing by sysfs_notify (git-fixes). * md: fix incorrect declaration about claim_rdev in md_import_device (git- fixes). * md: flush md_rdev_misc_wq for HOT_ADD_DISK case (git-fixes). * md: get sysfs entry after redundancy attr group create (git-fixes). * md: refactor mddev_find_or_alloc (git-fixes). * md: remove lock_bdev / unlock_bdev (git-fixes). * mm, memcg: add mem_cgroup_disabled checks in vmpressure and swap-related functions (bsc#1190208 (MM functional and performance backports) bsc#1216759). * net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759). * net: mana: Configure hwc timeout from hardware (bsc#1214037). * net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764). * powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files. * ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). * s390/cio: unregister device when the only path is gone (git-fixes bsc#1217607). * s390/cmma: fix detection of DAT pages (LTC#203996 bsc#1217087). * s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203996 bsc#1217087). * s390/cmma: fix initial kernel address space page table walk (LTC#203996 bsc#1217087). * s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217206). * s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217519). * s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217604). * s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203996 bsc#1217087). * s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203996 bsc#1217087). * s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217603). * scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes). * scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git- fixes). * tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1216031). * usb-storage: fix deadlock when a scsi command timeouts more than once (git- fixes). * usb: serial: option: add Quectel RM500U-CN modem (git-fixes). * usb: serial: option: add Telit FE990 compositions (git-fixes). * usb: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). * usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git- fixes). * xfs: fix units conversion error in xfs_bmap_del_extent_delay (git-fixes). * xfs: make sure maxlen is still congruent with prod when rounding down (git- fixes). * xfs: reserve data and rt quota at the same time (bsc#1203496). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4883=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4883=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4883=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.160.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kernel-azure-base-4.12.14-16.160.1 * kernel-azure-devel-4.12.14-16.160.1 * kernel-syms-azure-4.12.14-16.160.1 * kernel-azure-base-debuginfo-4.12.14-16.160.1 * kernel-azure-debugsource-4.12.14-16.160.1 * kernel-azure-debuginfo-4.12.14-16.160.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-source-azure-4.12.14-16.160.1 * kernel-devel-azure-4.12.14-16.160.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.160.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * kernel-azure-base-4.12.14-16.160.1 * kernel-azure-devel-4.12.14-16.160.1 * kernel-syms-azure-4.12.14-16.160.1 * kernel-azure-base-debuginfo-4.12.14-16.160.1 * kernel-azure-debugsource-4.12.14-16.160.1 * kernel-azure-debuginfo-4.12.14-16.160.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-source-azure-4.12.14-16.160.1 * kernel-devel-azure-4.12.14-16.160.1 * SUSE Linux Enterprise Server 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.160.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * kernel-azure-base-4.12.14-16.160.1 * kernel-azure-devel-4.12.14-16.160.1 * kernel-syms-azure-4.12.14-16.160.1 * kernel-azure-base-debuginfo-4.12.14-16.160.1 * kernel-azure-debugsource-4.12.14-16.160.1 * kernel-azure-debuginfo-4.12.14-16.160.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-source-azure-4.12.14-16.160.1 * kernel-devel-azure-4.12.14-16.160.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0461.html * https://www.suse.com/security/cve/CVE-2023-31083.html * https://www.suse.com/security/cve/CVE-2023-39197.html * https://www.suse.com/security/cve/CVE-2023-39198.html * https://www.suse.com/security/cve/CVE-2023-45863.html * https://www.suse.com/security/cve/CVE-2023-45871.html * https://www.suse.com/security/cve/CVE-2023-5717.html * https://bugzilla.suse.com/show_bug.cgi?id=1176950 * https://bugzilla.suse.com/show_bug.cgi?id=1190208 * https://bugzilla.suse.com/show_bug.cgi?id=1203496 * https://bugzilla.suse.com/show_bug.cgi?id=1205462 * https://bugzilla.suse.com/show_bug.cgi?id=1208787 * https://bugzilla.suse.com/show_bug.cgi?id=1210780 * https://bugzilla.suse.com/show_bug.cgi?id=1214037 * https://bugzilla.suse.com/show_bug.cgi?id=1214285 * https://bugzilla.suse.com/show_bug.cgi?id=1214408 * https://bugzilla.suse.com/show_bug.cgi?id=1214764 * https://bugzilla.suse.com/show_bug.cgi?id=1216031 * https://bugzilla.suse.com/show_bug.cgi?id=1216058 * https://bugzilla.suse.com/show_bug.cgi?id=1216259 * https://bugzilla.suse.com/show_bug.cgi?id=1216584 * https://bugzilla.suse.com/show_bug.cgi?id=1216759 * https://bugzilla.suse.com/show_bug.cgi?id=1216965 * https://bugzilla.suse.com/show_bug.cgi?id=1216976 * https://bugzilla.suse.com/show_bug.cgi?id=1217036 * https://bugzilla.suse.com/show_bug.cgi?id=1217087 * https://bugzilla.suse.com/show_bug.cgi?id=1217206 * https://bugzilla.suse.com/show_bug.cgi?id=1217519 * https://bugzilla.suse.com/show_bug.cgi?id=1217525 * https://bugzilla.suse.com/show_bug.cgi?id=1217603 * https://bugzilla.suse.com/show_bug.cgi?id=1217604 * https://bugzilla.suse.com/show_bug.cgi?id=1217607 * https://jira.suse.com/browse/PED-3184 * https://jira.suse.com/browse/PED-5021 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Dec 15 12:30:12 2023 From: null at suse.de (null at suse.de) Date: Fri, 15 Dec 2023 12:30:12 -0000 Subject: SUSE-RU-2023:4881-1: moderate: Recommended update for ipmitool Message-ID: <170264341277.24372.16478870203419590192@smelt2.prg2.suse.org> # Recommended update for ipmitool Announcement ID: SUSE-RU-2023:4881-1 Rating: moderate References: * bsc#1216556 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for ipmitool fixes the following issues: * Fix unsupported LAN parameter lookup error (bsc#1216556) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4881=1 openSUSE-SLE-15.4-2023-4881=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4881=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4881=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4881=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4881=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4881=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * ipmitool-debuginfo-1.8.18.238.gb7adc1d-150400.3.6.1 * ipmitool-debugsource-1.8.18.238.gb7adc1d-150400.3.6.1 * ipmitool-1.8.18.238.gb7adc1d-150400.3.6.1 * openSUSE Leap 15.4 (noarch) * ipmitool-bmc-snmp-proxy-1.8.18.238.gb7adc1d-150400.3.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * ipmitool-debuginfo-1.8.18.238.gb7adc1d-150400.3.6.1 * ipmitool-debugsource-1.8.18.238.gb7adc1d-150400.3.6.1 * ipmitool-1.8.18.238.gb7adc1d-150400.3.6.1 * openSUSE Leap 15.5 (noarch) * ipmitool-bmc-snmp-proxy-1.8.18.238.gb7adc1d-150400.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * ipmitool-debuginfo-1.8.18.238.gb7adc1d-150400.3.6.1 * ipmitool-debugsource-1.8.18.238.gb7adc1d-150400.3.6.1 * ipmitool-1.8.18.238.gb7adc1d-150400.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * ipmitool-debuginfo-1.8.18.238.gb7adc1d-150400.3.6.1 * ipmitool-debugsource-1.8.18.238.gb7adc1d-150400.3.6.1 * ipmitool-1.8.18.238.gb7adc1d-150400.3.6.1 * Server Applications Module 15-SP4 (noarch) * ipmitool-bmc-snmp-proxy-1.8.18.238.gb7adc1d-150400.3.6.1 * Server Applications Module 15-SP5 (noarch) * ipmitool-bmc-snmp-proxy-1.8.18.238.gb7adc1d-150400.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216556 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Dec 15 12:30:15 2023 From: null at suse.de (null at suse.de) Date: Fri, 15 Dec 2023 12:30:15 -0000 Subject: SUSE-RU-2023:4880-1: moderate: Recommended update for xen Message-ID: <170264341524.24372.3297741313498320856@smelt2.prg2.suse.org> # Recommended update for xen Announcement ID: SUSE-RU-2023:4880-1 Rating: moderate References: * bsc#1027519 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for xen fixes the following issues: * Upstream bug fixes (bsc#1027519) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4880=1 openSUSE-SLE-15.4-2023-4880=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4880=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4880=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4880=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4880=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4880=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4880=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4880=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4880=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64 i586) * xen-debugsource-4.16.5_10-150400.4.43.1 * xen-libs-4.16.5_10-150400.4.43.1 * xen-tools-domU-4.16.5_10-150400.4.43.1 * xen-devel-4.16.5_10-150400.4.43.1 * xen-tools-domU-debuginfo-4.16.5_10-150400.4.43.1 * xen-libs-debuginfo-4.16.5_10-150400.4.43.1 * openSUSE Leap 15.4 (x86_64) * xen-libs-32bit-debuginfo-4.16.5_10-150400.4.43.1 * xen-libs-32bit-4.16.5_10-150400.4.43.1 * openSUSE Leap 15.4 (aarch64 x86_64) * xen-tools-debuginfo-4.16.5_10-150400.4.43.1 * xen-tools-4.16.5_10-150400.4.43.1 * xen-4.16.5_10-150400.4.43.1 * xen-doc-html-4.16.5_10-150400.4.43.1 * openSUSE Leap 15.4 (noarch) * xen-tools-xendomains-wait-disk-4.16.5_10-150400.4.43.1 * openSUSE Leap 15.4 (aarch64_ilp32) * xen-libs-64bit-4.16.5_10-150400.4.43.1 * xen-libs-64bit-debuginfo-4.16.5_10-150400.4.43.1 * openSUSE Leap Micro 5.3 (x86_64) * xen-libs-debuginfo-4.16.5_10-150400.4.43.1 * xen-debugsource-4.16.5_10-150400.4.43.1 * xen-libs-4.16.5_10-150400.4.43.1 * openSUSE Leap Micro 5.4 (x86_64) * xen-libs-debuginfo-4.16.5_10-150400.4.43.1 * xen-debugsource-4.16.5_10-150400.4.43.1 * xen-libs-4.16.5_10-150400.4.43.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * xen-libs-debuginfo-4.16.5_10-150400.4.43.1 * xen-debugsource-4.16.5_10-150400.4.43.1 * xen-libs-4.16.5_10-150400.4.43.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * xen-libs-debuginfo-4.16.5_10-150400.4.43.1 * xen-debugsource-4.16.5_10-150400.4.43.1 * xen-libs-4.16.5_10-150400.4.43.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * xen-libs-debuginfo-4.16.5_10-150400.4.43.1 * xen-debugsource-4.16.5_10-150400.4.43.1 * xen-libs-4.16.5_10-150400.4.43.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * xen-libs-debuginfo-4.16.5_10-150400.4.43.1 * xen-debugsource-4.16.5_10-150400.4.43.1 * xen-libs-4.16.5_10-150400.4.43.1 * Basesystem Module 15-SP4 (x86_64) * xen-debugsource-4.16.5_10-150400.4.43.1 * xen-libs-4.16.5_10-150400.4.43.1 * xen-tools-domU-4.16.5_10-150400.4.43.1 * xen-tools-domU-debuginfo-4.16.5_10-150400.4.43.1 * xen-libs-debuginfo-4.16.5_10-150400.4.43.1 * Server Applications Module 15-SP4 (x86_64) * xen-4.16.5_10-150400.4.43.1 * xen-debugsource-4.16.5_10-150400.4.43.1 * xen-tools-4.16.5_10-150400.4.43.1 * xen-tools-debuginfo-4.16.5_10-150400.4.43.1 * xen-devel-4.16.5_10-150400.4.43.1 * Server Applications Module 15-SP4 (noarch) * xen-tools-xendomains-wait-disk-4.16.5_10-150400.4.43.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1027519 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Dec 15 12:30:16 2023 From: null at suse.de (null at suse.de) Date: Fri, 15 Dec 2023 12:30:16 -0000 Subject: SUSE-RU-2023:2811-2: moderate: Recommended update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt Message-ID: <170264341667.24372.14821423264880612451@smelt2.prg2.suse.org> # Recommended update for libfido2, python-fido2, yubikey-manager, yubikey- manager-qt Announcement ID: SUSE-RU-2023:2811-2 Rating: moderate References: * jsc#PED-4521 Affected Products: * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains one feature can now be installed. ## Description: This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues: This update provides a feature update to the FIDO2 stack. Changes in libfido2: * Version 1.13.0 (2023-02-20) * New API calls: * fido_assert_empty_allow_list; * fido_cred_empty_exclude_list. * fido2-token: fix issue when listing large blobs. * Version 1.12.0 (2022-09-22) * Support for COSE_ES384. * Improved support for FIDO 2.1 authenticators. * New API calls: * es384_pk_free; * es384_pk_from_EC_KEY; * es384_pk_from_EVP_PKEY; * es384_pk_from_ptr; * es384_pk_new; * es384_pk_to_EVP_PKEY; * fido_cbor_info_certs_len; * fido_cbor_info_certs_name_ptr; * fido_cbor_info_certs_value_ptr; * fido_cbor_info_maxrpid_minpinlen; * fido_cbor_info_minpinlen; * fido_cbor_info_new_pin_required; * fido_cbor_info_rk_remaining; * fido_cbor_info_uv_attempts; * fido_cbor_info_uv_modality. * Documentation and reliability fixes. * Version 1.11.0 (2022-05-03) * Experimental PCSC support; enable with -DUSE_PCSC. * Improved OpenSSL 3.0 compatibility. * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. * winhello: advertise "uv" instead of "clientPin". * winhello: support hmac-secret in fido_dev_get_assert(). * New API calls: * fido_cbor_info_maxlargeblob. * Documentation and reliability fixes. * Separate build and regress targets. * Version 1.10.0 (2022-01-17) * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. * New API calls: * fido_dev_info_set; * fido_dev_io_handle; * fido_dev_new_with_info; * fido_dev_open_with_info. * Cygwin and NetBSD build fixes. * Documentation and reliability fixes. * Support for TPM 2.0 attestation of COSE_ES256 credentials. * Version 1.9.0 (2021-10-27) * Enabled NFC support on Linux. * Support for FIDO 2.1 "minPinLength" extension. * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. * Support for TPM 2.0 attestation. * Support for device timeouts; see fido_dev_set_timeout(). * New API calls: * es256_pk_from_EVP_PKEY; * fido_cred_attstmt_len; * fido_cred_attstmt_ptr; * fido_cred_pin_minlen; * fido_cred_set_attstmt; * fido_cred_set_pin_minlen; * fido_dev_set_pin_minlen_rpid; * fido_dev_set_timeout; * rs256_pk_from_EVP_PKEY. * Reliability and portability fixes. * Better handling of HID devices without identification strings; gh#381. * Update to version 1.8.0: * Better support for FIDO 2.1 authenticators. * Support for attestation format 'none'. * New API calls: * fido_assert_set_clientdata; * fido_cbor_info_algorithm_cose; * fido_cbor_info_algorithm_count; * fido_cbor_info_algorithm_type; * fido_cbor_info_transports_len; * fido_cbor_info_transports_ptr; * fido_cred_set_clientdata; * fido_cred_set_id; * fido_credman_set_dev_rk; * fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. * Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions. * New API calls * New fido_init flag to disable fido_dev_open?s U2F fallback * Experimental NFC support on Linux. * Enabled hidapi again, issues related to hidapi are fixed upstream * Update to version 1.6.0: * Documentation and reliability fixes. * New API calls: * fido_cred_authdata_raw_len; * fido_cred_authdata_raw_ptr; * fido_cred_sigcount; * fido_dev_get_uv_retry_count; * fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. * Create a udev subpackage and ship the udev rule. Changes in python-fido2: * update to 0.9.3: * Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ * Support the latest Windows webauthn.h API (included in Windows 11). * Add product name and serial number to HidDescriptors. * Remove the need for the uhid-freebsd dependency on FreeBSD. * Update to version 0.9.1 * Add new CTAP error codes and improve handling of unknown codes. * Client: API changes to better support extensions. * Client.make_credential now returns a AuthenticatorAttestationResponse, which holds the AttestationObject and ClientData, as well as any client extension results for the credential. * Client.get_assertion now returns an AssertionSelection object, which is used to select between multiple assertions * Renames: The CTAP1 and CTAP2 classes have been renamed to Ctap1 and Ctap2, respectively. * ClientPin: The ClientPin API has been restructured to support multiple PIN protocols, UV tokens, and token permissions. * CTAP 2.1 PRE: Several new features have been added for CTAP 2.1 * HID: The platform specific HID code has been revamped * Version 0.8.1 (released 2019-11-25) * Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified. * Version 0.8.0 (released 2019-11-25) * New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced. * CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request. * Fido2Client: * make_credential/get_assertion now take WebAuthn options objects. * timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event. * Fido2Server: * ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes. * RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional. * Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values. * Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers. * Fido2Server.timeout is now in ms and of type int. * Support native WebAuthn API on Windows through WindowsClient. * Version 0.7.2 (released 2019-10-24) * Support for the TPM attestation format. * Allow passing custom challenges to register/authenticate in Fido2Server. * Bugfix: CTAP2 CANCEL command response handling fixed. * Bugfix: Fido2Client fix handling of empty allow_list. * Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail. * Version 0.7.1 (released 2019-09-20) * Enforce canonical CBOR on Authenticator responses by default. * PCSC: Support extended APDUs. * Server: Verify that UP flag is set. * U2FFido2Server: Implement AppID exclusion extension. * U2FFido2Server: Allow custom U2F facet verification. * Bugfix: U2FFido2Server.authenticate_complete now returns the result. * Version 0.7.0 (released 2019-06-17) * Add support for NFC devices using PCSC. * Add support for the hmac-secret Authenticator extension. * Honor max credential ID length and number of credentials to Authenticator. * Add close() method to CTAP devices to explicitly release their resources. * Version 0.6.0 (released 2019-05-10) * Don't fail if CTAP2 Info contains unknown fields. * Replace cbor loads/dumps functions with encode/decode/decode_from. * Server: Add support for AuthenticatorAttachment. * Server: Add support for more key algorithms. * Client: Expose CTAP2 Info object as Fido2Client.info. Changes in yubikey-manager: * Update to version 4.0.9 (released 2022-06-17) * Dependency: Add support for python-fido2 1.x * Fix: Drop stated support for Click 6 as features from 7 are being used. * Update to version 4.0.8 (released 2022-01-31) * Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential. * Bugfix: Fix issue with displaying a Steam credential when it is the only account. * Bugfix: Prevent installation of files in site-packages root. * Bugfix: Fix cleanup logic in PIV for protected management key. * Add support for token identifier when programming slot-based HOTP. * Add support for programming NDEF in text mode. * Dependency: Add support for Cryptography ? 38. * version update to 4.0.7 ** Bugfix release: Fix broken naming for "YubiKey 4", and a small OATH issue with touch Steam credentials. * version 4.0.6 (released 2021-09-08) **Improve handling of YubiKey device reboots.** More consistently mask PIN/password input in prompts. **Support switching mode over CCID for YubiKey Edge.** Run pkill from PATH instead of fixed location. * version 4.0.5 (released 2021-07-16) **Bugfix: Fix PIV feature detection for some YubiKey NEO versions.** Bugfix: Fix argument short form for --period when adding TOTP credentials. **Bugfix: More strict validation for some arguments, resulting in better error messages.** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required. ** Bugfix: Fix prompting for access code in the otp settings command (now uses "-A -"). * Update to version 4.0.3 * Add support for fido reset over NFC. * Bugfix: The --touch argument to piv change-management-key was ignored. * Bugfix: Don?t prompt for password when importing PIV key/cert if file is invalid. * Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO. * Bugfix: Detect PKCS#12 format when outer sequence uses indefinite length. * Dependency: Add support for Click 8. * Update to version 4.0.2 * Update device names * Add read_info output to the --diagnose command, and show exception types. * Bugfix: Fix read_info for YubiKey Plus. * Add support for YK5-based FIPS YubiKeys. * Bugfix: Fix OTP device enumeration on Win32. * Drop reliance on libusb and libykpersonalize. * Support the "fido" and "otp" subcommands over NFC * New "ykman --diagnose" command to aid in troubleshooting. * New "ykman apdu" command for sending raw APDUs over the smart card interface. * New "yubikit" package added for custom development and advanced scripting. * OpenPGP: Add support for KDF enabled YubiKeys. * Static password: Add support for FR, IT, UK and BEPO keyboard layouts. * Update to 3.1.1 * Add support for YubiKey 5C NFC * OpenPGP: set-touch now performs compatibility checks before prompting for PIN * OpenPGP: Improve error messages and documentation for set-touch * PIV: read-object command no longer adds a trailing newline * CLI: Hint at missing permissions when opening a device fails * Linux: Improve error handling when pcscd is not running * Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this! * Bugfix: set-touch now accepts the cached-fixed option * Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing * Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate * Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate * Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception * Version 3.1.0 (released 2019-08-20) * Add support for YubiKey 5Ci * OpenPGP: the info command now prints OpenPGP specification version as well * OpenPGP: Update support for attestation to match OpenPGP v3.4 * PIV: Use UTC time for self-signed certificates * OTP: Static password now supports the Norman keyboard layout * Version 3.0.0 (released 2019-06-24) * Add support for new YubiKey Preview and lightning form factor * FIDO: Support for credential management * OpenPGP: Support for OpenPGP attestation, cardholder certificates and cached touch policies * OTP: Add flag for using numeric keypad when sending digits * Version 2.1.1 (released 2019-05-28) * OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud * Don?t automatically select the U2F applet on YubiKey NEO, it might be blocked by the OS * ChalResp: Always pad challenge correctly * Bugfix: Don?t crash with older versions of cryptography * Bugfix: Password was always prompted in OATH command, even if sent as argument Changes in yubikey-manager-qt: * update to 1.2.5: * Compatibility update for ykman 5.0.1. * Update to Python 3.11. * Update product images. * Update to version 1.2.4 (released 2021-10-26) * Update device names and images. * PIV: Fix import of certificate. * Update to version 1.2.3 * Improved error handling when using Security Key Series devices. * PIV: Fix generation of certificate in slot 9c. * Update to version 1.2.2 * Fix detection of YubiKey Plus * Compatibility update for yubikey-manager 4.0 * Bugfix: Device caching with multiple devices * Drop dependencies on libusb and libykpers. * Add additional product names and images * update to 1.1.5 * Add support for YubiKey 5C NFC * Update to version 1.1.4 * OTP: Add option to upload YubiOTP credential to YubiCloud * Linux: Show hint about pcscd service if opening device fails * Bugfix: Signal handling now compatible with Python 3.8 * Version 1.1.3 (released 2019-08-20) * Add suppport for YubiKey 5Ci * PIV: Use UTC time for self-signed certificates * Version 1.1.2 (released 2019-06-24) * Add support for new YubiKey Preview * PIV: The popup for the management key now have a "Use default" option * Windows: Fix issue with importing PIV certificates * Bugfix: generate static password now works correctly ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2811=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2811=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-2811=1 ## Package List: * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * yubikey-manager-qt-debuginfo-1.2.5-150400.9.3.1 * yubikey-manager-qt-1.2.5-150400.9.3.1 * yubikey-manager-qt-debugsource-1.2.5-150400.9.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libfido2-1-debuginfo-1.13.0-150400.5.3.1 * libfido2-1-1.13.0-150400.5.3.1 * libfido2-debuginfo-1.13.0-150400.5.3.1 * libfido2-devel-1.13.0-150400.5.3.1 * libfido2-debugsource-1.13.0-150400.5.3.1 * Basesystem Module 15-SP5 (noarch) * yubikey-manager-4.0.9-150400.9.3.1 * libfido2-udev-1.13.0-150400.5.3.1 * python3-fido2-0.9.3-150400.9.3.1 * python3-dataclasses-0.8-150400.3.2.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libfido2-debugsource-1.13.0-150400.5.3.1 * libfido2-1-1.13.0-150400.5.3.1 * libfido2-1-debuginfo-1.13.0-150400.5.3.1 * libfido2-debuginfo-1.13.0-150400.5.3.1 ## References: * https://jira.suse.com/browse/PED-4521 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Dec 15 16:30:02 2023 From: null at suse.de (null at suse.de) Date: Fri, 15 Dec 2023 16:30:02 -0000 Subject: SUSE-RU-2023:4884-1: moderate: Recommended update for kiwi-templates-Minimal-s390x Message-ID: <170265780215.15200.5739268242705521567@smelt2.prg2.suse.org> # Recommended update for kiwi-templates-Minimal-s390x Announcement ID: SUSE-RU-2023:4884-1 Rating: moderate References: * bsc#1211722 * bsc#1215676 * bsc#1215723 * bsc#1215766 Affected Products: * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has four fixes can now be installed. ## Description: This update for kiwi-templates-Minimal-s390x fixes the following issues: * Add group(wheel) (bsc#1215723) * Remove the /boot/writable subvolume, only needed for transactional systems * Add rsyslog (bsc#1215766) * Install wicked explicitly * Add "rw" to the kernel cmdline (bsc#1211722) * Remove kernel-firmware-all package (bsc#1215676) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4884=1 openSUSE-SLE-15.5-2023-4884=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4884=1 ## Package List: * openSUSE Leap 15.5 (noarch) * kiwi-templates-Minimal-s390x-15.5-150500.5.6.1 * Development Tools Module 15-SP5 (noarch) * kiwi-templates-Minimal-s390x-15.5-150500.5.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211722 * https://bugzilla.suse.com/show_bug.cgi?id=1215676 * https://bugzilla.suse.com/show_bug.cgi?id=1215723 * https://bugzilla.suse.com/show_bug.cgi?id=1215766 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Dec 18 09:05:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Dec 2023 10:05:01 +0100 (CET) Subject: SUSE-CU-2023:4184-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20231218090501.545A4FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4184-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.4 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.4 Container Release : 9.43.4 Severity : moderate Type : security References : 1217592 CVE-2023-49083 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4843-1 Released: Thu Dec 14 12:22:44 2023 Summary: Security update for python3-cryptography Type: security Severity: moderate References: 1217592,CVE-2023-49083 This update for python3-cryptography fixes the following issues: - CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). The following package changes have been done: - python3-cryptography-3.3.2-150400.23.1 updated From sle-updates at lists.suse.com Mon Dec 18 09:06:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Dec 2023 10:06:03 +0100 (CET) Subject: SUSE-CU-2023:4187-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20231218090603.13F85FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4187-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.512 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.512 Severity : moderate Type : security References : 1216862 1217212 1217573 CVE-2023-46218 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4713-1 Released: Mon Dec 11 13:23:12 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,CVE-2023-46218 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - gpg2-2.2.27-150300.3.8.1 updated - libcurl4-7.66.0-150200.4.63.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - container:sles15-image-15.0.0-17.20.226 updated From null at suse.de Mon Dec 18 12:30:01 2023 From: null at suse.de (null at suse.de) Date: Mon, 18 Dec 2023 12:30:01 -0000 Subject: SUSE-RU-2023:4889-1: low: Recommended update for pam Message-ID: <170290260179.14422.18315165617550455392@smelt2.prg2.suse.org> # Recommended update for pam Announcement ID: SUSE-RU-2023:4889-1 Rating: low References: * bsc#1215594 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has one fix can now be installed. ## Description: This update for pam fixes the following issue: * Add no_pass_expiry option to ignore password expiration (bsc#1215594) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4889=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4889=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4889=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4889=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * pam-devel-1.1.8-24.53.1 * pam-debuginfo-1.1.8-24.53.1 * pam-debugsource-1.1.8-24.53.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * pam-1.1.8-24.53.1 * pam-extra-debuginfo-1.1.8-24.53.1 * pam-debuginfo-1.1.8-24.53.1 * pam-debugsource-1.1.8-24.53.1 * pam-extra-1.1.8-24.53.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * pam-doc-1.1.8-24.53.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * pam-32bit-1.1.8-24.53.1 * pam-extra-32bit-1.1.8-24.53.1 * pam-extra-debuginfo-32bit-1.1.8-24.53.1 * pam-debuginfo-32bit-1.1.8-24.53.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * pam-1.1.8-24.53.1 * pam-extra-debuginfo-1.1.8-24.53.1 * pam-debuginfo-1.1.8-24.53.1 * pam-debugsource-1.1.8-24.53.1 * pam-extra-1.1.8-24.53.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * pam-doc-1.1.8-24.53.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * pam-32bit-1.1.8-24.53.1 * pam-extra-32bit-1.1.8-24.53.1 * pam-extra-debuginfo-32bit-1.1.8-24.53.1 * pam-debuginfo-32bit-1.1.8-24.53.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * pam-1.1.8-24.53.1 * pam-extra-debuginfo-1.1.8-24.53.1 * pam-debuginfo-1.1.8-24.53.1 * pam-debugsource-1.1.8-24.53.1 * pam-extra-1.1.8-24.53.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * pam-doc-1.1.8-24.53.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * pam-32bit-1.1.8-24.53.1 * pam-extra-32bit-1.1.8-24.53.1 * pam-extra-debuginfo-32bit-1.1.8-24.53.1 * pam-debuginfo-32bit-1.1.8-24.53.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215594 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Dec 18 12:30:03 2023 From: null at suse.de (null at suse.de) Date: Mon, 18 Dec 2023 12:30:03 -0000 Subject: SUSE-RU-2023:4888-1: moderate: Recommended update for yast2-firewall Message-ID: <170290260335.14422.11275237691352430087@smelt2.prg2.suse.org> # Recommended update for yast2-firewall Announcement ID: SUSE-RU-2023:4888-1 Rating: moderate References: * bsc#1216615 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for yast2-firewall fixes the following issues: * In case of autoinstallation keep the firewall service state in the Installation::SecuritySettings for not conflicting with the proposal (bsc#1216615) * Update to 4.5.1 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4888=1 openSUSE-SLE-15.5-2023-4888=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4888=1 ## Package List: * openSUSE Leap 15.5 (noarch) * yast2-firewall-4.5.1-150500.3.3.1 * Basesystem Module 15-SP5 (noarch) * yast2-firewall-4.5.1-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216615 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Dec 18 12:30:07 2023 From: null at suse.de (null at suse.de) Date: Mon, 18 Dec 2023 12:30:07 -0000 Subject: SUSE-RU-2023:4887-1: moderate: Recommended update for yast2-security Message-ID: <170290260777.14422.733783624170961426@smelt2.prg2.suse.org> # Recommended update for yast2-security Announcement ID: SUSE-RU-2023:4887-1 Rating: moderate References: * bsc#1216615 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for yast2-security fixes the following issues: * Do not load the security settings from the security policy until needed (bsc#1216615) * Update to 4.5.7 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4887=1 openSUSE-SLE-15.5-2023-4887=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4887=1 ## Package List: * openSUSE Leap 15.5 (noarch) * yast2-security-4.5.7-150500.3.3.1 * Basesystem Module 15-SP5 (noarch) * yast2-security-4.5.7-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216615 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Dec 18 12:30:09 2023 From: null at suse.de (null at suse.de) Date: Mon, 18 Dec 2023 12:30:09 -0000 Subject: SUSE-RU-2023:4886-1: moderate: Recommended update for google-guest-agent, google-guest-oslogin Message-ID: <170290260961.14422.10850561660869793987@smelt2.prg2.suse.org> # Recommended update for google-guest-agent, google-guest-oslogin Announcement ID: SUSE-RU-2023:4886-1 Rating: moderate References: * bsc#1216546 * bsc#1216547 * bsc#1216548 * bsc#1216750 * bsc#1216751 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has five fixes can now be installed. ## Description: This update for google-guest-agent, google-guest-oslogin fixes the following issues: * Update to version 20231031.01 (bsc#1216547, bsc#1216751) * Bump the golang compiler version to 1.21 (bsc#1216546) * Update to version 20231101.00 (bsc#1216548, bsc#1216750) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4886=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4886=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-4886=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-4886=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-4886=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4886=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4886=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * google-guest-agent-20231031.01-150000.1.40.1 * google-guest-oslogin-debuginfo-20231101.00-150000.1.35.1 * google-guest-oslogin-debugsource-20231101.00-150000.1.35.1 * google-guest-oslogin-20231101.00-150000.1.35.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * google-guest-agent-20231031.01-150000.1.40.1 * google-guest-oslogin-debuginfo-20231101.00-150000.1.35.1 * google-guest-oslogin-debugsource-20231101.00-150000.1.35.1 * google-guest-oslogin-20231101.00-150000.1.35.1 * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * google-guest-agent-20231031.01-150000.1.40.1 * google-guest-oslogin-debuginfo-20231101.00-150000.1.35.1 * google-guest-oslogin-debugsource-20231101.00-150000.1.35.1 * google-guest-oslogin-20231101.00-150000.1.35.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * google-guest-agent-20231031.01-150000.1.40.1 * google-guest-oslogin-debuginfo-20231101.00-150000.1.35.1 * google-guest-oslogin-debugsource-20231101.00-150000.1.35.1 * google-guest-oslogin-20231101.00-150000.1.35.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * google-guest-agent-20231031.01-150000.1.40.1 * google-guest-oslogin-debuginfo-20231101.00-150000.1.35.1 * google-guest-oslogin-debugsource-20231101.00-150000.1.35.1 * google-guest-oslogin-20231101.00-150000.1.35.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * google-guest-agent-20231031.01-150000.1.40.1 * google-guest-oslogin-debuginfo-20231101.00-150000.1.35.1 * google-guest-oslogin-debugsource-20231101.00-150000.1.35.1 * google-guest-oslogin-20231101.00-150000.1.35.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * google-guest-agent-20231031.01-150000.1.40.1 * google-guest-oslogin-debuginfo-20231101.00-150000.1.35.1 * google-guest-oslogin-debugsource-20231101.00-150000.1.35.1 * google-guest-oslogin-20231101.00-150000.1.35.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216546 * https://bugzilla.suse.com/show_bug.cgi?id=1216547 * https://bugzilla.suse.com/show_bug.cgi?id=1216548 * https://bugzilla.suse.com/show_bug.cgi?id=1216750 * https://bugzilla.suse.com/show_bug.cgi?id=1216751 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Dec 18 12:30:11 2023 From: null at suse.de (null at suse.de) Date: Mon, 18 Dec 2023 12:30:11 -0000 Subject: SUSE-FU-2023:4885-1: moderate: Feature update for Jackson Message-ID: <170290261125.14422.15719218540678496277@smelt2.prg2.suse.org> # Feature update for Jackson Announcement ID: SUSE-FU-2023:4885-1 Rating: moderate References: * jsc#MSC-611 * jsc#SLE-23217 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that contains two features can now be installed. ## Description: This update for Jackson fixes the following issues: jackson-annotations was updated from version 2.13.0 to 2.15.2: * Add 'JsonFormat.Feature's: READ_UNKNOWN_ENUM_VALUES_AS_NULL, READ_UNKNOWN_ENUM_VALUES_USING_DEFAULT_VALUE * Add NOTICE file with copyright information * Add 'JsonFormat.Feature.READ_DATE_TIMESTAMPS_AS_NANOSECONDS' * Allow explicit 'JsonSubTypes' repeated names check * Version allignment to other jackson packages jackson-bom was updated from version 2.13.0 to 2.15.2: * Update 'de.jjohannes:gradle-module-metadata-maven-plugin' to 0.4.0 * Add override for 'version.plugin.moditect' to be '1.0.0.Final' until upgraded in 'oss-parent'/51 * Change defaults for Felix OSGi Bundle plug-in to fix timestamps for Reproducible Builds * Add version for 'jackson-datatype-hibernate6' * Add version for 'jackson-module-jsonSchema-jakarta' * Gradle reports incorrect jackson-bom dependency version * Moved 'module-info.java' to 'META-INF/versions/11' instead of 'META- INF/versions/9' jackson-core was updated from version 2.13.0 to 2.15.2: * Version 2.15.2: * Allow override of 'StreamReadContraints' default with 'overrideDefaultStreamReadConstraints()' * Version 2.15.1: * Add FastDoubleParser section to 'NOTICE' * Increase default max allowed String value length from 5 megs to 20 megs * Problem with 'FilteringGeneratorDelegate' wrt 'TokenFilter.Inclusion.INCLUDE_NON_NULL' * Version 2.15.0: * Add numeric value size limits via 'StreamReadConstraints' * Add SLSA provenance via build script * Add 'StreamReadFeature.USE_FAST_BIG_DECIMAL_PARSER' to enable faster 'BigDecimal', 'BigInteger' parsing * Add 'StreamReadConstraints' limit for longest textual value to allow (default: 5M) * Optimize parsing 19 digit longs * Fix possible flaw in 'TokenFilterContext#skipParentChecks()' * Add 'Object JsonParser.getNumberValueDeferred()' method to allow for deferred decoding in some cases * Add 'JsonFactory.Feature.CHARSET_DETECTION' to disable charset detection * Use 'StreamConstraintsException' in name canonicalizers * Offer a way to directly set 'StreamReadConstraints' via 'JsonFactory' (not just Builder) * Prevent inefficient internal conversion from 'BigDecimal' to 'BigInteger' wrt ultra-large scale * Add 'JsonGenerator.copyCurrentEventExact' as alternative to 'copyCurrentEvent()' * Version 2.14.3: * Optional padding Base64Variant still throws exception on missing padding character * Address performance issue with 'BigDecimalParser' * Backport removal of BigDecimal to BigInt conersio * FastDoubleParser license * Got 'NegativeArraySizeException' when calling 'writeValueAsString()' * Version 2.14.2: * Allow TokenFIlter to skip last elements in arrays * Avoid instance creations in fast parser code * Fix 'FilteringGeneratorDelegate' not creating new 'filterContext' if 'tokenFilter' is null * Version 2.14.0: * Add 'NumberInput.parseFloat()' * Add 'StreamReadCapability.EXACT_FLOATS' to indicate whether parser reports exact floating-point values or not * Add "JsonPointer#appendProperty" and "JsonPointer#appendIndex" * Add a feature to allow leading plus sign ('JsonReadFeature.ALLOW_LEADING_PLUS_SIGN_FOR_NUMBERS') * Add explicit bounds checks for 'JsonFactory.createParser()' methods that take 'byte[]'/'char[]'-with-offsets input * Add explicit bounds checks for 'JsonGenerator' methods that take 'byte[]'/'char[]'/String-with-offsets input * Add option to accept non-standard trailing decimal point ('JsonReadFeature.ALLOW_TRAILING_DECIMAL_POINT_FOR_NUMBERS') * Allow TokenFilters to keep empty arrays and objects * Allow use of faster floating-point number parsing with 'StreamReadFeature.USE_FAST_DOUBLE_PARSER' * Allow use of faster floating-point number serialization ('StreamWriteFeature.USE_FAST_DOUBLE_WRITER') * Avoid copy when parsing 'BigDecimal' * Change minimum Java version to 8 * Fix 'JsonFactory.createGenerator()' with 'File' that may leak 'OutputStream's * Fix 'JsonFactory.createParser()' with 'File' that may leak 'InputStream's * Fix 'JsonPointer.empty()' should NOT indicate match of a property with key of "" * Fix 'JsonPointer' quadratic memory use: Out Of Memory (OOME) on deep inputs * Fix calling 'JsonPointer.compile(...)' on very deeply nested expression throwing 'StackOverflowError' * Fix Hex capitalization for JsonWriter to be configurable (add 'JsonWriteFeature.WRITE_HEX_UPPER_CASE') * Fix ReaderBaseJsonParser._verifyRootSpace() that can cause buffer boundary failure * JsonGenerator to provide current value to the context before starting objects * Make 'BigDecimal' parsing lazy * Make 'BigInteger' parsing lazy * Make 'JsonPointer' 'java.io.Serializable' * Provide implementation of async JSON parser fed by 'ByteBufferFeeder' * Remove workaround for old issue with a particular double * Update ParserBase to support floats directly * Use 'BigDecimalParser' for BigInteger parsing very long numbers * Version 2.13.3: * Limit size of exception message in BigDecimalParser * Version 2.13.2: * Fix `JsonLocation` in 2.13 that only uses identity comparison for "content reference" * Update Maven wrapper * Version 2.13.1: * Fix incorrect parsing of single-quoted surrounded String values containing double quotes jackson-databind was updated from 2.13.4.2 to 2.15.2: * Version 2.15.2: * Fix record setter not included from interface (2.15 regression) * Version 2.15.1: * Fix error in creating nested 'ArrayNode's with * 'JsonNode.withArray()' * Only avoid Records fields detection for deserialization * Fix issue with deserialization when there are unexpected properties (due to null 'StreamReadConstraints') * Fix TypeId serialization for 'JsonTypeInfo.Id.DEDUCTION', native type ids * Version 2.15.0: * Add '@EnumNaming', 'EnumNamingStrategy' to allow use of naming strategies for Enums * Add 'EnumFeature.READ_ENUM_KEYS_USING_INDEX' to work with existing "WRITE_ENUM_KEYS_USING_INDEX" * Add 'MapperFeature.REQUIRE_TYPE_ID_FOR_SUBTYPES' to enable/disable strict subtype Type Id handling * Add convenience method 'SimpleBeanPropertyFilter.filterOutAll()' as counterpart of 'serializeAll()' * Add enum features into '@JsonFormat.Feature' * Add Stream-friendly alternative to 'ObjectNode.fields()': 'Set> properties()' * Add support in 'TokenBuffer' for lazily decoded (big) numbers * Allow serializing enums to lowercase ('EnumFeature.WRITE_ENUMS_TO_LOWERCASE') * Allow use of '@JsonCreator(mode = Mode.PROPERTIES)' creator for POJOs with"empty String" coercion * Cannot use both 'JsonCreator.Mode.DELEGATING' and 'JsonCreator.Mode.PROPERTIES' static creator factory methods for Enums * Case-insensitive and number-based enum deserialization are (unnecessarily) mutually exclusive * Deprecate "exact values" setting from 'JsonNodeFactory', replace with 'JsonNodeFeature.STRIP_TRAILING_BIGDECIMAL_ZEROES' * Deprecate classes in package 'com.fasterxml.jackson.databind.jsonschema' * Do not require the usage of opens in a modular app when using records * Enhance 'StdNodeBasedDeserializer' to support 'readerForUpdating' * Fix Enum Deserialisation Failing with Polymorphic type validator * Fix '@JsonDeserialize(converter = ...)' not working with Records * Fix 'DelegatingDeserializer' missing override of 'getAbsentValue()' (and couple of other methods) * Fix 'JsonTypeInfo.As.EXTERNAL_PROPERTY' not working with record wrappers * Fix 'Optional' not recognized as boolean field * Fix 'TypeFactory' cache performance degradation with 'constructSpecializedType()' * Fix classloader leak: DEFAULT_ANNOTATION_INTROSPECTOR holds annotation reference * Fix deserialization of '@JsonTypeInfo' annotated type fails with missing type id even for explicit concrete subtypes * Fix Incorrect target type for arrays when disabling coercion * Fix InvalidDefinitionException when calling mapper.createObjectNode().putPOJO * Fix Null coercion with '@JsonSetter' not working with 'java.lang.Record' * Fix properties naming strategy not working with Record * Fix Timestamp in classes inside jar showing 02/01/1980 * Fix TokenBuffer does not implement writeString(Reader reader, int len) * Fix transient 'Field's are not ignored as Mutators if there is visible Getter * Fix wrong schemaType of 'LongSerializer' * Flush readonly map together with shared on 'SerializerCache.flush()' * Infer '@JsonCreator(mode = Mode.DELEGATING)' from use of '@JsonValue') * Support '@JsonCreator' annotation on record classes * Try to avoid auto-detecting Fields for Record types * Version 2.14.3: * Fix 'PrimitiveArrayDeserializers$ByteDeser.deserialize' ignores 'DeserializationProblemHandler' for invalid Base64 content * Set transformer factory attributes to improve protection against XXE * Version 2.14.2: * Allow custom 'JsonNode' implementations * Fix '@JsonTypeInfo' does not work if the Type Id is an Integer value * Fix '@JsonValue' failing for Java Record * Fix 'StdDelegatingDeserializer' ignoring 'nullValue' of '_delegateDeserializer'. * Fix Enum polymorphism not working correctly with DEDUCTION * Version 2.14.1: * Fix 'Enum' values that cannot be read from single-element array even with 'DeserializationFeature.UNWRAP_SINGLE_VALUE_ARRAYS' * Version 2.14.0: * Add method 'ObjectMapper.copyWith(JsonFactory)' * Add method(s) in 'JsonNode' that works like combination of 'at()' and 'with()': 'withObject(...)' and 'withArray(...)' * Add optional explicit 'JsonSubTypes' repeated names check * Add serializer-cache size limit to avoid Metaspace issues from caching Serializers * Allow (de)serializing records using Bean(De)SerializerModifier even when reflection is unavailable * Allow disabling Integer to String coercion via 'CoercionConfig' * Allow non-boolean return type for "is-getters" with 'MapperFeature.ALLOW_IS_GETTERS_FOR_NON_BOOLEAN' * Allow use of 'JsonNode' field for '@JsonAnySetter' * Change 'JsonNode.with(String)' and 'withArray(String)' to consider argument as 'JsonPointer' if valid expression * Change 'TypeSerializerBase' to skip 'generator.writeTypePrefix()' for 'null' typeId * Change LRUMap to just evict one entry when maxEntries reached * Create DataTypeFeature abstraction (for JSTEP-7) with placeholder features * Deeply nested JsonNode throws StackOverflowError for toString() * Deserialization of Throwables with PropertyNamingStrategy does not work * Deserialize missing value of 'EXTERNAL_PROPERTY' type using custom 'NullValueProvider' * Do not strip generic type from 'Class' when resolving 'JavaType' * Expose 'translate()' method of standard 'PropertyNamingStrategy' implementations * Filter method only got called once if the field is null when using '@JsonInclude(value = JsonInclude.Include.CUSTOM, valueFilter = SomeFieldFilter.class)' * Fix '@JsonIgnore' does not if together with '@JsonProperty' or '@JsonFormat' * Fix 'configOverride.setMergeable(false)' not supported by 'ArrayNode' * Fix 'StdDeserializer' that coerces ints to floats even if configured to fail * Fix 'TokenBuffer' defaults for parser/stream-read features which neither passed from parser nor use real defaults * Fix deduction deserializer with DefaultTypeResolverBuilder * Fix issue preventing merge of polymorphic objects * Implement 'float' and 'boolean' to 'String' coercion config * Implement 'JsonNodeFeature.READ_NULL_PROPERTIES' to allow skipping of JSON 'null' values on reading * Implement 'JsonNodeFeature.WRITE_NULL_PROPERTIES' to allow skipping JSON 'null' values on writing * Improve performance of 'UnresolvedForwardReference' for forward reference resolution * Legacy 'ALLOW_COERCION_OF_SCALARS' interacts poorly with Integer to Float coercion * Replace 'JsonNode.with()' with 'JsonNode.withObject()' * Support 'null'-valued 'Map' fields with "any setter" * Support use of fast double parse * Update 'MapDeserializer' to support 'StreamReadCapability.DUPLICATE_PROPERTIES' * Version 2.13.5: * Improve testing (likely via CI) to try to ensure compatibility with specific Android SDKs * Jackson 2.13 uses Class.getTypeName() that is only available on Android SDK 26 (with fix works on ASDK 24) jackson-dataformats-binary was updated from 2.13.0 to 2.15.2: * Version 2.15.2: * Fix 'logback-test.xml' in wrong place (avro/src/main/resources) * Version 2.15.0: * Add support for CBOR stringref extension ('CBORGenerator.Feature.STRINGREF') * Add 'CBORGenerat.Feature.WRITE_MINIMAL_DOUBLES' for writing 'double's as 'float's if safe to do so * Remove optimized 'CBORParser.nextTextValue()' implementation * Version 2.14.3: * Fix missing license file in Maven package for newer versions * Fix 'CBORGenerator.writeRawUTF8String()' ignoring offset * Version 2.14.1: * Possible performance improvement on jdk9+ for Smile decoding * Version 2.14.0: * Avro schema generation: allow override namespace with new '@AvroNamespace' annotation * Ensure 'IonReader' instances created within 'IonFactory' are always resource-managed * Fix 'IonObjectMapper' does not throw JacksonException for some invalid Ion * Fix missing configuration methods for format-specific parser/generator features * Short NUL-only keys incorrectly detected as duplicates * Update to Amazon Ion 1.9.5 * Use passed "current value" in 'writeStartObject()' overload * Version 2.13.3: * Fix IonValueDeserializer that does not handle getNullValue correctly for a missing property * Version 2.13.1: * Fix 'IllegalArgumentException' in 'IonParser.getEmbeddedObject()' jackson-modules-base was updated from 2.13.3 to 2.15.2: * Version 2.15.2: * Mr Bean exposing 'Asm' as Maven dependency despite shading * 'org.ow2.asm:asm' updated to 9.5 * Version 2.15.1: * Gradle metadata for 'jackson-core' '2.15.0' adds dependency on shaded 'org.ow2.asm:asm' * Version 2.15.0: * Filter annotated by JsonInclude.Include.CUSTOM does not get called if property is null with Afterburner/Blackbird module registered * Version 2.14.3: * Fix failing tests in java17 CI run * Fix Gradle Module Metadata for Afterburner, Blackbird * jaxb and jakarta-xmlbind put module-info in versions/11 * Version 2.14.0: * Blackbird doesn't work on Java 15+ * Remove stack trace from Blackbirds warnings wrt missing 'MethodHandles.lookup()' (on Java 8) * Update Asm version from 9.0 to 9.4 * Enhance SUSE Manager and Uyuni (ijsc#MSC-611) jackson-parent was updated from 2.13 to 2.15: * Remove settings for 'org.eclipse.m2e:lifecycle-mapping' * Upgrade to oss-parent 50 (many plugin version updates) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4885=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-4885=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4885=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4885=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4885=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-4885=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4885=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4885=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4885=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4885=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4885=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4885=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4885=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4885=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4885=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4885=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4885=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4885=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4885=1 ## Package List: * Development Tools Module 15-SP5 (noarch) * jackson-dataformat-cbor-2.15.2-150200.3.8.2 * SUSE Manager Server 4.3 Module 4.3 (noarch) * jackson-module-guice-2.15.2-150200.5.6.2 * jackson-module-paranamer-2.15.2-150200.5.6.2 * jackson-annotations-2.15.2-150200.3.11.2 * jackson-module-mrbean-2.15.2-150200.5.6.2 * jackson-module-jaxb-annotations-2.15.2-150200.5.6.2 * jackson-module-afterburner-2.15.2-150200.5.6.2 * jackson-databind-2.15.2-150200.3.15.1 * jackson-module-no-ctor-deser-2.15.2-150200.5.6.2 * jackson-module-osgi-2.15.2-150200.5.6.2 * jackson-modules-base-2.15.2-150200.5.6.2 * jackson-module-blackbird-2.15.2-150200.5.6.2 * jackson-core-2.15.2-150200.3.11.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * jackson-databind-2.15.2-150200.3.15.1 * jackson-dataformat-cbor-2.15.2-150200.3.8.2 * jackson-core-2.15.2-150200.3.11.2 * jackson-annotations-2.15.2-150200.3.11.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * jackson-dataformat-cbor-2.15.2-150200.3.8.2 * jackson-core-2.15.2-150200.3.11.2 * jackson-annotations-2.15.2-150200.3.11.2 * jackson-databind-2.15.2-150200.3.15.1 * jackson-databind-javadoc-2.15.2-150200.3.15.1 * jackson-core-javadoc-2.15.2-150200.3.11.2 * jackson-annotations-javadoc-2.15.2-150200.3.11.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * jackson-dataformat-cbor-2.15.2-150200.3.8.2 * jackson-core-2.15.2-150200.3.11.2 * jackson-annotations-2.15.2-150200.3.11.2 * jackson-databind-2.15.2-150200.3.15.1 * jackson-databind-javadoc-2.15.2-150200.3.15.1 * jackson-core-javadoc-2.15.2-150200.3.11.2 * jackson-annotations-javadoc-2.15.2-150200.3.11.2 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * jackson-dataformat-cbor-2.15.2-150200.3.8.2 * jackson-core-2.15.2-150200.3.11.2 * jackson-annotations-2.15.2-150200.3.11.2 * jackson-databind-2.15.2-150200.3.15.1 * jackson-databind-javadoc-2.15.2-150200.3.15.1 * jackson-core-javadoc-2.15.2-150200.3.11.2 * jackson-annotations-javadoc-2.15.2-150200.3.11.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * jackson-databind-2.15.2-150200.3.15.1 * jackson-dataformat-cbor-2.15.2-150200.3.8.2 * jackson-core-2.15.2-150200.3.11.2 * jackson-annotations-2.15.2-150200.3.11.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * jackson-dataformat-cbor-2.15.2-150200.3.8.2 * jackson-core-2.15.2-150200.3.11.2 * jackson-annotations-2.15.2-150200.3.11.2 * jackson-databind-2.15.2-150200.3.15.1 * jackson-databind-javadoc-2.15.2-150200.3.15.1 * jackson-core-javadoc-2.15.2-150200.3.11.2 * jackson-annotations-javadoc-2.15.2-150200.3.11.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * jackson-databind-2.15.2-150200.3.15.1 * jackson-dataformat-cbor-2.15.2-150200.3.8.2 * jackson-core-2.15.2-150200.3.11.2 * jackson-annotations-2.15.2-150200.3.11.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * jackson-dataformat-cbor-2.15.2-150200.3.8.2 * jackson-core-2.15.2-150200.3.11.2 * jackson-annotations-2.15.2-150200.3.11.2 * jackson-databind-2.15.2-150200.3.15.1 * jackson-databind-javadoc-2.15.2-150200.3.15.1 * jackson-core-javadoc-2.15.2-150200.3.11.2 * jackson-annotations-javadoc-2.15.2-150200.3.11.2 * SUSE Manager Proxy 4.2 (noarch) * jackson-core-2.15.2-150200.3.11.2 * jackson-annotations-2.15.2-150200.3.11.2 * jackson-databind-2.15.2-150200.3.15.1 * jackson-databind-javadoc-2.15.2-150200.3.15.1 * jackson-core-javadoc-2.15.2-150200.3.11.2 * jackson-annotations-javadoc-2.15.2-150200.3.11.2 * SUSE Manager Retail Branch Server 4.2 (noarch) * jackson-core-2.15.2-150200.3.11.2 * jackson-annotations-2.15.2-150200.3.11.2 * jackson-databind-2.15.2-150200.3.15.1 * jackson-databind-javadoc-2.15.2-150200.3.15.1 * jackson-core-javadoc-2.15.2-150200.3.11.2 * jackson-annotations-javadoc-2.15.2-150200.3.11.2 * SUSE Manager Server 4.2 (noarch) * jackson-core-2.15.2-150200.3.11.2 * jackson-annotations-2.15.2-150200.3.11.2 * jackson-databind-2.15.2-150200.3.15.1 * jackson-databind-javadoc-2.15.2-150200.3.15.1 * jackson-core-javadoc-2.15.2-150200.3.11.2 * jackson-annotations-javadoc-2.15.2-150200.3.11.2 * SUSE Enterprise Storage 7.1 (noarch) * jackson-dataformat-cbor-2.15.2-150200.3.8.2 * jackson-core-2.15.2-150200.3.11.2 * jackson-annotations-2.15.2-150200.3.11.2 * jackson-databind-2.15.2-150200.3.15.1 * jackson-databind-javadoc-2.15.2-150200.3.15.1 * jackson-core-javadoc-2.15.2-150200.3.11.2 * jackson-annotations-javadoc-2.15.2-150200.3.11.2 * openSUSE Leap 15.4 (noarch) * jackson-module-guice-2.15.2-150200.5.6.2 * jackson-dataformats-binary-2.15.2-150200.3.8.2 * jackson-parent-2.15-150200.3.7.2 * jackson-dataformats-binary-javadoc-2.15.2-150200.3.8.2 * jackson-annotations-javadoc-2.15.2-150200.3.11.2 * jackson-dataformat-smile-2.15.2-150200.3.8.2 * jackson-dataformat-cbor-2.15.2-150200.3.8.2 * jackson-module-jaxb-annotations-2.15.2-150200.5.6.2 * jackson-module-afterburner-2.15.2-150200.5.6.2 * jackson-module-blackbird-2.15.2-150200.5.6.2 * jackson-annotations-2.15.2-150200.3.11.2 * jackson-module-mrbean-2.15.2-150200.5.6.2 * jackson-bom-2.15.2-150200.3.8.1 * jackson-module-osgi-2.15.2-150200.5.6.2 * jackson-modules-base-2.15.2-150200.5.6.2 * jackson-core-javadoc-2.15.2-150200.3.11.2 * jackson-module-paranamer-2.15.2-150200.5.6.2 * jackson-databind-2.15.2-150200.3.15.1 * jackson-databind-javadoc-2.15.2-150200.3.15.1 * jackson-module-no-ctor-deser-2.15.2-150200.5.6.2 * jackson-core-2.15.2-150200.3.11.2 * openSUSE Leap 15.5 (noarch) * jackson-module-guice-2.15.2-150200.5.6.2 * jackson-dataformats-binary-2.15.2-150200.3.8.2 * jackson-parent-2.15-150200.3.7.2 * jackson-dataformats-binary-javadoc-2.15.2-150200.3.8.2 * jackson-annotations-javadoc-2.15.2-150200.3.11.2 * jackson-dataformat-smile-2.15.2-150200.3.8.2 * jackson-dataformat-cbor-2.15.2-150200.3.8.2 * jackson-module-jaxb-annotations-2.15.2-150200.5.6.2 * jackson-module-afterburner-2.15.2-150200.5.6.2 * jackson-module-blackbird-2.15.2-150200.5.6.2 * jackson-annotations-2.15.2-150200.3.11.2 * jackson-module-mrbean-2.15.2-150200.5.6.2 * jackson-bom-2.15.2-150200.3.8.1 * jackson-module-osgi-2.15.2-150200.5.6.2 * jackson-modules-base-2.15.2-150200.5.6.2 * jackson-core-javadoc-2.15.2-150200.3.11.2 * jackson-module-paranamer-2.15.2-150200.5.6.2 * jackson-modules-base-javadoc-2.15.2-150200.5.6.2 * jackson-databind-2.15.2-150200.3.15.1 * jackson-databind-javadoc-2.15.2-150200.3.15.1 * jackson-module-no-ctor-deser-2.15.2-150200.5.6.2 * jackson-core-2.15.2-150200.3.11.2 * Basesystem Module 15-SP4 (noarch) * jackson-databind-2.15.2-150200.3.15.1 * jackson-core-2.15.2-150200.3.11.2 * jackson-annotations-2.15.2-150200.3.11.2 * Basesystem Module 15-SP5 (noarch) * jackson-databind-2.15.2-150200.3.15.1 * jackson-core-2.15.2-150200.3.11.2 * jackson-annotations-2.15.2-150200.3.11.2 * Development Tools Module 15-SP4 (noarch) * jackson-dataformat-cbor-2.15.2-150200.3.8.2 ## References: * https://jira.suse.com/browse/MSC-611 * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Dec 18 16:30:05 2023 From: null at suse.de (SLE-UPDATES) Date: Mon, 18 Dec 2023 16:30:05 -0000 Subject: SUSE-SU-2023:4893-1: moderate: Security update for freerdp Message-ID: <170291700502.14548.13449406574097296822@smelt2.prg2.suse.org> # Security update for freerdp Announcement ID: SUSE-SU-2023:4893-1 Rating: moderate References: * bsc#1214856 * bsc#1214857 * bsc#1214858 * bsc#1214859 * bsc#1214860 * bsc#1214862 * bsc#1214863 * bsc#1214864 * bsc#1214866 * bsc#1214867 * bsc#1214868 * bsc#1214869 * bsc#1214870 * bsc#1214871 * bsc#1214872 Cross-References: * CVE-2023-39350 * CVE-2023-39351 * CVE-2023-39352 * CVE-2023-39353 * CVE-2023-39354 * CVE-2023-39356 * CVE-2023-40181 * CVE-2023-40186 * CVE-2023-40188 * CVE-2023-40567 * CVE-2023-40569 * CVE-2023-40574 * CVE-2023-40575 * CVE-2023-40576 * CVE-2023-40589 CVSS scores: * CVE-2023-39350 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39350 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39351 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39351 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39352 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39352 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39353 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39353 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39354 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39354 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39356 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40181 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40181 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40186 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40188 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40188 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40567 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40567 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40569 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40569 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40574 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40574 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40575 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40575 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40576 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40576 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40589 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-40589 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves 15 vulnerabilities can now be installed. ## Description: This update for freerdp fixes the following issues: * CVE-2023-39350: Fixed incorrect offset calculation leading to DoS (bsc#1214856). * CVE-2023-39351: Fixed Null Pointer Dereference leading DoS in RemoteFX (bsc#1214857). * CVE-2023-39352: Fixed Invalid offset validation leading to Out Of Bound Write (bsc#1214858). * CVE-2023-39353: Fixed Missing offset validation leading to Out Of Bound Read (bsc#1214859). * CVE-2023-39354: Fixed Out-Of-Bounds Read in nsc_rle_decompress_data (bsc#1214860). * CVE-2023-39356: Fixed Missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect (bsc#1214862). * CVE-2023-40181: Fixed Integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment (bsc#1214863). * CVE-2023-40186: Fixed IntegerOverflow leading to Out-Of-Bound Write Vulnerability in gdi_CreateSurface (bsc#1214864). * CVE-2023-40188: Fixed Out-Of-Bounds Read in general_LumaToYUV444 (bsc#1214866). * CVE-2023-40567: Fixed Out-Of-Bounds Write in clear_decompress_bands_data (bsc#1214867). * CVE-2023-40569: Fixed Out-Of-Bounds Write in progressive_decompress (bsc#1214868). * CVE-2023-40574: Fixed Out-Of-Bounds Write in general_YUV444ToRGB_8u_P3AC4R_BGRX (bsc#1214869). * CVE-2023-40575: Fixed Out-Of-Bounds Read in general_YUV444ToRGB_8u_P3AC4R_BGRX (bsc#1214870). * CVE-2023-40576: Fixed Out-Of-Bounds Read in RleDecompress (bsc#1214871). * CVE-2023-40589: Fixed Global-Buffer-Overflow in ncrush_decompress (bsc#1214872). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4893=1 SUSE-2023-4893=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4893=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4893=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4893=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4893=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4893=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libwinpr2-2.4.0-150400.3.23.1 * freerdp-server-debuginfo-2.4.0-150400.3.23.1 * libwinpr2-debuginfo-2.4.0-150400.3.23.1 * libfreerdp2-2.4.0-150400.3.23.1 * freerdp-devel-2.4.0-150400.3.23.1 * freerdp-debugsource-2.4.0-150400.3.23.1 * libuwac0-0-2.4.0-150400.3.23.1 * freerdp-debuginfo-2.4.0-150400.3.23.1 * uwac0-0-devel-2.4.0-150400.3.23.1 * libuwac0-0-debuginfo-2.4.0-150400.3.23.1 * freerdp-wayland-2.4.0-150400.3.23.1 * freerdp-proxy-2.4.0-150400.3.23.1 * freerdp-server-2.4.0-150400.3.23.1 * freerdp-2.4.0-150400.3.23.1 * winpr2-devel-2.4.0-150400.3.23.1 * freerdp-wayland-debuginfo-2.4.0-150400.3.23.1 * libfreerdp2-debuginfo-2.4.0-150400.3.23.1 * freerdp-proxy-debuginfo-2.4.0-150400.3.23.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libwinpr2-2.4.0-150400.3.23.1 * freerdp-server-debuginfo-2.4.0-150400.3.23.1 * libwinpr2-debuginfo-2.4.0-150400.3.23.1 * libfreerdp2-2.4.0-150400.3.23.1 * freerdp-devel-2.4.0-150400.3.23.1 * freerdp-debugsource-2.4.0-150400.3.23.1 * libuwac0-0-2.4.0-150400.3.23.1 * freerdp-debuginfo-2.4.0-150400.3.23.1 * uwac0-0-devel-2.4.0-150400.3.23.1 * libuwac0-0-debuginfo-2.4.0-150400.3.23.1 * freerdp-wayland-2.4.0-150400.3.23.1 * freerdp-proxy-2.4.0-150400.3.23.1 * freerdp-server-2.4.0-150400.3.23.1 * freerdp-2.4.0-150400.3.23.1 * winpr2-devel-2.4.0-150400.3.23.1 * freerdp-wayland-debuginfo-2.4.0-150400.3.23.1 * libfreerdp2-debuginfo-2.4.0-150400.3.23.1 * freerdp-proxy-debuginfo-2.4.0-150400.3.23.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x) * libwinpr2-2.4.0-150400.3.23.1 * libwinpr2-debuginfo-2.4.0-150400.3.23.1 * libfreerdp2-2.4.0-150400.3.23.1 * freerdp-devel-2.4.0-150400.3.23.1 * freerdp-debugsource-2.4.0-150400.3.23.1 * freerdp-debuginfo-2.4.0-150400.3.23.1 * freerdp-proxy-2.4.0-150400.3.23.1 * freerdp-2.4.0-150400.3.23.1 * winpr2-devel-2.4.0-150400.3.23.1 * libfreerdp2-debuginfo-2.4.0-150400.3.23.1 * freerdp-proxy-debuginfo-2.4.0-150400.3.23.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * libwinpr2-2.4.0-150400.3.23.1 * freerdp-server-debuginfo-2.4.0-150400.3.23.1 * libwinpr2-debuginfo-2.4.0-150400.3.23.1 * libfreerdp2-2.4.0-150400.3.23.1 * freerdp-devel-2.4.0-150400.3.23.1 * freerdp-debugsource-2.4.0-150400.3.23.1 * libuwac0-0-2.4.0-150400.3.23.1 * freerdp-debuginfo-2.4.0-150400.3.23.1 * uwac0-0-devel-2.4.0-150400.3.23.1 * libuwac0-0-debuginfo-2.4.0-150400.3.23.1 * freerdp-wayland-2.4.0-150400.3.23.1 * freerdp-proxy-2.4.0-150400.3.23.1 * freerdp-server-2.4.0-150400.3.23.1 * freerdp-2.4.0-150400.3.23.1 * winpr2-devel-2.4.0-150400.3.23.1 * freerdp-wayland-debuginfo-2.4.0-150400.3.23.1 * libfreerdp2-debuginfo-2.4.0-150400.3.23.1 * freerdp-proxy-debuginfo-2.4.0-150400.3.23.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * libwinpr2-2.4.0-150400.3.23.1 * libwinpr2-debuginfo-2.4.0-150400.3.23.1 * libfreerdp2-2.4.0-150400.3.23.1 * freerdp-devel-2.4.0-150400.3.23.1 * freerdp-debugsource-2.4.0-150400.3.23.1 * freerdp-debuginfo-2.4.0-150400.3.23.1 * freerdp-proxy-2.4.0-150400.3.23.1 * freerdp-2.4.0-150400.3.23.1 * winpr2-devel-2.4.0-150400.3.23.1 * libfreerdp2-debuginfo-2.4.0-150400.3.23.1 * freerdp-proxy-debuginfo-2.4.0-150400.3.23.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * libwinpr2-2.4.0-150400.3.23.1 * libwinpr2-debuginfo-2.4.0-150400.3.23.1 * libfreerdp2-2.4.0-150400.3.23.1 * freerdp-devel-2.4.0-150400.3.23.1 * freerdp-debugsource-2.4.0-150400.3.23.1 * freerdp-debuginfo-2.4.0-150400.3.23.1 * freerdp-proxy-2.4.0-150400.3.23.1 * freerdp-2.4.0-150400.3.23.1 * winpr2-devel-2.4.0-150400.3.23.1 * libfreerdp2-debuginfo-2.4.0-150400.3.23.1 * freerdp-proxy-debuginfo-2.4.0-150400.3.23.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39350.html * https://www.suse.com/security/cve/CVE-2023-39351.html * https://www.suse.com/security/cve/CVE-2023-39352.html * https://www.suse.com/security/cve/CVE-2023-39353.html * https://www.suse.com/security/cve/CVE-2023-39354.html * https://www.suse.com/security/cve/CVE-2023-39356.html * https://www.suse.com/security/cve/CVE-2023-40181.html * https://www.suse.com/security/cve/CVE-2023-40186.html * https://www.suse.com/security/cve/CVE-2023-40188.html * https://www.suse.com/security/cve/CVE-2023-40567.html * https://www.suse.com/security/cve/CVE-2023-40569.html * https://www.suse.com/security/cve/CVE-2023-40574.html * https://www.suse.com/security/cve/CVE-2023-40575.html * https://www.suse.com/security/cve/CVE-2023-40576.html * https://www.suse.com/security/cve/CVE-2023-40589.html * https://bugzilla.suse.com/show_bug.cgi?id=1214856 * https://bugzilla.suse.com/show_bug.cgi?id=1214857 * https://bugzilla.suse.com/show_bug.cgi?id=1214858 * https://bugzilla.suse.com/show_bug.cgi?id=1214859 * https://bugzilla.suse.com/show_bug.cgi?id=1214860 * https://bugzilla.suse.com/show_bug.cgi?id=1214862 * https://bugzilla.suse.com/show_bug.cgi?id=1214863 * https://bugzilla.suse.com/show_bug.cgi?id=1214864 * https://bugzilla.suse.com/show_bug.cgi?id=1214866 * https://bugzilla.suse.com/show_bug.cgi?id=1214867 * https://bugzilla.suse.com/show_bug.cgi?id=1214868 * https://bugzilla.suse.com/show_bug.cgi?id=1214869 * https://bugzilla.suse.com/show_bug.cgi?id=1214870 * https://bugzilla.suse.com/show_bug.cgi?id=1214871 * https://bugzilla.suse.com/show_bug.cgi?id=1214872 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Dec 18 16:30:09 2023 From: null at suse.de (SLE-UPDATES) Date: Mon, 18 Dec 2023 16:30:09 -0000 Subject: SUSE-SU-2023:4892-1: moderate: Security update for ncurses Message-ID: <170291700903.14548.7149844870286881850@smelt2.prg2.suse.org> # Security update for ncurses Announcement ID: SUSE-SU-2023:4892-1 Rating: moderate References: * bsc#1218014 Cross-References: * CVE-2023-50495 CVSS scores: * CVE-2023-50495 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-50495 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ncurses fixes the following issues: * CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4892=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4892=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4892=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4892=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * ncurses-devel-debuginfo-5.9-85.1 * ncurses-devel-5.9-85.1 * ncurses-debugsource-5.9-85.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * terminfo-base-5.9-85.1 * ncurses-devel-debuginfo-5.9-85.1 * libncurses6-debuginfo-5.9-85.1 * ncurses-utils-5.9-85.1 * ncurses-utils-debuginfo-5.9-85.1 * terminfo-5.9-85.1 * tack-5.9-85.1 * libncurses5-5.9-85.1 * tack-debuginfo-5.9-85.1 * libncurses6-5.9-85.1 * ncurses-devel-5.9-85.1 * libncurses5-debuginfo-5.9-85.1 * ncurses-debugsource-5.9-85.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * ncurses-devel-32bit-5.9-85.1 * libncurses6-debuginfo-32bit-5.9-85.1 * libncurses5-32bit-5.9-85.1 * libncurses5-debuginfo-32bit-5.9-85.1 * ncurses-devel-debuginfo-32bit-5.9-85.1 * libncurses6-32bit-5.9-85.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * terminfo-base-5.9-85.1 * ncurses-devel-debuginfo-5.9-85.1 * libncurses6-debuginfo-5.9-85.1 * ncurses-utils-5.9-85.1 * ncurses-utils-debuginfo-5.9-85.1 * terminfo-5.9-85.1 * tack-5.9-85.1 * libncurses5-5.9-85.1 * tack-debuginfo-5.9-85.1 * libncurses6-5.9-85.1 * ncurses-devel-5.9-85.1 * libncurses5-debuginfo-5.9-85.1 * ncurses-debugsource-5.9-85.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * ncurses-devel-32bit-5.9-85.1 * libncurses6-debuginfo-32bit-5.9-85.1 * libncurses5-32bit-5.9-85.1 * libncurses5-debuginfo-32bit-5.9-85.1 * ncurses-devel-debuginfo-32bit-5.9-85.1 * libncurses6-32bit-5.9-85.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * terminfo-base-5.9-85.1 * ncurses-devel-debuginfo-5.9-85.1 * libncurses6-debuginfo-5.9-85.1 * ncurses-utils-5.9-85.1 * ncurses-utils-debuginfo-5.9-85.1 * terminfo-5.9-85.1 * tack-5.9-85.1 * libncurses5-5.9-85.1 * tack-debuginfo-5.9-85.1 * libncurses6-5.9-85.1 * ncurses-devel-5.9-85.1 * libncurses5-debuginfo-5.9-85.1 * ncurses-debugsource-5.9-85.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * ncurses-devel-32bit-5.9-85.1 * libncurses6-debuginfo-32bit-5.9-85.1 * libncurses5-32bit-5.9-85.1 * libncurses5-debuginfo-32bit-5.9-85.1 * ncurses-devel-debuginfo-32bit-5.9-85.1 * libncurses6-32bit-5.9-85.1 ## References: * https://www.suse.com/security/cve/CVE-2023-50495.html * https://bugzilla.suse.com/show_bug.cgi?id=1218014 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Dec 18 16:30:11 2023 From: null at suse.de (SLE-UPDATES) Date: Mon, 18 Dec 2023 16:30:11 -0000 Subject: SUSE-SU-2023:4891-1: moderate: Security update for ncurses Message-ID: <170291701140.14548.6022500018747302708@smelt2.prg2.suse.org> # Security update for ncurses Announcement ID: SUSE-SU-2023:4891-1 Rating: moderate References: * bsc#1201384 * bsc#1218014 Cross-References: * CVE-2023-50495 CVSS scores: * CVE-2023-50495 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-50495 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * Legacy Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for ncurses fixes the following issues: * CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) * Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4891=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4891=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4891=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4891=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4891=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4891=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4891=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4891=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4891=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4891=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4891=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4891=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4891=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-4891=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4891=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4891=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4891=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4891=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * ncurses-utils-debuginfo-6.1-150000.5.20.1 * libncurses6-debuginfo-6.1-150000.5.20.1 * terminfo-6.1-150000.5.20.1 * ncurses-debugsource-6.1-150000.5.20.1 * ncurses-utils-6.1-150000.5.20.1 * terminfo-base-6.1-150000.5.20.1 * libncurses6-6.1-150000.5.20.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * ncurses-utils-debuginfo-6.1-150000.5.20.1 * libncurses6-debuginfo-6.1-150000.5.20.1 * terminfo-6.1-150000.5.20.1 * ncurses-debugsource-6.1-150000.5.20.1 * ncurses-utils-6.1-150000.5.20.1 * terminfo-base-6.1-150000.5.20.1 * libncurses6-6.1-150000.5.20.1 * openSUSE Leap 15.4 (x86_64) * libncurses6-32bit-6.1-150000.5.20.1 * libncurses5-32bit-debuginfo-6.1-150000.5.20.1 * ncurses-devel-32bit-debuginfo-6.1-150000.5.20.1 * ncurses5-devel-32bit-6.1-150000.5.20.1 * libncurses5-32bit-6.1-150000.5.20.1 * ncurses-devel-32bit-6.1-150000.5.20.1 * libncurses6-32bit-debuginfo-6.1-150000.5.20.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libncurses5-6.1-150000.5.20.1 * ncurses-utils-debuginfo-6.1-150000.5.20.1 * libncurses5-debuginfo-6.1-150000.5.20.1 * libncurses6-debuginfo-6.1-150000.5.20.1 * tack-6.1-150000.5.20.1 * terminfo-6.1-150000.5.20.1 * ncurses-debugsource-6.1-150000.5.20.1 * terminfo-screen-6.1-150000.5.20.1 * ncurses-utils-6.1-150000.5.20.1 * ncurses-devel-6.1-150000.5.20.1 * ncurses5-devel-6.1-150000.5.20.1 * terminfo-base-6.1-150000.5.20.1 * ncurses-devel-debuginfo-6.1-150000.5.20.1 * terminfo-iterm-6.1-150000.5.20.1 * tack-debuginfo-6.1-150000.5.20.1 * libncurses6-6.1-150000.5.20.1 * openSUSE Leap 15.5 (x86_64) * libncurses6-32bit-6.1-150000.5.20.1 * libncurses5-32bit-debuginfo-6.1-150000.5.20.1 * ncurses-devel-32bit-debuginfo-6.1-150000.5.20.1 * ncurses5-devel-32bit-6.1-150000.5.20.1 * libncurses5-32bit-6.1-150000.5.20.1 * ncurses-devel-32bit-6.1-150000.5.20.1 * libncurses6-32bit-debuginfo-6.1-150000.5.20.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libncurses5-6.1-150000.5.20.1 * ncurses-utils-debuginfo-6.1-150000.5.20.1 * libncurses5-debuginfo-6.1-150000.5.20.1 * libncurses6-debuginfo-6.1-150000.5.20.1 * tack-6.1-150000.5.20.1 * terminfo-6.1-150000.5.20.1 * ncurses-debugsource-6.1-150000.5.20.1 * terminfo-screen-6.1-150000.5.20.1 * ncurses-utils-6.1-150000.5.20.1 * ncurses-devel-6.1-150000.5.20.1 * ncurses5-devel-6.1-150000.5.20.1 * terminfo-base-6.1-150000.5.20.1 * ncurses-devel-debuginfo-6.1-150000.5.20.1 * terminfo-iterm-6.1-150000.5.20.1 * tack-debuginfo-6.1-150000.5.20.1 * libncurses6-6.1-150000.5.20.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * ncurses-utils-debuginfo-6.1-150000.5.20.1 * libncurses6-debuginfo-6.1-150000.5.20.1 * terminfo-6.1-150000.5.20.1 * ncurses-debugsource-6.1-150000.5.20.1 * ncurses-utils-6.1-150000.5.20.1 * terminfo-base-6.1-150000.5.20.1 * libncurses6-6.1-150000.5.20.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * ncurses-utils-debuginfo-6.1-150000.5.20.1 * libncurses6-debuginfo-6.1-150000.5.20.1 * terminfo-6.1-150000.5.20.1 * ncurses-debugsource-6.1-150000.5.20.1 * ncurses-utils-6.1-150000.5.20.1 * terminfo-base-6.1-150000.5.20.1 * libncurses6-6.1-150000.5.20.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * ncurses-utils-debuginfo-6.1-150000.5.20.1 * libncurses6-debuginfo-6.1-150000.5.20.1 * terminfo-6.1-150000.5.20.1 * ncurses-debugsource-6.1-150000.5.20.1 * ncurses-utils-6.1-150000.5.20.1 * terminfo-base-6.1-150000.5.20.1 * libncurses6-6.1-150000.5.20.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * ncurses-utils-debuginfo-6.1-150000.5.20.1 * libncurses6-debuginfo-6.1-150000.5.20.1 * terminfo-6.1-150000.5.20.1 * ncurses-debugsource-6.1-150000.5.20.1 * ncurses-utils-6.1-150000.5.20.1 * terminfo-base-6.1-150000.5.20.1 * libncurses6-6.1-150000.5.20.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * ncurses-utils-debuginfo-6.1-150000.5.20.1 * libncurses6-debuginfo-6.1-150000.5.20.1 * terminfo-6.1-150000.5.20.1 * ncurses-debugsource-6.1-150000.5.20.1 * ncurses-utils-6.1-150000.5.20.1 * terminfo-base-6.1-150000.5.20.1 * libncurses6-6.1-150000.5.20.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * ncurses-utils-debuginfo-6.1-150000.5.20.1 * libncurses6-debuginfo-6.1-150000.5.20.1 * tack-6.1-150000.5.20.1 * terminfo-6.1-150000.5.20.1 * ncurses-debugsource-6.1-150000.5.20.1 * terminfo-screen-6.1-150000.5.20.1 * ncurses-utils-6.1-150000.5.20.1 * ncurses-devel-6.1-150000.5.20.1 * terminfo-base-6.1-150000.5.20.1 * ncurses-devel-debuginfo-6.1-150000.5.20.1 * terminfo-iterm-6.1-150000.5.20.1 * tack-debuginfo-6.1-150000.5.20.1 * libncurses6-6.1-150000.5.20.1 * Basesystem Module 15-SP4 (x86_64) * libncurses6-32bit-6.1-150000.5.20.1 * libncurses6-32bit-debuginfo-6.1-150000.5.20.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * ncurses-utils-debuginfo-6.1-150000.5.20.1 * libncurses6-debuginfo-6.1-150000.5.20.1 * tack-6.1-150000.5.20.1 * terminfo-6.1-150000.5.20.1 * ncurses-debugsource-6.1-150000.5.20.1 * terminfo-screen-6.1-150000.5.20.1 * ncurses-utils-6.1-150000.5.20.1 * ncurses-devel-6.1-150000.5.20.1 * terminfo-base-6.1-150000.5.20.1 * ncurses-devel-debuginfo-6.1-150000.5.20.1 * terminfo-iterm-6.1-150000.5.20.1 * tack-debuginfo-6.1-150000.5.20.1 * libncurses6-6.1-150000.5.20.1 * Basesystem Module 15-SP5 (x86_64) * libncurses6-32bit-6.1-150000.5.20.1 * libncurses6-32bit-debuginfo-6.1-150000.5.20.1 * Development Tools Module 15-SP4 (x86_64) * ncurses-devel-32bit-6.1-150000.5.20.1 * ncurses-debugsource-6.1-150000.5.20.1 * ncurses-devel-32bit-debuginfo-6.1-150000.5.20.1 * Development Tools Module 15-SP5 (x86_64) * ncurses-devel-32bit-6.1-150000.5.20.1 * ncurses-devel-32bit-debuginfo-6.1-150000.5.20.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * ncurses5-devel-6.1-150000.5.20.1 * libncurses5-6.1-150000.5.20.1 * ncurses-debugsource-6.1-150000.5.20.1 * libncurses5-debuginfo-6.1-150000.5.20.1 * Legacy Module 15-SP4 (x86_64) * libncurses5-32bit-6.1-150000.5.20.1 * libncurses5-32bit-debuginfo-6.1-150000.5.20.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * ncurses5-devel-6.1-150000.5.20.1 * libncurses5-6.1-150000.5.20.1 * ncurses-debugsource-6.1-150000.5.20.1 * libncurses5-debuginfo-6.1-150000.5.20.1 * Legacy Module 15-SP5 (x86_64) * libncurses5-32bit-6.1-150000.5.20.1 * libncurses5-32bit-debuginfo-6.1-150000.5.20.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * ncurses-utils-debuginfo-6.1-150000.5.20.1 * libncurses6-debuginfo-6.1-150000.5.20.1 * terminfo-6.1-150000.5.20.1 * ncurses-debugsource-6.1-150000.5.20.1 * ncurses-utils-6.1-150000.5.20.1 * terminfo-base-6.1-150000.5.20.1 * libncurses6-6.1-150000.5.20.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * ncurses-utils-debuginfo-6.1-150000.5.20.1 * libncurses6-debuginfo-6.1-150000.5.20.1 * terminfo-6.1-150000.5.20.1 * ncurses-debugsource-6.1-150000.5.20.1 * ncurses-utils-6.1-150000.5.20.1 * terminfo-base-6.1-150000.5.20.1 * libncurses6-6.1-150000.5.20.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * ncurses-utils-debuginfo-6.1-150000.5.20.1 * libncurses6-debuginfo-6.1-150000.5.20.1 * terminfo-6.1-150000.5.20.1 * ncurses-debugsource-6.1-150000.5.20.1 * ncurses-utils-6.1-150000.5.20.1 * terminfo-base-6.1-150000.5.20.1 * libncurses6-6.1-150000.5.20.1 ## References: * https://www.suse.com/security/cve/CVE-2023-50495.html * https://bugzilla.suse.com/show_bug.cgi?id=1201384 * https://bugzilla.suse.com/show_bug.cgi?id=1218014 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Dec 18 16:30:15 2023 From: null at suse.de (SLE-UPDATES) Date: Mon, 18 Dec 2023 16:30:15 -0000 Subject: SUSE-RU-2023:4890-1: moderate: Recommended update for python-websocket-client Message-ID: <170291701504.14548.11235568812011051560@smelt2.prg2.suse.org> # Recommended update for python-websocket-client Announcement ID: SUSE-RU-2023:4890-1 Rating: moderate References: * bsc#1215314 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP1 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for python-websocket-client fixes the following issues: * Re-enable Python 3.6 to fix pip3 install (bsc#1215314) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4890=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-4890=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4890=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4890=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4890=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4890=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4890=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4890=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4890=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4890=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4890=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4890=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4890=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4890=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4890=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4890=1 ## Package List: * Basesystem Module 15-SP5 (noarch) * python3-websocket-client-1.3.2-150100.6.10.5 * Public Cloud Module 15-SP1 (noarch) * python3-websocket-client-1.3.2-150100.6.10.5 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * python3-websocket-client-1.3.2-150100.6.10.5 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * python3-websocket-client-1.3.2-150100.6.10.5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * python3-websocket-client-1.3.2-150100.6.10.5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * python3-websocket-client-1.3.2-150100.6.10.5 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * python3-websocket-client-1.3.2-150100.6.10.5 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * python3-websocket-client-1.3.2-150100.6.10.5 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * python3-websocket-client-1.3.2-150100.6.10.5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * python3-websocket-client-1.3.2-150100.6.10.5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * python3-websocket-client-1.3.2-150100.6.10.5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * python3-websocket-client-1.3.2-150100.6.10.5 * SUSE Enterprise Storage 7.1 (noarch) * python3-websocket-client-1.3.2-150100.6.10.5 * SUSE CaaS Platform 4.0 (noarch) * python3-websocket-client-1.3.2-150100.6.10.5 * openSUSE Leap 15.4 (noarch) * python3-websocket-client-1.3.2-150100.6.10.5 * openSUSE Leap 15.5 (noarch) * python3-websocket-client-1.3.2-150100.6.10.5 * Basesystem Module 15-SP4 (noarch) * python3-websocket-client-1.3.2-150100.6.10.5 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215314 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Dec 18 20:36:09 2023 From: null at suse.de (SLE-UPDATES) Date: Mon, 18 Dec 2023 20:36:09 -0000 Subject: SUSE-SU-2023:4895-1: moderate: Security update for libsass Message-ID: <170293176955.2222.5282811839718060267@smelt2.prg2.suse.org> # Security update for libsass Announcement ID: SUSE-SU-2023:4895-1 Rating: moderate References: * bsc#1214573 * bsc#1214575 * bsc#1214576 Cross-References: * CVE-2022-26592 * CVE-2022-43357 * CVE-2022-43358 CVSS scores: * CVE-2022-26592 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-26592 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-43357 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-43357 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-43358 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-43358 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for libsass fixes the following issues: * CVE-2022-26592: Fixed Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector:has_real_parent_ref function (bsc#1214576) * CVE-2022-43358: Fixed Stack overflow vulnerability in ast_selectors.cpp (bsc#1214575). * CVE-2022-43357: Fixed Stack overflow vulnerability in ast_selectors.cpp (bsc#1214573). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4895=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4895=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4895=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4895=1 ## Package List: * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * libsass-debugsource-3.6.5-150200.4.10.1 * libsass-3_6_5-1-debuginfo-3.6.5-150200.4.10.1 * libsass-devel-3.6.5-150200.4.10.1 * libsass-3_6_5-1-3.6.5-150200.4.10.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * libsass-debugsource-3.6.5-150200.4.10.1 * libsass-devel-3.6.5-150200.4.10.1 * libsass-3_6_5-1-3.6.5-150200.4.10.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libsass-debugsource-3.6.5-150200.4.10.1 * libsass-3_6_5-1-debuginfo-3.6.5-150200.4.10.1 * libsass-devel-3.6.5-150200.4.10.1 * libsass-3_6_5-1-3.6.5-150200.4.10.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libsass-debugsource-3.6.5-150200.4.10.1 * libsass-3_6_5-1-debuginfo-3.6.5-150200.4.10.1 * libsass-devel-3.6.5-150200.4.10.1 * libsass-3_6_5-1-3.6.5-150200.4.10.1 ## References: * https://www.suse.com/security/cve/CVE-2022-26592.html * https://www.suse.com/security/cve/CVE-2022-43357.html * https://www.suse.com/security/cve/CVE-2022-43358.html * https://bugzilla.suse.com/show_bug.cgi?id=1214573 * https://bugzilla.suse.com/show_bug.cgi?id=1214575 * https://bugzilla.suse.com/show_bug.cgi?id=1214576 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Dec 19 08:04:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 09:04:48 +0100 (CET) Subject: SUSE-CU-2023:4191-1: Recommended update of suse/sles12sp5 Message-ID: <20231219080448.16EB9FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4191-1 Container Tags : suse/sles12sp5:6.5.544 , suse/sles12sp5:latest Container Release : 6.5.544 Severity : low Type : recommended References : 1215594 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4889-1 Released: Mon Dec 18 10:24:14 2023 Summary: Recommended update for pam Type: recommended Severity: low References: 1215594 This update for pam fixes the following issue: - Add no_pass_expiry option to ignore password expiration (bsc#1215594) The following package changes have been done: - pam-1.1.8-24.53.1 updated From sle-updates at lists.suse.com Tue Dec 19 08:05:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 09:05:33 +0100 (CET) Subject: SUSE-CU-2023:4192-1: Security update of bci/dotnet-aspnet Message-ID: <20231219080533.827FEFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4192-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-18.24 , bci/dotnet-aspnet:6.0.25 , bci/dotnet-aspnet:6.0.25-18.24 Container Release : 18.24 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Tue Dec 19 08:05:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 09:05:50 +0100 (CET) Subject: SUSE-CU-2023:4193-1: Security update of bci/dotnet-aspnet Message-ID: <20231219080550.8EA06FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4193-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-18.25 , bci/dotnet-aspnet:7.0.14 , bci/dotnet-aspnet:7.0.14-18.25 , bci/dotnet-aspnet:latest Container Release : 18.25 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Tue Dec 19 08:06:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 09:06:09 +0100 (CET) Subject: SUSE-CU-2023:4194-1: Security update of bci/dotnet-sdk Message-ID: <20231219080609.A09E9FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4194-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-17.25 , bci/dotnet-sdk:6.0.25 , bci/dotnet-sdk:6.0.25-17.25 Container Release : 17.25 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Tue Dec 19 08:06:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 09:06:30 +0100 (CET) Subject: SUSE-CU-2023:4195-1: Security update of bci/dotnet-sdk Message-ID: <20231219080630.A20EFFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4195-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-19.24 , bci/dotnet-sdk:7.0.14 , bci/dotnet-sdk:7.0.14-19.24 , bci/dotnet-sdk:latest Container Release : 19.24 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Tue Dec 19 08:06:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 09:06:45 +0100 (CET) Subject: SUSE-CU-2023:4196-1: Security update of bci/dotnet-runtime Message-ID: <20231219080645.ECBBAFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4196-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-17.25 , bci/dotnet-runtime:6.0.25 , bci/dotnet-runtime:6.0.25-17.25 Container Release : 17.25 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Tue Dec 19 08:07:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 09:07:04 +0100 (CET) Subject: SUSE-CU-2023:4197-1: Security update of bci/dotnet-runtime Message-ID: <20231219080704.B4271FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4197-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-19.25 , bci/dotnet-runtime:7.0.14 , bci/dotnet-runtime:7.0.14-19.25 , bci/dotnet-runtime:latest Container Release : 19.25 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From null at suse.de Tue Dec 19 08:30:04 2023 From: null at suse.de (SLE-UPDATES) Date: Tue, 19 Dec 2023 08:30:04 -0000 Subject: SUSE-RU-2023:4899-1: important: Recommended update for python-shaptools Message-ID: <170297460488.4720.6810486990869323953@smelt2.prg2.suse.org> # Recommended update for python-shaptools Announcement ID: SUSE-RU-2023:4899-1 Rating: important References: * bsc#1212695 Affected Products: * SAP Applications Module 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that has one fix can now be installed. ## Description: This update for python-shaptools fixes the following issues: * Make shaptools available for venv-salt-minion (bsc#1212695) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SAP Applications Module 15-SP1 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2023-4899=1 ## Package List: * SAP Applications Module 15-SP1 (noarch) * python3-shaptools-0.3.14+git.1701071976.094003d-150000.1.18.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212695 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Dec 19 08:30:07 2023 From: null at suse.de (SLE-UPDATES) Date: Tue, 19 Dec 2023 08:30:07 -0000 Subject: SUSE-RU-2023:4898-1: important: Recommended update for python-shaptools Message-ID: <170297460762.4720.1834381771526052114@smelt2.prg2.suse.org> # Recommended update for python-shaptools Announcement ID: SUSE-RU-2023:4898-1 Rating: important References: * bsc#1212695 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SAP Applications Module 15-SP2 * SAP Applications Module 15-SP3 * SAP Applications Module 15-SP4 * SAP Applications Module 15-SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for python-shaptools fixes the following issues: * Make shaptools available for venv-salt-minion (bsc#1212695) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4898=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4898=1 * SAP Applications Module 15-SP2 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2023-4898=1 * SAP Applications Module 15-SP3 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2023-4898=1 * SAP Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-4898=1 * SAP Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP5-2023-4898=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python3-shaptools-0.3.14+git.1701071976.094003d-150200.3.15.1 * openSUSE Leap 15.5 (noarch) * python3-shaptools-0.3.14+git.1701071976.094003d-150200.3.15.1 * SAP Applications Module 15-SP2 (noarch) * python3-shaptools-0.3.14+git.1701071976.094003d-150200.3.15.1 * SAP Applications Module 15-SP3 (noarch) * python3-shaptools-0.3.14+git.1701071976.094003d-150200.3.15.1 * SAP Applications Module 15-SP4 (noarch) * python3-shaptools-0.3.14+git.1701071976.094003d-150200.3.15.1 * SAP Applications Module 15-SP5 (noarch) * python3-shaptools-0.3.14+git.1701071976.094003d-150200.3.15.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212695 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Dec 19 08:30:10 2023 From: null at suse.de (SLE-UPDATES) Date: Tue, 19 Dec 2023 08:30:10 -0000 Subject: SUSE-RU-2023:4897-1: low: Optional update for openslp Message-ID: <170297461053.4720.4484015621011003110@smelt2.prg2.suse.org> # Optional update for openslp Announcement ID: SUSE-RU-2023:4897-1 Rating: low References: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for openslp bumps the version number to ensure a clean upgrade path from SLE-12 to SLE-15. This is a no-change rebuild of the packages already available in SLE-15. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4897=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4897=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4897=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4897=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4897=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4897=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4897=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4897=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4897=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4897=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4897=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4897=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4897=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4897=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4897=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4897=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4897=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4897=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4897=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4897=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4897=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4897=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4897=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4897=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4897=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4897=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4897=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4897=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4897=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4897=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-server-2.0.0-150000.6.17.1 * openslp-devel-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * openslp-server-debuginfo-2.0.0-150000.6.17.1 * openSUSE Leap 15.4 (x86_64) * openslp-32bit-debuginfo-2.0.0-150000.6.17.1 * openslp-32bit-2.0.0-150000.6.17.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-server-2.0.0-150000.6.17.1 * openslp-devel-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * openslp-server-debuginfo-2.0.0-150000.6.17.1 * openSUSE Leap 15.5 (x86_64) * openslp-32bit-debuginfo-2.0.0-150000.6.17.1 * openslp-32bit-2.0.0-150000.6.17.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openslp-devel-2.0.0-150000.6.17.1 * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * Basesystem Module 15-SP4 (x86_64) * openslp-32bit-debuginfo-2.0.0-150000.6.17.1 * openslp-32bit-2.0.0-150000.6.17.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * openslp-devel-2.0.0-150000.6.17.1 * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * Basesystem Module 15-SP5 (x86_64) * openslp-32bit-debuginfo-2.0.0-150000.6.17.1 * openslp-32bit-2.0.0-150000.6.17.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openslp-server-debuginfo-2.0.0-150000.6.17.1 * openslp-server-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * openslp-server-debuginfo-2.0.0-150000.6.17.1 * openslp-server-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-server-2.0.0-150000.6.17.1 * openslp-devel-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * openslp-server-debuginfo-2.0.0-150000.6.17.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * openslp-32bit-debuginfo-2.0.0-150000.6.17.1 * openslp-32bit-2.0.0-150000.6.17.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-server-2.0.0-150000.6.17.1 * openslp-devel-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * openslp-server-debuginfo-2.0.0-150000.6.17.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * openslp-32bit-debuginfo-2.0.0-150000.6.17.1 * openslp-32bit-2.0.0-150000.6.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-server-2.0.0-150000.6.17.1 * openslp-devel-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * openslp-server-debuginfo-2.0.0-150000.6.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * openslp-32bit-2.0.0-150000.6.17.1 * openslp-32bit-debuginfo-2.0.0-150000.6.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-server-2.0.0-150000.6.17.1 * openslp-devel-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * openslp-server-debuginfo-2.0.0-150000.6.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * openslp-32bit-2.0.0-150000.6.17.1 * openslp-32bit-debuginfo-2.0.0-150000.6.17.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-server-2.0.0-150000.6.17.1 * openslp-devel-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * openslp-server-debuginfo-2.0.0-150000.6.17.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * openslp-32bit-debuginfo-2.0.0-150000.6.17.1 * openslp-32bit-2.0.0-150000.6.17.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-server-2.0.0-150000.6.17.1 * openslp-devel-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * openslp-server-debuginfo-2.0.0-150000.6.17.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * openslp-32bit-debuginfo-2.0.0-150000.6.17.1 * openslp-32bit-2.0.0-150000.6.17.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-server-2.0.0-150000.6.17.1 * openslp-devel-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * openslp-server-debuginfo-2.0.0-150000.6.17.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * openslp-32bit-2.0.0-150000.6.17.1 * openslp-32bit-debuginfo-2.0.0-150000.6.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-server-2.0.0-150000.6.17.1 * openslp-devel-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * openslp-server-debuginfo-2.0.0-150000.6.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * openslp-32bit-debuginfo-2.0.0-150000.6.17.1 * openslp-32bit-2.0.0-150000.6.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-server-2.0.0-150000.6.17.1 * openslp-devel-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * openslp-server-debuginfo-2.0.0-150000.6.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * openslp-32bit-debuginfo-2.0.0-150000.6.17.1 * openslp-32bit-2.0.0-150000.6.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-server-2.0.0-150000.6.17.1 * openslp-devel-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * openslp-server-debuginfo-2.0.0-150000.6.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * openslp-32bit-2.0.0-150000.6.17.1 * openslp-32bit-debuginfo-2.0.0-150000.6.17.1 * SUSE Manager Proxy 4.2 (x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-32bit-debuginfo-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-32bit-2.0.0-150000.6.17.1 * openslp-devel-2.0.0-150000.6.17.1 * openslp-server-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * openslp-server-debuginfo-2.0.0-150000.6.17.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-32bit-debuginfo-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-32bit-2.0.0-150000.6.17.1 * openslp-devel-2.0.0-150000.6.17.1 * openslp-server-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * openslp-server-debuginfo-2.0.0-150000.6.17.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-server-2.0.0-150000.6.17.1 * openslp-devel-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * openslp-server-debuginfo-2.0.0-150000.6.17.1 * SUSE Manager Server 4.2 (x86_64) * openslp-32bit-2.0.0-150000.6.17.1 * openslp-32bit-debuginfo-2.0.0-150000.6.17.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-server-2.0.0-150000.6.17.1 * openslp-devel-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * openslp-server-debuginfo-2.0.0-150000.6.17.1 * SUSE Enterprise Storage 7.1 (x86_64) * openslp-32bit-2.0.0-150000.6.17.1 * openslp-32bit-debuginfo-2.0.0-150000.6.17.1 * SUSE CaaS Platform 4.0 (x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-32bit-debuginfo-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-32bit-2.0.0-150000.6.17.1 * openslp-devel-2.0.0-150000.6.17.1 * openslp-server-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * openslp-server-debuginfo-2.0.0-150000.6.17.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * openslp-2.0.0-150000.6.17.1 * openslp-debuginfo-2.0.0-150000.6.17.1 * openslp-debugsource-2.0.0-150000.6.17.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Dec 19 08:30:13 2023 From: null at suse.de (SLE-UPDATES) Date: Tue, 19 Dec 2023 08:30:13 -0000 Subject: SUSE-RU-2023:4896-1: important: Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Message-ID: <170297461308.4720.9141080610398626739@smelt2.prg2.suse.org> # Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Announcement ID: SUSE-RU-2023:4896-1 Rating: important References: * bsc#1218027 * jsc#MSQA-717 Affected Products: * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that contains one feature and has one fix can now be installed. ## Description: This update fixes the following issues: susemanager-schema: * Version 4.3.23-1 * Do not add the unique index for rhnpackagechangelogdata table and prevent too long schema upgrades (bsc#1218027) How to apply this update: 1. Log in as root user to the SUSE Manager Server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-4896=1 ## Package List: * SUSE Manager Server 4.3 Module 4.3 (noarch) * susemanager-schema-4.3.23-150400.3.33.2 * susemanager-schema-utility-4.3.23-150400.3.33.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1218027 * https://jira.suse.com/browse/MSQA-717 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Dec 19 12:30:04 2023 From: null at suse.de (SLE-UPDATES) Date: Tue, 19 Dec 2023 12:30:04 -0000 Subject: SUSE-SU-2023:4901-1: moderate: Security update for avahi Message-ID: <170298900441.29911.13083042504464813735@smelt2.prg2.suse.org> # Security update for avahi Announcement ID: SUSE-SU-2023:4901-1 Rating: moderate References: * bsc#1216853 Cross-References: * CVE-2023-38472 CVSS scores: * CVE-2023-38472 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38472 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2023-38472: Fixed reachable assertion in avahi_rdata_parse (bsc#1216853). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4901=1 SUSE-2023-4901=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4901=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4901=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4901=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4901=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4901=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4901=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4901=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4901=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4901=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4901=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4901=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4901=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4901=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4901=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * avahi-compat-howl-devel-0.8-150400.7.13.1 * avahi-debugsource-0.8-150400.7.13.1 * libavahi-client3-debuginfo-0.8-150400.7.13.1 * libavahi-libevent1-debuginfo-0.8-150400.7.13.1 * avahi-utils-gtk-0.8-150400.7.13.1 * libavahi-libevent1-0.8-150400.7.13.1 * avahi-glib2-debugsource-0.8-150400.7.13.1 * libavahi-qt5-devel-0.8-150400.7.13.1 * libavahi-glib1-debuginfo-0.8-150400.7.13.1 * avahi-qt5-debugsource-0.8-150400.7.13.1 * libavahi-core7-debuginfo-0.8-150400.7.13.1 * libavahi-common3-0.8-150400.7.13.1 * avahi-autoipd-0.8-150400.7.13.1 * libavahi-common3-debuginfo-0.8-150400.7.13.1 * libavahi-gobject0-debuginfo-0.8-150400.7.13.1 * libavahi-gobject0-0.8-150400.7.13.1 * avahi-autoipd-debuginfo-0.8-150400.7.13.1 * libdns_sd-0.8-150400.7.13.1 * libavahi-devel-0.8-150400.7.13.1 * libavahi-core7-0.8-150400.7.13.1 * libavahi-qt5-1-debuginfo-0.8-150400.7.13.1 * libavahi-ui-gtk3-0-debuginfo-0.8-150400.7.13.1 * libavahi-glib-devel-0.8-150400.7.13.1 * avahi-utils-0.8-150400.7.13.1 * libavahi-gobject-devel-0.8-150400.7.13.1 * libhowl0-0.8-150400.7.13.1 * libavahi-client3-0.8-150400.7.13.1 * avahi-compat-mDNSResponder-devel-0.8-150400.7.13.1 * avahi-0.8-150400.7.13.1 * avahi-debuginfo-0.8-150400.7.13.1 * libhowl0-debuginfo-0.8-150400.7.13.1 * python3-avahi-gtk-0.8-150400.7.13.1 * avahi-utils-debuginfo-0.8-150400.7.13.1 * python3-avahi-0.8-150400.7.13.1 * libavahi-ui-gtk3-0-0.8-150400.7.13.1 * libavahi-qt5-1-0.8-150400.7.13.1 * libavahi-glib1-0.8-150400.7.13.1 * avahi-utils-gtk-debuginfo-0.8-150400.7.13.1 * typelib-1_0-Avahi-0_6-0.8-150400.7.13.1 * libdns_sd-debuginfo-0.8-150400.7.13.1 * openSUSE Leap 15.4 (x86_64) * libavahi-common3-32bit-0.8-150400.7.13.1 * libavahi-client3-32bit-0.8-150400.7.13.1 * libavahi-glib1-32bit-0.8-150400.7.13.1 * libavahi-client3-32bit-debuginfo-0.8-150400.7.13.1 * libdns_sd-32bit-debuginfo-0.8-150400.7.13.1 * avahi-32bit-debuginfo-0.8-150400.7.13.1 * libavahi-common3-32bit-debuginfo-0.8-150400.7.13.1 * libavahi-glib1-32bit-debuginfo-0.8-150400.7.13.1 * libdns_sd-32bit-0.8-150400.7.13.1 * openSUSE Leap 15.4 (noarch) * avahi-lang-0.8-150400.7.13.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libdns_sd-64bit-0.8-150400.7.13.1 * libavahi-common3-64bit-debuginfo-0.8-150400.7.13.1 * libavahi-client3-64bit-debuginfo-0.8-150400.7.13.1 * avahi-64bit-debuginfo-0.8-150400.7.13.1 * libavahi-glib1-64bit-debuginfo-0.8-150400.7.13.1 * libavahi-client3-64bit-0.8-150400.7.13.1 * libdns_sd-64bit-debuginfo-0.8-150400.7.13.1 * libavahi-glib1-64bit-0.8-150400.7.13.1 * libavahi-common3-64bit-0.8-150400.7.13.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libavahi-core7-0.8-150400.7.13.1 * libavahi-core7-debuginfo-0.8-150400.7.13.1 * libavahi-client3-debuginfo-0.8-150400.7.13.1 * avahi-debugsource-0.8-150400.7.13.1 * libavahi-common3-0.8-150400.7.13.1 * libavahi-common3-debuginfo-0.8-150400.7.13.1 * libavahi-client3-0.8-150400.7.13.1 * avahi-0.8-150400.7.13.1 * avahi-debuginfo-0.8-150400.7.13.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libavahi-core7-0.8-150400.7.13.1 * libavahi-core7-debuginfo-0.8-150400.7.13.1 * libavahi-client3-debuginfo-0.8-150400.7.13.1 * avahi-debugsource-0.8-150400.7.13.1 * libavahi-common3-0.8-150400.7.13.1 * libavahi-common3-debuginfo-0.8-150400.7.13.1 * libavahi-client3-0.8-150400.7.13.1 * avahi-0.8-150400.7.13.1 * avahi-debuginfo-0.8-150400.7.13.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * avahi-compat-howl-devel-0.8-150400.7.13.1 * avahi-debugsource-0.8-150400.7.13.1 * libavahi-client3-debuginfo-0.8-150400.7.13.1 * libavahi-libevent1-debuginfo-0.8-150400.7.13.1 * avahi-utils-gtk-0.8-150400.7.13.1 * libavahi-libevent1-0.8-150400.7.13.1 * avahi-glib2-debugsource-0.8-150400.7.13.1 * libavahi-qt5-devel-0.8-150400.7.13.1 * libavahi-glib1-debuginfo-0.8-150400.7.13.1 * avahi-qt5-debugsource-0.8-150400.7.13.1 * libavahi-core7-debuginfo-0.8-150400.7.13.1 * libavahi-common3-0.8-150400.7.13.1 * avahi-autoipd-0.8-150400.7.13.1 * libavahi-common3-debuginfo-0.8-150400.7.13.1 * libavahi-gobject0-debuginfo-0.8-150400.7.13.1 * libavahi-gobject0-0.8-150400.7.13.1 * avahi-autoipd-debuginfo-0.8-150400.7.13.1 * libdns_sd-0.8-150400.7.13.1 * libavahi-devel-0.8-150400.7.13.1 * libavahi-core7-0.8-150400.7.13.1 * libavahi-qt5-1-debuginfo-0.8-150400.7.13.1 * libavahi-ui-gtk3-0-debuginfo-0.8-150400.7.13.1 * libavahi-glib-devel-0.8-150400.7.13.1 * avahi-utils-0.8-150400.7.13.1 * libavahi-gobject-devel-0.8-150400.7.13.1 * libhowl0-0.8-150400.7.13.1 * libavahi-client3-0.8-150400.7.13.1 * avahi-compat-mDNSResponder-devel-0.8-150400.7.13.1 * avahi-0.8-150400.7.13.1 * avahi-debuginfo-0.8-150400.7.13.1 * libhowl0-debuginfo-0.8-150400.7.13.1 * python3-avahi-gtk-0.8-150400.7.13.1 * avahi-utils-debuginfo-0.8-150400.7.13.1 * libavahi-qt5-1-0.8-150400.7.13.1 * libavahi-ui-gtk3-0-0.8-150400.7.13.1 * python3-avahi-0.8-150400.7.13.1 * libavahi-glib1-0.8-150400.7.13.1 * avahi-utils-gtk-debuginfo-0.8-150400.7.13.1 * typelib-1_0-Avahi-0_6-0.8-150400.7.13.1 * libdns_sd-debuginfo-0.8-150400.7.13.1 * openSUSE Leap 15.5 (x86_64) * libavahi-common3-32bit-0.8-150400.7.13.1 * libavahi-client3-32bit-0.8-150400.7.13.1 * libavahi-glib1-32bit-0.8-150400.7.13.1 * libavahi-client3-32bit-debuginfo-0.8-150400.7.13.1 * libdns_sd-32bit-debuginfo-0.8-150400.7.13.1 * avahi-32bit-debuginfo-0.8-150400.7.13.1 * libavahi-common3-32bit-debuginfo-0.8-150400.7.13.1 * libavahi-glib1-32bit-debuginfo-0.8-150400.7.13.1 * libdns_sd-32bit-0.8-150400.7.13.1 * openSUSE Leap 15.5 (noarch) * avahi-lang-0.8-150400.7.13.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libavahi-core7-0.8-150400.7.13.1 * libavahi-core7-debuginfo-0.8-150400.7.13.1 * libavahi-client3-debuginfo-0.8-150400.7.13.1 * avahi-debugsource-0.8-150400.7.13.1 * libavahi-common3-0.8-150400.7.13.1 * libavahi-common3-debuginfo-0.8-150400.7.13.1 * libavahi-client3-0.8-150400.7.13.1 * avahi-0.8-150400.7.13.1 * avahi-debuginfo-0.8-150400.7.13.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libavahi-core7-0.8-150400.7.13.1 * libavahi-core7-debuginfo-0.8-150400.7.13.1 * libavahi-client3-debuginfo-0.8-150400.7.13.1 * avahi-debugsource-0.8-150400.7.13.1 * libavahi-common3-0.8-150400.7.13.1 * libavahi-common3-debuginfo-0.8-150400.7.13.1 * libavahi-client3-0.8-150400.7.13.1 * avahi-0.8-150400.7.13.1 * avahi-debuginfo-0.8-150400.7.13.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libavahi-core7-0.8-150400.7.13.1 * libavahi-core7-debuginfo-0.8-150400.7.13.1 * libavahi-client3-debuginfo-0.8-150400.7.13.1 * avahi-debugsource-0.8-150400.7.13.1 * libavahi-common3-0.8-150400.7.13.1 * libavahi-common3-debuginfo-0.8-150400.7.13.1 * libavahi-client3-0.8-150400.7.13.1 * avahi-0.8-150400.7.13.1 * avahi-debuginfo-0.8-150400.7.13.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libavahi-core7-0.8-150400.7.13.1 * libavahi-core7-debuginfo-0.8-150400.7.13.1 * libavahi-client3-debuginfo-0.8-150400.7.13.1 * avahi-debugsource-0.8-150400.7.13.1 * libavahi-common3-0.8-150400.7.13.1 * libavahi-common3-debuginfo-0.8-150400.7.13.1 * libavahi-client3-0.8-150400.7.13.1 * avahi-0.8-150400.7.13.1 * avahi-debuginfo-0.8-150400.7.13.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libavahi-core7-0.8-150400.7.13.1 * libavahi-core7-debuginfo-0.8-150400.7.13.1 * libavahi-client3-debuginfo-0.8-150400.7.13.1 * avahi-debugsource-0.8-150400.7.13.1 * libavahi-common3-0.8-150400.7.13.1 * libavahi-common3-debuginfo-0.8-150400.7.13.1 * libavahi-client3-0.8-150400.7.13.1 * avahi-0.8-150400.7.13.1 * avahi-debuginfo-0.8-150400.7.13.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * avahi-compat-howl-devel-0.8-150400.7.13.1 * avahi-debugsource-0.8-150400.7.13.1 * libavahi-client3-debuginfo-0.8-150400.7.13.1 * libavahi-libevent1-debuginfo-0.8-150400.7.13.1 * libavahi-libevent1-0.8-150400.7.13.1 * avahi-glib2-debugsource-0.8-150400.7.13.1 * libavahi-glib1-debuginfo-0.8-150400.7.13.1 * libavahi-core7-debuginfo-0.8-150400.7.13.1 * libavahi-common3-0.8-150400.7.13.1 * libavahi-common3-debuginfo-0.8-150400.7.13.1 * libavahi-gobject0-debuginfo-0.8-150400.7.13.1 * libavahi-gobject0-0.8-150400.7.13.1 * libdns_sd-0.8-150400.7.13.1 * libavahi-devel-0.8-150400.7.13.1 * libavahi-core7-0.8-150400.7.13.1 * libavahi-ui-gtk3-0-debuginfo-0.8-150400.7.13.1 * libavahi-glib-devel-0.8-150400.7.13.1 * avahi-utils-0.8-150400.7.13.1 * libhowl0-0.8-150400.7.13.1 * libavahi-client3-0.8-150400.7.13.1 * avahi-compat-mDNSResponder-devel-0.8-150400.7.13.1 * avahi-0.8-150400.7.13.1 * avahi-debuginfo-0.8-150400.7.13.1 * libhowl0-debuginfo-0.8-150400.7.13.1 * avahi-utils-debuginfo-0.8-150400.7.13.1 * libavahi-ui-gtk3-0-0.8-150400.7.13.1 * libavahi-glib1-0.8-150400.7.13.1 * typelib-1_0-Avahi-0_6-0.8-150400.7.13.1 * libdns_sd-debuginfo-0.8-150400.7.13.1 * Basesystem Module 15-SP4 (noarch) * avahi-lang-0.8-150400.7.13.1 * Basesystem Module 15-SP4 (x86_64) * libavahi-common3-32bit-0.8-150400.7.13.1 * libavahi-client3-32bit-0.8-150400.7.13.1 * libavahi-client3-32bit-debuginfo-0.8-150400.7.13.1 * avahi-32bit-debuginfo-0.8-150400.7.13.1 * libavahi-common3-32bit-debuginfo-0.8-150400.7.13.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * avahi-compat-howl-devel-0.8-150400.7.13.1 * avahi-debugsource-0.8-150400.7.13.1 * libavahi-client3-debuginfo-0.8-150400.7.13.1 * libavahi-libevent1-debuginfo-0.8-150400.7.13.1 * libavahi-libevent1-0.8-150400.7.13.1 * avahi-glib2-debugsource-0.8-150400.7.13.1 * libavahi-glib1-debuginfo-0.8-150400.7.13.1 * libavahi-core7-debuginfo-0.8-150400.7.13.1 * libavahi-common3-0.8-150400.7.13.1 * libavahi-common3-debuginfo-0.8-150400.7.13.1 * libavahi-gobject0-debuginfo-0.8-150400.7.13.1 * libavahi-gobject0-0.8-150400.7.13.1 * libdns_sd-0.8-150400.7.13.1 * libavahi-devel-0.8-150400.7.13.1 * libavahi-core7-0.8-150400.7.13.1 * libavahi-ui-gtk3-0-debuginfo-0.8-150400.7.13.1 * libavahi-glib-devel-0.8-150400.7.13.1 * avahi-utils-0.8-150400.7.13.1 * libhowl0-0.8-150400.7.13.1 * libavahi-client3-0.8-150400.7.13.1 * avahi-compat-mDNSResponder-devel-0.8-150400.7.13.1 * avahi-0.8-150400.7.13.1 * avahi-debuginfo-0.8-150400.7.13.1 * libhowl0-debuginfo-0.8-150400.7.13.1 * avahi-utils-debuginfo-0.8-150400.7.13.1 * libavahi-ui-gtk3-0-0.8-150400.7.13.1 * libavahi-glib1-0.8-150400.7.13.1 * typelib-1_0-Avahi-0_6-0.8-150400.7.13.1 * libdns_sd-debuginfo-0.8-150400.7.13.1 * Basesystem Module 15-SP5 (noarch) * avahi-lang-0.8-150400.7.13.1 * Basesystem Module 15-SP5 (x86_64) * libavahi-common3-32bit-0.8-150400.7.13.1 * libavahi-client3-32bit-0.8-150400.7.13.1 * libavahi-client3-32bit-debuginfo-0.8-150400.7.13.1 * avahi-32bit-debuginfo-0.8-150400.7.13.1 * libavahi-common3-32bit-debuginfo-0.8-150400.7.13.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * avahi-debugsource-0.8-150400.7.13.1 * avahi-utils-gtk-debuginfo-0.8-150400.7.13.1 * avahi-utils-gtk-0.8-150400.7.13.1 * avahi-autoipd-0.8-150400.7.13.1 * libavahi-gobject-devel-0.8-150400.7.13.1 * avahi-glib2-debugsource-0.8-150400.7.13.1 * avahi-autoipd-debuginfo-0.8-150400.7.13.1 * avahi-debuginfo-0.8-150400.7.13.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * avahi-debugsource-0.8-150400.7.13.1 * avahi-utils-gtk-debuginfo-0.8-150400.7.13.1 * avahi-utils-gtk-0.8-150400.7.13.1 * avahi-autoipd-0.8-150400.7.13.1 * libavahi-gobject-devel-0.8-150400.7.13.1 * avahi-glib2-debugsource-0.8-150400.7.13.1 * avahi-autoipd-debuginfo-0.8-150400.7.13.1 * avahi-debuginfo-0.8-150400.7.13.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * avahi-debuginfo-0.8-150400.7.13.1 * python3-avahi-0.8-150400.7.13.1 * avahi-debugsource-0.8-150400.7.13.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * avahi-debuginfo-0.8-150400.7.13.1 * python3-avahi-0.8-150400.7.13.1 * avahi-debugsource-0.8-150400.7.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38472.html * https://bugzilla.suse.com/show_bug.cgi?id=1216853 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Dec 19 16:31:30 2023 From: null at suse.de (SLE-UPDATES) Date: Tue, 19 Dec 2023 16:31:30 -0000 Subject: SUSE-SU-2023:4912-1: important: Security update for MozillaFirefox Message-ID: <170300349066.22122.10474430012105321100@smelt2.prg2.suse.org> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:4912-1 Rating: important References: * bsc#1217230 * bsc#1217974 Cross-References: * CVE-2023-6204 * CVE-2023-6205 * CVE-2023-6206 * CVE-2023-6207 * CVE-2023-6208 * CVE-2023-6209 * CVE-2023-6212 * CVE-2023-6856 * CVE-2023-6857 * CVE-2023-6858 * CVE-2023-6859 * CVE-2023-6860 * CVE-2023-6861 * CVE-2023-6862 * CVE-2023-6863 * CVE-2023-6864 * CVE-2023-6865 * CVE-2023-6867 CVSS scores: * CVE-2023-6204 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-6205 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-6206 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2023-6207 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-6208 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-6209 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-6212 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves 18 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: * Firefox Extended Support Release 115.6.0 ESR changelog-entry (bsc#1217974) * CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (bmo#1843782). * CVE-2023-6857: Symlinks may resolve to smaller than expected buffers (bmo#1796023). * CVE-2023-6858: Heap buffer overflow in nsTextFragment (bmo#1826791). * CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer (bmo#1840144). * CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation (bmo#1854669). * CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (bmo#1864118). * CVE-2023-6862: Use-after-free in nsDNSService (bsc#1868042). * CVE-2023-6863: Undefined behavior in ShutdownObserver() (bmo#1868901). * CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. * CVE-2023-6865: Potential exposure of uninitialized data in EncryptingOutputStream (bmo#1864123). * CVE-2023-6867: Clickjacking permission prompts using the popup transition (bmo#1863863). * Fixed: Various security fixes and other quality improvements MFSA 2023-50 (bsc#1217230) * CVE-2023-6204 (bmo#1841050) Out-of-bound memory access in WebGL2 blitFramebuffer * CVE-2023-6205 (bmo#1854076) Use-after-free in MessagePort::Entangled * CVE-2023-6206 (bmo#1857430) Clickjacking permission prompts using the fullscreen transition * CVE-2023-6207 (bmo#1861344) Use-after-free in ReadableByteStreamQueueEntry::Buffer * CVE-2023-6208 (bmo#1855345) Using Selection API would copy contents into X11 primary selection. * CVE-2023-6209 (bmo#1858570) Incorrect parsing of relative URLs starting with "///" * CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252, bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943, bmo#1862782) Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4912=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4912=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4912=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4912=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-115.6.0-112.194.1 * MozillaFirefox-debugsource-115.6.0-112.194.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * MozillaFirefox-devel-115.6.0-112.194.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * MozillaFirefox-debuginfo-115.6.0-112.194.1 * MozillaFirefox-translations-common-115.6.0-112.194.1 * MozillaFirefox-115.6.0-112.194.1 * MozillaFirefox-debugsource-115.6.0-112.194.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * MozillaFirefox-devel-115.6.0-112.194.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-115.6.0-112.194.1 * MozillaFirefox-translations-common-115.6.0-112.194.1 * MozillaFirefox-115.6.0-112.194.1 * MozillaFirefox-debugsource-115.6.0-112.194.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * MozillaFirefox-devel-115.6.0-112.194.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * MozillaFirefox-debuginfo-115.6.0-112.194.1 * MozillaFirefox-translations-common-115.6.0-112.194.1 * MozillaFirefox-115.6.0-112.194.1 * MozillaFirefox-debugsource-115.6.0-112.194.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * MozillaFirefox-devel-115.6.0-112.194.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6204.html * https://www.suse.com/security/cve/CVE-2023-6205.html * https://www.suse.com/security/cve/CVE-2023-6206.html * https://www.suse.com/security/cve/CVE-2023-6207.html * https://www.suse.com/security/cve/CVE-2023-6208.html * https://www.suse.com/security/cve/CVE-2023-6209.html * https://www.suse.com/security/cve/CVE-2023-6212.html * https://www.suse.com/security/cve/CVE-2023-6856.html * https://www.suse.com/security/cve/CVE-2023-6857.html * https://www.suse.com/security/cve/CVE-2023-6858.html * https://www.suse.com/security/cve/CVE-2023-6859.html * https://www.suse.com/security/cve/CVE-2023-6860.html * https://www.suse.com/security/cve/CVE-2023-6861.html * https://www.suse.com/security/cve/CVE-2023-6862.html * https://www.suse.com/security/cve/CVE-2023-6863.html * https://www.suse.com/security/cve/CVE-2023-6864.html * https://www.suse.com/security/cve/CVE-2023-6865.html * https://www.suse.com/security/cve/CVE-2023-6867.html * https://bugzilla.suse.com/show_bug.cgi?id=1217230 * https://bugzilla.suse.com/show_bug.cgi?id=1217974 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Dec 19 16:31:33 2023 From: null at suse.de (SLE-UPDATES) Date: Tue, 19 Dec 2023 16:31:33 -0000 Subject: SUSE-SU-2023:4910-1: moderate: Security update for avahi Message-ID: <170300349330.22122.11227398882789080019@smelt2.prg2.suse.org> # Security update for avahi Announcement ID: SUSE-SU-2023:4910-1 Rating: moderate References: * bsc#1215947 * bsc#1216419 Cross-References: * CVE-2023-38470 * CVE-2023-38473 CVSS scores: * CVE-2023-38470 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38470 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). * CVE-2023-38470: Fixed that each label is at least one byte long (bsc#1215947). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4910=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4910=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4910=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4910=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4910=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4910=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libavahi-ui0-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * SUSE Manager Proxy 4.2 (x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Manager Proxy 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (x86_64) * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38470.html * https://www.suse.com/security/cve/CVE-2023-38473.html * https://bugzilla.suse.com/show_bug.cgi?id=1215947 * https://bugzilla.suse.com/show_bug.cgi?id=1216419 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Dec 19 16:42:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:42:42 +0100 (CET) Subject: SUSE-CU-2023:4199-1: Security update of bci/bci-init Message-ID: <20231219164242.97B52FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4199-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.30.44 Container Release : 30.44 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-27.14.129 updated From sle-updates at lists.suse.com Tue Dec 19 16:42:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:42:53 +0100 (CET) Subject: SUSE-CU-2023:4200-1: Security update of bci/bci-micro Message-ID: <20231219164253.215DDFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4200-1 Container Tags : bci/bci-micro:15.4 , bci/bci-micro:15.4.23.5 Container Release : 23.5 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated From sle-updates at lists.suse.com Tue Dec 19 16:43:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:43:05 +0100 (CET) Subject: SUSE-CU-2023:4201-1: Security update of bci/bci-minimal Message-ID: <20231219164305.8681BFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4201-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.24.15 Container Release : 24.15 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - container:micro-image-15.4.0-23.5 updated From sle-updates at lists.suse.com Tue Dec 19 16:43:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:43:35 +0100 (CET) Subject: SUSE-CU-2023:4202-1: Security update of bci/nodejs Message-ID: <20231219164335.7D14BFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4202-1 Container Tags : bci/node:16 , bci/node:16-18.40 , bci/nodejs:16 , bci/nodejs:16-18.40 Container Release : 18.40 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-27.14.129 updated From null at suse.de Tue Dec 19 16:43:36 2023 From: null at suse.de (SLE-UPDATES) Date: Tue, 19 Dec 2023 16:43:36 -0000 Subject: SUSE-SU-2023:4910-1: moderate: Security update for avahi Message-ID: <170300421657.22563.9462527466348509793@smelt2.prg2.suse.org> # Security update for avahi Announcement ID: SUSE-SU-2023:4910-1 Rating: moderate References: * bsc#1215947 * bsc#1216419 Cross-References: * CVE-2023-38470 * CVE-2023-38473 CVSS scores: * CVE-2023-38470 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38470 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). * CVE-2023-38470: Fixed that each label is at least one byte long (bsc#1215947). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4910=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4910=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4910=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4910=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4910=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4910=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libavahi-ui0-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * SUSE Manager Proxy 4.2 (x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Manager Proxy 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (x86_64) * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38470.html * https://www.suse.com/security/cve/CVE-2023-38473.html * https://bugzilla.suse.com/show_bug.cgi?id=1215947 * https://bugzilla.suse.com/show_bug.cgi?id=1216419 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Dec 19 16:43:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:43:51 +0100 (CET) Subject: SUSE-CU-2023:4203-1: Security update of suse/postgres Message-ID: <20231219164351.956CAFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4203-1 Container Tags : suse/postgres:14 , suse/postgres:14-24.29 , suse/postgres:14.10 , suse/postgres:14.10-24.29 Container Release : 24.29 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-27.14.129 updated From sle-updates at lists.suse.com Tue Dec 19 16:44:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:44:32 +0100 (CET) Subject: SUSE-CU-2023:4204-1: Security update of bci/python Message-ID: <20231219164432.2AD77FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4204-1 Container Tags : bci/python:3 , bci/python:3-16.43 , bci/python:3.10 , bci/python:3.10-16.43 Container Release : 16.43 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-27.14.129 updated From sle-updates at lists.suse.com Tue Dec 19 16:45:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:45:06 +0100 (CET) Subject: SUSE-CU-2023:4205-1: Security update of suse/sle15 Message-ID: <20231219164506.E8F36FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4205-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.129 , suse/sle15:15.4 , suse/sle15:15.4.27.14.129 Container Release : 27.14.129 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated From sle-updates at lists.suse.com Tue Dec 19 16:45:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:45:17 +0100 (CET) Subject: SUSE-CU-2023:4206-1: Security update of suse/git Message-ID: <20231219164517.318E8FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4206-1 Container Tags : suse/git:2.35 , suse/git:2.35-4.26 , suse/git:latest Container Release : 4.26 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - container:micro-image-15.5.0-12.8 updated From sle-updates at lists.suse.com Tue Dec 19 16:45:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:45:33 +0100 (CET) Subject: SUSE-CU-2023:4208-1: Security update of bci/golang Message-ID: <20231219164533.3AF62FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4208-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-8.29 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-8.29 Container Release : 8.29 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Tue Dec 19 16:45:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:45:26 +0100 (CET) Subject: SUSE-CU-2023:4207-1: Security update of bci/golang Message-ID: <20231219164526.05540FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4207-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-8.29 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-8.29 Container Release : 8.29 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Tue Dec 19 16:45:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:45:48 +0100 (CET) Subject: SUSE-CU-2023:4209-1: Security update of bci/bci-init Message-ID: <20231219164548.325A7FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4209-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.10.61 , bci/bci-init:latest Container Release : 10.61 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Tue Dec 19 16:45:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:45:58 +0100 (CET) Subject: SUSE-CU-2023:4211-1: Security update of bci/bci-minimal Message-ID: <20231219164558.1C919FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4211-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.13.21 , bci/bci-minimal:latest Container Release : 13.21 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - container:micro-image-15.5.0-12.8 updated From sle-updates at lists.suse.com Tue Dec 19 16:45:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:45:51 +0100 (CET) Subject: SUSE-CU-2023:4210-1: Security update of bci/bci-micro Message-ID: <20231219164551.D7B07FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4210-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.12.8 , bci/bci-micro:latest Container Release : 12.8 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated From sle-updates at lists.suse.com Tue Dec 19 16:46:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:46:11 +0100 (CET) Subject: SUSE-CU-2023:4213-1: Security update of bci/nodejs Message-ID: <20231219164611.D2DC9FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4213-1 Container Tags : bci/node:20 , bci/node:20-2.25 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-2.25 , bci/nodejs:latest Container Release : 2.25 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Tue Dec 19 16:46:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:46:08 +0100 (CET) Subject: SUSE-CU-2023:4212-1: Security update of suse/nginx Message-ID: <20231219164608.C023EFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4212-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-5.60 , suse/nginx:latest Container Release : 5.60 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Tue Dec 19 16:46:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:46:46 +0100 (CET) Subject: SUSE-CU-2023:4215-1: Security update of bci/openjdk Message-ID: <20231219164646.38C2AFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4215-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-11.60 Container Release : 11.60 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Tue Dec 19 16:46:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:46:31 +0100 (CET) Subject: SUSE-CU-2023:4214-1: Security update of bci/openjdk-devel Message-ID: <20231219164631.5521DFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4214-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-10.122 Container Release : 10.122 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:bci-openjdk-11-15.5.11-11.60 updated From sle-updates at lists.suse.com Tue Dec 19 16:47:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:47:00 +0100 (CET) Subject: SUSE-CU-2023:4216-1: Security update of bci/openjdk Message-ID: <20231219164700.BD08DFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4216-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.59 , bci/openjdk:latest Container Release : 12.59 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Tue Dec 19 16:47:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:47:15 +0100 (CET) Subject: SUSE-CU-2023:4217-1: Security update of bci/php-apache Message-ID: <20231219164715.EEC05FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4217-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-8.55 Container Release : 8.55 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Tue Dec 19 16:47:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:47:31 +0100 (CET) Subject: SUSE-CU-2023:4218-1: Security update of bci/php-fpm Message-ID: <20231219164731.4DCB7FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4218-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-8.60 Container Release : 8.60 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Tue Dec 19 16:47:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:47:57 +0100 (CET) Subject: SUSE-CU-2023:4219-1: Security update of bci/php Message-ID: <20231219164757.54E9FFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4219-1 Container Tags : bci/php:8 , bci/php:8-8.55 Container Release : 8.55 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Tue Dec 19 16:52:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:52:17 +0100 (CET) Subject: SUSE-CU-2023:4220-1: Security update of suse/registry Message-ID: <20231219165217.E020AFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4220-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-15.30 , suse/registry:latest Container Release : 15.30 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - container:micro-image-15.5.0-12.8 updated From sle-updates at lists.suse.com Tue Dec 19 16:52:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:52:30 +0100 (CET) Subject: SUSE-CU-2023:4219-1: Security update of bci/php Message-ID: <20231219165230.BF3B6FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4219-1 Container Tags : bci/php:8 , bci/php:8-8.55 Container Release : 8.55 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Tue Dec 19 16:52:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:52:44 +0100 (CET) Subject: SUSE-CU-2023:4221-1: Security update of suse/postgres Message-ID: <20231219165244.6A52FFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4221-1 Container Tags : suse/postgres:15 , suse/postgres:15-13.14 , suse/postgres:15.5 , suse/postgres:15.5-13.14 Container Release : 13.14 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Tue Dec 19 16:52:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:52:55 +0100 (CET) Subject: SUSE-CU-2023:4222-1: Security update of suse/sle15 Message-ID: <20231219165255.74B2AFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4222-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.67 , suse/sle15:15.5 , suse/sle15:15.5.36.5.67 Container Release : 36.5.67 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated From null at suse.de Tue Dec 19 20:30:00 2023 From: null at suse.de (SLE-UPDATES) Date: Tue, 19 Dec 2023 20:30:00 -0000 Subject: SUSE-SU-2023:4910-1: moderate: Security update for avahi Message-ID: <170301780098.10545.8084147593810738558@smelt2.prg2.suse.org> # Security update for avahi Announcement ID: SUSE-SU-2023:4910-1 Rating: moderate References: * bsc#1215947 * bsc#1216419 Cross-References: * CVE-2023-38470 * CVE-2023-38473 CVSS scores: * CVE-2023-38470 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38470 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). * CVE-2023-38470: Fixed that each label is at least one byte long (bsc#1215947). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4910=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4910=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4910=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4910=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4910=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4910=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libavahi-ui0-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * SUSE Manager Proxy 4.2 (x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Manager Proxy 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (x86_64) * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38470.html * https://www.suse.com/security/cve/CVE-2023-38473.html * https://bugzilla.suse.com/show_bug.cgi?id=1215947 * https://bugzilla.suse.com/show_bug.cgi?id=1216419 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Dec 19 20:33:02 2023 From: null at suse.de (SLE-UPDATES) Date: Tue, 19 Dec 2023 20:33:02 -0000 Subject: SUSE-SU-2023:4910-1: moderate: Security update for avahi Message-ID: <170301798239.10545.17694995048524787188@smelt2.prg2.suse.org> # Security update for avahi Announcement ID: SUSE-SU-2023:4910-1 Rating: moderate References: * bsc#1215947 * bsc#1216419 Cross-References: * CVE-2023-38470 * CVE-2023-38473 CVSS scores: * CVE-2023-38470 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38470 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). * CVE-2023-38470: Fixed that each label is at least one byte long (bsc#1215947). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4910=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4910=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4910=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4910=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4910=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4910=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libavahi-ui0-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * SUSE Manager Proxy 4.2 (x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Manager Proxy 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (x86_64) * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38470.html * https://www.suse.com/security/cve/CVE-2023-38473.html * https://bugzilla.suse.com/show_bug.cgi?id=1215947 * https://bugzilla.suse.com/show_bug.cgi?id=1216419 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Dec 19 20:36:03 2023 From: null at suse.de (SLE-UPDATES) Date: Tue, 19 Dec 2023 20:36:03 -0000 Subject: SUSE-SU-2023:4910-1: moderate: Security update for avahi Message-ID: <170301816363.7756.16321046826742921700@smelt2.prg2.suse.org> # Security update for avahi Announcement ID: SUSE-SU-2023:4910-1 Rating: moderate References: * bsc#1215947 * bsc#1216419 Cross-References: * CVE-2023-38470 * CVE-2023-38473 CVSS scores: * CVE-2023-38470 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38470 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). * CVE-2023-38470: Fixed that each label is at least one byte long (bsc#1215947). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4910=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4910=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4910=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4910=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4910=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4910=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * SUSE Manager Proxy 4.2 (x86_64) * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * avahi-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * SUSE Manager Proxy 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * avahi-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * avahi-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (x86_64) * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * avahi-32bit-debuginfo-0.7-150100.3.29.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libavahi-client3-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libavahi-client3-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38470.html * https://www.suse.com/security/cve/CVE-2023-38473.html * https://bugzilla.suse.com/show_bug.cgi?id=1215947 * https://bugzilla.suse.com/show_bug.cgi?id=1216419 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Dec 19 20:39:04 2023 From: null at suse.de (SLE-UPDATES) Date: Tue, 19 Dec 2023 20:39:04 -0000 Subject: SUSE-SU-2023:4910-1: moderate: Security update for avahi Message-ID: <170301834489.10545.3723393355337934869@smelt2.prg2.suse.org> # Security update for avahi Announcement ID: SUSE-SU-2023:4910-1 Rating: moderate References: * bsc#1215947 * bsc#1216419 Cross-References: * CVE-2023-38470 * CVE-2023-38473 CVSS scores: * CVE-2023-38470 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38470 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). * CVE-2023-38470: Fixed that each label is at least one byte long (bsc#1215947). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4910=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4910=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4910=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4910=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4910=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4910=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libavahi-ui0-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * SUSE Manager Proxy 4.2 (x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Manager Proxy 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (x86_64) * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38470.html * https://www.suse.com/security/cve/CVE-2023-38473.html * https://bugzilla.suse.com/show_bug.cgi?id=1215947 * https://bugzilla.suse.com/show_bug.cgi?id=1216419 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Dec 20 08:03:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Dec 2023 09:03:29 +0100 (CET) Subject: SUSE-CU-2023:4225-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20231220080329.55411FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4225-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.121 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.121 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Wed Dec 20 08:03:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Dec 2023 09:03:59 +0100 (CET) Subject: SUSE-CU-2023:4226-1: Security update of suse/rmt-server Message-ID: <20231220080359.BFAC0FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4226-1 Container Tags : suse/rmt-server:2.14 , suse/rmt-server:2.14-11.54 , suse/rmt-server:latest Container Release : 11.54 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Wed Dec 20 08:04:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Dec 2023 09:04:11 +0100 (CET) Subject: SUSE-CU-2023:4227-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20231220080411.F2B3AFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4227-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.6 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.6 Container Release : 9.43.6 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated From sle-updates at lists.suse.com Wed Dec 20 08:04:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Dec 2023 09:04:19 +0100 (CET) Subject: SUSE-CU-2023:4228-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20231220080419.17BE0FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4228-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.10 , suse/manager/4.3/proxy-salt-broker:4.3.10.9.33.5 , suse/manager/4.3/proxy-salt-broker:latest , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.10 , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.10.9.33.5 Container Release : 9.33.5 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated From sle-updates at lists.suse.com Wed Dec 20 08:04:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Dec 2023 09:04:28 +0100 (CET) Subject: SUSE-CU-2023:4229-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20231220080428.89F78FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4229-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.10 , suse/manager/4.3/proxy-squid:4.3.10.9.42.4 , suse/manager/4.3/proxy-squid:latest , suse/manager/4.3/proxy-squid:susemanager-4.3.10 , suse/manager/4.3/proxy-squid:susemanager-4.3.10.9.42.4 Container Release : 9.42.4 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated From sle-updates at lists.suse.com Wed Dec 20 08:04:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Dec 2023 09:04:36 +0100 (CET) Subject: SUSE-CU-2023:4230-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20231220080436.D4663FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4230-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.10 , suse/manager/4.3/proxy-ssh:4.3.10.9.33.5 , suse/manager/4.3/proxy-ssh:latest , suse/manager/4.3/proxy-ssh:susemanager-4.3.10 , suse/manager/4.3/proxy-ssh:susemanager-4.3.10.9.33.5 Container Release : 9.33.5 Severity : important Type : security References : 1201384 1214788 1217950 1218014 CVE-2023-48795 CVE-2023-50495 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4902-1 Released: Tue Dec 19 13:09:42 2023 Summary: Security update for openssh Type: security Severity: important References: 1214788,1217950,CVE-2023-48795 This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950). the following non-security bug was fixed: - Fix the 'no route to host' error when connecting via ProxyJump The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - openssh-common-8.4p1-150300.3.27.1 updated - openssh-fips-8.4p1-150300.3.27.1 updated - openssh-server-8.4p1-150300.3.27.1 updated - openssh-clients-8.4p1-150300.3.27.1 updated - openssh-8.4p1-150300.3.27.1 updated From sle-updates at lists.suse.com Wed Dec 20 08:04:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Dec 2023 09:04:46 +0100 (CET) Subject: SUSE-CU-2023:4231-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20231220080446.04961FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4231-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.10 , suse/manager/4.3/proxy-tftpd:4.3.10.9.33.5 , suse/manager/4.3/proxy-tftpd:latest , suse/manager/4.3/proxy-tftpd:susemanager-4.3.10 , suse/manager/4.3/proxy-tftpd:susemanager-4.3.10.9.33.5 Container Release : 9.33.5 Severity : moderate Type : security References : 1201384 1217592 1218014 CVE-2023-49083 CVE-2023-50495 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4843-1 Released: Thu Dec 14 12:22:44 2023 Summary: Security update for python3-cryptography Type: security Severity: moderate References: 1217592,CVE-2023-49083 This update for python3-cryptography fixes the following issues: - CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - python3-cryptography-3.3.2-150400.23.1 updated From null at suse.de Wed Dec 20 08:30:02 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 08:30:02 -0000 Subject: SUSE-RU-2023:4916-1: important: Recommended update for lvm2 Message-ID: <170306100287.18384.12779095143449970914@smelt2.prg2.suse.org> # Recommended update for lvm2 Announcement ID: SUSE-RU-2023:4916-1 Rating: important References: * bsc#1215229 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for lvm2 fixes the following issues: * Fixed error creating linux volume on SAN device lvmlockd (bsc#1215229) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4916=1 openSUSE-SLE-15.4-2023-4916=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4916=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4916=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4916=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4916=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4916=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4916=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4916=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-4916=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libdevmapper-event1_03-2.03.05_1.02.163-150400.191.1 * libdevmapper1_03-2.03.05_1.02.163-150400.191.1 * libdevmapper1_03-debuginfo-2.03.05_1.02.163-150400.191.1 * device-mapper-2.03.05_1.02.163-150400.191.1 * lvm2-lvmlockd-debugsource-2.03.05-150400.191.1 * lvm2-2.03.05-150400.191.1 * lvm2-testsuite-debuginfo-2.03.05-150400.191.1 * lvm2-debuginfo-2.03.05-150400.191.1 * lvm2-device-mapper-debugsource-2.03.05-150400.191.1 * liblvm2cmd2_03-2.03.05-150400.191.1 * lvm2-lockd-2.03.05-150400.191.1 * lvm2-debugsource-2.03.05-150400.191.1 * liblvm2cmd2_03-debuginfo-2.03.05-150400.191.1 * lvm2-testsuite-2.03.05-150400.191.1 * device-mapper-debuginfo-2.03.05_1.02.163-150400.191.1 * device-mapper-devel-2.03.05_1.02.163-150400.191.1 * lvm2-devel-2.03.05-150400.191.1 * lvm2-lockd-debuginfo-2.03.05-150400.191.1 * libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150400.191.1 * openSUSE Leap 15.4 (x86_64) * libdevmapper-event1_03-32bit-debuginfo-2.03.05_1.02.163-150400.191.1 * libdevmapper1_03-32bit-debuginfo-2.03.05_1.02.163-150400.191.1 * device-mapper-devel-32bit-2.03.05_1.02.163-150400.191.1 * libdevmapper-event1_03-32bit-2.03.05_1.02.163-150400.191.1 * libdevmapper1_03-32bit-2.03.05_1.02.163-150400.191.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libdevmapper1_03-64bit-debuginfo-2.03.05_1.02.163-150400.191.1 * libdevmapper-event1_03-64bit-2.03.05_1.02.163-150400.191.1 * device-mapper-devel-64bit-2.03.05_1.02.163-150400.191.1 * libdevmapper-event1_03-64bit-debuginfo-2.03.05_1.02.163-150400.191.1 * libdevmapper1_03-64bit-2.03.05_1.02.163-150400.191.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libdevmapper-event1_03-2.03.05_1.02.163-150400.191.1 * libdevmapper1_03-2.03.05_1.02.163-150400.191.1 * libdevmapper1_03-debuginfo-2.03.05_1.02.163-150400.191.1 * device-mapper-2.03.05_1.02.163-150400.191.1 * lvm2-2.03.05-150400.191.1 * lvm2-debuginfo-2.03.05-150400.191.1 * liblvm2cmd2_03-2.03.05-150400.191.1 * lvm2-debugsource-2.03.05-150400.191.1 * liblvm2cmd2_03-debuginfo-2.03.05-150400.191.1 * device-mapper-debuginfo-2.03.05_1.02.163-150400.191.1 * libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150400.191.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libdevmapper-event1_03-2.03.05_1.02.163-150400.191.1 * libdevmapper1_03-2.03.05_1.02.163-150400.191.1 * libdevmapper1_03-debuginfo-2.03.05_1.02.163-150400.191.1 * device-mapper-2.03.05_1.02.163-150400.191.1 * lvm2-2.03.05-150400.191.1 * lvm2-debuginfo-2.03.05-150400.191.1 * liblvm2cmd2_03-2.03.05-150400.191.1 * lvm2-debugsource-2.03.05-150400.191.1 * liblvm2cmd2_03-debuginfo-2.03.05-150400.191.1 * device-mapper-debuginfo-2.03.05_1.02.163-150400.191.1 * libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150400.191.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libdevmapper-event1_03-2.03.05_1.02.163-150400.191.1 * libdevmapper1_03-2.03.05_1.02.163-150400.191.1 * libdevmapper1_03-debuginfo-2.03.05_1.02.163-150400.191.1 * device-mapper-2.03.05_1.02.163-150400.191.1 * lvm2-2.03.05-150400.191.1 * lvm2-debuginfo-2.03.05-150400.191.1 * liblvm2cmd2_03-2.03.05-150400.191.1 * lvm2-debugsource-2.03.05-150400.191.1 * liblvm2cmd2_03-debuginfo-2.03.05-150400.191.1 * device-mapper-debuginfo-2.03.05_1.02.163-150400.191.1 * libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150400.191.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libdevmapper-event1_03-2.03.05_1.02.163-150400.191.1 * libdevmapper1_03-2.03.05_1.02.163-150400.191.1 * libdevmapper1_03-debuginfo-2.03.05_1.02.163-150400.191.1 * device-mapper-2.03.05_1.02.163-150400.191.1 * lvm2-2.03.05-150400.191.1 * lvm2-debuginfo-2.03.05-150400.191.1 * liblvm2cmd2_03-2.03.05-150400.191.1 * lvm2-debugsource-2.03.05-150400.191.1 * liblvm2cmd2_03-debuginfo-2.03.05-150400.191.1 * device-mapper-debuginfo-2.03.05_1.02.163-150400.191.1 * libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150400.191.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libdevmapper-event1_03-2.03.05_1.02.163-150400.191.1 * libdevmapper1_03-2.03.05_1.02.163-150400.191.1 * libdevmapper1_03-debuginfo-2.03.05_1.02.163-150400.191.1 * device-mapper-2.03.05_1.02.163-150400.191.1 * lvm2-2.03.05-150400.191.1 * lvm2-debuginfo-2.03.05-150400.191.1 * liblvm2cmd2_03-2.03.05-150400.191.1 * lvm2-debugsource-2.03.05-150400.191.1 * liblvm2cmd2_03-debuginfo-2.03.05-150400.191.1 * device-mapper-debuginfo-2.03.05_1.02.163-150400.191.1 * libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150400.191.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libdevmapper-event1_03-2.03.05_1.02.163-150400.191.1 * libdevmapper1_03-2.03.05_1.02.163-150400.191.1 * libdevmapper1_03-debuginfo-2.03.05_1.02.163-150400.191.1 * device-mapper-2.03.05_1.02.163-150400.191.1 * lvm2-2.03.05-150400.191.1 * lvm2-debuginfo-2.03.05-150400.191.1 * liblvm2cmd2_03-2.03.05-150400.191.1 * lvm2-debugsource-2.03.05-150400.191.1 * liblvm2cmd2_03-debuginfo-2.03.05-150400.191.1 * device-mapper-debuginfo-2.03.05_1.02.163-150400.191.1 * libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150400.191.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libdevmapper-event1_03-2.03.05_1.02.163-150400.191.1 * libdevmapper1_03-2.03.05_1.02.163-150400.191.1 * libdevmapper1_03-debuginfo-2.03.05_1.02.163-150400.191.1 * device-mapper-2.03.05_1.02.163-150400.191.1 * lvm2-2.03.05-150400.191.1 * lvm2-debuginfo-2.03.05-150400.191.1 * liblvm2cmd2_03-2.03.05-150400.191.1 * lvm2-debugsource-2.03.05-150400.191.1 * liblvm2cmd2_03-debuginfo-2.03.05-150400.191.1 * device-mapper-debuginfo-2.03.05_1.02.163-150400.191.1 * device-mapper-devel-2.03.05_1.02.163-150400.191.1 * lvm2-devel-2.03.05-150400.191.1 * libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150400.191.1 * Basesystem Module 15-SP4 (x86_64) * libdevmapper1_03-32bit-debuginfo-2.03.05_1.02.163-150400.191.1 * libdevmapper1_03-32bit-2.03.05_1.02.163-150400.191.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * lvm2-lvmlockd-debugsource-2.03.05-150400.191.1 * lvm2-lockd-debuginfo-2.03.05-150400.191.1 * lvm2-lockd-2.03.05-150400.191.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215229 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 08:30:04 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 08:30:04 -0000 Subject: SUSE-RU-2023:4915-1: moderate: Recommended update for SUSE Manager and Uyuni Message-ID: <170306100413.18384.3715633088706732585@smelt2.prg2.suse.org> # Recommended update for SUSE Manager and Uyuni Announcement ID: SUSE-RU-2023:4915-1 Rating: moderate References: * jsc#MSC-611 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that contains one feature can now be installed. ## Description: This update for SUSE Manager and Uyuni fixes the following issues: * Enhance SUSE Manager and Uyuni with new Java packages (ijsc#MSC-611) * No source code changes * Packages affected: apache-commons-csv, apache-commons-math, apache-commons- ognl, classmate, codemodel, concurrentlinkedhashmap-lru, ee4j, glassfish- dtd-parser, glassfish-fastinfoset, glassfish-jaxb, istack-commons, jandex, jcache, mybatis-parent, relaxngcc, stax-ex, xmlstreambuffer, xsom ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4915=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-4915=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4915=1 ## Package List: * openSUSE Leap 15.5 (noarch) * istack-commons-buildtools-3.0.7-150200.5.5.6 * glassfish-jaxb-jxc-2.3.1-150200.5.5.9 * jandex-2.4.2-150200.5.5.6 * xmlstreambuffer-javadoc-1.5.4-150200.5.5.6 * glassfish-jaxb-2.3.1-150200.5.5.9 * xsom-javadoc-0~20140925-150200.5.5.6 * apache-commons-ognl-javadoc-4.0~20191021git51cf8f4-150200.5.7.6 * istack-commons-maven-plugin-3.0.7-150200.5.5.6 * classmate-1.5.1-150200.5.7.6 * glassfish-jaxb-txw2-2.3.1-150200.5.5.9 * classmate-javadoc-1.5.1-150200.5.7.6 * jandex-javadoc-2.4.2-150200.5.5.6 * glassfish-jaxb-parent-2.3.1-150200.5.5.9 * istack-commons-test-3.0.7-150200.5.5.6 * glassfish-fastinfoset-javadoc-1.2.15-150200.5.5.7 * xmlstreambuffer-1.5.4-150200.5.5.6 * codemodel-javadoc-2.6-150200.5.7.6 * glassfish-jaxb-bom-2.3.1-150200.5.5.9 * xsom-0~20140925-150200.5.5.6 * concurrentlinkedhashmap-lru-javadoc-1.3.2-150200.5.7.6 * ee4j-1.0.7-150200.5.5.3 * glassfish-jaxb-txw-parent-2.3.1-150200.5.5.9 * glassfish-jaxb-xsom-2.3.1-150200.5.5.9 * istack-commons-runtime-3.0.7-150200.5.5.6 * glassfish-jaxb-txwc2-2.3.1-150200.5.5.9 * apache-commons-math-3.6.1-150200.5.7.6 * istack-commons-3.0.7-150200.5.5.6 * glassfish-jaxb-rngom-2.3.1-150200.5.5.9 * apache-commons-csv-1.9.0-150200.5.7.6 * glassfish-jaxb-runtime-2.3.1-150200.5.5.9 * apache-commons-ognl-4.0~20191021git51cf8f4-150200.5.7.6 * glassfish-dtd-parser-javadoc-1.4-150200.5.5.6 * glassfish-jaxb-codemodel-parent-2.3.1-150200.5.5.9 * relaxngcc-javadoc-1.12-150200.5.5.3 * stax-ex-1.8-150200.5.5.6 * stax-ex-javadoc-1.8-150200.5.5.6 * glassfish-jaxb-runtime-parent-2.3.1-150200.5.5.9 * istack-commons-tools-3.0.7-150200.5.5.6 * glassfish-jaxb-relaxng-datatype-2.3.1-150200.5.5.9 * jcache-javadoc-1.1.0-150200.5.5.6 * glassfish-jaxb-codemodel-annotation-compiler-2.3.1-150200.5.5.9 * glassfish-jaxb-xjc-2.3.1-150200.5.5.9 * mybatis-parent-31-150200.5.5.6 * glassfish-jaxb-bom-ext-2.3.1-150200.5.5.9 * apache-commons-csv-javadoc-1.9.0-150200.5.7.6 * codemodel-2.6-150200.5.7.6 * glassfish-dtd-parser-1.4-150200.5.5.6 * apache-commons-math-javadoc-3.6.1-150200.5.7.6 * concurrentlinkedhashmap-lru-1.3.2-150200.5.7.6 * glassfish-jaxb-external-parent-2.3.1-150200.5.5.9 * import-properties-plugin-3.0.7-150200.5.5.6 * istack-commons-soimp-3.0.7-150200.5.5.6 * jcache-1.1.0-150200.5.5.6 * relaxngcc-1.12-150200.5.5.3 * glassfish-fastinfoset-1.2.15-150200.5.5.7 * glassfish-jaxb-codemodel-2.3.1-150200.5.5.9 * SUSE Manager Server 4.3 Module 4.3 (noarch) * istack-commons-buildtools-3.0.7-150200.5.5.6 * glassfish-jaxb-jxc-2.3.1-150200.5.5.9 * jandex-2.4.2-150200.5.5.6 * glassfish-jaxb-2.3.1-150200.5.5.9 * istack-commons-maven-plugin-3.0.7-150200.5.5.6 * glassfish-jaxb-txw2-2.3.1-150200.5.5.9 * glassfish-jaxb-parent-2.3.1-150200.5.5.9 * istack-commons-test-3.0.7-150200.5.5.6 * xmlstreambuffer-1.5.4-150200.5.5.6 * glassfish-jaxb-bom-2.3.1-150200.5.5.9 * xsom-0~20140925-150200.5.5.6 * ee4j-1.0.7-150200.5.5.3 * glassfish-jaxb-txw-parent-2.3.1-150200.5.5.9 * glassfish-jaxb-xsom-2.3.1-150200.5.5.9 * istack-commons-runtime-3.0.7-150200.5.5.6 * glassfish-jaxb-txwc2-2.3.1-150200.5.5.9 * apache-commons-math-3.6.1-150200.5.7.6 * istack-commons-3.0.7-150200.5.5.6 * glassfish-jaxb-rngom-2.3.1-150200.5.5.9 * glassfish-jaxb-runtime-2.3.1-150200.5.5.9 * apache-commons-ognl-4.0~20191021git51cf8f4-150200.5.7.6 * glassfish-jaxb-codemodel-parent-2.3.1-150200.5.5.9 * stax-ex-1.8-150200.5.5.6 * glassfish-jaxb-runtime-parent-2.3.1-150200.5.5.9 * istack-commons-tools-3.0.7-150200.5.5.6 * glassfish-jaxb-relaxng-datatype-2.3.1-150200.5.5.9 * glassfish-jaxb-codemodel-annotation-compiler-2.3.1-150200.5.5.9 * glassfish-jaxb-xjc-2.3.1-150200.5.5.9 * mybatis-parent-31-150200.5.5.6 * glassfish-jaxb-bom-ext-2.3.1-150200.5.5.9 * codemodel-2.6-150200.5.7.6 * glassfish-dtd-parser-1.4-150200.5.5.6 * glassfish-jaxb-external-parent-2.3.1-150200.5.5.9 * jcache-1.1.0-150200.5.5.6 * import-properties-plugin-3.0.7-150200.5.5.6 * relaxngcc-1.12-150200.5.5.3 * istack-commons-soimp-3.0.7-150200.5.5.6 * glassfish-fastinfoset-1.2.15-150200.5.5.7 * glassfish-jaxb-codemodel-2.3.1-150200.5.5.9 * openSUSE Leap 15.4 (noarch) * istack-commons-buildtools-3.0.7-150200.5.5.6 * glassfish-jaxb-jxc-2.3.1-150200.5.5.9 * jandex-2.4.2-150200.5.5.6 * glassfish-jaxb-2.3.1-150200.5.5.9 * istack-commons-maven-plugin-3.0.7-150200.5.5.6 * classmate-1.5.1-150200.5.7.6 * glassfish-jaxb-txw2-2.3.1-150200.5.5.9 * glassfish-jaxb-parent-2.3.1-150200.5.5.9 * istack-commons-test-3.0.7-150200.5.5.6 * xmlstreambuffer-1.5.4-150200.5.5.6 * glassfish-jaxb-bom-2.3.1-150200.5.5.9 * xsom-0~20140925-150200.5.5.6 * ee4j-1.0.7-150200.5.5.3 * glassfish-jaxb-txw-parent-2.3.1-150200.5.5.9 * glassfish-jaxb-xsom-2.3.1-150200.5.5.9 * istack-commons-runtime-3.0.7-150200.5.5.6 * glassfish-jaxb-txwc2-2.3.1-150200.5.5.9 * istack-commons-3.0.7-150200.5.5.6 * glassfish-jaxb-rngom-2.3.1-150200.5.5.9 * apache-commons-csv-1.9.0-150200.5.7.6 * glassfish-jaxb-runtime-2.3.1-150200.5.5.9 * apache-commons-ognl-4.0~20191021git51cf8f4-150200.5.7.6 * glassfish-jaxb-codemodel-parent-2.3.1-150200.5.5.9 * stax-ex-1.8-150200.5.5.6 * glassfish-jaxb-runtime-parent-2.3.1-150200.5.5.9 * istack-commons-tools-3.0.7-150200.5.5.6 * glassfish-jaxb-relaxng-datatype-2.3.1-150200.5.5.9 * glassfish-jaxb-codemodel-annotation-compiler-2.3.1-150200.5.5.9 * glassfish-jaxb-xjc-2.3.1-150200.5.5.9 * mybatis-parent-31-150200.5.5.6 * glassfish-jaxb-bom-ext-2.3.1-150200.5.5.9 * codemodel-2.6-150200.5.7.6 * glassfish-jaxb-external-parent-2.3.1-150200.5.5.9 * concurrentlinkedhashmap-lru-1.3.2-150200.5.7.6 * jcache-1.1.0-150200.5.5.6 * import-properties-plugin-3.0.7-150200.5.5.6 * relaxngcc-1.12-150200.5.5.3 * istack-commons-soimp-3.0.7-150200.5.5.6 * glassfish-fastinfoset-1.2.15-150200.5.5.7 * glassfish-jaxb-codemodel-2.3.1-150200.5.5.9 ## References: * https://jira.suse.com/browse/MSC-611 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 08:30:06 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 08:30:06 -0000 Subject: SUSE-RU-2023:4914-1: moderate: Recommended update for apache2 Message-ID: <170306100623.18384.5109079866034530235@smelt2.prg2.suse.org> # Recommended update for apache2 Announcement ID: SUSE-RU-2023:4914-1 Rating: moderate References: * bsc#1214454 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has one fix can now be installed. ## Description: This update for apache2 fixes the following issues: * apache2 and apache2-tls13-utils should never be installed at the same time (bsc#1214454) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4914=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4914=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4914=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4914=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * apache2-devel-2.4.51-35.38.1 * apache2-tls13-devel-2.4.51-35.38.1 * apache2-debuginfo-2.4.51-35.38.1 * apache2-debugsource-2.4.51-35.38.1 * apache2-tls13-debuginfo-2.4.51-35.38.1 * apache2-tls13-debugsource-2.4.51-35.38.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * apache2-prefork-2.4.51-35.38.1 * apache2-tls13-prefork-debuginfo-2.4.51-35.38.1 * apache2-tls13-utils-debuginfo-2.4.51-35.38.1 * apache2-worker-2.4.51-35.38.1 * apache2-tls13-example-pages-2.4.51-35.38.1 * apache2-utils-debuginfo-2.4.51-35.38.1 * apache2-tls13-worker-debuginfo-2.4.51-35.38.1 * apache2-debuginfo-2.4.51-35.38.1 * apache2-prefork-debuginfo-2.4.51-35.38.1 * apache2-tls13-debugsource-2.4.51-35.38.1 * apache2-2.4.51-35.38.1 * apache2-debugsource-2.4.51-35.38.1 * apache2-tls13-prefork-2.4.51-35.38.1 * apache2-tls13-worker-2.4.51-35.38.1 * apache2-worker-debuginfo-2.4.51-35.38.1 * apache2-example-pages-2.4.51-35.38.1 * apache2-tls13-debuginfo-2.4.51-35.38.1 * apache2-tls13-utils-2.4.51-35.38.1 * apache2-tls13-2.4.51-35.38.1 * apache2-utils-2.4.51-35.38.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * apache2-doc-2.4.51-35.38.1 * apache2-tls13-doc-2.4.51-35.38.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * apache2-prefork-2.4.51-35.38.1 * apache2-tls13-prefork-debuginfo-2.4.51-35.38.1 * apache2-tls13-utils-debuginfo-2.4.51-35.38.1 * apache2-worker-2.4.51-35.38.1 * apache2-tls13-example-pages-2.4.51-35.38.1 * apache2-utils-debuginfo-2.4.51-35.38.1 * apache2-tls13-worker-debuginfo-2.4.51-35.38.1 * apache2-debuginfo-2.4.51-35.38.1 * apache2-prefork-debuginfo-2.4.51-35.38.1 * apache2-tls13-debugsource-2.4.51-35.38.1 * apache2-2.4.51-35.38.1 * apache2-debugsource-2.4.51-35.38.1 * apache2-tls13-prefork-2.4.51-35.38.1 * apache2-tls13-worker-2.4.51-35.38.1 * apache2-worker-debuginfo-2.4.51-35.38.1 * apache2-example-pages-2.4.51-35.38.1 * apache2-tls13-debuginfo-2.4.51-35.38.1 * apache2-tls13-utils-2.4.51-35.38.1 * apache2-tls13-2.4.51-35.38.1 * apache2-utils-2.4.51-35.38.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * apache2-doc-2.4.51-35.38.1 * apache2-tls13-doc-2.4.51-35.38.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * apache2-prefork-2.4.51-35.38.1 * apache2-tls13-prefork-debuginfo-2.4.51-35.38.1 * apache2-tls13-utils-debuginfo-2.4.51-35.38.1 * apache2-worker-2.4.51-35.38.1 * apache2-tls13-example-pages-2.4.51-35.38.1 * apache2-utils-debuginfo-2.4.51-35.38.1 * apache2-tls13-worker-debuginfo-2.4.51-35.38.1 * apache2-debuginfo-2.4.51-35.38.1 * apache2-prefork-debuginfo-2.4.51-35.38.1 * apache2-tls13-debugsource-2.4.51-35.38.1 * apache2-2.4.51-35.38.1 * apache2-debugsource-2.4.51-35.38.1 * apache2-tls13-prefork-2.4.51-35.38.1 * apache2-tls13-worker-2.4.51-35.38.1 * apache2-worker-debuginfo-2.4.51-35.38.1 * apache2-example-pages-2.4.51-35.38.1 * apache2-tls13-debuginfo-2.4.51-35.38.1 * apache2-tls13-utils-2.4.51-35.38.1 * apache2-tls13-2.4.51-35.38.1 * apache2-utils-2.4.51-35.38.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * apache2-doc-2.4.51-35.38.1 * apache2-tls13-doc-2.4.51-35.38.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214454 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 08:30:07 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 08:30:07 -0000 Subject: SUSE-RU-2023:4913-1: moderate: Recommended update for xscreensaver Message-ID: <170306100790.18384.17796259365689439069@smelt2.prg2.suse.org> # Recommended update for xscreensaver Announcement ID: SUSE-RU-2023:4913-1 Rating: moderate References: * bsc#1206345 * bsc#1217318 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two fixes can now be installed. ## Description: This update for xscreensaver fixes the following issues: * Hide the nagging message about available update (bsc#1206345, bsc#1217318) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4913=1 openSUSE-SLE-15.4-2023-4913=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4913=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4913=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4913=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * xscreensaver-debugsource-6.03-150400.3.9.1 * xscreensaver-data-extra-6.03-150400.3.9.1 * xscreensaver-debuginfo-6.03-150400.3.9.1 * xscreensaver-data-extra-debuginfo-6.03-150400.3.9.1 * xscreensaver-data-6.03-150400.3.9.1 * xscreensaver-data-debuginfo-6.03-150400.3.9.1 * xscreensaver-6.03-150400.3.9.1 * openSUSE Leap 15.4 (noarch) * xscreensaver-lang-6.03-150400.3.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * xscreensaver-debugsource-6.03-150400.3.9.1 * xscreensaver-data-extra-6.03-150400.3.9.1 * xscreensaver-debuginfo-6.03-150400.3.9.1 * xscreensaver-data-extra-debuginfo-6.03-150400.3.9.1 * xscreensaver-data-6.03-150400.3.9.1 * xscreensaver-data-debuginfo-6.03-150400.3.9.1 * xscreensaver-6.03-150400.3.9.1 * openSUSE Leap 15.5 (noarch) * xscreensaver-lang-6.03-150400.3.9.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * xscreensaver-debugsource-6.03-150400.3.9.1 * xscreensaver-debuginfo-6.03-150400.3.9.1 * xscreensaver-data-6.03-150400.3.9.1 * xscreensaver-data-debuginfo-6.03-150400.3.9.1 * xscreensaver-6.03-150400.3.9.1 * Basesystem Module 15-SP4 (noarch) * xscreensaver-lang-6.03-150400.3.9.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * xscreensaver-debugsource-6.03-150400.3.9.1 * xscreensaver-debuginfo-6.03-150400.3.9.1 * xscreensaver-data-6.03-150400.3.9.1 * xscreensaver-data-debuginfo-6.03-150400.3.9.1 * xscreensaver-6.03-150400.3.9.1 * Basesystem Module 15-SP5 (noarch) * xscreensaver-lang-6.03-150400.3.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206345 * https://bugzilla.suse.com/show_bug.cgi?id=1217318 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 08:30:08 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 08:30:08 -0000 Subject: SUSE-SU-2023:4910-1: moderate: Security update for avahi Message-ID: <170306100860.18384.9226060170587922494@smelt2.prg2.suse.org> # Security update for avahi Announcement ID: SUSE-SU-2023:4910-1 Rating: moderate References: * bsc#1215947 * bsc#1216419 Cross-References: * CVE-2023-38470 * CVE-2023-38473 CVSS scores: * CVE-2023-38470 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38470 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). * CVE-2023-38470: Fixed that each label is at least one byte long (bsc#1215947). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4910=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4910=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4910=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4910=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4910=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4910=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * SUSE Manager Proxy 4.2 (x86_64) * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * avahi-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * SUSE Manager Proxy 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * avahi-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * avahi-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (x86_64) * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * avahi-32bit-debuginfo-0.7-150100.3.29.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libavahi-client3-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libavahi-client3-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38470.html * https://www.suse.com/security/cve/CVE-2023-38473.html * https://bugzilla.suse.com/show_bug.cgi?id=1215947 * https://bugzilla.suse.com/show_bug.cgi?id=1216419 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 08:33:11 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 08:33:11 -0000 Subject: SUSE-SU-2023:4910-1: moderate: Security update for avahi Message-ID: <170306119178.8348.17480488489210982519@smelt2.prg2.suse.org> # Security update for avahi Announcement ID: SUSE-SU-2023:4910-1 Rating: moderate References: * bsc#1215947 * bsc#1216419 Cross-References: * CVE-2023-38470 * CVE-2023-38473 CVSS scores: * CVE-2023-38470 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38470 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). * CVE-2023-38470: Fixed that each label is at least one byte long (bsc#1215947). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4910=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4910=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4910=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4910=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4910=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4910=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libavahi-ui0-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * SUSE Manager Proxy 4.2 (x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Manager Proxy 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (x86_64) * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38470.html * https://www.suse.com/security/cve/CVE-2023-38473.html * https://bugzilla.suse.com/show_bug.cgi?id=1215947 * https://bugzilla.suse.com/show_bug.cgi?id=1216419 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 08:36:13 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 08:36:13 -0000 Subject: SUSE-SU-2023:4910-1: moderate: Security update for avahi Message-ID: <170306137369.9211.9542825215834968081@smelt2.prg2.suse.org> # Security update for avahi Announcement ID: SUSE-SU-2023:4910-1 Rating: moderate References: * bsc#1215947 * bsc#1216419 Cross-References: * CVE-2023-38470 * CVE-2023-38473 CVSS scores: * CVE-2023-38470 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38470 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). * CVE-2023-38470: Fixed that each label is at least one byte long (bsc#1215947). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4910=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4910=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4910=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4910=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4910=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4910=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * SUSE Manager Proxy 4.2 (x86_64) * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * avahi-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * SUSE Manager Proxy 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * avahi-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * avahi-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (x86_64) * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * avahi-32bit-debuginfo-0.7-150100.3.29.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libavahi-client3-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libavahi-client3-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38470.html * https://www.suse.com/security/cve/CVE-2023-38473.html * https://bugzilla.suse.com/show_bug.cgi?id=1215947 * https://bugzilla.suse.com/show_bug.cgi?id=1216419 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 08:36:16 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 08:36:16 -0000 Subject: SUSE-SU-2023:4909-1: moderate: Security update for python-aiohttp Message-ID: <170306137697.9211.12918470291401968917@smelt2.prg2.suse.org> # Security update for python-aiohttp Announcement ID: SUSE-SU-2023:4909-1 Rating: moderate References: * bsc#1217174 Cross-References: * CVE-2023-47641 CVSS scores: * CVE-2023-47641 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2023-47641 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-aiohttp fixes the following issues: * CVE-2023-47641: Fixed inconsistent interpretation of the http protocol, if content-length and transport-encoding are in the same header with transport- encoding value of 'chunked*' (bsc#1217174) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4909=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4909=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-4909=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-4909=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-4909=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4909=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4909=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python3-aiohttp-debuginfo-3.6.0-150100.3.12.1 * python-aiohttp-doc-3.6.0-150100.3.12.1 * python-aiohttp-debugsource-3.6.0-150100.3.12.1 * python3-aiohttp-3.6.0-150100.3.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python3-aiohttp-debuginfo-3.6.0-150100.3.12.1 * python-aiohttp-doc-3.6.0-150100.3.12.1 * python-aiohttp-debugsource-3.6.0-150100.3.12.1 * python3-aiohttp-3.6.0-150100.3.12.1 * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * python3-aiohttp-debuginfo-3.6.0-150100.3.12.1 * python-aiohttp-doc-3.6.0-150100.3.12.1 * python-aiohttp-debugsource-3.6.0-150100.3.12.1 * python3-aiohttp-3.6.0-150100.3.12.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * python3-aiohttp-debuginfo-3.6.0-150100.3.12.1 * python-aiohttp-doc-3.6.0-150100.3.12.1 * python-aiohttp-debugsource-3.6.0-150100.3.12.1 * python3-aiohttp-3.6.0-150100.3.12.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * python3-aiohttp-debuginfo-3.6.0-150100.3.12.1 * python-aiohttp-debugsource-3.6.0-150100.3.12.1 * python3-aiohttp-3.6.0-150100.3.12.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-aiohttp-debuginfo-3.6.0-150100.3.12.1 * python-aiohttp-debugsource-3.6.0-150100.3.12.1 * python3-aiohttp-3.6.0-150100.3.12.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-aiohttp-debuginfo-3.6.0-150100.3.12.1 * python-aiohttp-debugsource-3.6.0-150100.3.12.1 * python3-aiohttp-3.6.0-150100.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-47641.html * https://bugzilla.suse.com/show_bug.cgi?id=1217174 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 08:36:19 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 08:36:19 -0000 Subject: SUSE-SU-2023:4908-1: moderate: Security update for mariadb Message-ID: <170306137905.9211.14879503036455166550@smelt2.prg2.suse.org> # Security update for mariadb Announcement ID: SUSE-SU-2023:4908-1 Rating: moderate References: * bsc#1217405 Cross-References: * CVE-2023-22084 CVSS scores: * CVE-2023-22084 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-22084 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for mariadb fixes the following issues: * CVE-2023-22084: Fixed an easily exploitable vulnerability that allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server (bsc#1217405). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4908=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4908=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4908=1 ## Package List: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * mariadb-client-10.4.32-150200.3.48.1 * mariadb-debuginfo-10.4.32-150200.3.48.1 * mariadb-client-debuginfo-10.4.32-150200.3.48.1 * mariadb-10.4.32-150200.3.48.1 * libmariadbd-devel-10.4.32-150200.3.48.1 * libmariadbd19-debuginfo-10.4.32-150200.3.48.1 * mariadb-tools-debuginfo-10.4.32-150200.3.48.1 * libmariadbd19-10.4.32-150200.3.48.1 * mariadb-debugsource-10.4.32-150200.3.48.1 * mariadb-tools-10.4.32-150200.3.48.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * mariadb-errormessages-10.4.32-150200.3.48.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * mariadb-client-10.4.32-150200.3.48.1 * mariadb-debuginfo-10.4.32-150200.3.48.1 * mariadb-client-debuginfo-10.4.32-150200.3.48.1 * mariadb-10.4.32-150200.3.48.1 * libmariadbd-devel-10.4.32-150200.3.48.1 * libmariadbd19-debuginfo-10.4.32-150200.3.48.1 * mariadb-tools-debuginfo-10.4.32-150200.3.48.1 * libmariadbd19-10.4.32-150200.3.48.1 * mariadb-debugsource-10.4.32-150200.3.48.1 * mariadb-tools-10.4.32-150200.3.48.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * mariadb-errormessages-10.4.32-150200.3.48.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * mariadb-client-10.4.32-150200.3.48.1 * mariadb-debuginfo-10.4.32-150200.3.48.1 * mariadb-client-debuginfo-10.4.32-150200.3.48.1 * mariadb-10.4.32-150200.3.48.1 * libmariadbd-devel-10.4.32-150200.3.48.1 * libmariadbd19-debuginfo-10.4.32-150200.3.48.1 * mariadb-tools-debuginfo-10.4.32-150200.3.48.1 * libmariadbd19-10.4.32-150200.3.48.1 * mariadb-debugsource-10.4.32-150200.3.48.1 * mariadb-tools-10.4.32-150200.3.48.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * mariadb-errormessages-10.4.32-150200.3.48.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22084.html * https://bugzilla.suse.com/show_bug.cgi?id=1217405 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 08:36:20 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 08:36:20 -0000 Subject: SUSE-SU-2023:4907-1: moderate: Security update for mariadb Message-ID: <170306138079.9211.4475406929856949849@smelt2.prg2.suse.org> # Security update for mariadb Announcement ID: SUSE-SU-2023:4907-1 Rating: moderate References: * bsc#1217405 Cross-References: * CVE-2023-22084 CVSS scores: * CVE-2023-22084 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-22084 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Affected Products: * Galera for Ericsson 15 SP3 * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for mariadb fixes the following issues: * CVE-2023-22084: Fixed an easily exploitable vulnerability that allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server (bsc#1217405). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4907=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4907=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4907=1 * Galera for Ericsson 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-ERICSSON-2023-4907=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4907=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4907=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4907=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * mariadb-test-debuginfo-10.5.23-150300.3.38.1 * mariadb-10.5.23-150300.3.38.1 * mariadb-test-10.5.23-150300.3.38.1 * mariadb-client-10.5.23-150300.3.38.1 * libmariadbd-devel-10.5.23-150300.3.38.1 * mariadb-debuginfo-10.5.23-150300.3.38.1 * mariadb-rpm-macros-10.5.23-150300.3.38.1 * libmariadbd19-10.5.23-150300.3.38.1 * mariadb-tools-debuginfo-10.5.23-150300.3.38.1 * mariadb-bench-debuginfo-10.5.23-150300.3.38.1 * mariadb-bench-10.5.23-150300.3.38.1 * libmariadbd19-debuginfo-10.5.23-150300.3.38.1 * mariadb-client-debuginfo-10.5.23-150300.3.38.1 * mariadb-debugsource-10.5.23-150300.3.38.1 * mariadb-tools-10.5.23-150300.3.38.1 * mariadb-galera-10.5.23-150300.3.38.1 * openSUSE Leap 15.3 (noarch) * mariadb-errormessages-10.5.23-150300.3.38.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * mariadb-10.5.23-150300.3.38.1 * mariadb-tools-debuginfo-10.5.23-150300.3.38.1 * mariadb-client-10.5.23-150300.3.38.1 * libmariadbd-devel-10.5.23-150300.3.38.1 * mariadb-debuginfo-10.5.23-150300.3.38.1 * libmariadbd19-10.5.23-150300.3.38.1 * libmariadbd19-debuginfo-10.5.23-150300.3.38.1 * mariadb-client-debuginfo-10.5.23-150300.3.38.1 * mariadb-debugsource-10.5.23-150300.3.38.1 * mariadb-tools-10.5.23-150300.3.38.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * mariadb-errormessages-10.5.23-150300.3.38.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * mariadb-10.5.23-150300.3.38.1 * mariadb-tools-debuginfo-10.5.23-150300.3.38.1 * mariadb-client-10.5.23-150300.3.38.1 * libmariadbd-devel-10.5.23-150300.3.38.1 * mariadb-debuginfo-10.5.23-150300.3.38.1 * libmariadbd19-10.5.23-150300.3.38.1 * libmariadbd19-debuginfo-10.5.23-150300.3.38.1 * mariadb-client-debuginfo-10.5.23-150300.3.38.1 * mariadb-debugsource-10.5.23-150300.3.38.1 * mariadb-tools-10.5.23-150300.3.38.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * mariadb-errormessages-10.5.23-150300.3.38.1 * Galera for Ericsson 15 SP3 (x86_64) * mariadb-galera-10.5.23-150300.3.38.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * mariadb-10.5.23-150300.3.38.1 * mariadb-tools-debuginfo-10.5.23-150300.3.38.1 * mariadb-client-10.5.23-150300.3.38.1 * libmariadbd-devel-10.5.23-150300.3.38.1 * mariadb-debuginfo-10.5.23-150300.3.38.1 * libmariadbd19-10.5.23-150300.3.38.1 * libmariadbd19-debuginfo-10.5.23-150300.3.38.1 * mariadb-client-debuginfo-10.5.23-150300.3.38.1 * mariadb-debugsource-10.5.23-150300.3.38.1 * mariadb-tools-10.5.23-150300.3.38.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * mariadb-errormessages-10.5.23-150300.3.38.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * mariadb-10.5.23-150300.3.38.1 * mariadb-tools-debuginfo-10.5.23-150300.3.38.1 * mariadb-client-10.5.23-150300.3.38.1 * libmariadbd-devel-10.5.23-150300.3.38.1 * mariadb-debuginfo-10.5.23-150300.3.38.1 * libmariadbd19-10.5.23-150300.3.38.1 * libmariadbd19-debuginfo-10.5.23-150300.3.38.1 * mariadb-client-debuginfo-10.5.23-150300.3.38.1 * mariadb-debugsource-10.5.23-150300.3.38.1 * mariadb-tools-10.5.23-150300.3.38.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * mariadb-errormessages-10.5.23-150300.3.38.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * mariadb-10.5.23-150300.3.38.1 * mariadb-tools-debuginfo-10.5.23-150300.3.38.1 * mariadb-client-10.5.23-150300.3.38.1 * libmariadbd-devel-10.5.23-150300.3.38.1 * mariadb-debuginfo-10.5.23-150300.3.38.1 * libmariadbd19-10.5.23-150300.3.38.1 * libmariadbd19-debuginfo-10.5.23-150300.3.38.1 * mariadb-client-debuginfo-10.5.23-150300.3.38.1 * mariadb-debugsource-10.5.23-150300.3.38.1 * mariadb-tools-10.5.23-150300.3.38.1 * SUSE Enterprise Storage 7.1 (noarch) * mariadb-errormessages-10.5.23-150300.3.38.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22084.html * https://bugzilla.suse.com/show_bug.cgi?id=1217405 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 08:36:24 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 08:36:24 -0000 Subject: SUSE-SU-2023:4905-1: important: Security update for openssh Message-ID: <170306138405.9211.15516721041727743782@smelt2.prg2.suse.org> # Security update for openssh Announcement ID: SUSE-SU-2023:4905-1 Rating: important References: * bsc#1217950 Cross-References: * CVE-2023-48795 CVSS scores: * CVE-2023-48795 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for openssh fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4905=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4905=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4905=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * openssh-debugsource-7.9p1-150100.6.34.1 * openssh-askpass-gnome-7.9p1-150100.6.34.1 * openssh-askpass-gnome-debugsource-7.9p1-150100.6.34.1 * openssh-fips-7.9p1-150100.6.34.1 * openssh-debuginfo-7.9p1-150100.6.34.1 * openssh-7.9p1-150100.6.34.1 * openssh-helpers-7.9p1-150100.6.34.1 * openssh-askpass-gnome-debuginfo-7.9p1-150100.6.34.1 * openssh-helpers-debuginfo-7.9p1-150100.6.34.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * openssh-debugsource-7.9p1-150100.6.34.1 * openssh-askpass-gnome-7.9p1-150100.6.34.1 * openssh-askpass-gnome-debugsource-7.9p1-150100.6.34.1 * openssh-fips-7.9p1-150100.6.34.1 * openssh-debuginfo-7.9p1-150100.6.34.1 * openssh-7.9p1-150100.6.34.1 * openssh-helpers-7.9p1-150100.6.34.1 * openssh-askpass-gnome-debuginfo-7.9p1-150100.6.34.1 * openssh-helpers-debuginfo-7.9p1-150100.6.34.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * openssh-debugsource-7.9p1-150100.6.34.1 * openssh-askpass-gnome-7.9p1-150100.6.34.1 * openssh-askpass-gnome-debugsource-7.9p1-150100.6.34.1 * openssh-fips-7.9p1-150100.6.34.1 * openssh-debuginfo-7.9p1-150100.6.34.1 * openssh-7.9p1-150100.6.34.1 * openssh-helpers-7.9p1-150100.6.34.1 * openssh-askpass-gnome-debuginfo-7.9p1-150100.6.34.1 * openssh-helpers-debuginfo-7.9p1-150100.6.34.1 * SUSE CaaS Platform 4.0 (x86_64) * openssh-debugsource-7.9p1-150100.6.34.1 * openssh-askpass-gnome-7.9p1-150100.6.34.1 * openssh-askpass-gnome-debugsource-7.9p1-150100.6.34.1 * openssh-fips-7.9p1-150100.6.34.1 * openssh-debuginfo-7.9p1-150100.6.34.1 * openssh-7.9p1-150100.6.34.1 * openssh-helpers-7.9p1-150100.6.34.1 * openssh-askpass-gnome-debuginfo-7.9p1-150100.6.34.1 * openssh-helpers-debuginfo-7.9p1-150100.6.34.1 ## References: * https://www.suse.com/security/cve/CVE-2023-48795.html * https://bugzilla.suse.com/show_bug.cgi?id=1217950 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 08:36:25 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 08:36:25 -0000 Subject: SUSE-SU-2023:4904-1: important: Security update for openssh Message-ID: <170306138581.9211.191400958712770135@smelt2.prg2.suse.org> # Security update for openssh Announcement ID: SUSE-SU-2023:4904-1 Rating: important References: * bsc#1217950 Cross-References: * CVE-2023-48795 CVSS scores: * CVE-2023-48795 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for openssh fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4904=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4904=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4904=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * openssh-askpass-gnome-debugsource-8.1p1-150200.5.43.1 * openssh-fips-8.1p1-150200.5.43.1 * openssh-debugsource-8.1p1-150200.5.43.1 * openssh-askpass-gnome-8.1p1-150200.5.43.1 * openssh-helpers-8.1p1-150200.5.43.1 * openssh-askpass-gnome-debuginfo-8.1p1-150200.5.43.1 * openssh-8.1p1-150200.5.43.1 * openssh-helpers-debuginfo-8.1p1-150200.5.43.1 * openssh-debuginfo-8.1p1-150200.5.43.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * openssh-askpass-gnome-debugsource-8.1p1-150200.5.43.1 * openssh-fips-8.1p1-150200.5.43.1 * openssh-debugsource-8.1p1-150200.5.43.1 * openssh-askpass-gnome-8.1p1-150200.5.43.1 * openssh-helpers-8.1p1-150200.5.43.1 * openssh-askpass-gnome-debuginfo-8.1p1-150200.5.43.1 * openssh-8.1p1-150200.5.43.1 * openssh-helpers-debuginfo-8.1p1-150200.5.43.1 * openssh-debuginfo-8.1p1-150200.5.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * openssh-askpass-gnome-debugsource-8.1p1-150200.5.43.1 * openssh-fips-8.1p1-150200.5.43.1 * openssh-debugsource-8.1p1-150200.5.43.1 * openssh-askpass-gnome-8.1p1-150200.5.43.1 * openssh-helpers-8.1p1-150200.5.43.1 * openssh-askpass-gnome-debuginfo-8.1p1-150200.5.43.1 * openssh-8.1p1-150200.5.43.1 * openssh-helpers-debuginfo-8.1p1-150200.5.43.1 * openssh-debuginfo-8.1p1-150200.5.43.1 ## References: * https://www.suse.com/security/cve/CVE-2023-48795.html * https://bugzilla.suse.com/show_bug.cgi?id=1217950 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 08:36:28 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 08:36:28 -0000 Subject: SUSE-SU-2023:4903-1: important: Security update for openssh Message-ID: <170306138894.9211.1285140947828015006@smelt2.prg2.suse.org> # Security update for openssh Announcement ID: SUSE-SU-2023:4903-1 Rating: important References: * bsc#1201750 * bsc#1217950 * jsc#SLE-24929 Cross-References: * CVE-2023-48795 CVSS scores: * CVE-2023-48795 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability, contains one feature and has one security fix can now be installed. ## Description: This update for openssh fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4903=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4903=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4903=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * openssh-debugsource-7.2p2-81.8.1 * openssh-fips-7.2p2-81.8.1 * openssh-askpass-gnome-7.2p2-81.8.1 * openssh-askpass-gnome-debuginfo-7.2p2-81.8.1 * openssh-debuginfo-7.2p2-81.8.1 * openssh-7.2p2-81.8.1 * openssh-helpers-debuginfo-7.2p2-81.8.1 * openssh-helpers-7.2p2-81.8.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * openssh-debugsource-7.2p2-81.8.1 * openssh-fips-7.2p2-81.8.1 * openssh-askpass-gnome-7.2p2-81.8.1 * openssh-askpass-gnome-debuginfo-7.2p2-81.8.1 * openssh-debuginfo-7.2p2-81.8.1 * openssh-7.2p2-81.8.1 * openssh-helpers-debuginfo-7.2p2-81.8.1 * openssh-helpers-7.2p2-81.8.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * openssh-debugsource-7.2p2-81.8.1 * openssh-fips-7.2p2-81.8.1 * openssh-askpass-gnome-7.2p2-81.8.1 * openssh-askpass-gnome-debuginfo-7.2p2-81.8.1 * openssh-debuginfo-7.2p2-81.8.1 * openssh-7.2p2-81.8.1 * openssh-helpers-debuginfo-7.2p2-81.8.1 * openssh-helpers-7.2p2-81.8.1 ## References: * https://www.suse.com/security/cve/CVE-2023-48795.html * https://bugzilla.suse.com/show_bug.cgi?id=1201750 * https://bugzilla.suse.com/show_bug.cgi?id=1217950 * https://jira.suse.com/browse/SLE-24929 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 08:36:31 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 08:36:31 -0000 Subject: SUSE-SU-2023:4902-1: important: Security update for openssh Message-ID: <170306139133.9211.11078244797126624351@smelt2.prg2.suse.org> # Security update for openssh Announcement ID: SUSE-SU-2023:4902-1 Rating: important References: * bsc#1214788 * bsc#1217950 Cross-References: * CVE-2023-48795 CVSS scores: * CVE-2023-48795 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for openssh fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950). the following non-security bug was fixed: * Fix the 'no route to host' error when connecting via ProxyJump ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4902=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4902=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4902=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4902=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4902=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4902=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4902=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4902=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4902=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4902=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4902=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4902=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4902=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4902=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4902=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4902=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2023-4902=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2023-4902=1 * SUSE Linux Enterprise Real Time 15 SP4 zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2023-4902=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2023-4902=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4902=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2023-4902=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4902=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2023-4902=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2023-4902=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2023-4902=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2023-4902=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4902=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4902=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4902=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4902=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * openssh-cavs-8.4p1-150300.3.27.1 * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-helpers-debuginfo-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-helpers-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-cavs-debuginfo-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * openssh-cavs-8.4p1-150300.3.27.1 * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-helpers-debuginfo-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-helpers-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-cavs-debuginfo-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * openssh-cavs-8.4p1-150300.3.27.1 * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-helpers-debuginfo-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-helpers-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-cavs-debuginfo-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-helpers-debuginfo-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-helpers-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-helpers-debuginfo-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-helpers-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1 * openssh-askpass-gnome-8.4p1-150300.3.27.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1 * openssh-askpass-gnome-8.4p1-150300.3.27.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-helpers-debuginfo-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-helpers-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-helpers-debuginfo-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-helpers-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-helpers-debuginfo-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-helpers-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-helpers-debuginfo-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-helpers-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * SUSE Linux Enterprise Real Time 15 SP4 (x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-helpers-debuginfo-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-helpers-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-helpers-debuginfo-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-helpers-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-helpers-debuginfo-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-helpers-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-helpers-debuginfo-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-helpers-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-helpers-debuginfo-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-helpers-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-helpers-debuginfo-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-helpers-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * SUSE Manager Proxy 4.3 (x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-helpers-debuginfo-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-helpers-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-helpers-debuginfo-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-helpers-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-helpers-debuginfo-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-helpers-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-helpers-debuginfo-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-helpers-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * openssh-clients-debuginfo-8.4p1-150300.3.27.1 * openssh-common-8.4p1-150300.3.27.1 * openssh-8.4p1-150300.3.27.1 * openssh-debugsource-8.4p1-150300.3.27.1 * openssh-fips-8.4p1-150300.3.27.1 * openssh-server-8.4p1-150300.3.27.1 * openssh-server-debuginfo-8.4p1-150300.3.27.1 * openssh-common-debuginfo-8.4p1-150300.3.27.1 * openssh-clients-8.4p1-150300.3.27.1 * openssh-debuginfo-8.4p1-150300.3.27.1 ## References: * https://www.suse.com/security/cve/CVE-2023-48795.html * https://bugzilla.suse.com/show_bug.cgi?id=1214788 * https://bugzilla.suse.com/show_bug.cgi?id=1217950 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 12:30:02 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 12:30:02 -0000 Subject: SUSE-RU-2023:4927-1: important: Recommended update for yast2-installation Message-ID: <170307540291.7538.12645638684287881840@smelt2.prg2.suse.org> # Recommended update for yast2-installation Announcement ID: SUSE-RU-2023:4927-1 Rating: important References: * bsc#1217637 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for yast2-installation fixes the following issues: * Enclose IPv6 addresses within square brackets when calling the mount command (bsc#1217637) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4927=1 openSUSE-SLE-15.5-2023-4927=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4927=1 ## Package List: * openSUSE Leap 15.5 (noarch) * yast2-installation-4.5.19-150500.3.9.1 * Basesystem Module 15-SP5 (noarch) * yast2-installation-4.5.19-150500.3.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1217637 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 12:30:04 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 12:30:04 -0000 Subject: SUSE-SU-2023:4926-1: important: Security update for xwayland Message-ID: <170307540460.7538.17812431208221261083@smelt2.prg2.suse.org> # Security update for xwayland Announcement ID: SUSE-SU-2023:4926-1 Rating: important References: * bsc#1217765 Cross-References: * CVE-2023-6377 CVSS scores: * CVE-2023-6377 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for xwayland fixes the following issues: * CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions (bsc#1217765). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4926=1 openSUSE-SLE-15.4-2023-4926=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4926=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * xwayland-debugsource-21.1.4-150400.3.26.1 * xwayland-devel-21.1.4-150400.3.26.1 * xwayland-debuginfo-21.1.4-150400.3.26.1 * xwayland-21.1.4-150400.3.26.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * xwayland-debugsource-21.1.4-150400.3.26.1 * xwayland-debuginfo-21.1.4-150400.3.26.1 * xwayland-21.1.4-150400.3.26.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6377.html * https://bugzilla.suse.com/show_bug.cgi?id=1217765 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 12:30:06 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 12:30:06 -0000 Subject: SUSE-SU-2023:4925-1: important: Security update for xorg-x11-server Message-ID: <170307540672.7538.9740190732758603537@smelt2.prg2.suse.org> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2023:4925-1 Rating: important References: * bsc#1217765 Cross-References: * CVE-2023-6377 CVSS scores: * CVE-2023-6377 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions (bsc#1217765). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4925=1 openSUSE-SLE-15.5-2023-4925=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4925=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4925=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * xorg-x11-server-sdk-21.1.4-150500.7.13.1 * xorg-x11-server-extra-debuginfo-21.1.4-150500.7.13.1 * xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.13.1 * xorg-x11-server-extra-21.1.4-150500.7.13.1 * xorg-x11-server-21.1.4-150500.7.13.1 * xorg-x11-server-debuginfo-21.1.4-150500.7.13.1 * xorg-x11-server-debugsource-21.1.4-150500.7.13.1 * xorg-x11-server-source-21.1.4-150500.7.13.1 * xorg-x11-server-Xvfb-21.1.4-150500.7.13.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-extra-debuginfo-21.1.4-150500.7.13.1 * xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.13.1 * xorg-x11-server-extra-21.1.4-150500.7.13.1 * xorg-x11-server-21.1.4-150500.7.13.1 * xorg-x11-server-debuginfo-21.1.4-150500.7.13.1 * xorg-x11-server-debugsource-21.1.4-150500.7.13.1 * xorg-x11-server-Xvfb-21.1.4-150500.7.13.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-debuginfo-21.1.4-150500.7.13.1 * xorg-x11-server-debugsource-21.1.4-150500.7.13.1 * xorg-x11-server-sdk-21.1.4-150500.7.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6377.html * https://bugzilla.suse.com/show_bug.cgi?id=1217765 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 12:30:08 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 12:30:08 -0000 Subject: SUSE-RU-2023:4924-1: moderate: Recommended update for csp-billing-adapter-local Message-ID: <170307540841.7538.17002688457168966369@smelt2.prg2.suse.org> # Recommended update for csp-billing-adapter-local Announcement ID: SUSE-RU-2023:4924-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for csp-billing-adapter-local fixes the following issues: * Update to version 0.4.1: * Drop logs for cache and csp-config functions * Add get version hook implementation * Add timestamp with the same format as core adapter * Use the same formatter for log file as core adapter * Add reporting time to usage data ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4924=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4924=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4924=1 ## Package List: * Public Cloud Module 15-SP5 (noarch) * python3-csp-billing-adapter-local-0.4.1-150400.9.8.1 * openSUSE Leap 15.4 (noarch) * python3-csp-billing-adapter-local-0.4.1-150400.9.8.1 * Public Cloud Module 15-SP4 (noarch) * python3-csp-billing-adapter-local-0.4.1-150400.9.8.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 12:30:09 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 12:30:09 -0000 Subject: SUSE-RU-2023:4923-1: moderate: Recommended update for csp-billing-adapter-microsoft Message-ID: <170307540960.7538.15451041132532286192@smelt2.prg2.suse.org> # Recommended update for csp-billing-adapter-microsoft Announcement ID: SUSE-RU-2023:4923-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for csp-billing-adapter-microsoft fixes the following issues: * Update to version 0.2.1: * Get credentials for virtual machines * Add 'get version hook' implementation ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4923=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4923=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4923=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python3-csp-billing-adapter-microsoft-0.2.1-150400.9.6.1 * Public Cloud Module 15-SP4 (noarch) * python3-csp-billing-adapter-microsoft-0.2.1-150400.9.6.1 * Public Cloud Module 15-SP5 (noarch) * python3-csp-billing-adapter-microsoft-0.2.1-150400.9.6.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 12:30:11 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 12:30:11 -0000 Subject: SUSE-RU-2023:4922-1: moderate: Recommended update for Azure SDK for Python Message-ID: <170307541112.7538.17176935601690341397@smelt2.prg2.suse.org> # Recommended update for Azure SDK for Python Announcement ID: SUSE-RU-2023:4922-1 Rating: moderate References: * bsc#1210019 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one fix can now be installed. ## Description: This update for Azure SDK for Python fixes the following issues: python-azure-template, python-azure-synapse-monitoring, python-azure-synapse- managedprivateendpoints: * No source code changes, it only delivers Python 2 to fulfill package dependencies (bsc#1210019) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-4922=1 ## Package List: * Public Cloud Module 12 (noarch) * python3-azure-synapse-monitoring-0.2.0-2.5.1 * python-azure-template-0.1.0b1293622-2.5.1 * python-azure-synapse-managedprivateendpoints-0.4.0-2.5.1 * python3-azure-synapse-managedprivateendpoints-0.4.0-2.5.1 * python3-azure-template-0.1.0b1293622-2.5.1 * python-azure-synapse-monitoring-0.2.0-2.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210019 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 12:30:12 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 12:30:12 -0000 Subject: SUSE-SU-2023:4921-1: moderate: Security update for python-cryptography Message-ID: <170307541242.7538.11545687225412147048@smelt2.prg2.suse.org> # Security update for python-cryptography Announcement ID: SUSE-SU-2023:4921-1 Rating: moderate References: * bsc#1217592 Cross-References: * CVE-2023-49083 CVSS scores: * CVE-2023-49083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-49083 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: This update for python-cryptography fixes the following issues: * CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4921=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4921=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4921=1 ## Package List: * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * python-cryptography-debugsource-3.3.2-150200.22.1 * python-cryptography-debuginfo-3.3.2-150200.22.1 * python3-cryptography-debuginfo-3.3.2-150200.22.1 * python3-cryptography-3.3.2-150200.22.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * python-cryptography-debugsource-3.3.2-150200.22.1 * python-cryptography-debuginfo-3.3.2-150200.22.1 * python3-cryptography-debuginfo-3.3.2-150200.22.1 * python3-cryptography-3.3.2-150200.22.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * python-cryptography-debugsource-3.3.2-150200.22.1 * python-cryptography-debuginfo-3.3.2-150200.22.1 * python3-cryptography-debuginfo-3.3.2-150200.22.1 * python3-cryptography-3.3.2-150200.22.1 ## References: * https://www.suse.com/security/cve/CVE-2023-49083.html * https://bugzilla.suse.com/show_bug.cgi?id=1217592 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 12:30:15 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 12:30:15 -0000 Subject: SUSE-SU-2023:4920-1: important: Security update for ghostscript Message-ID: <170307541511.7538.14714448177262579480@smelt2.prg2.suse.org> # Security update for ghostscript Announcement ID: SUSE-SU-2023:4920-1 Rating: important References: * bsc#1217871 Cross-References: * CVE-2023-46751 CVSS scores: * CVE-2023-46751 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46751 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for ghostscript fixes the following issues: * CVE-2023-46751: Fixed dangling pointer in gdev_prn_open_printer_seekable() (bsc#1217871). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4920=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4920=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4920=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4920=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4920=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4920=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4920=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4920=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4920=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4920=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4920=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4920=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4920=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4920=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4920=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ghostscript-x11-9.52-150000.177.1 * ghostscript-debugsource-9.52-150000.177.1 * ghostscript-9.52-150000.177.1 * ghostscript-x11-debuginfo-9.52-150000.177.1 * ghostscript-debuginfo-9.52-150000.177.1 * ghostscript-devel-9.52-150000.177.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * ghostscript-x11-9.52-150000.177.1 * ghostscript-debugsource-9.52-150000.177.1 * ghostscript-9.52-150000.177.1 * ghostscript-x11-debuginfo-9.52-150000.177.1 * ghostscript-debuginfo-9.52-150000.177.1 * ghostscript-devel-9.52-150000.177.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * ghostscript-x11-9.52-150000.177.1 * ghostscript-debugsource-9.52-150000.177.1 * ghostscript-9.52-150000.177.1 * ghostscript-x11-debuginfo-9.52-150000.177.1 * ghostscript-debuginfo-9.52-150000.177.1 * ghostscript-devel-9.52-150000.177.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * ghostscript-x11-9.52-150000.177.1 * ghostscript-debugsource-9.52-150000.177.1 * ghostscript-9.52-150000.177.1 * ghostscript-x11-debuginfo-9.52-150000.177.1 * ghostscript-debuginfo-9.52-150000.177.1 * ghostscript-devel-9.52-150000.177.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * ghostscript-x11-9.52-150000.177.1 * ghostscript-debugsource-9.52-150000.177.1 * ghostscript-9.52-150000.177.1 * ghostscript-x11-debuginfo-9.52-150000.177.1 * ghostscript-debuginfo-9.52-150000.177.1 * ghostscript-devel-9.52-150000.177.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * ghostscript-x11-9.52-150000.177.1 * ghostscript-debugsource-9.52-150000.177.1 * ghostscript-9.52-150000.177.1 * ghostscript-x11-debuginfo-9.52-150000.177.1 * ghostscript-debuginfo-9.52-150000.177.1 * ghostscript-devel-9.52-150000.177.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * ghostscript-x11-9.52-150000.177.1 * ghostscript-debugsource-9.52-150000.177.1 * ghostscript-9.52-150000.177.1 * ghostscript-x11-debuginfo-9.52-150000.177.1 * ghostscript-debuginfo-9.52-150000.177.1 * ghostscript-devel-9.52-150000.177.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * ghostscript-x11-9.52-150000.177.1 * ghostscript-debugsource-9.52-150000.177.1 * ghostscript-9.52-150000.177.1 * ghostscript-x11-debuginfo-9.52-150000.177.1 * ghostscript-debuginfo-9.52-150000.177.1 * ghostscript-devel-9.52-150000.177.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * ghostscript-x11-9.52-150000.177.1 * ghostscript-debugsource-9.52-150000.177.1 * ghostscript-9.52-150000.177.1 * ghostscript-x11-debuginfo-9.52-150000.177.1 * ghostscript-debuginfo-9.52-150000.177.1 * ghostscript-devel-9.52-150000.177.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * ghostscript-x11-9.52-150000.177.1 * ghostscript-debugsource-9.52-150000.177.1 * ghostscript-9.52-150000.177.1 * ghostscript-x11-debuginfo-9.52-150000.177.1 * ghostscript-debuginfo-9.52-150000.177.1 * ghostscript-devel-9.52-150000.177.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * ghostscript-x11-9.52-150000.177.1 * ghostscript-debugsource-9.52-150000.177.1 * ghostscript-9.52-150000.177.1 * ghostscript-x11-debuginfo-9.52-150000.177.1 * ghostscript-debuginfo-9.52-150000.177.1 * ghostscript-devel-9.52-150000.177.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * ghostscript-x11-9.52-150000.177.1 * ghostscript-debugsource-9.52-150000.177.1 * ghostscript-9.52-150000.177.1 * ghostscript-x11-debuginfo-9.52-150000.177.1 * ghostscript-debuginfo-9.52-150000.177.1 * ghostscript-devel-9.52-150000.177.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * ghostscript-x11-9.52-150000.177.1 * ghostscript-debugsource-9.52-150000.177.1 * ghostscript-9.52-150000.177.1 * ghostscript-x11-debuginfo-9.52-150000.177.1 * ghostscript-debuginfo-9.52-150000.177.1 * ghostscript-devel-9.52-150000.177.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * ghostscript-x11-9.52-150000.177.1 * ghostscript-debugsource-9.52-150000.177.1 * ghostscript-9.52-150000.177.1 * ghostscript-x11-debuginfo-9.52-150000.177.1 * ghostscript-debuginfo-9.52-150000.177.1 * ghostscript-devel-9.52-150000.177.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * ghostscript-x11-9.52-150000.177.1 * ghostscript-debugsource-9.52-150000.177.1 * ghostscript-9.52-150000.177.1 * ghostscript-x11-debuginfo-9.52-150000.177.1 * ghostscript-debuginfo-9.52-150000.177.1 * ghostscript-devel-9.52-150000.177.1 * SUSE CaaS Platform 4.0 (x86_64) * ghostscript-x11-9.52-150000.177.1 * ghostscript-debugsource-9.52-150000.177.1 * ghostscript-9.52-150000.177.1 * ghostscript-x11-debuginfo-9.52-150000.177.1 * ghostscript-debuginfo-9.52-150000.177.1 * ghostscript-devel-9.52-150000.177.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46751.html * https://bugzilla.suse.com/show_bug.cgi?id=1217871 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 12:30:17 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 12:30:17 -0000 Subject: SUSE-SU-2023:4919-1: important: Security update for openssl-1_1-livepatches Message-ID: <170307541734.7538.12666108744575948057@smelt2.prg2.suse.org> # Security update for openssl-1_1-livepatches Announcement ID: SUSE-SU-2023:4919-1 Rating: important References: * bsc#1208755 * bsc#1217151 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for openssl-1_1-livepatches fixes the following issues: Security issue fixed: * CVE-2023-5678: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (bsc#1217151). Other fixes: * Report livepatch number on OpenSSL_version (jsc#7092). * Ensure that livepatches are only installed when fixed version of library is available (bsc#1208755). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4919=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4919=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * openssl-1_1-livepatches-debugsource-0.2-150400.3.6.1 * openssl-1_1-livepatches-0.2-150400.3.6.1 * openssl-1_1-livepatches-debuginfo-0.2-150400.3.6.1 * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * openssl-1_1-livepatches-0.2-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1208755 * https://bugzilla.suse.com/show_bug.cgi?id=1217151 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 12:30:19 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 12:30:19 -0000 Subject: SUSE-SU-2023:4918-1: important: Security update for openssl-1_1-livepatches Message-ID: <170307541932.7538.15617926927075679745@smelt2.prg2.suse.org> # Security update for openssl-1_1-livepatches Announcement ID: SUSE-SU-2023:4918-1 Rating: important References: * bsc#1208755 * bsc#1217151 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for openssl-1_1-livepatches fixes the following issues: Security issue fixed: * CVE-2023-5678: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (bsc#1217151). Other fixes: * Report livepatch number on OpenSSL_version (jsc#7092). * Ensure that livepatches are only installed when fixed version of library is available (bsc#1208755). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4918=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4918=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * openssl-1_1-livepatches-0.2-150500.6.3.1 * openssl-1_1-livepatches-debugsource-0.2-150500.6.3.1 * openssl-1_1-livepatches-debuginfo-0.2-150500.6.3.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * openssl-1_1-livepatches-0.2-150500.6.3.1 * openssl-1_1-livepatches-debugsource-0.2-150500.6.3.1 * openssl-1_1-livepatches-debuginfo-0.2-150500.6.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1208755 * https://bugzilla.suse.com/show_bug.cgi?id=1217151 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 12:30:21 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 12:30:21 -0000 Subject: SUSE-SU-2023:4917-1: important: Security update for ghostscript Message-ID: <170307542120.7538.2107914249508396201@smelt2.prg2.suse.org> # Security update for ghostscript Announcement ID: SUSE-SU-2023:4917-1 Rating: important References: * bsc#1217871 Cross-References: * CVE-2023-46751 CVSS scores: * CVE-2023-46751 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46751 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ghostscript fixes the following issues: * CVE-2023-46751: Fixed dangling pointer in gdev_prn_open_printer_seekable() (bsc#1217871). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4917=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4917=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4917=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4917=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * ghostscript-devel-9.52-23.63.1 * ghostscript-debuginfo-9.52-23.63.1 * ghostscript-debugsource-9.52-23.63.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * ghostscript-x11-debuginfo-9.52-23.63.1 * ghostscript-9.52-23.63.1 * ghostscript-debuginfo-9.52-23.63.1 * ghostscript-debugsource-9.52-23.63.1 * ghostscript-devel-9.52-23.63.1 * ghostscript-x11-9.52-23.63.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * ghostscript-x11-debuginfo-9.52-23.63.1 * ghostscript-9.52-23.63.1 * ghostscript-debuginfo-9.52-23.63.1 * ghostscript-debugsource-9.52-23.63.1 * ghostscript-devel-9.52-23.63.1 * ghostscript-x11-9.52-23.63.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * ghostscript-x11-debuginfo-9.52-23.63.1 * ghostscript-9.52-23.63.1 * ghostscript-debuginfo-9.52-23.63.1 * ghostscript-debugsource-9.52-23.63.1 * ghostscript-devel-9.52-23.63.1 * ghostscript-x11-9.52-23.63.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46751.html * https://bugzilla.suse.com/show_bug.cgi?id=1217871 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 16:30:03 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 16:30:03 -0000 Subject: SUSE-SU-2023:4932-1: important: Security update for libreoffice Message-ID: <170308980346.7077.5395213448271609253@smelt2.prg2.suse.org> # Security update for libreoffice Announcement ID: SUSE-SU-2023:4932-1 Rating: important References: * bsc#1217577 * bsc#1217578 Cross-References: * CVE-2023-6185 * CVE-2023-6186 CVSS scores: * CVE-2023-6185 ( SUSE ): 8.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H * CVE-2023-6185 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6186 ( SUSE ): 8.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H * CVE-2023-6186 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for libreoffice fixes the following issues: * CVE-2023-6186: Fixed link targets allow arbitrary script execution (bsc#1217578). * CVE-2023-6185: Fixed Improper input validation enabling arbitrary Gstreamer pipeline injection (bsc#1217577). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4932=1 openSUSE-SLE-15.4-2023-4932=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4932=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4932=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4932=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4932=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4932=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libreoffice-filters-optional-7.6.2.1-150400.17.20.1 * libreoffice-writer-extensions-7.6.2.1-150400.17.20.1 * libreoffice-pyuno-7.6.2.1-150400.17.20.1 * libreoffice-officebean-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-writer-7.6.2.1-150400.17.20.1 * libreoffice-base-7.6.2.1-150400.17.20.1 * libreoffice-impress-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-math-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-mailmerge-7.6.2.1-150400.17.20.1 * libreoffice-sdk-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-impress-7.6.2.1-150400.17.20.1 * libreoffice-sdk-doc-7.6.2.1-150400.17.20.1 * libreoffice-7.6.2.1-150400.17.20.1 * libreoffice-math-7.6.2.1-150400.17.20.1 * libreoffice-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-officebean-7.6.2.1-150400.17.20.1 * libreoffice-qt5-7.6.2.1-150400.17.20.1 * libreoffice-calc-7.6.2.1-150400.17.20.1 * libreofficekit-devel-7.6.2.1-150400.17.20.1 * libreoffice-gnome-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-writer-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-calc-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-qt5-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-librelogo-7.6.2.1-150400.17.20.1 * libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-draw-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-gtk3-7.6.2.1-150400.17.20.1 * libreoffice-calc-extensions-7.6.2.1-150400.17.20.1 * libreoffice-debugsource-7.6.2.1-150400.17.20.1 * libreoffice-gnome-7.6.2.1-150400.17.20.1 * libreofficekit-7.6.2.1-150400.17.20.1 * libreoffice-draw-7.6.2.1-150400.17.20.1 * libreoffice-pyuno-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-base-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-base-drivers-postgresql-7.6.2.1-150400.17.20.1 * libreoffice-gtk3-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-sdk-7.6.2.1-150400.17.20.1 * openSUSE Leap 15.4 (noarch) * libreoffice-l10n-ar-7.6.2.1-150400.17.20.1 * libreoffice-branding-upstream-7.6.2.1-150400.17.20.1 * libreoffice-l10n-eo-7.6.2.1-150400.17.20.1 * libreoffice-l10n-si-7.6.2.1-150400.17.20.1 * libreoffice-gdb-pretty-printers-7.6.2.1-150400.17.20.1 * libreoffice-l10n-kmr_Latn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-gd-7.6.2.1-150400.17.20.1 * libreoffice-l10n-am-7.6.2.1-150400.17.20.1 * libreoffice-l10n-eu-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fa-7.6.2.1-150400.17.20.1 * libreoffice-l10n-bg-7.6.2.1-150400.17.20.1 * libreoffice-l10n-km-7.6.2.1-150400.17.20.1 * libreoffice-l10n-hr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-rw-7.6.2.1-150400.17.20.1 * libreoffice-l10n-kn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sid-7.6.2.1-150400.17.20.1 * libreoffice-l10n-en_ZA-7.6.2.1-150400.17.20.1 * libreoffice-l10n-st-7.6.2.1-150400.17.20.1 * libreoffice-l10n-kk-7.6.2.1-150400.17.20.1 * libreoffice-l10n-brx-7.6.2.1-150400.17.20.1 * libreoffice-l10n-bs-7.6.2.1-150400.17.20.1 * libreoffice-l10n-af-7.6.2.1-150400.17.20.1 * libreoffice-l10n-lv-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ml-7.6.2.1-150400.17.20.1 * libreoffice-l10n-tt-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fy-7.6.2.1-150400.17.20.1 * libreoffice-l10n-pt_PT-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sa_IN-7.6.2.1-150400.17.20.1 * libreoffice-l10n-gug-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sq-7.6.2.1-150400.17.20.1 * libreoffice-l10n-cy-7.6.2.1-150400.17.20.1 * libreoffice-l10n-id-7.6.2.1-150400.17.20.1 * libreoffice-l10n-oc-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ja-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ckb-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ro-7.6.2.1-150400.17.20.1 * libreoffice-l10n-es-7.6.2.1-150400.17.20.1 * libreoffice-l10n-tr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ts-7.6.2.1-150400.17.20.1 * libreoffice-glade-7.6.2.1-150400.17.20.1 * libreoffice-l10n-tn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-hi-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-gu-7.6.2.1-150400.17.20.1 * libreoffice-l10n-vec-7.6.2.1-150400.17.20.1 * libreoffice-icon-themes-7.6.2.1-150400.17.20.1 * libreoffice-l10n-cs-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-th-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sk-7.6.2.1-150400.17.20.1 * libreoffice-l10n-kok-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ta-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-tg-7.6.2.1-150400.17.20.1 * libreoffice-l10n-mn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ka-7.6.2.1-150400.17.20.1 * libreoffice-l10n-lb-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ca-7.6.2.1-150400.17.20.1 * libreoffice-l10n-te-7.6.2.1-150400.17.20.1 * libreoffice-l10n-dsb-7.6.2.1-150400.17.20.1 * libreoffice-l10n-gl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ve-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sv-7.6.2.1-150400.17.20.1 * libreoffice-l10n-br-7.6.2.1-150400.17.20.1 * libreoffice-l10n-uz-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sd-7.6.2.1-150400.17.20.1 * libreoffice-l10n-et-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sat-7.6.2.1-150400.17.20.1 * libreoffice-l10n-de-7.6.2.1-150400.17.20.1 * libreoffice-l10n-zh_CN-7.6.2.1-150400.17.20.1 * libreoffice-l10n-en_GB-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ru-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-el-7.6.2.1-150400.17.20.1 * libreoffice-l10n-pt_BR-7.6.2.1-150400.17.20.1 * libreoffice-l10n-dz-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ug-7.6.2.1-150400.17.20.1 * libreoffice-l10n-it-7.6.2.1-150400.17.20.1 * libreoffice-l10n-dgo-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sw_TZ-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ks-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nb-7.6.2.1-150400.17.20.1 * libreoffice-l10n-lt-7.6.2.1-150400.17.20.1 * libreoffice-l10n-da-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fur-7.6.2.1-150400.17.20.1 * libreoffice-l10n-my-7.6.2.1-150400.17.20.1 * libreoffice-l10n-szl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-hu-7.6.2.1-150400.17.20.1 * libreoffice-l10n-is-7.6.2.1-150400.17.20.1 * libreoffice-l10n-bn_IN-7.6.2.1-150400.17.20.1 * libreoffice-l10n-be-7.6.2.1-150400.17.20.1 * libreoffice-l10n-om-7.6.2.1-150400.17.20.1 * libreoffice-l10n-or-7.6.2.1-150400.17.20.1 * libreoffice-l10n-mni-7.6.2.1-150400.17.20.1 * libreoffice-l10n-bn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nso-7.6.2.1-150400.17.20.1 * libreoffice-l10n-hsb-7.6.2.1-150400.17.20.1 * libreoffice-l10n-mai-7.6.2.1-150400.17.20.1 * libreoffice-l10n-mr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ko-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ne-7.6.2.1-150400.17.20.1 * libreoffice-l10n-mk-7.6.2.1-150400.17.20.1 * libreoffice-l10n-he-7.6.2.1-150400.17.20.1 * libreoffice-l10n-bo-7.6.2.1-150400.17.20.1 * libreoffice-l10n-zh_TW-7.6.2.1-150400.17.20.1 * libreoffice-l10n-zu-7.6.2.1-150400.17.20.1 * libreoffice-l10n-uk-7.6.2.1-150400.17.20.1 * libreoffice-l10n-lo-7.6.2.1-150400.17.20.1 * libreoffice-l10n-kab-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fi-7.6.2.1-150400.17.20.1 * libreoffice-l10n-pl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-pa-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ga-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ast-7.6.2.1-150400.17.20.1 * libreoffice-l10n-as-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ca_valencia-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ss-7.6.2.1-150400.17.20.1 * libreoffice-l10n-vi-7.6.2.1-150400.17.20.1 * libreoffice-l10n-xh-7.6.2.1-150400.17.20.1 * libreoffice-l10n-en-7.6.2.1-150400.17.20.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * libreoffice-filters-optional-7.6.2.1-150400.17.20.1 * libreoffice-writer-extensions-7.6.2.1-150400.17.20.1 * libreoffice-pyuno-7.6.2.1-150400.17.20.1 * libreoffice-officebean-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-writer-7.6.2.1-150400.17.20.1 * libreoffice-base-7.6.2.1-150400.17.20.1 * libreoffice-impress-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-math-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-mailmerge-7.6.2.1-150400.17.20.1 * libreoffice-sdk-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-impress-7.6.2.1-150400.17.20.1 * libreoffice-sdk-doc-7.6.2.1-150400.17.20.1 * libreoffice-7.6.2.1-150400.17.20.1 * libreoffice-math-7.6.2.1-150400.17.20.1 * libreoffice-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-officebean-7.6.2.1-150400.17.20.1 * libreoffice-qt5-7.6.2.1-150400.17.20.1 * libreoffice-calc-7.6.2.1-150400.17.20.1 * libreofficekit-devel-7.6.2.1-150400.17.20.1 * libreoffice-gnome-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-writer-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-calc-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-qt5-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-librelogo-7.6.2.1-150400.17.20.1 * libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-draw-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-gtk3-7.6.2.1-150400.17.20.1 * libreoffice-calc-extensions-7.6.2.1-150400.17.20.1 * libreoffice-debugsource-7.6.2.1-150400.17.20.1 * libreoffice-gnome-7.6.2.1-150400.17.20.1 * libreofficekit-7.6.2.1-150400.17.20.1 * libreoffice-draw-7.6.2.1-150400.17.20.1 * libreoffice-pyuno-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-base-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-base-drivers-postgresql-7.6.2.1-150400.17.20.1 * libreoffice-gtk3-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-sdk-7.6.2.1-150400.17.20.1 * openSUSE Leap 15.5 (noarch) * libreoffice-l10n-ar-7.6.2.1-150400.17.20.1 * libreoffice-branding-upstream-7.6.2.1-150400.17.20.1 * libreoffice-l10n-eo-7.6.2.1-150400.17.20.1 * libreoffice-l10n-si-7.6.2.1-150400.17.20.1 * libreoffice-gdb-pretty-printers-7.6.2.1-150400.17.20.1 * libreoffice-l10n-kmr_Latn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-gd-7.6.2.1-150400.17.20.1 * libreoffice-l10n-am-7.6.2.1-150400.17.20.1 * libreoffice-l10n-eu-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fa-7.6.2.1-150400.17.20.1 * libreoffice-l10n-bg-7.6.2.1-150400.17.20.1 * libreoffice-l10n-km-7.6.2.1-150400.17.20.1 * libreoffice-l10n-hr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-rw-7.6.2.1-150400.17.20.1 * libreoffice-l10n-kn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sid-7.6.2.1-150400.17.20.1 * libreoffice-l10n-en_ZA-7.6.2.1-150400.17.20.1 * libreoffice-l10n-st-7.6.2.1-150400.17.20.1 * libreoffice-l10n-kk-7.6.2.1-150400.17.20.1 * libreoffice-l10n-brx-7.6.2.1-150400.17.20.1 * libreoffice-l10n-bs-7.6.2.1-150400.17.20.1 * libreoffice-l10n-af-7.6.2.1-150400.17.20.1 * libreoffice-l10n-lv-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ml-7.6.2.1-150400.17.20.1 * libreoffice-l10n-tt-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fy-7.6.2.1-150400.17.20.1 * libreoffice-l10n-pt_PT-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sa_IN-7.6.2.1-150400.17.20.1 * libreoffice-l10n-gug-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sq-7.6.2.1-150400.17.20.1 * libreoffice-l10n-cy-7.6.2.1-150400.17.20.1 * libreoffice-l10n-id-7.6.2.1-150400.17.20.1 * libreoffice-l10n-oc-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ja-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ckb-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ro-7.6.2.1-150400.17.20.1 * libreoffice-l10n-es-7.6.2.1-150400.17.20.1 * libreoffice-l10n-tr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ts-7.6.2.1-150400.17.20.1 * libreoffice-glade-7.6.2.1-150400.17.20.1 * libreoffice-l10n-tn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-hi-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-gu-7.6.2.1-150400.17.20.1 * libreoffice-l10n-vec-7.6.2.1-150400.17.20.1 * libreoffice-icon-themes-7.6.2.1-150400.17.20.1 * libreoffice-l10n-cs-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-th-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sk-7.6.2.1-150400.17.20.1 * libreoffice-l10n-kok-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ta-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-tg-7.6.2.1-150400.17.20.1 * libreoffice-l10n-mn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ka-7.6.2.1-150400.17.20.1 * libreoffice-l10n-lb-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ca-7.6.2.1-150400.17.20.1 * libreoffice-l10n-te-7.6.2.1-150400.17.20.1 * libreoffice-l10n-dsb-7.6.2.1-150400.17.20.1 * libreoffice-l10n-gl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ve-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sv-7.6.2.1-150400.17.20.1 * libreoffice-l10n-br-7.6.2.1-150400.17.20.1 * libreoffice-l10n-uz-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sd-7.6.2.1-150400.17.20.1 * libreoffice-l10n-et-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sat-7.6.2.1-150400.17.20.1 * libreoffice-l10n-de-7.6.2.1-150400.17.20.1 * libreoffice-l10n-zh_CN-7.6.2.1-150400.17.20.1 * libreoffice-l10n-en_GB-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ru-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-el-7.6.2.1-150400.17.20.1 * libreoffice-l10n-pt_BR-7.6.2.1-150400.17.20.1 * libreoffice-l10n-dz-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ug-7.6.2.1-150400.17.20.1 * libreoffice-l10n-it-7.6.2.1-150400.17.20.1 * libreoffice-l10n-dgo-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sw_TZ-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ks-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nb-7.6.2.1-150400.17.20.1 * libreoffice-l10n-lt-7.6.2.1-150400.17.20.1 * libreoffice-l10n-da-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fur-7.6.2.1-150400.17.20.1 * libreoffice-l10n-my-7.6.2.1-150400.17.20.1 * libreoffice-l10n-szl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-hu-7.6.2.1-150400.17.20.1 * libreoffice-l10n-is-7.6.2.1-150400.17.20.1 * libreoffice-l10n-bn_IN-7.6.2.1-150400.17.20.1 * libreoffice-l10n-be-7.6.2.1-150400.17.20.1 * libreoffice-l10n-om-7.6.2.1-150400.17.20.1 * libreoffice-l10n-or-7.6.2.1-150400.17.20.1 * libreoffice-l10n-mni-7.6.2.1-150400.17.20.1 * libreoffice-l10n-bn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nso-7.6.2.1-150400.17.20.1 * libreoffice-l10n-hsb-7.6.2.1-150400.17.20.1 * libreoffice-l10n-mai-7.6.2.1-150400.17.20.1 * libreoffice-l10n-mr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ko-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ne-7.6.2.1-150400.17.20.1 * libreoffice-l10n-mk-7.6.2.1-150400.17.20.1 * libreoffice-l10n-he-7.6.2.1-150400.17.20.1 * libreoffice-l10n-bo-7.6.2.1-150400.17.20.1 * libreoffice-l10n-zh_TW-7.6.2.1-150400.17.20.1 * libreoffice-l10n-zu-7.6.2.1-150400.17.20.1 * libreoffice-l10n-uk-7.6.2.1-150400.17.20.1 * libreoffice-l10n-lo-7.6.2.1-150400.17.20.1 * libreoffice-l10n-kab-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fi-7.6.2.1-150400.17.20.1 * libreoffice-l10n-pl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-pa-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ga-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ast-7.6.2.1-150400.17.20.1 * libreoffice-l10n-as-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ca_valencia-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ss-7.6.2.1-150400.17.20.1 * libreoffice-l10n-vi-7.6.2.1-150400.17.20.1 * libreoffice-l10n-xh-7.6.2.1-150400.17.20.1 * libreoffice-l10n-en-7.6.2.1-150400.17.20.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le) * libreoffice-filters-optional-7.6.2.1-150400.17.20.1 * libreoffice-writer-extensions-7.6.2.1-150400.17.20.1 * libreoffice-pyuno-7.6.2.1-150400.17.20.1 * libreoffice-officebean-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-writer-7.6.2.1-150400.17.20.1 * libreoffice-base-7.6.2.1-150400.17.20.1 * libreoffice-impress-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-math-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-mailmerge-7.6.2.1-150400.17.20.1 * libreoffice-sdk-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-impress-7.6.2.1-150400.17.20.1 * libreoffice-sdk-doc-7.6.2.1-150400.17.20.1 * libreoffice-7.6.2.1-150400.17.20.1 * libreoffice-math-7.6.2.1-150400.17.20.1 * libreoffice-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-officebean-7.6.2.1-150400.17.20.1 * libreoffice-qt5-7.6.2.1-150400.17.20.1 * libreoffice-calc-7.6.2.1-150400.17.20.1 * libreofficekit-devel-7.6.2.1-150400.17.20.1 * libreoffice-gnome-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-writer-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-calc-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-qt5-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-librelogo-7.6.2.1-150400.17.20.1 * libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-draw-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-gtk3-7.6.2.1-150400.17.20.1 * libreoffice-calc-extensions-7.6.2.1-150400.17.20.1 * libreoffice-debugsource-7.6.2.1-150400.17.20.1 * libreoffice-gnome-7.6.2.1-150400.17.20.1 * libreofficekit-7.6.2.1-150400.17.20.1 * libreoffice-draw-7.6.2.1-150400.17.20.1 * libreoffice-pyuno-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-base-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-base-drivers-postgresql-7.6.2.1-150400.17.20.1 * libreoffice-gtk3-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-sdk-7.6.2.1-150400.17.20.1 * SUSE Package Hub 15 15-SP4 (noarch) * libreoffice-l10n-ar-7.6.2.1-150400.17.20.1 * libreoffice-branding-upstream-7.6.2.1-150400.17.20.1 * libreoffice-l10n-eo-7.6.2.1-150400.17.20.1 * libreoffice-l10n-si-7.6.2.1-150400.17.20.1 * libreoffice-gdb-pretty-printers-7.6.2.1-150400.17.20.1 * libreoffice-l10n-kmr_Latn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-gd-7.6.2.1-150400.17.20.1 * libreoffice-l10n-am-7.6.2.1-150400.17.20.1 * libreoffice-l10n-eu-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fa-7.6.2.1-150400.17.20.1 * libreoffice-l10n-bg-7.6.2.1-150400.17.20.1 * libreoffice-l10n-km-7.6.2.1-150400.17.20.1 * libreoffice-l10n-hr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-rw-7.6.2.1-150400.17.20.1 * libreoffice-l10n-kn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sid-7.6.2.1-150400.17.20.1 * libreoffice-l10n-en_ZA-7.6.2.1-150400.17.20.1 * libreoffice-l10n-st-7.6.2.1-150400.17.20.1 * libreoffice-l10n-kk-7.6.2.1-150400.17.20.1 * libreoffice-l10n-brx-7.6.2.1-150400.17.20.1 * libreoffice-l10n-bs-7.6.2.1-150400.17.20.1 * libreoffice-l10n-af-7.6.2.1-150400.17.20.1 * libreoffice-l10n-lv-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ml-7.6.2.1-150400.17.20.1 * libreoffice-l10n-tt-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fy-7.6.2.1-150400.17.20.1 * libreoffice-l10n-pt_PT-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sa_IN-7.6.2.1-150400.17.20.1 * libreoffice-l10n-gug-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sq-7.6.2.1-150400.17.20.1 * libreoffice-l10n-cy-7.6.2.1-150400.17.20.1 * libreoffice-l10n-id-7.6.2.1-150400.17.20.1 * libreoffice-l10n-oc-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ja-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ckb-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ro-7.6.2.1-150400.17.20.1 * libreoffice-l10n-es-7.6.2.1-150400.17.20.1 * libreoffice-l10n-tr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ts-7.6.2.1-150400.17.20.1 * libreoffice-glade-7.6.2.1-150400.17.20.1 * libreoffice-l10n-tn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-hi-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-gu-7.6.2.1-150400.17.20.1 * libreoffice-l10n-vec-7.6.2.1-150400.17.20.1 * libreoffice-icon-themes-7.6.2.1-150400.17.20.1 * libreoffice-l10n-cs-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-th-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sk-7.6.2.1-150400.17.20.1 * libreoffice-l10n-kok-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ta-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-tg-7.6.2.1-150400.17.20.1 * libreoffice-l10n-mn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ka-7.6.2.1-150400.17.20.1 * libreoffice-l10n-lb-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ca-7.6.2.1-150400.17.20.1 * libreoffice-l10n-te-7.6.2.1-150400.17.20.1 * libreoffice-l10n-dsb-7.6.2.1-150400.17.20.1 * libreoffice-l10n-gl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ve-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sv-7.6.2.1-150400.17.20.1 * libreoffice-l10n-br-7.6.2.1-150400.17.20.1 * libreoffice-l10n-uz-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sd-7.6.2.1-150400.17.20.1 * libreoffice-l10n-et-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sat-7.6.2.1-150400.17.20.1 * libreoffice-l10n-de-7.6.2.1-150400.17.20.1 * libreoffice-l10n-zh_CN-7.6.2.1-150400.17.20.1 * libreoffice-l10n-en_GB-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ru-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-el-7.6.2.1-150400.17.20.1 * libreoffice-l10n-pt_BR-7.6.2.1-150400.17.20.1 * libreoffice-l10n-dz-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ug-7.6.2.1-150400.17.20.1 * libreoffice-l10n-it-7.6.2.1-150400.17.20.1 * libreoffice-l10n-dgo-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sw_TZ-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ks-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nb-7.6.2.1-150400.17.20.1 * libreoffice-l10n-lt-7.6.2.1-150400.17.20.1 * libreoffice-l10n-da-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fur-7.6.2.1-150400.17.20.1 * libreoffice-l10n-my-7.6.2.1-150400.17.20.1 * libreoffice-l10n-szl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-hu-7.6.2.1-150400.17.20.1 * libreoffice-l10n-is-7.6.2.1-150400.17.20.1 * libreoffice-l10n-bn_IN-7.6.2.1-150400.17.20.1 * libreoffice-l10n-be-7.6.2.1-150400.17.20.1 * libreoffice-l10n-om-7.6.2.1-150400.17.20.1 * libreoffice-l10n-or-7.6.2.1-150400.17.20.1 * libreoffice-l10n-mni-7.6.2.1-150400.17.20.1 * libreoffice-l10n-bn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nso-7.6.2.1-150400.17.20.1 * libreoffice-l10n-hsb-7.6.2.1-150400.17.20.1 * libreoffice-l10n-mai-7.6.2.1-150400.17.20.1 * libreoffice-l10n-mr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ko-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ne-7.6.2.1-150400.17.20.1 * libreoffice-l10n-mk-7.6.2.1-150400.17.20.1 * libreoffice-l10n-he-7.6.2.1-150400.17.20.1 * libreoffice-l10n-bo-7.6.2.1-150400.17.20.1 * libreoffice-l10n-zh_TW-7.6.2.1-150400.17.20.1 * libreoffice-l10n-zu-7.6.2.1-150400.17.20.1 * libreoffice-l10n-uk-7.6.2.1-150400.17.20.1 * libreoffice-l10n-lo-7.6.2.1-150400.17.20.1 * libreoffice-l10n-kab-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fi-7.6.2.1-150400.17.20.1 * libreoffice-l10n-pl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-pa-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ga-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ast-7.6.2.1-150400.17.20.1 * libreoffice-l10n-as-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ca_valencia-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ss-7.6.2.1-150400.17.20.1 * libreoffice-l10n-vi-7.6.2.1-150400.17.20.1 * libreoffice-l10n-xh-7.6.2.1-150400.17.20.1 * libreoffice-l10n-en-7.6.2.1-150400.17.20.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le) * libreoffice-filters-optional-7.6.2.1-150400.17.20.1 * libreoffice-writer-extensions-7.6.2.1-150400.17.20.1 * libreoffice-pyuno-7.6.2.1-150400.17.20.1 * libreoffice-officebean-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-writer-7.6.2.1-150400.17.20.1 * libreoffice-base-7.6.2.1-150400.17.20.1 * libreoffice-impress-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-math-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-mailmerge-7.6.2.1-150400.17.20.1 * libreoffice-sdk-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-impress-7.6.2.1-150400.17.20.1 * libreoffice-sdk-doc-7.6.2.1-150400.17.20.1 * libreoffice-7.6.2.1-150400.17.20.1 * libreoffice-math-7.6.2.1-150400.17.20.1 * libreoffice-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-officebean-7.6.2.1-150400.17.20.1 * libreoffice-qt5-7.6.2.1-150400.17.20.1 * libreoffice-calc-7.6.2.1-150400.17.20.1 * libreofficekit-devel-7.6.2.1-150400.17.20.1 * libreoffice-gnome-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-writer-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-calc-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-qt5-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-librelogo-7.6.2.1-150400.17.20.1 * libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-draw-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-gtk3-7.6.2.1-150400.17.20.1 * libreoffice-calc-extensions-7.6.2.1-150400.17.20.1 * libreoffice-debugsource-7.6.2.1-150400.17.20.1 * libreoffice-gnome-7.6.2.1-150400.17.20.1 * libreofficekit-7.6.2.1-150400.17.20.1 * libreoffice-draw-7.6.2.1-150400.17.20.1 * libreoffice-pyuno-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-base-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-base-drivers-postgresql-7.6.2.1-150400.17.20.1 * libreoffice-gtk3-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-sdk-7.6.2.1-150400.17.20.1 * SUSE Package Hub 15 15-SP5 (noarch) * libreoffice-l10n-ar-7.6.2.1-150400.17.20.1 * libreoffice-branding-upstream-7.6.2.1-150400.17.20.1 * libreoffice-l10n-eo-7.6.2.1-150400.17.20.1 * libreoffice-l10n-si-7.6.2.1-150400.17.20.1 * libreoffice-gdb-pretty-printers-7.6.2.1-150400.17.20.1 * libreoffice-l10n-kmr_Latn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-gd-7.6.2.1-150400.17.20.1 * libreoffice-l10n-am-7.6.2.1-150400.17.20.1 * libreoffice-l10n-eu-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fa-7.6.2.1-150400.17.20.1 * libreoffice-l10n-bg-7.6.2.1-150400.17.20.1 * libreoffice-l10n-km-7.6.2.1-150400.17.20.1 * libreoffice-l10n-hr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-rw-7.6.2.1-150400.17.20.1 * libreoffice-l10n-kn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sid-7.6.2.1-150400.17.20.1 * libreoffice-l10n-en_ZA-7.6.2.1-150400.17.20.1 * libreoffice-l10n-st-7.6.2.1-150400.17.20.1 * libreoffice-l10n-kk-7.6.2.1-150400.17.20.1 * libreoffice-l10n-brx-7.6.2.1-150400.17.20.1 * libreoffice-l10n-bs-7.6.2.1-150400.17.20.1 * libreoffice-l10n-af-7.6.2.1-150400.17.20.1 * libreoffice-l10n-lv-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ml-7.6.2.1-150400.17.20.1 * libreoffice-l10n-tt-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fy-7.6.2.1-150400.17.20.1 * libreoffice-l10n-pt_PT-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sa_IN-7.6.2.1-150400.17.20.1 * libreoffice-l10n-gug-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sq-7.6.2.1-150400.17.20.1 * libreoffice-l10n-cy-7.6.2.1-150400.17.20.1 * libreoffice-l10n-id-7.6.2.1-150400.17.20.1 * libreoffice-l10n-oc-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ja-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ckb-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ro-7.6.2.1-150400.17.20.1 * libreoffice-l10n-es-7.6.2.1-150400.17.20.1 * libreoffice-l10n-tr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ts-7.6.2.1-150400.17.20.1 * libreoffice-glade-7.6.2.1-150400.17.20.1 * libreoffice-l10n-tn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-hi-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-gu-7.6.2.1-150400.17.20.1 * libreoffice-l10n-vec-7.6.2.1-150400.17.20.1 * libreoffice-icon-themes-7.6.2.1-150400.17.20.1 * libreoffice-l10n-cs-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-th-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sk-7.6.2.1-150400.17.20.1 * libreoffice-l10n-kok-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ta-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-tg-7.6.2.1-150400.17.20.1 * libreoffice-l10n-mn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ka-7.6.2.1-150400.17.20.1 * libreoffice-l10n-lb-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ca-7.6.2.1-150400.17.20.1 * libreoffice-l10n-te-7.6.2.1-150400.17.20.1 * libreoffice-l10n-dsb-7.6.2.1-150400.17.20.1 * libreoffice-l10n-gl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ve-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sv-7.6.2.1-150400.17.20.1 * libreoffice-l10n-br-7.6.2.1-150400.17.20.1 * libreoffice-l10n-uz-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sd-7.6.2.1-150400.17.20.1 * libreoffice-l10n-et-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sat-7.6.2.1-150400.17.20.1 * libreoffice-l10n-de-7.6.2.1-150400.17.20.1 * libreoffice-l10n-zh_CN-7.6.2.1-150400.17.20.1 * libreoffice-l10n-en_GB-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ru-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-el-7.6.2.1-150400.17.20.1 * libreoffice-l10n-pt_BR-7.6.2.1-150400.17.20.1 * libreoffice-l10n-dz-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ug-7.6.2.1-150400.17.20.1 * libreoffice-l10n-it-7.6.2.1-150400.17.20.1 * libreoffice-l10n-dgo-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sw_TZ-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ks-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nb-7.6.2.1-150400.17.20.1 * libreoffice-l10n-lt-7.6.2.1-150400.17.20.1 * libreoffice-l10n-da-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fur-7.6.2.1-150400.17.20.1 * libreoffice-l10n-my-7.6.2.1-150400.17.20.1 * libreoffice-l10n-szl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-hu-7.6.2.1-150400.17.20.1 * libreoffice-l10n-is-7.6.2.1-150400.17.20.1 * libreoffice-l10n-bn_IN-7.6.2.1-150400.17.20.1 * libreoffice-l10n-be-7.6.2.1-150400.17.20.1 * libreoffice-l10n-om-7.6.2.1-150400.17.20.1 * libreoffice-l10n-or-7.6.2.1-150400.17.20.1 * libreoffice-l10n-mni-7.6.2.1-150400.17.20.1 * libreoffice-l10n-bn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nso-7.6.2.1-150400.17.20.1 * libreoffice-l10n-hsb-7.6.2.1-150400.17.20.1 * libreoffice-l10n-mai-7.6.2.1-150400.17.20.1 * libreoffice-l10n-mr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ko-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ne-7.6.2.1-150400.17.20.1 * libreoffice-l10n-mk-7.6.2.1-150400.17.20.1 * libreoffice-l10n-he-7.6.2.1-150400.17.20.1 * libreoffice-l10n-bo-7.6.2.1-150400.17.20.1 * libreoffice-l10n-zh_TW-7.6.2.1-150400.17.20.1 * libreoffice-l10n-zu-7.6.2.1-150400.17.20.1 * libreoffice-l10n-uk-7.6.2.1-150400.17.20.1 * libreoffice-l10n-lo-7.6.2.1-150400.17.20.1 * libreoffice-l10n-kab-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fi-7.6.2.1-150400.17.20.1 * libreoffice-l10n-pl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-pa-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ga-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ast-7.6.2.1-150400.17.20.1 * libreoffice-l10n-as-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ca_valencia-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ss-7.6.2.1-150400.17.20.1 * libreoffice-l10n-vi-7.6.2.1-150400.17.20.1 * libreoffice-l10n-xh-7.6.2.1-150400.17.20.1 * libreoffice-l10n-en-7.6.2.1-150400.17.20.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * libreoffice-filters-optional-7.6.2.1-150400.17.20.1 * libreoffice-writer-extensions-7.6.2.1-150400.17.20.1 * libreoffice-pyuno-7.6.2.1-150400.17.20.1 * libreoffice-officebean-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-writer-7.6.2.1-150400.17.20.1 * libreoffice-base-7.6.2.1-150400.17.20.1 * libreoffice-impress-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-math-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-mailmerge-7.6.2.1-150400.17.20.1 * libreoffice-impress-7.6.2.1-150400.17.20.1 * libreoffice-7.6.2.1-150400.17.20.1 * libreoffice-math-7.6.2.1-150400.17.20.1 * libreoffice-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-officebean-7.6.2.1-150400.17.20.1 * libreoffice-calc-7.6.2.1-150400.17.20.1 * libreoffice-gnome-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-writer-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-calc-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-draw-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-gtk3-7.6.2.1-150400.17.20.1 * libreoffice-calc-extensions-7.6.2.1-150400.17.20.1 * libreoffice-debugsource-7.6.2.1-150400.17.20.1 * libreoffice-gnome-7.6.2.1-150400.17.20.1 * libreofficekit-7.6.2.1-150400.17.20.1 * libreoffice-draw-7.6.2.1-150400.17.20.1 * libreoffice-pyuno-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-base-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-base-drivers-postgresql-7.6.2.1-150400.17.20.1 * libreoffice-gtk3-debuginfo-7.6.2.1-150400.17.20.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (noarch) * libreoffice-l10n-cy-7.6.2.1-150400.17.20.1 * libreoffice-l10n-or-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ar-7.6.2.1-150400.17.20.1 * libreoffice-l10n-et-7.6.2.1-150400.17.20.1 * libreoffice-l10n-bn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ckb-7.6.2.1-150400.17.20.1 * libreoffice-branding-upstream-7.6.2.1-150400.17.20.1 * libreoffice-l10n-de-7.6.2.1-150400.17.20.1 * libreoffice-l10n-eo-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ja-7.6.2.1-150400.17.20.1 * libreoffice-l10n-mai-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nso-7.6.2.1-150400.17.20.1 * libreoffice-l10n-mr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ro-7.6.2.1-150400.17.20.1 * libreoffice-l10n-si-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ko-7.6.2.1-150400.17.20.1 * libreoffice-l10n-xh-7.6.2.1-150400.17.20.1 * libreoffice-l10n-zh_CN-7.6.2.1-150400.17.20.1 * libreoffice-l10n-es-7.6.2.1-150400.17.20.1 * libreoffice-l10n-tr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ts-7.6.2.1-150400.17.20.1 * libreoffice-l10n-eu-7.6.2.1-150400.17.20.1 * libreoffice-l10n-he-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fa-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ru-7.6.2.1-150400.17.20.1 * libreoffice-l10n-tn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-bg-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-gu-7.6.2.1-150400.17.20.1 * libreoffice-l10n-hi-7.6.2.1-150400.17.20.1 * libreoffice-l10n-zh_TW-7.6.2.1-150400.17.20.1 * libreoffice-l10n-zu-7.6.2.1-150400.17.20.1 * libreoffice-l10n-hr-7.6.2.1-150400.17.20.1 * libreoffice-icon-themes-7.6.2.1-150400.17.20.1 * libreoffice-l10n-kn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-cs-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-uk-7.6.2.1-150400.17.20.1 * libreoffice-l10n-el-7.6.2.1-150400.17.20.1 * libreoffice-l10n-pt_BR-7.6.2.1-150400.17.20.1 * libreoffice-l10n-th-7.6.2.1-150400.17.20.1 * libreoffice-l10n-dz-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sk-7.6.2.1-150400.17.20.1 * libreoffice-l10n-st-7.6.2.1-150400.17.20.1 * libreoffice-l10n-kk-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fi-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ta-7.6.2.1-150400.17.20.1 * libreoffice-l10n-it-7.6.2.1-150400.17.20.1 * libreoffice-l10n-pl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ga-7.6.2.1-150400.17.20.1 * libreoffice-l10n-pa-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ca-7.6.2.1-150400.17.20.1 * libreoffice-l10n-af-7.6.2.1-150400.17.20.1 * libreoffice-l10n-lv-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ml-7.6.2.1-150400.17.20.1 * libreoffice-l10n-te-7.6.2.1-150400.17.20.1 * libreoffice-l10n-gl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nb-7.6.2.1-150400.17.20.1 * libreoffice-l10n-as-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ve-7.6.2.1-150400.17.20.1 * libreoffice-l10n-lt-7.6.2.1-150400.17.20.1 * libreoffice-l10n-pt_PT-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ss-7.6.2.1-150400.17.20.1 * libreoffice-l10n-da-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fur-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sv-7.6.2.1-150400.17.20.1 * libreoffice-l10n-br-7.6.2.1-150400.17.20.1 * libreoffice-l10n-hu-7.6.2.1-150400.17.20.1 * libreoffice-l10n-en-7.6.2.1-150400.17.20.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * libreoffice-filters-optional-7.6.2.1-150400.17.20.1 * libreoffice-writer-extensions-7.6.2.1-150400.17.20.1 * libreoffice-pyuno-7.6.2.1-150400.17.20.1 * libreoffice-officebean-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-writer-7.6.2.1-150400.17.20.1 * libreoffice-base-7.6.2.1-150400.17.20.1 * libreoffice-impress-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-math-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-mailmerge-7.6.2.1-150400.17.20.1 * libreoffice-impress-7.6.2.1-150400.17.20.1 * libreoffice-7.6.2.1-150400.17.20.1 * libreoffice-math-7.6.2.1-150400.17.20.1 * libreoffice-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-officebean-7.6.2.1-150400.17.20.1 * libreoffice-calc-7.6.2.1-150400.17.20.1 * libreoffice-gnome-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-writer-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-calc-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-draw-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-gtk3-7.6.2.1-150400.17.20.1 * libreoffice-calc-extensions-7.6.2.1-150400.17.20.1 * libreoffice-debugsource-7.6.2.1-150400.17.20.1 * libreoffice-gnome-7.6.2.1-150400.17.20.1 * libreofficekit-7.6.2.1-150400.17.20.1 * libreoffice-draw-7.6.2.1-150400.17.20.1 * libreoffice-pyuno-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-base-debuginfo-7.6.2.1-150400.17.20.1 * libreoffice-base-drivers-postgresql-7.6.2.1-150400.17.20.1 * libreoffice-gtk3-debuginfo-7.6.2.1-150400.17.20.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (noarch) * libreoffice-l10n-cy-7.6.2.1-150400.17.20.1 * libreoffice-l10n-or-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ar-7.6.2.1-150400.17.20.1 * libreoffice-l10n-et-7.6.2.1-150400.17.20.1 * libreoffice-l10n-bn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ckb-7.6.2.1-150400.17.20.1 * libreoffice-branding-upstream-7.6.2.1-150400.17.20.1 * libreoffice-l10n-de-7.6.2.1-150400.17.20.1 * libreoffice-l10n-eo-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ja-7.6.2.1-150400.17.20.1 * libreoffice-l10n-mai-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nso-7.6.2.1-150400.17.20.1 * libreoffice-l10n-mr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ro-7.6.2.1-150400.17.20.1 * libreoffice-l10n-si-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ko-7.6.2.1-150400.17.20.1 * libreoffice-l10n-xh-7.6.2.1-150400.17.20.1 * libreoffice-l10n-zh_CN-7.6.2.1-150400.17.20.1 * libreoffice-l10n-es-7.6.2.1-150400.17.20.1 * libreoffice-l10n-tr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ts-7.6.2.1-150400.17.20.1 * libreoffice-l10n-eu-7.6.2.1-150400.17.20.1 * libreoffice-l10n-he-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fa-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ru-7.6.2.1-150400.17.20.1 * libreoffice-l10n-tn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-bg-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-gu-7.6.2.1-150400.17.20.1 * libreoffice-l10n-hi-7.6.2.1-150400.17.20.1 * libreoffice-l10n-zh_TW-7.6.2.1-150400.17.20.1 * libreoffice-l10n-zu-7.6.2.1-150400.17.20.1 * libreoffice-l10n-hr-7.6.2.1-150400.17.20.1 * libreoffice-icon-themes-7.6.2.1-150400.17.20.1 * libreoffice-l10n-kn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-cs-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nn-7.6.2.1-150400.17.20.1 * libreoffice-l10n-uk-7.6.2.1-150400.17.20.1 * libreoffice-l10n-el-7.6.2.1-150400.17.20.1 * libreoffice-l10n-pt_BR-7.6.2.1-150400.17.20.1 * libreoffice-l10n-th-7.6.2.1-150400.17.20.1 * libreoffice-l10n-dz-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sk-7.6.2.1-150400.17.20.1 * libreoffice-l10n-st-7.6.2.1-150400.17.20.1 * libreoffice-l10n-kk-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fi-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ta-7.6.2.1-150400.17.20.1 * libreoffice-l10n-it-7.6.2.1-150400.17.20.1 * libreoffice-l10n-pl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ga-7.6.2.1-150400.17.20.1 * libreoffice-l10n-pa-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ca-7.6.2.1-150400.17.20.1 * libreoffice-l10n-af-7.6.2.1-150400.17.20.1 * libreoffice-l10n-lv-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ml-7.6.2.1-150400.17.20.1 * libreoffice-l10n-te-7.6.2.1-150400.17.20.1 * libreoffice-l10n-gl-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nb-7.6.2.1-150400.17.20.1 * libreoffice-l10n-as-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ve-7.6.2.1-150400.17.20.1 * libreoffice-l10n-lt-7.6.2.1-150400.17.20.1 * libreoffice-l10n-pt_PT-7.6.2.1-150400.17.20.1 * libreoffice-l10n-nr-7.6.2.1-150400.17.20.1 * libreoffice-l10n-ss-7.6.2.1-150400.17.20.1 * libreoffice-l10n-da-7.6.2.1-150400.17.20.1 * libreoffice-l10n-fur-7.6.2.1-150400.17.20.1 * libreoffice-l10n-sv-7.6.2.1-150400.17.20.1 * libreoffice-l10n-br-7.6.2.1-150400.17.20.1 * libreoffice-l10n-hu-7.6.2.1-150400.17.20.1 * libreoffice-l10n-en-7.6.2.1-150400.17.20.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6185.html * https://www.suse.com/security/cve/CVE-2023-6186.html * https://bugzilla.suse.com/show_bug.cgi?id=1217577 * https://bugzilla.suse.com/show_bug.cgi?id=1217578 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 16:30:07 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 16:30:07 -0000 Subject: SUSE-SU-2023:4931-1: important: Security update for go1.21-openssl Message-ID: <170308980733.7077.8228652730078230070@smelt2.prg2.suse.org> # Security update for go1.21-openssl Announcement ID: SUSE-SU-2023:4931-1 Rating: important References: * bsc#1212475 * bsc#1216943 * bsc#1217833 * bsc#1217834 Cross-References: * CVE-2023-39326 * CVE-2023-45284 * CVE-2023-45285 CVSS scores: * CVE-2023-39326 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39326 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-45284 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2023-45284 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-45285 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2023-45285 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities and has one security fix can now be installed. ## Description: This update for go1.21-openssl fixes the following issues: Update to version 1.21.5.1: * CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834). * CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943). * CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833). * cmd/go: go mod download needs to support toolchain upgrades * cmd/compile: invalid pointer found on stack when compiled with -race * os: NTFS deduped file changed from regular to irregular * net: TCPConn.ReadFrom hangs when io.Reader is TCPConn or UnixConn, Linux kernel < 5.1 * cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents * syscall: TestOpenFileLimit unintentionally runs on non-Unix platforms * runtime: self-deadlock on mheap_.lock * crypto/rand: Legacy RtlGenRandom use on Windows ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4931=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4931=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4931=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4931=1 ## Package List: * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.21-openssl-race-1.21.5.1-150000.1.8.1 * go1.21-openssl-1.21.5.1-150000.1.8.1 * go1.21-openssl-doc-1.21.5.1-150000.1.8.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.21-openssl-race-1.21.5.1-150000.1.8.1 * go1.21-openssl-1.21.5.1-150000.1.8.1 * go1.21-openssl-doc-1.21.5.1-150000.1.8.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.21-openssl-race-1.21.5.1-150000.1.8.1 * go1.21-openssl-1.21.5.1-150000.1.8.1 * go1.21-openssl-doc-1.21.5.1-150000.1.8.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.21-openssl-race-1.21.5.1-150000.1.8.1 * go1.21-openssl-1.21.5.1-150000.1.8.1 * go1.21-openssl-doc-1.21.5.1-150000.1.8.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39326.html * https://www.suse.com/security/cve/CVE-2023-45284.html * https://www.suse.com/security/cve/CVE-2023-45285.html * https://bugzilla.suse.com/show_bug.cgi?id=1212475 * https://bugzilla.suse.com/show_bug.cgi?id=1216943 * https://bugzilla.suse.com/show_bug.cgi?id=1217833 * https://bugzilla.suse.com/show_bug.cgi?id=1217834 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 16:30:09 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 16:30:09 -0000 Subject: SUSE-SU-2023:4930-1: important: Security update for go1.20-openssl Message-ID: <170308980991.7077.5480815517833415448@smelt2.prg2.suse.org> # Security update for go1.20-openssl Announcement ID: SUSE-SU-2023:4930-1 Rating: important References: * bsc#1206346 * bsc#1216943 * bsc#1217833 * bsc#1217834 Cross-References: * CVE-2023-39326 * CVE-2023-45284 * CVE-2023-45285 CVSS scores: * CVE-2023-39326 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39326 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-45284 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2023-45284 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-45285 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2023-45285 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities and has one security fix can now be installed. ## Description: This update for go1.20-openssl fixes the following issues: Update to version 1.20.12.1: * CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834). * CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943). * CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833). * cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents * cmd/go: TestScript/mod_get_direct fails with "Filename too long" on Windows ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4930=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4930=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4930=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4930=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.20-openssl-race-1.20.12.1-150000.1.17.1 * go1.20-openssl-doc-1.20.12.1-150000.1.17.1 * go1.20-openssl-1.20.12.1-150000.1.17.1 * go1.20-openssl-debuginfo-1.20.12.1-150000.1.17.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.20-openssl-race-1.20.12.1-150000.1.17.1 * go1.20-openssl-doc-1.20.12.1-150000.1.17.1 * go1.20-openssl-1.20.12.1-150000.1.17.1 * go1.20-openssl-debuginfo-1.20.12.1-150000.1.17.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.20-openssl-race-1.20.12.1-150000.1.17.1 * go1.20-openssl-doc-1.20.12.1-150000.1.17.1 * go1.20-openssl-1.20.12.1-150000.1.17.1 * go1.20-openssl-debuginfo-1.20.12.1-150000.1.17.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.20-openssl-race-1.20.12.1-150000.1.17.1 * go1.20-openssl-doc-1.20.12.1-150000.1.17.1 * go1.20-openssl-1.20.12.1-150000.1.17.1 * go1.20-openssl-debuginfo-1.20.12.1-150000.1.17.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39326.html * https://www.suse.com/security/cve/CVE-2023-45284.html * https://www.suse.com/security/cve/CVE-2023-45285.html * https://bugzilla.suse.com/show_bug.cgi?id=1206346 * https://bugzilla.suse.com/show_bug.cgi?id=1216943 * https://bugzilla.suse.com/show_bug.cgi?id=1217833 * https://bugzilla.suse.com/show_bug.cgi?id=1217834 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 16:30:13 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 16:30:13 -0000 Subject: SUSE-SU-2023:4929-1: important: Security update for MozillaFirefox Message-ID: <170308981389.7077.547846355114262484@smelt2.prg2.suse.org> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:4929-1 Rating: important References: * bsc#1217230 * bsc#1217974 Cross-References: * CVE-2023-6204 * CVE-2023-6205 * CVE-2023-6206 * CVE-2023-6207 * CVE-2023-6208 * CVE-2023-6209 * CVE-2023-6212 * CVE-2023-6856 * CVE-2023-6857 * CVE-2023-6858 * CVE-2023-6859 * CVE-2023-6860 * CVE-2023-6861 * CVE-2023-6862 * CVE-2023-6863 * CVE-2023-6864 * CVE-2023-6865 * CVE-2023-6867 CVSS scores: * CVE-2023-6204 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-6205 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-6206 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2023-6207 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-6208 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-6209 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-6212 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves 18 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 115.6.0 ESR changelog-entry (bsc#1217974) * CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (bmo#1843782). * CVE-2023-6857: Symlinks may resolve to smaller than expected buffers (bmo#1796023). * CVE-2023-6858: Heap buffer overflow in nsTextFragment (bmo#1826791). * CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer (bmo#1840144). * CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation (bmo#1854669). * CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (bmo#1864118). * CVE-2023-6862: Use-after-free in nsDNSService (bsc#1868042). * CVE-2023-6863: Undefined behavior in ShutdownObserver() (bmo#1868901). * CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. * CVE-2023-6865: Potential exposure of uninitialized data in EncryptingOutputStream (bmo#1864123). * CVE-2023-6867: Clickjacking permission prompts using the popup transition (bmo#1863863). Fixed: Various security fixes and other quality improvements MFSA 2023-50 (bsc#1217230) * CVE-2023-6204 (bmo#1841050) Out-of-bound memory access in WebGL2 blitFramebuffer * CVE-2023-6205 (bmo#1854076) Use-after-free in MessagePort::Entangled * CVE-2023-6206 (bmo#1857430) Clickjacking permission prompts using the fullscreen transition * CVE-2023-6207 (bmo#1861344) Use-after- free in ReadableByteStreamQueueEntry::Buffer * CVE-2023-6208 (bmo#1855345) Using Selection API would copy contents into X11 primary selection. * CVE-2023-6209 (bmo#1858570) Incorrect parsing of relative URLs starting with "///" * CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252, bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943, bmo#1862782) Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4929=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4929=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4929=1 ## Package List: * SUSE CaaS Platform 4.0 (x86_64) * MozillaFirefox-translations-other-115.6.0-150000.150.119.1 * MozillaFirefox-115.6.0-150000.150.119.1 * MozillaFirefox-translations-common-115.6.0-150000.150.119.1 * MozillaFirefox-debuginfo-115.6.0-150000.150.119.1 * MozillaFirefox-debugsource-115.6.0-150000.150.119.1 * SUSE CaaS Platform 4.0 (noarch) * MozillaFirefox-devel-115.6.0-150000.150.119.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * MozillaFirefox-translations-other-115.6.0-150000.150.119.1 * MozillaFirefox-115.6.0-150000.150.119.1 * MozillaFirefox-translations-common-115.6.0-150000.150.119.1 * MozillaFirefox-debuginfo-115.6.0-150000.150.119.1 * MozillaFirefox-debugsource-115.6.0-150000.150.119.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * MozillaFirefox-devel-115.6.0-150000.150.119.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.6.0-150000.150.119.1 * MozillaFirefox-115.6.0-150000.150.119.1 * MozillaFirefox-translations-common-115.6.0-150000.150.119.1 * MozillaFirefox-debuginfo-115.6.0-150000.150.119.1 * MozillaFirefox-debugsource-115.6.0-150000.150.119.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * MozillaFirefox-devel-115.6.0-150000.150.119.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * MozillaFirefox-translations-other-115.6.0-150000.150.119.1 * MozillaFirefox-115.6.0-150000.150.119.1 * MozillaFirefox-translations-common-115.6.0-150000.150.119.1 * MozillaFirefox-debuginfo-115.6.0-150000.150.119.1 * MozillaFirefox-debugsource-115.6.0-150000.150.119.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * MozillaFirefox-devel-115.6.0-150000.150.119.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6204.html * https://www.suse.com/security/cve/CVE-2023-6205.html * https://www.suse.com/security/cve/CVE-2023-6206.html * https://www.suse.com/security/cve/CVE-2023-6207.html * https://www.suse.com/security/cve/CVE-2023-6208.html * https://www.suse.com/security/cve/CVE-2023-6209.html * https://www.suse.com/security/cve/CVE-2023-6212.html * https://www.suse.com/security/cve/CVE-2023-6856.html * https://www.suse.com/security/cve/CVE-2023-6857.html * https://www.suse.com/security/cve/CVE-2023-6858.html * https://www.suse.com/security/cve/CVE-2023-6859.html * https://www.suse.com/security/cve/CVE-2023-6860.html * https://www.suse.com/security/cve/CVE-2023-6861.html * https://www.suse.com/security/cve/CVE-2023-6862.html * https://www.suse.com/security/cve/CVE-2023-6863.html * https://www.suse.com/security/cve/CVE-2023-6864.html * https://www.suse.com/security/cve/CVE-2023-6865.html * https://www.suse.com/security/cve/CVE-2023-6867.html * https://bugzilla.suse.com/show_bug.cgi?id=1217230 * https://bugzilla.suse.com/show_bug.cgi?id=1217974 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 16:30:16 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 16:30:16 -0000 Subject: SUSE-SU-2023:4928-1: important: Security update for MozillaFirefox Message-ID: <170308981630.7077.8062862450226980914@smelt2.prg2.suse.org> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:4928-1 Rating: important References: * bsc#1217230 * bsc#1217974 Cross-References: * CVE-2023-6204 * CVE-2023-6205 * CVE-2023-6206 * CVE-2023-6207 * CVE-2023-6208 * CVE-2023-6209 * CVE-2023-6212 * CVE-2023-6856 * CVE-2023-6857 * CVE-2023-6858 * CVE-2023-6859 * CVE-2023-6860 * CVE-2023-6861 * CVE-2023-6862 * CVE-2023-6863 * CVE-2023-6864 * CVE-2023-6865 * CVE-2023-6867 CVSS scores: * CVE-2023-6204 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-6205 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-6206 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2023-6207 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-6208 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-6209 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-6212 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 18 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: * Firefox Extended Support Release 115.6.0 ESR changelog-entry (bsc#1217974). * CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (bmo#1843782). * CVE-2023-6857: Symlinks may resolve to smaller than expected buffers (bmo#1796023). * CVE-2023-6858: Heap buffer overflow in nsTextFragment (bmo#1826791). * CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer (bmo#1840144). * CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation (bmo#1854669). * CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (bmo#1864118). * CVE-2023-6862: Use-after-free in nsDNSService (bsc#1868042). * CVE-2023-6863: Undefined behavior in ShutdownObserver() (bmo#1868901). * CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. * CVE-2023-6865: Potential exposure of uninitialized data in EncryptingOutputStream (bmo#1864123). * CVE-2023-6867: Clickjacking permission prompts using the popup transition (bmo#1863863). * Fixed: Various security fixes and other quality improvements MFSA 2023-50 (bsc#1217230) * CVE-2023-6204 (bmo#1841050) Out-of-bound memory access in WebGL2 blitFramebuffer * CVE-2023-6205 (bmo#1854076) Use-after-free in MessagePort::Entangled * CVE-2023-6206 (bmo#1857430) Clickjacking permission prompts using the fullscreen transition * CVE-2023-6207 (bmo#1861344) Use-after-free in ReadableByteStreamQueueEntry::Buffer * CVE-2023-6208 (bmo#1855345) Using Selection API would copy contents into X11 primary selection. * CVE-2023-6209 (bmo#1858570) Incorrect parsing of relative URLs starting with "///" * CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252, bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943, bmo#1862782) Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2023-4928=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4928=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4928=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2023-4928=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4928=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4928=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4928=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4928=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4928=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4928=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4928=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4928=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2023-4928=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2023-4928=1 * SUSE Linux Enterprise Real Time 15 SP4 zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2023-4928=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2023-4928=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4928=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4928=1 ## Package List: * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-115.6.0-150200.152.120.1 * MozillaFirefox-debugsource-115.6.0-150200.152.120.1 * MozillaFirefox-debuginfo-115.6.0-150200.152.120.1 * MozillaFirefox-115.6.0-150200.152.120.1 * MozillaFirefox-translations-other-115.6.0-150200.152.120.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * MozillaFirefox-devel-115.6.0-150200.152.120.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * MozillaFirefox-translations-common-115.6.0-150200.152.120.1 * MozillaFirefox-debugsource-115.6.0-150200.152.120.1 * MozillaFirefox-debuginfo-115.6.0-150200.152.120.1 * MozillaFirefox-115.6.0-150200.152.120.1 * MozillaFirefox-translations-other-115.6.0-150200.152.120.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * MozillaFirefox-devel-115.6.0-150200.152.120.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * MozillaFirefox-translations-common-115.6.0-150200.152.120.1 * MozillaFirefox-debugsource-115.6.0-150200.152.120.1 * MozillaFirefox-debuginfo-115.6.0-150200.152.120.1 * MozillaFirefox-115.6.0-150200.152.120.1 * MozillaFirefox-translations-other-115.6.0-150200.152.120.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * MozillaFirefox-devel-115.6.0-150200.152.120.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * MozillaFirefox-translations-common-115.6.0-150200.152.120.1 * MozillaFirefox-debugsource-115.6.0-150200.152.120.1 * MozillaFirefox-debuginfo-115.6.0-150200.152.120.1 * MozillaFirefox-115.6.0-150200.152.120.1 * MozillaFirefox-translations-other-115.6.0-150200.152.120.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * MozillaFirefox-devel-115.6.0-150200.152.120.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * MozillaFirefox-translations-common-115.6.0-150200.152.120.1 * MozillaFirefox-debugsource-115.6.0-150200.152.120.1 * MozillaFirefox-debuginfo-115.6.0-150200.152.120.1 * MozillaFirefox-115.6.0-150200.152.120.1 * MozillaFirefox-translations-other-115.6.0-150200.152.120.1 * SUSE Enterprise Storage 7.1 (noarch) * MozillaFirefox-devel-115.6.0-150200.152.120.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-115.6.0-150200.152.120.1 * MozillaFirefox-debugsource-115.6.0-150200.152.120.1 * MozillaFirefox-debuginfo-115.6.0-150200.152.120.1 * MozillaFirefox-115.6.0-150200.152.120.1 * MozillaFirefox-branding-upstream-115.6.0-150200.152.120.1 * MozillaFirefox-translations-other-115.6.0-150200.152.120.1 * openSUSE Leap 15.4 (noarch) * MozillaFirefox-devel-115.6.0-150200.152.120.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-115.6.0-150200.152.120.1 * MozillaFirefox-debugsource-115.6.0-150200.152.120.1 * MozillaFirefox-debuginfo-115.6.0-150200.152.120.1 * MozillaFirefox-115.6.0-150200.152.120.1 * MozillaFirefox-branding-upstream-115.6.0-150200.152.120.1 * MozillaFirefox-translations-other-115.6.0-150200.152.120.1 * openSUSE Leap 15.5 (noarch) * MozillaFirefox-devel-115.6.0-150200.152.120.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-115.6.0-150200.152.120.1 * MozillaFirefox-debugsource-115.6.0-150200.152.120.1 * MozillaFirefox-debuginfo-115.6.0-150200.152.120.1 * MozillaFirefox-115.6.0-150200.152.120.1 * MozillaFirefox-translations-other-115.6.0-150200.152.120.1 * Desktop Applications Module 15-SP4 (noarch) * MozillaFirefox-devel-115.6.0-150200.152.120.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-115.6.0-150200.152.120.1 * MozillaFirefox-debugsource-115.6.0-150200.152.120.1 * MozillaFirefox-debuginfo-115.6.0-150200.152.120.1 * MozillaFirefox-115.6.0-150200.152.120.1 * MozillaFirefox-translations-other-115.6.0-150200.152.120.1 * Desktop Applications Module 15-SP5 (noarch) * MozillaFirefox-devel-115.6.0-150200.152.120.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * MozillaFirefox-translations-common-115.6.0-150200.152.120.1 * MozillaFirefox-debugsource-115.6.0-150200.152.120.1 * MozillaFirefox-debuginfo-115.6.0-150200.152.120.1 * MozillaFirefox-115.6.0-150200.152.120.1 * MozillaFirefox-translations-other-115.6.0-150200.152.120.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.6.0-150200.152.120.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * MozillaFirefox-translations-common-115.6.0-150200.152.120.1 * MozillaFirefox-debugsource-115.6.0-150200.152.120.1 * MozillaFirefox-debuginfo-115.6.0-150200.152.120.1 * MozillaFirefox-115.6.0-150200.152.120.1 * MozillaFirefox-translations-other-115.6.0-150200.152.120.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * MozillaFirefox-devel-115.6.0-150200.152.120.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * MozillaFirefox-translations-common-115.6.0-150200.152.120.1 * MozillaFirefox-debugsource-115.6.0-150200.152.120.1 * MozillaFirefox-debuginfo-115.6.0-150200.152.120.1 * MozillaFirefox-115.6.0-150200.152.120.1 * MozillaFirefox-translations-other-115.6.0-150200.152.120.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * MozillaFirefox-devel-115.6.0-150200.152.120.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * MozillaFirefox-translations-common-115.6.0-150200.152.120.1 * MozillaFirefox-debugsource-115.6.0-150200.152.120.1 * MozillaFirefox-debuginfo-115.6.0-150200.152.120.1 * MozillaFirefox-115.6.0-150200.152.120.1 * MozillaFirefox-translations-other-115.6.0-150200.152.120.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * MozillaFirefox-devel-115.6.0-150200.152.120.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * MozillaFirefox-translations-common-115.6.0-150200.152.120.1 * MozillaFirefox-debugsource-115.6.0-150200.152.120.1 * MozillaFirefox-debuginfo-115.6.0-150200.152.120.1 * MozillaFirefox-115.6.0-150200.152.120.1 * MozillaFirefox-translations-other-115.6.0-150200.152.120.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * MozillaFirefox-devel-115.6.0-150200.152.120.1 * SUSE Linux Enterprise Real Time 15 SP4 (x86_64) * MozillaFirefox-translations-common-115.6.0-150200.152.120.1 * MozillaFirefox-debugsource-115.6.0-150200.152.120.1 * MozillaFirefox-debuginfo-115.6.0-150200.152.120.1 * MozillaFirefox-115.6.0-150200.152.120.1 * MozillaFirefox-translations-other-115.6.0-150200.152.120.1 * SUSE Linux Enterprise Real Time 15 SP4 (noarch) * MozillaFirefox-devel-115.6.0-150200.152.120.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * MozillaFirefox-translations-common-115.6.0-150200.152.120.1 * MozillaFirefox-debugsource-115.6.0-150200.152.120.1 * MozillaFirefox-debuginfo-115.6.0-150200.152.120.1 * MozillaFirefox-115.6.0-150200.152.120.1 * MozillaFirefox-translations-other-115.6.0-150200.152.120.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * MozillaFirefox-devel-115.6.0-150200.152.120.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-115.6.0-150200.152.120.1 * MozillaFirefox-debugsource-115.6.0-150200.152.120.1 * MozillaFirefox-debuginfo-115.6.0-150200.152.120.1 * MozillaFirefox-115.6.0-150200.152.120.1 * MozillaFirefox-translations-other-115.6.0-150200.152.120.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.6.0-150200.152.120.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-115.6.0-150200.152.120.1 * MozillaFirefox-debugsource-115.6.0-150200.152.120.1 * MozillaFirefox-debuginfo-115.6.0-150200.152.120.1 * MozillaFirefox-115.6.0-150200.152.120.1 * MozillaFirefox-translations-other-115.6.0-150200.152.120.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * MozillaFirefox-devel-115.6.0-150200.152.120.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6204.html * https://www.suse.com/security/cve/CVE-2023-6205.html * https://www.suse.com/security/cve/CVE-2023-6206.html * https://www.suse.com/security/cve/CVE-2023-6207.html * https://www.suse.com/security/cve/CVE-2023-6208.html * https://www.suse.com/security/cve/CVE-2023-6209.html * https://www.suse.com/security/cve/CVE-2023-6212.html * https://www.suse.com/security/cve/CVE-2023-6856.html * https://www.suse.com/security/cve/CVE-2023-6857.html * https://www.suse.com/security/cve/CVE-2023-6858.html * https://www.suse.com/security/cve/CVE-2023-6859.html * https://www.suse.com/security/cve/CVE-2023-6860.html * https://www.suse.com/security/cve/CVE-2023-6861.html * https://www.suse.com/security/cve/CVE-2023-6862.html * https://www.suse.com/security/cve/CVE-2023-6863.html * https://www.suse.com/security/cve/CVE-2023-6864.html * https://www.suse.com/security/cve/CVE-2023-6865.html * https://www.suse.com/security/cve/CVE-2023-6867.html * https://bugzilla.suse.com/show_bug.cgi?id=1217230 * https://bugzilla.suse.com/show_bug.cgi?id=1217974 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Dec 20 16:36:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Dec 2023 17:36:30 +0100 (CET) Subject: SUSE-CU-2023:4235-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20231220163630.261A3FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4235-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.177 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.177 Severity : important Type : security References : 1201384 1215229 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4916-1 Released: Wed Dec 20 08:49:04 2023 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1215229 This update for lvm2 fixes the following issues: - Fixed error creating linux volume on SAN device lvmlockd (bsc#1215229) The following package changes have been done: - libdevmapper1_03-2.03.05_1.02.163-150400.191.1 updated - libncurses6-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-27.14.129 updated From sle-updates at lists.suse.com Wed Dec 20 16:37:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Dec 2023 17:37:24 +0100 (CET) Subject: SUSE-CU-2023:4236-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20231220163724.31D0CFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4236-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.7 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.7 Container Release : 9.43.7 Severity : important Type : recommended References : 1215229 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4916-1 Released: Wed Dec 20 08:49:04 2023 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1215229 This update for lvm2 fixes the following issues: - Fixed error creating linux volume on SAN device lvmlockd (bsc#1215229) The following package changes have been done: - libdevmapper1_03-2.03.05_1.02.163-150400.191.1 updated From null at suse.de Wed Dec 20 20:30:03 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 20:30:03 -0000 Subject: SUSE-SU-2023:4939-1: moderate: Security update for rabbitmq-server Message-ID: <170310420391.29300.1805201055251558983@smelt2.prg2.suse.org> # Security update for rabbitmq-server Announcement ID: SUSE-SU-2023:4939-1 Rating: moderate References: * bsc#1216582 Cross-References: * CVE-2023-46118 CVSS scores: * CVE-2023-46118 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46118 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for rabbitmq-server fixes the following issues: * CVE-2023-46118: Introduce HTTP request body limit for definition uploads (bsc#1216582). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4939=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4939=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4939=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4939=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4939=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * rabbitmq-server-3.8.11-150300.3.14.1 * erlang-rabbitmq-client-3.8.11-150300.3.14.1 * rabbitmq-server-plugins-3.8.11-150300.3.14.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * rabbitmq-server-3.8.11-150300.3.14.1 * erlang-rabbitmq-client-3.8.11-150300.3.14.1 * rabbitmq-server-plugins-3.8.11-150300.3.14.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * rabbitmq-server-3.8.11-150300.3.14.1 * erlang-rabbitmq-client-3.8.11-150300.3.14.1 * rabbitmq-server-plugins-3.8.11-150300.3.14.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rabbitmq-server-3.8.11-150300.3.14.1 * erlang-rabbitmq-client-3.8.11-150300.3.14.1 * rabbitmq-server-plugins-3.8.11-150300.3.14.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rabbitmq-server-3.8.11-150300.3.14.1 * erlang-rabbitmq-client-3.8.11-150300.3.14.1 * rabbitmq-server-plugins-3.8.11-150300.3.14.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46118.html * https://bugzilla.suse.com/show_bug.cgi?id=1216582 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 20:30:07 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 20:30:07 -0000 Subject: SUSE-SU-2023:4938-1: moderate: Security update for wireshark Message-ID: <170310420725.29300.16033070390300747257@smelt2.prg2.suse.org> # Security update for wireshark Announcement ID: SUSE-SU-2023:4938-1 Rating: moderate References: * bsc#1217272 Cross-References: * CVE-2023-6175 CVSS scores: * CVE-2023-6175 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for wireshark fixes the following issues: Update to 3.6.19: * CVE-2023-6175: NetScreen file parser crash (bsc#1217272). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4938=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4938=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4938=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4938=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4938=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4938=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * wireshark-debugsource-3.6.19-150000.3.106.1 * libwsutil13-debuginfo-3.6.19-150000.3.106.1 * libwsutil13-3.6.19-150000.3.106.1 * libwiretap12-3.6.19-150000.3.106.1 * libwiretap12-debuginfo-3.6.19-150000.3.106.1 * libwireshark15-3.6.19-150000.3.106.1 * wireshark-ui-qt-debuginfo-3.6.19-150000.3.106.1 * wireshark-3.6.19-150000.3.106.1 * wireshark-debuginfo-3.6.19-150000.3.106.1 * wireshark-devel-3.6.19-150000.3.106.1 * libwireshark15-debuginfo-3.6.19-150000.3.106.1 * wireshark-ui-qt-3.6.19-150000.3.106.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * wireshark-debugsource-3.6.19-150000.3.106.1 * libwsutil13-debuginfo-3.6.19-150000.3.106.1 * libwsutil13-3.6.19-150000.3.106.1 * libwiretap12-3.6.19-150000.3.106.1 * libwiretap12-debuginfo-3.6.19-150000.3.106.1 * libwireshark15-3.6.19-150000.3.106.1 * wireshark-ui-qt-debuginfo-3.6.19-150000.3.106.1 * wireshark-3.6.19-150000.3.106.1 * wireshark-debuginfo-3.6.19-150000.3.106.1 * wireshark-devel-3.6.19-150000.3.106.1 * libwireshark15-debuginfo-3.6.19-150000.3.106.1 * wireshark-ui-qt-3.6.19-150000.3.106.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * wireshark-debugsource-3.6.19-150000.3.106.1 * libwsutil13-debuginfo-3.6.19-150000.3.106.1 * libwsutil13-3.6.19-150000.3.106.1 * libwiretap12-3.6.19-150000.3.106.1 * libwiretap12-debuginfo-3.6.19-150000.3.106.1 * libwireshark15-3.6.19-150000.3.106.1 * wireshark-3.6.19-150000.3.106.1 * wireshark-debuginfo-3.6.19-150000.3.106.1 * libwireshark15-debuginfo-3.6.19-150000.3.106.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * wireshark-debugsource-3.6.19-150000.3.106.1 * libwsutil13-debuginfo-3.6.19-150000.3.106.1 * libwsutil13-3.6.19-150000.3.106.1 * libwiretap12-3.6.19-150000.3.106.1 * libwiretap12-debuginfo-3.6.19-150000.3.106.1 * libwireshark15-3.6.19-150000.3.106.1 * wireshark-3.6.19-150000.3.106.1 * wireshark-debuginfo-3.6.19-150000.3.106.1 * libwireshark15-debuginfo-3.6.19-150000.3.106.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * wireshark-debugsource-3.6.19-150000.3.106.1 * wireshark-ui-qt-debuginfo-3.6.19-150000.3.106.1 * wireshark-debuginfo-3.6.19-150000.3.106.1 * wireshark-devel-3.6.19-150000.3.106.1 * wireshark-ui-qt-3.6.19-150000.3.106.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * wireshark-debugsource-3.6.19-150000.3.106.1 * wireshark-ui-qt-debuginfo-3.6.19-150000.3.106.1 * wireshark-debuginfo-3.6.19-150000.3.106.1 * wireshark-devel-3.6.19-150000.3.106.1 * wireshark-ui-qt-3.6.19-150000.3.106.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6175.html * https://bugzilla.suse.com/show_bug.cgi?id=1217272 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 20:30:12 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 20:30:12 -0000 Subject: SUSE-RU-2023:4937-1: moderate: Recommended update for sg3_utils Message-ID: <170310421215.29300.4776645423921770946@smelt2.prg2.suse.org> # Recommended update for sg3_utils Announcement ID: SUSE-RU-2023:4937-1 Rating: moderate References: * bsc#1215720 * bsc#1215772 * bsc#1216355 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has three fixes can now be installed. ## Description: This update for sg3_utils fixes the following issues: * Update to version 1.47+15.b6898b8 * L3-Question: rescan-scsi-bus.sh resize not detected (bsc#1215720). * Packman Discord package upgrade lockout defeat inoperative (bsc#1216355). * sg3_utils package doesn't rebuild initrd (bsc#1215772). * rescan-scsi-bus.sh: improve cleanup on exit (gh#doug-gilbert/sg3_utils#44) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4937=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4937=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4937=1 SUSE-2023-4937=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4937=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4937=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4937=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4937=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4937=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4937=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4937=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4937=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * sg3_utils-debugsource-1.47+15.b6898b8-150400.3.11.1 * sg3_utils-debuginfo-1.47+15.b6898b8-150400.3.11.1 * libsgutils2-1_47-2-1.47+15.b6898b8-150400.3.11.1 * sg3_utils-1.47+15.b6898b8-150400.3.11.1 * libsgutils2-1_47-2-debuginfo-1.47+15.b6898b8-150400.3.11.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * sg3_utils-debugsource-1.47+15.b6898b8-150400.3.11.1 * sg3_utils-debuginfo-1.47+15.b6898b8-150400.3.11.1 * libsgutils2-1_47-2-1.47+15.b6898b8-150400.3.11.1 * sg3_utils-1.47+15.b6898b8-150400.3.11.1 * libsgutils2-1_47-2-debuginfo-1.47+15.b6898b8-150400.3.11.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * sg3_utils-debugsource-1.47+15.b6898b8-150400.3.11.1 * sg3_utils-debuginfo-1.47+15.b6898b8-150400.3.11.1 * libsgutils2-1_47-2-1.47+15.b6898b8-150400.3.11.1 * sg3_utils-1.47+15.b6898b8-150400.3.11.1 * libsgutils2-1_47-2-debuginfo-1.47+15.b6898b8-150400.3.11.1 * libsgutils-devel-1.47+15.b6898b8-150400.3.11.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * sg3_utils-debugsource-1.47+15.b6898b8-150400.3.11.1 * sg3_utils-debuginfo-1.47+15.b6898b8-150400.3.11.1 * libsgutils2-1_47-2-1.47+15.b6898b8-150400.3.11.1 * sg3_utils-1.47+15.b6898b8-150400.3.11.1 * libsgutils2-1_47-2-debuginfo-1.47+15.b6898b8-150400.3.11.1 * libsgutils-devel-1.47+15.b6898b8-150400.3.11.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * sg3_utils-debugsource-1.47+15.b6898b8-150400.3.11.1 * sg3_utils-debuginfo-1.47+15.b6898b8-150400.3.11.1 * libsgutils2-1_47-2-1.47+15.b6898b8-150400.3.11.1 * sg3_utils-1.47+15.b6898b8-150400.3.11.1 * libsgutils2-1_47-2-debuginfo-1.47+15.b6898b8-150400.3.11.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * sg3_utils-debugsource-1.47+15.b6898b8-150400.3.11.1 * sg3_utils-debuginfo-1.47+15.b6898b8-150400.3.11.1 * libsgutils2-1_47-2-1.47+15.b6898b8-150400.3.11.1 * sg3_utils-1.47+15.b6898b8-150400.3.11.1 * libsgutils2-1_47-2-debuginfo-1.47+15.b6898b8-150400.3.11.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * sg3_utils-debugsource-1.47+15.b6898b8-150400.3.11.1 * sg3_utils-debuginfo-1.47+15.b6898b8-150400.3.11.1 * libsgutils2-1_47-2-1.47+15.b6898b8-150400.3.11.1 * sg3_utils-1.47+15.b6898b8-150400.3.11.1 * libsgutils2-1_47-2-debuginfo-1.47+15.b6898b8-150400.3.11.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * sg3_utils-debugsource-1.47+15.b6898b8-150400.3.11.1 * sg3_utils-debuginfo-1.47+15.b6898b8-150400.3.11.1 * libsgutils2-1_47-2-1.47+15.b6898b8-150400.3.11.1 * sg3_utils-1.47+15.b6898b8-150400.3.11.1 * libsgutils2-1_47-2-debuginfo-1.47+15.b6898b8-150400.3.11.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * sg3_utils-debugsource-1.47+15.b6898b8-150400.3.11.1 * sg3_utils-debuginfo-1.47+15.b6898b8-150400.3.11.1 * libsgutils2-1_47-2-1.47+15.b6898b8-150400.3.11.1 * sg3_utils-1.47+15.b6898b8-150400.3.11.1 * libsgutils2-1_47-2-debuginfo-1.47+15.b6898b8-150400.3.11.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * sg3_utils-debugsource-1.47+15.b6898b8-150400.3.11.1 * sg3_utils-debuginfo-1.47+15.b6898b8-150400.3.11.1 * libsgutils2-1_47-2-1.47+15.b6898b8-150400.3.11.1 * sg3_utils-1.47+15.b6898b8-150400.3.11.1 * libsgutils2-1_47-2-debuginfo-1.47+15.b6898b8-150400.3.11.1 * libsgutils-devel-1.47+15.b6898b8-150400.3.11.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * sg3_utils-debugsource-1.47+15.b6898b8-150400.3.11.1 * sg3_utils-debuginfo-1.47+15.b6898b8-150400.3.11.1 * libsgutils2-1_47-2-1.47+15.b6898b8-150400.3.11.1 * sg3_utils-1.47+15.b6898b8-150400.3.11.1 * libsgutils2-1_47-2-debuginfo-1.47+15.b6898b8-150400.3.11.1 * libsgutils-devel-1.47+15.b6898b8-150400.3.11.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215720 * https://bugzilla.suse.com/show_bug.cgi?id=1215772 * https://bugzilla.suse.com/show_bug.cgi?id=1216355 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 20:30:16 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 20:30:16 -0000 Subject: SUSE-SU-2023:4936-1: important: Security update for docker, rootlesskit Message-ID: <170310421656.29300.13065799463648328180@smelt2.prg2.suse.org> # Security update for docker, rootlesskit Announcement ID: SUSE-SU-2023:4936-1 Rating: important References: * bsc#1170415 * bsc#1170446 * bsc#1178760 * bsc#1210141 * bsc#1213229 * bsc#1213500 * bsc#1215323 * bsc#1217513 * jsc#PED-6180 Cross-References: * CVE-2020-12912 * CVE-2020-8694 * CVE-2020-8695 CVSS scores: * CVE-2020-12912 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2020-12912 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2020-8694 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2020-8694 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2020-8695 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2020-8695 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Containers Module 15-SP4 * Containers Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities, contains one feature and has five security fixes can now be installed. ## Description: This update for docker, rootlesskit fixes the following issues: docker: * Update to Docker 24.0.7-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513 * Deny containers access to /sys/devices/virtual/powercap by default. * CVE-2020-8694 bsc#1170415 * CVE-2020-8695 bsc#1170446 * CVE-2020-12912 bsc#1178760 * Update to Docker 24.0.6-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2406 . bsc#1215323 * Add a docker.socket unit file, but with socket activation effectively disabled to ensure that Docker will always run even if you start the socket individually. Users should probably just ignore this unit file. bsc#1210141 * Update to Docker 24.0.5-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2405 . bsc#1213229 This update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180) rootlesskit: * new package, for docker rootless support. (jsc#PED-6180) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4936=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4936=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4936=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4936=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4936=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4936=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4936=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4936=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4936=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4936=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4936=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4936=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4936=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4936=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4936=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4936=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4936=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4936=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4936=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4936=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4936=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4936=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4936=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4936=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4936=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * rootlesskit-1.1.1-150000.1.3.3 * rootlesskit-debuginfo-1.1.1-150000.1.3.3 * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * openSUSE Leap 15.4 (noarch) * docker-rootless-extras-24.0.7_ce-150000.190.4 * docker-bash-completion-24.0.7_ce-150000.190.4 * docker-zsh-completion-24.0.7_ce-150000.190.4 * docker-fish-completion-24.0.7_ce-150000.190.4 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * rootlesskit-1.1.1-150000.1.3.3 * rootlesskit-debuginfo-1.1.1-150000.1.3.3 * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * openSUSE Leap 15.5 (noarch) * docker-rootless-extras-24.0.7_ce-150000.190.4 * docker-bash-completion-24.0.7_ce-150000.190.4 * docker-zsh-completion-24.0.7_ce-150000.190.4 * docker-fish-completion-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rootlesskit-1.1.1-150000.1.3.3 * rootlesskit-debuginfo-1.1.1-150000.1.3.3 * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * Containers Module 15-SP4 (noarch) * docker-rootless-extras-24.0.7_ce-150000.190.4 * docker-bash-completion-24.0.7_ce-150000.190.4 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rootlesskit-1.1.1-150000.1.3.3 * rootlesskit-debuginfo-1.1.1-150000.1.3.3 * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * Containers Module 15-SP5 (noarch) * docker-rootless-extras-24.0.7_ce-150000.190.4 * docker-bash-completion-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * docker-bash-completion-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * docker-bash-completion-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * docker-bash-completion-24.0.7_ce-150000.190.4 * docker-fish-completion-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * docker-bash-completion-24.0.7_ce-150000.190.4 * docker-fish-completion-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * docker-bash-completion-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * docker-bash-completion-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * docker-bash-completion-24.0.7_ce-150000.190.4 * docker-fish-completion-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * docker-bash-completion-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * docker-bash-completion-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * docker-bash-completion-24.0.7_ce-150000.190.4 * docker-fish-completion-24.0.7_ce-150000.190.4 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * SUSE Enterprise Storage 7.1 (noarch) * docker-bash-completion-24.0.7_ce-150000.190.4 * docker-fish-completion-24.0.7_ce-150000.190.4 * SUSE CaaS Platform 4.0 (x86_64) * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * SUSE CaaS Platform 4.0 (noarch) * docker-bash-completion-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * docker-debuginfo-24.0.7_ce-150000.190.4 * docker-24.0.7_ce-150000.190.4 ## References: * https://www.suse.com/security/cve/CVE-2020-12912.html * https://www.suse.com/security/cve/CVE-2020-8694.html * https://www.suse.com/security/cve/CVE-2020-8695.html * https://bugzilla.suse.com/show_bug.cgi?id=1170415 * https://bugzilla.suse.com/show_bug.cgi?id=1170446 * https://bugzilla.suse.com/show_bug.cgi?id=1178760 * https://bugzilla.suse.com/show_bug.cgi?id=1210141 * https://bugzilla.suse.com/show_bug.cgi?id=1213229 * https://bugzilla.suse.com/show_bug.cgi?id=1213500 * https://bugzilla.suse.com/show_bug.cgi?id=1215323 * https://bugzilla.suse.com/show_bug.cgi?id=1217513 * https://jira.suse.com/browse/PED-6180 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 20:30:19 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 20:30:19 -0000 Subject: SUSE-SU-2023:4935-1: important: Security update for xorg-x11-server Message-ID: <170310421947.29300.1013126042769583090@smelt2.prg2.suse.org> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2023:4935-1 Rating: important References: * bsc#1217765 Cross-References: * CVE-2023-6377 CVSS scores: * CVE-2023-6377 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions (bsc#1217765). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4935=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4935=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4935=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4935=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-sdk-1.19.6-10.62.1 * xorg-x11-server-debugsource-1.19.6-10.62.1 * xorg-x11-server-debuginfo-1.19.6-10.62.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * xorg-x11-server-debugsource-1.19.6-10.62.1 * xorg-x11-server-debuginfo-1.19.6-10.62.1 * xorg-x11-server-1.19.6-10.62.1 * xorg-x11-server-extra-1.19.6-10.62.1 * xorg-x11-server-extra-debuginfo-1.19.6-10.62.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-debugsource-1.19.6-10.62.1 * xorg-x11-server-debuginfo-1.19.6-10.62.1 * xorg-x11-server-1.19.6-10.62.1 * xorg-x11-server-extra-1.19.6-10.62.1 * xorg-x11-server-extra-debuginfo-1.19.6-10.62.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * xorg-x11-server-debugsource-1.19.6-10.62.1 * xorg-x11-server-debuginfo-1.19.6-10.62.1 * xorg-x11-server-1.19.6-10.62.1 * xorg-x11-server-extra-1.19.6-10.62.1 * xorg-x11-server-extra-debuginfo-1.19.6-10.62.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6377.html * https://bugzilla.suse.com/show_bug.cgi?id=1217765 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 20:30:21 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 20:30:21 -0000 Subject: SUSE-SU-2023:4934-1: important: Security update for xorg-x11-server Message-ID: <170310422140.29300.10211806476740720268@smelt2.prg2.suse.org> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2023:4934-1 Rating: important References: * bsc#1217765 Cross-References: * CVE-2023-6377 CVSS scores: * CVE-2023-6377 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions (bsc#1217765). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4934=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4934=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4934=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4934=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4934=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4934=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4934=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4934=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4934=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4934=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4934=1 ## Package List: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.85.1 * xorg-x11-server-extra-1.20.3-150200.22.5.85.1 * xorg-x11-server-1.20.3-150200.22.5.85.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.85.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.85.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.85.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.85.1 * xorg-x11-server-extra-1.20.3-150200.22.5.85.1 * xorg-x11-server-1.20.3-150200.22.5.85.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.85.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.85.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.85.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.85.1 * xorg-x11-server-extra-1.20.3-150200.22.5.85.1 * xorg-x11-server-1.20.3-150200.22.5.85.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.85.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.85.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.85.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * xorg-x11-server-debugsource-1.20.3-150200.22.5.85.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.85.1 * xorg-x11-server-wayland-1.20.3-150200.22.5.85.1 * xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.85.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * xorg-x11-server-debugsource-1.20.3-150200.22.5.85.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.85.1 * xorg-x11-server-wayland-1.20.3-150200.22.5.85.1 * xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.85.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.85.1 * xorg-x11-server-extra-1.20.3-150200.22.5.85.1 * xorg-x11-server-1.20.3-150200.22.5.85.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.85.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.85.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.85.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.85.1 * xorg-x11-server-wayland-1.20.3-150200.22.5.85.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.85.1 * xorg-x11-server-extra-1.20.3-150200.22.5.85.1 * xorg-x11-server-1.20.3-150200.22.5.85.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.85.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.85.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.85.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.85.1 * xorg-x11-server-extra-1.20.3-150200.22.5.85.1 * xorg-x11-server-1.20.3-150200.22.5.85.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.85.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.85.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.85.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.85.1 * xorg-x11-server-extra-1.20.3-150200.22.5.85.1 * xorg-x11-server-1.20.3-150200.22.5.85.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.85.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.85.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.85.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.85.1 * xorg-x11-server-extra-1.20.3-150200.22.5.85.1 * xorg-x11-server-1.20.3-150200.22.5.85.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.85.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.85.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.85.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6377.html * https://bugzilla.suse.com/show_bug.cgi?id=1217765 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 20 20:30:23 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 20 Dec 2023 20:30:23 -0000 Subject: SUSE-SU-2023:4933-1: important: Security update for xwayland Message-ID: <170310422372.29300.9532664348955393212@smelt2.prg2.suse.org> # Security update for xwayland Announcement ID: SUSE-SU-2023:4933-1 Rating: important References: * bsc#1217765 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that has one security fix can now be installed. ## Description: This update for xwayland fixes the following issues: * CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions (bsc#1217765). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4933=1 openSUSE-SLE-15.5-2023-4933=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4933=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * xwayland-debugsource-22.1.5-150500.7.11.1 * xwayland-devel-22.1.5-150500.7.11.1 * xwayland-debuginfo-22.1.5-150500.7.11.1 * xwayland-22.1.5-150500.7.11.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * xwayland-debugsource-22.1.5-150500.7.11.1 * xwayland-debuginfo-22.1.5-150500.7.11.1 * xwayland-22.1.5-150500.7.11.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1217765 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 21 08:30:06 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 21 Dec 2023 08:30:06 -0000 Subject: SUSE-RU-2023:4940-1: moderate: Recommended update for SAPHanaSR Message-ID: <170314740682.26647.530794409454352760@smelt2.prg2.suse.org> # Recommended update for SAPHanaSR Announcement ID: SUSE-RU-2023:4940-1 Rating: moderate References: * bsc#1210728 * bsc#1214613 * bsc#1215693 * bsc#1216484 * jsc#PED-1739 * jsc#PED-2608 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SAP Applications Module 15-SP2 * SAP Applications Module 15-SP1 * SAP Applications Module 15-SP3 * SAP Applications Module 15-SP4 * SAP Applications Module 15-SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains two features and has four fixes can now be installed. ## Description: This update for SAPHanaSR fixes the following issues: * SAPHanaSR was updated to version 0.162.2: * Inside 'SAPHanaSR-hookHelper' use the full path for the 'cibadmin' command to support non root users in special user environments. (bsc#1216484) * If the 'SAPHanaSR.py' hook has successfully reported a SR event to the cluster a still existing fall-back state file will be removed to prevent an override of an already reported SR state. (bsc#1215693) * Improved supportability by providing the current process ID of the RA, which is logged in the RA outputs, to HANA tracefiles too. This allows a mapping of the SAP related command invocations from the RA and the HANA executions which might have a delay in between. (bsc#1214613) * Avoid explicit and implicit usage of '/tmp' filesystem to keep the 'SAPHanaSR' resource agents working even in situations with '/tmp' filesystem full. (bsc#1210728) * Updated man pages * Added improvements from SAP to the RA scripts, part II (jsc#PED-1739, jsc#PED-2608) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4940=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4940=1 * SAP Applications Module 15-SP1 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2023-4940=1 * SAP Applications Module 15-SP2 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2023-4940=1 * SAP Applications Module 15-SP3 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2023-4940=1 * SAP Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-4940=1 * SAP Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP5-2023-4940=1 ## Package List: * openSUSE Leap 15.4 (noarch) * SAPHanaSR-0.162.2-150000.4.34.1 * SAPHanaSR-doc-0.162.2-150000.4.34.1 * openSUSE Leap 15.5 (noarch) * SAPHanaSR-0.162.2-150000.4.34.1 * SAPHanaSR-doc-0.162.2-150000.4.34.1 * SAP Applications Module 15-SP1 (noarch) * SAPHanaSR-0.162.2-150000.4.34.1 * SAPHanaSR-doc-0.162.2-150000.4.34.1 * SAP Applications Module 15-SP2 (noarch) * SAPHanaSR-0.162.2-150000.4.34.1 * SAPHanaSR-doc-0.162.2-150000.4.34.1 * SAP Applications Module 15-SP3 (noarch) * SAPHanaSR-0.162.2-150000.4.34.1 * SAPHanaSR-doc-0.162.2-150000.4.34.1 * SAP Applications Module 15-SP4 (noarch) * SAPHanaSR-0.162.2-150000.4.34.1 * SAPHanaSR-doc-0.162.2-150000.4.34.1 * SAP Applications Module 15-SP5 (noarch) * SAPHanaSR-0.162.2-150000.4.34.1 * SAPHanaSR-doc-0.162.2-150000.4.34.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210728 * https://bugzilla.suse.com/show_bug.cgi?id=1214613 * https://bugzilla.suse.com/show_bug.cgi?id=1215693 * https://bugzilla.suse.com/show_bug.cgi?id=1216484 * https://jira.suse.com/browse/PED-1739 * https://jira.suse.com/browse/PED-2608 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 21 12:30:02 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 21 Dec 2023 12:30:02 -0000 Subject: SUSE-SU-2023:4946-1: moderate: Security update for libssh2_org Message-ID: <170316180271.13537.7197607129619646390@smelt2.prg2.suse.org> # Security update for libssh2_org Announcement ID: SUSE-SU-2023:4946-1 Rating: moderate References: * bsc#1218127 Cross-References: * CVE-2023-48795 CVSS scores: * CVE-2023-48795 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libssh2_org fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (Terrapin Attack) (bsc#1218127). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4946=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4946=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4946=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4946=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libssh2_org-debugsource-1.11.0-29.9.1 * libssh2-devel-1.11.0-29.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libssh2_org-debugsource-1.11.0-29.9.1 * libssh2-1-1.11.0-29.9.1 * libssh2-1-debuginfo-1.11.0-29.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libssh2-1-32bit-1.11.0-29.9.1 * libssh2-1-debuginfo-32bit-1.11.0-29.9.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libssh2_org-debugsource-1.11.0-29.9.1 * libssh2-1-1.11.0-29.9.1 * libssh2-1-debuginfo-1.11.0-29.9.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libssh2-1-32bit-1.11.0-29.9.1 * libssh2-1-debuginfo-32bit-1.11.0-29.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libssh2_org-debugsource-1.11.0-29.9.1 * libssh2-1-1.11.0-29.9.1 * libssh2-1-debuginfo-1.11.0-29.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libssh2-1-32bit-1.11.0-29.9.1 * libssh2-1-debuginfo-32bit-1.11.0-29.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-48795.html * https://bugzilla.suse.com/show_bug.cgi?id=1218127 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 21 12:30:05 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 21 Dec 2023 12:30:05 -0000 Subject: SUSE-SU-2023:4945-1: important: Security update for xen Message-ID: <170316180564.13537.289449509746128072@smelt2.prg2.suse.org> # Security update for xen Announcement ID: SUSE-SU-2023:4945-1 Rating: important References: * bsc#1027519 * bsc#1216654 * bsc#1216807 Cross-References: * CVE-2023-46835 * CVE-2023-46836 CVSS scores: * CVE-2023-46835 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-46836 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-46836: Fixed BTC/SRSO fixes not fully effective (bsc#1216807). * CVE-2023-46835: Fixed mismatch in IOMMU quarantine page table levels on x86/AMD (bsc#1216654). Update to Xen 4.17.3 bug fix release (bsc#1027519). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4945=1 openSUSE-SLE-15.5-2023-4945=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4945=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4945=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4945=1 ## Package List: * openSUSE Leap 15.5 (aarch64 x86_64 i586) * xen-libs-debuginfo-4.17.3_02-150500.3.18.1 * xen-libs-4.17.3_02-150500.3.18.1 * xen-tools-domU-debuginfo-4.17.3_02-150500.3.18.1 * xen-debugsource-4.17.3_02-150500.3.18.1 * xen-devel-4.17.3_02-150500.3.18.1 * xen-tools-domU-4.17.3_02-150500.3.18.1 * openSUSE Leap 15.5 (x86_64) * xen-libs-32bit-debuginfo-4.17.3_02-150500.3.18.1 * xen-libs-32bit-4.17.3_02-150500.3.18.1 * openSUSE Leap 15.5 (aarch64 x86_64) * xen-tools-debuginfo-4.17.3_02-150500.3.18.1 * xen-tools-4.17.3_02-150500.3.18.1 * xen-4.17.3_02-150500.3.18.1 * xen-doc-html-4.17.3_02-150500.3.18.1 * openSUSE Leap 15.5 (noarch) * xen-tools-xendomains-wait-disk-4.17.3_02-150500.3.18.1 * openSUSE Leap 15.5 (aarch64_ilp32) * xen-libs-64bit-debuginfo-4.17.3_02-150500.3.18.1 * xen-libs-64bit-4.17.3_02-150500.3.18.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * xen-libs-4.17.3_02-150500.3.18.1 * xen-libs-debuginfo-4.17.3_02-150500.3.18.1 * xen-debugsource-4.17.3_02-150500.3.18.1 * Basesystem Module 15-SP5 (x86_64) * xen-libs-debuginfo-4.17.3_02-150500.3.18.1 * xen-libs-4.17.3_02-150500.3.18.1 * xen-tools-domU-debuginfo-4.17.3_02-150500.3.18.1 * xen-debugsource-4.17.3_02-150500.3.18.1 * xen-tools-domU-4.17.3_02-150500.3.18.1 * Server Applications Module 15-SP5 (x86_64) * xen-tools-4.17.3_02-150500.3.18.1 * xen-4.17.3_02-150500.3.18.1 * xen-tools-debuginfo-4.17.3_02-150500.3.18.1 * xen-debugsource-4.17.3_02-150500.3.18.1 * xen-devel-4.17.3_02-150500.3.18.1 * Server Applications Module 15-SP5 (noarch) * xen-tools-xendomains-wait-disk-4.17.3_02-150500.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46835.html * https://www.suse.com/security/cve/CVE-2023-46836.html * https://bugzilla.suse.com/show_bug.cgi?id=1027519 * https://bugzilla.suse.com/show_bug.cgi?id=1216654 * https://bugzilla.suse.com/show_bug.cgi?id=1216807 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 21 12:30:07 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 21 Dec 2023 12:30:07 -0000 Subject: SUSE-SU-2023:4944-1: important: Security update for gstreamer-plugins-bad Message-ID: <170316180797.13537.4490411524724742867@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4944-1 Rating: important References: * bsc#1215792 Cross-References: * CVE-2023-40475 CVSS scores: * CVE-2023-40475 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40475: Fixed GStreamer MXF File Parsing Integer Overflow (bsc#1215792). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4944=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4944=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4944=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libgstwayland-1_0-0-debuginfo-1.12.5-150000.3.18.1 * typelib-1_0-GstPlayer-1_0-1.12.5-150000.3.18.1 * libgstadaptivedemux-1_0-0-1.12.5-150000.3.18.1 * typelib-1_0-GstMpegts-1_0-1.12.5-150000.3.18.1 * libgstbadbase-1_0-0-1.12.5-150000.3.18.1 * libgstphotography-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgsturidownloader-1_0-0-1.12.5-150000.3.18.1 * libgsturidownloader-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstplayer-1_0-0-1.12.5-150000.3.18.1 * libgstadaptivedemux-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstgl-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstmpegts-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstbadaudio-1_0-0-1.12.5-150000.3.18.1 * libgstbadallocators-1_0-0-1.12.5-150000.3.18.1 * gstreamer-plugins-bad-debugsource-1.12.5-150000.3.18.1 * libgstinsertbin-1_0-0-1.12.5-150000.3.18.1 * typelib-1_0-GstGL-1_0-1.12.5-150000.3.18.1 * libgstbadvideo-1_0-0-1.12.5-150000.3.18.1 * libgstphotography-1_0-0-1.12.5-150000.3.18.1 * libgstcodecparsers-1_0-0-1.12.5-150000.3.18.1 * libgstcodecparsers-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstplayer-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstwayland-1_0-0-1.12.5-150000.3.18.1 * typelib-1_0-GstBadAllocators-1_0-1.12.5-150000.3.18.1 * libgstinsertbin-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstbadbase-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstbadallocators-1_0-0-debuginfo-1.12.5-150000.3.18.1 * gstreamer-plugins-bad-debuginfo-1.12.5-150000.3.18.1 * libgstbadvideo-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstbasecamerabinsrc-1_0-0-1.12.5-150000.3.18.1 * gstreamer-plugins-bad-1.12.5-150000.3.18.1 * gstreamer-plugins-bad-devel-1.12.5-150000.3.18.1 * libgstbadaudio-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstmpegts-1_0-0-1.12.5-150000.3.18.1 * typelib-1_0-GstInsertBin-1_0-1.12.5-150000.3.18.1 * libgstgl-1_0-0-1.12.5-150000.3.18.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * gstreamer-plugins-bad-lang-1.12.5-150000.3.18.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libgstwayland-1_0-0-debuginfo-1.12.5-150000.3.18.1 * typelib-1_0-GstPlayer-1_0-1.12.5-150000.3.18.1 * libgstadaptivedemux-1_0-0-1.12.5-150000.3.18.1 * typelib-1_0-GstMpegts-1_0-1.12.5-150000.3.18.1 * libgstbadbase-1_0-0-1.12.5-150000.3.18.1 * libgstphotography-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgsturidownloader-1_0-0-1.12.5-150000.3.18.1 * libgsturidownloader-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstplayer-1_0-0-1.12.5-150000.3.18.1 * libgstadaptivedemux-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstgl-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstmpegts-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstbadaudio-1_0-0-1.12.5-150000.3.18.1 * libgstbadallocators-1_0-0-1.12.5-150000.3.18.1 * gstreamer-plugins-bad-debugsource-1.12.5-150000.3.18.1 * libgstinsertbin-1_0-0-1.12.5-150000.3.18.1 * typelib-1_0-GstGL-1_0-1.12.5-150000.3.18.1 * libgstbadvideo-1_0-0-1.12.5-150000.3.18.1 * libgstphotography-1_0-0-1.12.5-150000.3.18.1 * libgstcodecparsers-1_0-0-1.12.5-150000.3.18.1 * libgstcodecparsers-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstplayer-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstwayland-1_0-0-1.12.5-150000.3.18.1 * typelib-1_0-GstBadAllocators-1_0-1.12.5-150000.3.18.1 * libgstinsertbin-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstbadbase-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstbadallocators-1_0-0-debuginfo-1.12.5-150000.3.18.1 * gstreamer-plugins-bad-debuginfo-1.12.5-150000.3.18.1 * libgstbadvideo-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstbasecamerabinsrc-1_0-0-1.12.5-150000.3.18.1 * gstreamer-plugins-bad-1.12.5-150000.3.18.1 * gstreamer-plugins-bad-devel-1.12.5-150000.3.18.1 * libgstbadaudio-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstmpegts-1_0-0-1.12.5-150000.3.18.1 * typelib-1_0-GstInsertBin-1_0-1.12.5-150000.3.18.1 * libgstgl-1_0-0-1.12.5-150000.3.18.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * gstreamer-plugins-bad-lang-1.12.5-150000.3.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libgstwayland-1_0-0-debuginfo-1.12.5-150000.3.18.1 * typelib-1_0-GstPlayer-1_0-1.12.5-150000.3.18.1 * libgstadaptivedemux-1_0-0-1.12.5-150000.3.18.1 * typelib-1_0-GstMpegts-1_0-1.12.5-150000.3.18.1 * libgstbadbase-1_0-0-1.12.5-150000.3.18.1 * libgstphotography-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgsturidownloader-1_0-0-1.12.5-150000.3.18.1 * libgsturidownloader-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstplayer-1_0-0-1.12.5-150000.3.18.1 * libgstadaptivedemux-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstgl-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstmpegts-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstbadaudio-1_0-0-1.12.5-150000.3.18.1 * libgstbadallocators-1_0-0-1.12.5-150000.3.18.1 * gstreamer-plugins-bad-debugsource-1.12.5-150000.3.18.1 * libgstinsertbin-1_0-0-1.12.5-150000.3.18.1 * typelib-1_0-GstGL-1_0-1.12.5-150000.3.18.1 * libgstbadvideo-1_0-0-1.12.5-150000.3.18.1 * libgstphotography-1_0-0-1.12.5-150000.3.18.1 * libgstcodecparsers-1_0-0-1.12.5-150000.3.18.1 * libgstcodecparsers-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstplayer-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstwayland-1_0-0-1.12.5-150000.3.18.1 * typelib-1_0-GstBadAllocators-1_0-1.12.5-150000.3.18.1 * libgstinsertbin-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstbadbase-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstbadallocators-1_0-0-debuginfo-1.12.5-150000.3.18.1 * gstreamer-plugins-bad-debuginfo-1.12.5-150000.3.18.1 * libgstbadvideo-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstbasecamerabinsrc-1_0-0-1.12.5-150000.3.18.1 * gstreamer-plugins-bad-1.12.5-150000.3.18.1 * gstreamer-plugins-bad-devel-1.12.5-150000.3.18.1 * libgstbadaudio-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstmpegts-1_0-0-1.12.5-150000.3.18.1 * typelib-1_0-GstInsertBin-1_0-1.12.5-150000.3.18.1 * libgstgl-1_0-0-1.12.5-150000.3.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * gstreamer-plugins-bad-lang-1.12.5-150000.3.18.1 * SUSE CaaS Platform 4.0 (x86_64) * libgstwayland-1_0-0-debuginfo-1.12.5-150000.3.18.1 * typelib-1_0-GstPlayer-1_0-1.12.5-150000.3.18.1 * libgstadaptivedemux-1_0-0-1.12.5-150000.3.18.1 * typelib-1_0-GstMpegts-1_0-1.12.5-150000.3.18.1 * libgstbadbase-1_0-0-1.12.5-150000.3.18.1 * libgstphotography-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgsturidownloader-1_0-0-1.12.5-150000.3.18.1 * libgsturidownloader-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstplayer-1_0-0-1.12.5-150000.3.18.1 * libgstadaptivedemux-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstgl-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstmpegts-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstbadaudio-1_0-0-1.12.5-150000.3.18.1 * libgstbadallocators-1_0-0-1.12.5-150000.3.18.1 * gstreamer-plugins-bad-debugsource-1.12.5-150000.3.18.1 * libgstinsertbin-1_0-0-1.12.5-150000.3.18.1 * typelib-1_0-GstGL-1_0-1.12.5-150000.3.18.1 * libgstbadvideo-1_0-0-1.12.5-150000.3.18.1 * libgstphotography-1_0-0-1.12.5-150000.3.18.1 * libgstcodecparsers-1_0-0-1.12.5-150000.3.18.1 * libgstcodecparsers-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstplayer-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstwayland-1_0-0-1.12.5-150000.3.18.1 * typelib-1_0-GstBadAllocators-1_0-1.12.5-150000.3.18.1 * libgstinsertbin-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstbadbase-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstbadallocators-1_0-0-debuginfo-1.12.5-150000.3.18.1 * gstreamer-plugins-bad-debuginfo-1.12.5-150000.3.18.1 * libgstbadvideo-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstbasecamerabinsrc-1_0-0-1.12.5-150000.3.18.1 * gstreamer-plugins-bad-1.12.5-150000.3.18.1 * gstreamer-plugins-bad-devel-1.12.5-150000.3.18.1 * libgstbadaudio-1_0-0-debuginfo-1.12.5-150000.3.18.1 * libgstmpegts-1_0-0-1.12.5-150000.3.18.1 * typelib-1_0-GstInsertBin-1_0-1.12.5-150000.3.18.1 * libgstgl-1_0-0-1.12.5-150000.3.18.1 * SUSE CaaS Platform 4.0 (noarch) * gstreamer-plugins-bad-lang-1.12.5-150000.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40475.html * https://bugzilla.suse.com/show_bug.cgi?id=1215792 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 21 12:30:10 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 21 Dec 2023 12:30:10 -0000 Subject: SUSE-SU-2023:4943-1: important: Security update for gstreamer-plugins-bad Message-ID: <170316181031.13537.5779603601146902399@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4943-1 Rating: important References: * bsc#1215792 * bsc#1217213 Cross-References: * CVE-2023-40475 * CVE-2023-44446 CVSS scores: * CVE-2023-40475 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-44446 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40475: Fixed GStreamer MXF File Parsing Integer Overflow (bsc#1215792). * CVE-2023-44446: Fixed GStreamer MXF File Parsing Use-After-Free (bsc#1217213). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4943=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4943=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4943=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4943=1 ## Package List: * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libgstwayland-1_0-0-1.22.0-150500.3.17.1 * typelib-1_0-GstMpegts-1_0-1.22.0-150500.3.17.1 * libgstbadaudio-1_0-0-1.22.0-150500.3.17.1 * libgstcodecparsers-1_0-0-1.22.0-150500.3.17.1 * gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.17.1 * libgstmpegts-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstwayland-1_0-0-debuginfo-1.22.0-150500.3.17.1 * typelib-1_0-GstBadAudio-1_0-1.22.0-150500.3.17.1 * typelib-1_0-GstCodecs-1_0-1.22.0-150500.3.17.1 * libgstinsertbin-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgsturidownloader-1_0-0-1.22.0-150500.3.17.1 * libgstsctp-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstwebrtcnice-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstvulkan-1_0-0-1.22.0-150500.3.17.1 * libgstadaptivedemux-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstvulkan-1_0-0-debuginfo-1.22.0-150500.3.17.1 * gstreamer-plugins-bad-1.22.0-150500.3.17.1 * typelib-1_0-GstPlay-1_0-1.22.0-150500.3.17.1 * typelib-1_0-GstInsertBin-1_0-1.22.0-150500.3.17.1 * typelib-1_0-GstVa-1_0-1.22.0-150500.3.17.1 * libgstinsertbin-1_0-0-1.22.0-150500.3.17.1 * gstreamer-plugins-bad-devel-1.22.0-150500.3.17.1 * libgstisoff-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstwebrtcnice-1_0-0-1.22.0-150500.3.17.1 * gstreamer-plugins-bad-chromaprint-1.22.0-150500.3.17.1 * libgstmpegts-1_0-0-1.22.0-150500.3.17.1 * libgstadaptivedemux-1_0-0-1.22.0-150500.3.17.1 * libgstcodecparsers-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstva-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstva-1_0-0-1.22.0-150500.3.17.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-150500.3.17.1 * libgstsctp-1_0-0-1.22.0-150500.3.17.1 * libgstbasecamerabinsrc-1_0-0-1.22.0-150500.3.17.1 * gstreamer-plugins-bad-debugsource-1.22.0-150500.3.17.1 * libgstisoff-1_0-0-1.22.0-150500.3.17.1 * libgstwebrtc-1_0-0-1.22.0-150500.3.17.1 * libgstwebrtc-1_0-0-debuginfo-1.22.0-150500.3.17.1 * typelib-1_0-GstWebRTC-1_0-1.22.0-150500.3.17.1 * typelib-1_0-GstCuda-1_0-1.22.0-150500.3.17.1 * libgstcuda-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstcodecs-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstcuda-1_0-0-1.22.0-150500.3.17.1 * typelib-1_0-CudaGst-1_0-1.22.0-150500.3.17.1 * libgstcodecs-1_0-0-1.22.0-150500.3.17.1 * libgsttranscoder-1_0-0-1.22.0-150500.3.17.1 * typelib-1_0-GstPlayer-1_0-1.22.0-150500.3.17.1 * libgsturidownloader-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstbadaudio-1_0-0-debuginfo-1.22.0-150500.3.17.1 * Desktop Applications Module 15-SP5 (noarch) * gstreamer-plugins-bad-lang-1.22.0-150500.3.17.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.17.1 * gstreamer-plugins-bad-debugsource-1.22.0-150500.3.17.1 * libgsttranscoder-1_0-0-1.22.0-150500.3.17.1 * libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.17.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libgstwayland-1_0-0-1.22.0-150500.3.17.1 * typelib-1_0-GstVulkanWayland-1_0-1.22.0-150500.3.17.1 * typelib-1_0-GstMpegts-1_0-1.22.0-150500.3.17.1 * libgstbadaudio-1_0-0-1.22.0-150500.3.17.1 * libgstcodecparsers-1_0-0-1.22.0-150500.3.17.1 * gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.17.1 * libgstmpegts-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstwayland-1_0-0-debuginfo-1.22.0-150500.3.17.1 * typelib-1_0-GstBadAudio-1_0-1.22.0-150500.3.17.1 * typelib-1_0-GstTranscoder-1_0-1.22.0-150500.3.17.1 * typelib-1_0-GstCodecs-1_0-1.22.0-150500.3.17.1 * libgstinsertbin-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstplayer-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgsturidownloader-1_0-0-1.22.0-150500.3.17.1 * libgstsctp-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstwebrtcnice-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstvulkan-1_0-0-1.22.0-150500.3.17.1 * libgstadaptivedemux-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstvulkan-1_0-0-debuginfo-1.22.0-150500.3.17.1 * gstreamer-plugins-bad-1.22.0-150500.3.17.1 * typelib-1_0-GstPlay-1_0-1.22.0-150500.3.17.1 * gstreamer-transcoder-devel-1.22.0-150500.3.17.1 * typelib-1_0-GstInsertBin-1_0-1.22.0-150500.3.17.1 * libgstphotography-1_0-0-debuginfo-1.22.0-150500.3.17.1 * typelib-1_0-GstVa-1_0-1.22.0-150500.3.17.1 * libgstinsertbin-1_0-0-1.22.0-150500.3.17.1 * gstreamer-plugins-bad-devel-1.22.0-150500.3.17.1 * libgstisoff-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstwebrtcnice-1_0-0-1.22.0-150500.3.17.1 * gstreamer-plugins-bad-chromaprint-1.22.0-150500.3.17.1 * typelib-1_0-GstVulkan-1_0-1.22.0-150500.3.17.1 * libgstmpegts-1_0-0-1.22.0-150500.3.17.1 * libgstadaptivedemux-1_0-0-1.22.0-150500.3.17.1 * libgstcodecparsers-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstva-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstva-1_0-0-1.22.0-150500.3.17.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-150500.3.17.1 * gstreamer-transcoder-1.22.0-150500.3.17.1 * gstreamer-transcoder-debuginfo-1.22.0-150500.3.17.1 * typelib-1_0-GstVulkanXCB-1_0-1.22.0-150500.3.17.1 * libgstsctp-1_0-0-1.22.0-150500.3.17.1 * libgstbasecamerabinsrc-1_0-0-1.22.0-150500.3.17.1 * gstreamer-plugins-bad-debugsource-1.22.0-150500.3.17.1 * libgstplayer-1_0-0-1.22.0-150500.3.17.1 * libgstisoff-1_0-0-1.22.0-150500.3.17.1 * libgstwebrtc-1_0-0-1.22.0-150500.3.17.1 * libgstwebrtc-1_0-0-debuginfo-1.22.0-150500.3.17.1 * typelib-1_0-GstWebRTC-1_0-1.22.0-150500.3.17.1 * libgstplay-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstcuda-1_0-0-debuginfo-1.22.0-150500.3.17.1 * typelib-1_0-GstCuda-1_0-1.22.0-150500.3.17.1 * libgstplay-1_0-0-1.22.0-150500.3.17.1 * libgstcodecs-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstcuda-1_0-0-1.22.0-150500.3.17.1 * typelib-1_0-CudaGst-1_0-1.22.0-150500.3.17.1 * libgstphotography-1_0-0-1.22.0-150500.3.17.1 * libgstcodecs-1_0-0-1.22.0-150500.3.17.1 * libgsttranscoder-1_0-0-1.22.0-150500.3.17.1 * typelib-1_0-GstPlayer-1_0-1.22.0-150500.3.17.1 * libgsturidownloader-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstbadaudio-1_0-0-debuginfo-1.22.0-150500.3.17.1 * openSUSE Leap 15.5 (x86_64) * libgstcodecs-1_0-0-32bit-1.22.0-150500.3.17.1 * gstreamer-plugins-bad-chromaprint-32bit-1.22.0-150500.3.17.1 * libgstinsertbin-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1 * libgstphotography-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1 * libgstcodecparsers-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1 * libgstplay-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1 * gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.22.0-150500.3.17.1 * libgstwayland-1_0-0-32bit-1.22.0-150500.3.17.1 * libgstva-1_0-0-32bit-1.22.0-150500.3.17.1 * libgstvulkan-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1 * libgstplayer-1_0-0-32bit-1.22.0-150500.3.17.1 * libgstbadaudio-1_0-0-32bit-1.22.0-150500.3.17.1 * libgstadaptivedemux-1_0-0-32bit-1.22.0-150500.3.17.1 * libgstcuda-1_0-0-32bit-1.22.0-150500.3.17.1 * libgstcuda-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1 * libgstwebrtc-1_0-0-32bit-1.22.0-150500.3.17.1 * libgstisoff-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1 * libgstisoff-1_0-0-32bit-1.22.0-150500.3.17.1 * libgstinsertbin-1_0-0-32bit-1.22.0-150500.3.17.1 * libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1 * libgstva-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1 * libgstwebrtcnice-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1 * libgstcodecparsers-1_0-0-32bit-1.22.0-150500.3.17.1 * gstreamer-plugins-bad-32bit-1.22.0-150500.3.17.1 * libgstbadaudio-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1 * libgstmpegts-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1 * libgstmpegts-1_0-0-32bit-1.22.0-150500.3.17.1 * libgstadaptivedemux-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1 * libgstwebrtc-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1 * libgstsctp-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1 * libgstplayer-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1 * libgstwebrtcnice-1_0-0-32bit-1.22.0-150500.3.17.1 * libgstplay-1_0-0-32bit-1.22.0-150500.3.17.1 * libgstcodecs-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1 * libgsturidownloader-1_0-0-32bit-1.22.0-150500.3.17.1 * libgstbasecamerabinsrc-1_0-0-32bit-1.22.0-150500.3.17.1 * libgsturidownloader-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1 * libgstwayland-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1 * libgstphotography-1_0-0-32bit-1.22.0-150500.3.17.1 * libgstsctp-1_0-0-32bit-1.22.0-150500.3.17.1 * gstreamer-plugins-bad-32bit-debuginfo-1.22.0-150500.3.17.1 * libgstvulkan-1_0-0-32bit-1.22.0-150500.3.17.1 * openSUSE Leap 15.5 (noarch) * gstreamer-plugins-bad-lang-1.22.0-150500.3.17.1 * openSUSE Leap 15.5 (aarch64_ilp32) * gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.22.0-150500.3.17.1 * libgstbadaudio-1_0-0-64bit-1.22.0-150500.3.17.1 * libgstadaptivedemux-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1 * libgstinsertbin-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1 * libgstsctp-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1 * libgstvulkan-1_0-0-64bit-1.22.0-150500.3.17.1 * libgstcuda-1_0-0-64bit-1.22.0-150500.3.17.1 * libgstcodecparsers-1_0-0-64bit-1.22.0-150500.3.17.1 * libgstplay-1_0-0-64bit-1.22.0-150500.3.17.1 * libgstwebrtc-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1 * libgstwebrtcnice-1_0-0-64bit-1.22.0-150500.3.17.1 * libgstplayer-1_0-0-64bit-1.22.0-150500.3.17.1 * libgstwayland-1_0-0-64bit-1.22.0-150500.3.17.1 * libgstcodecs-1_0-0-64bit-1.22.0-150500.3.17.1 * libgstinsertbin-1_0-0-64bit-1.22.0-150500.3.17.1 * libgstphotography-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1 * libgstisoff-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1 * libgstmpegts-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1 * libgsturidownloader-1_0-0-64bit-1.22.0-150500.3.17.1 * libgstbasecamerabinsrc-1_0-0-64bit-1.22.0-150500.3.17.1 * libgstva-1_0-0-64bit-1.22.0-150500.3.17.1 * libgstbadaudio-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1 * libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1 * libgstplayer-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1 * libgstadaptivedemux-1_0-0-64bit-1.22.0-150500.3.17.1 * libgstcodecparsers-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1 * gstreamer-plugins-bad-64bit-debuginfo-1.22.0-150500.3.17.1 * libgstwayland-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1 * libgstcodecs-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1 * libgstphotography-1_0-0-64bit-1.22.0-150500.3.17.1 * libgstvulkan-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1 * libgstcuda-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1 * gstreamer-plugins-bad-64bit-1.22.0-150500.3.17.1 * libgstplay-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1 * gstreamer-plugins-bad-chromaprint-64bit-1.22.0-150500.3.17.1 * libgstva-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1 * libgstwebrtc-1_0-0-64bit-1.22.0-150500.3.17.1 * libgstwebrtcnice-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1 * libgstmpegts-1_0-0-64bit-1.22.0-150500.3.17.1 * libgsturidownloader-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1 * libgstsctp-1_0-0-64bit-1.22.0-150500.3.17.1 * libgstisoff-1_0-0-64bit-1.22.0-150500.3.17.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libgstplay-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstplay-1_0-0-1.22.0-150500.3.17.1 * gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.17.1 * libgstphotography-1_0-0-debuginfo-1.22.0-150500.3.17.1 * libgstphotography-1_0-0-1.22.0-150500.3.17.1 * gstreamer-plugins-bad-debugsource-1.22.0-150500.3.17.1 * libgstplayer-1_0-0-1.22.0-150500.3.17.1 * libgstplayer-1_0-0-debuginfo-1.22.0-150500.3.17.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40475.html * https://www.suse.com/security/cve/CVE-2023-44446.html * https://bugzilla.suse.com/show_bug.cgi?id=1215792 * https://bugzilla.suse.com/show_bug.cgi?id=1217213 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 21 12:30:14 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 21 Dec 2023 12:30:14 -0000 Subject: SUSE-SU-2023:4942-1: moderate: Security update for poppler Message-ID: <170316181422.13537.18273104325533476604@smelt2.prg2.suse.org> # Security update for poppler Announcement ID: SUSE-SU-2023:4942-1 Rating: moderate References: * bsc#1120956 Cross-References: * CVE-2018-20662 CVSS scores: * CVE-2018-20662 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-20662 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-20662 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2018-20662: PDFDoc setup in PDFDoc.cc allows attackers to cause DOS because of a wrong return value from PDFDoc:setup (bsc#1120956). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4942=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4942=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4942=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4942=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libpoppler-devel-0.43.0-16.43.1 * libpoppler-glib-devel-0.43.0-16.43.1 * libpoppler-cpp0-0.43.0-16.43.1 * typelib-1_0-Poppler-0_18-0.43.0-16.43.1 * libpoppler-cpp0-debuginfo-0.43.0-16.43.1 * libpoppler-qt4-devel-0.43.0-16.43.1 * poppler-debugsource-0.43.0-16.43.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libpoppler-glib8-0.43.0-16.43.1 * libpoppler60-0.43.0-16.43.1 * libpoppler-qt4-4-0.43.0-16.43.1 * poppler-tools-debuginfo-0.43.0-16.43.1 * libpoppler-glib8-debuginfo-0.43.0-16.43.1 * poppler-debugsource-0.43.0-16.43.1 * poppler-tools-0.43.0-16.43.1 * libpoppler60-debuginfo-0.43.0-16.43.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libpoppler-qt4-4-debuginfo-0.43.0-16.43.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libpoppler-glib8-0.43.0-16.43.1 * libpoppler60-0.43.0-16.43.1 * libpoppler-qt4-4-0.43.0-16.43.1 * poppler-tools-debuginfo-0.43.0-16.43.1 * libpoppler-glib8-debuginfo-0.43.0-16.43.1 * poppler-debugsource-0.43.0-16.43.1 * poppler-tools-0.43.0-16.43.1 * libpoppler60-debuginfo-0.43.0-16.43.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le s390x x86_64) * libpoppler-qt4-4-debuginfo-0.43.0-16.43.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libpoppler-glib8-0.43.0-16.43.1 * libpoppler60-0.43.0-16.43.1 * libpoppler-qt4-4-0.43.0-16.43.1 * poppler-tools-debuginfo-0.43.0-16.43.1 * libpoppler-glib8-debuginfo-0.43.0-16.43.1 * poppler-debugsource-0.43.0-16.43.1 * poppler-tools-0.43.0-16.43.1 * libpoppler-qt4-4-debuginfo-0.43.0-16.43.1 * libpoppler60-debuginfo-0.43.0-16.43.1 ## References: * https://www.suse.com/security/cve/CVE-2018-20662.html * https://bugzilla.suse.com/show_bug.cgi?id=1120956 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 21 12:30:16 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 21 Dec 2023 12:30:16 -0000 Subject: SUSE-SU-2023:4941-1: moderate: Security update for poppler Message-ID: <170316181607.13537.17645105322467852616@smelt2.prg2.suse.org> # Security update for poppler Announcement ID: SUSE-SU-2023:4941-1 Rating: moderate References: * bsc#1041783 * bsc#1120956 Cross-References: * CVE-2017-7511 * CVE-2018-20662 CVSS scores: * CVE-2017-7511 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2017-7511 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-20662 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-20662 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-20662 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2017-7511: Fixed a NULL pointer dereference in pdfunite (bsc#1041783) * CVE-2018-20662: PDFDoc setup in PDFDoc.cc allows attackers to cause DOS because of a wrong return value from PDFDoc:setup (bsc#1120956). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4941=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libpoppler44-debuginfo-0.24.4-14.44.1 * libpoppler44-0.24.4-14.44.1 ## References: * https://www.suse.com/security/cve/CVE-2017-7511.html * https://www.suse.com/security/cve/CVE-2018-20662.html * https://bugzilla.suse.com/show_bug.cgi?id=1041783 * https://bugzilla.suse.com/show_bug.cgi?id=1120956 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Dec 21 13:25:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Dec 2023 14:25:59 +0100 (CET) Subject: SUSE-CU-2023:4239-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20231221132559.CC48BFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4239-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.279 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.279 Severity : important Type : security References : 1201384 1215229 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4916-1 Released: Wed Dec 20 08:49:04 2023 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1215229 This update for lvm2 fixes the following issues: - Fixed error creating linux volume on SAN device lvmlockd (bsc#1215229) The following package changes have been done: - libdevmapper1_03-2.03.05_1.02.163-150400.191.1 updated - libncurses6-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-27.14.129 updated From sle-updates at lists.suse.com Thu Dec 21 13:28:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Dec 2023 14:28:02 +0100 (CET) Subject: SUSE-CU-2023:4240-1: Security update of suse/sles12sp5 Message-ID: <20231221132802.5318AFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4240-1 Container Tags : suse/sles12sp5:6.5.545 , suse/sles12sp5:latest Container Release : 6.5.545 Severity : moderate Type : security References : 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4892-1 Released: Mon Dec 18 16:33:21 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) The following package changes have been done: - libncurses5-5.9-85.1 updated - libncurses6-5.9-85.1 updated - ncurses-utils-5.9-85.1 updated - terminfo-base-5.9-85.1 updated From null at suse.de Thu Dec 21 16:30:02 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 21 Dec 2023 16:30:02 -0000 Subject: SUSE-RU-2023:4956-1: moderate: Recommended update for yast2-registration Message-ID: <170317620285.31968.15115711934162092532@smelt2.prg2.suse.org> # Recommended update for yast2-registration Announcement ID: SUSE-RU-2023:4956-1 Rating: moderate References: * bsc#1217317 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that has one fix can now be installed. ## Description: This update for yast2-registration fixes the following issues: * Fix yast2 migration fail for undefined method `friendly_name' for nil:NilClass (bsc#1217317) * Update to version 4.1.28 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2023-4956=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4956=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4956=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4956=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise Server 15 SP1 (noarch) * yast2-registration-4.1.28-150100.3.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * yast2-registration-4.1.28-150100.3.20.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * yast2-registration-4.1.28-150100.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * yast2-registration-4.1.28-150100.3.20.1 * SUSE CaaS Platform 4.0 (noarch) * yast2-registration-4.1.28-150100.3.20.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1217317 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 21 16:30:06 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 21 Dec 2023 16:30:06 -0000 Subject: SUSE-RU-2023:4954-1: moderate: Recommended update for xf86-video-intel Message-ID: <170317620612.31968.7263087374079879413@smelt2.prg2.suse.org> # Recommended update for xf86-video-intel Announcement ID: SUSE-RU-2023:4954-1 Rating: moderate References: * bsc#1214448 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for xf86-video-intel fixes the following issues: * Mesa's DRI driver is now called "crocus", previously "i965" (bsc#1214448) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4954=1 openSUSE-SLE-15.5-2023-4954=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4954=1 ## Package List: * openSUSE Leap 15.5 (x86_64 i586) * xf86-video-intel-debugsource-2.99.917.916_g31486f40-150500.3.6.1 * xf86-video-intel-2.99.917.916_g31486f40-150500.3.6.1 * xf86-video-intel-debuginfo-2.99.917.916_g31486f40-150500.3.6.1 * openSUSE Leap 15.5 (x86_64) * xf86-video-intel-32bit-debuginfo-2.99.917.916_g31486f40-150500.3.6.1 * xf86-video-intel-32bit-2.99.917.916_g31486f40-150500.3.6.1 * Basesystem Module 15-SP5 (x86_64) * xf86-video-intel-debugsource-2.99.917.916_g31486f40-150500.3.6.1 * xf86-video-intel-2.99.917.916_g31486f40-150500.3.6.1 * xf86-video-intel-debuginfo-2.99.917.916_g31486f40-150500.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214448 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 21 16:30:07 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 21 Dec 2023 16:30:07 -0000 Subject: SUSE-RU-2023:4953-1: moderate: Recommended update for system-role-common-criteria Message-ID: <170317620747.31968.14316170827846452139@smelt2.prg2.suse.org> # Recommended update for system-role-common-criteria Announcement ID: SUSE-RU-2023:4953-1 Rating: moderate References: * jsc#PED-4166 * jsc#PED-4474 Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains two features can now be installed. ## Description: This update fixes the following issue: * Set the encryption password directly from role dialog (jsc#PED-4166, jsc#PED-4474) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4953=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4953=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * system-role-common-criteria-15.5.2-150500.3.3.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * system-role-common-criteria-15.5.2-150500.3.3.1 ## References: * https://jira.suse.com/browse/PED-4166 * https://jira.suse.com/browse/PED-4474 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 21 16:30:04 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 21 Dec 2023 16:30:04 -0000 Subject: SUSE-RU-2023:4955-1: moderate: Recommended update for yast2-registration Message-ID: <170317620427.31968.1534203924212759254@smelt2.prg2.suse.org> # Recommended update for yast2-registration Announcement ID: SUSE-RU-2023:4955-1 Rating: moderate References: * bsc#1217317 Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that has one fix can now be installed. ## Description: This update for yast2-registration fixes the following issues: * Adapted to SCC API change to fix "Device not found" message when launching Yast2 partitioner * Update to version 4.3.28 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4955=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4955=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4955=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4955=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4955=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4955=1 ## Package List: * openSUSE Leap 15.3 (noarch) * yast2-registration-4.3.28-150300.3.20.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * yast2-registration-4.3.28-150300.3.20.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * yast2-registration-4.3.28-150300.3.20.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * yast2-registration-4.3.28-150300.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * yast2-registration-4.3.28-150300.3.20.1 * SUSE Enterprise Storage 7.1 (noarch) * yast2-registration-4.3.28-150300.3.20.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1217317 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 21 16:30:09 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 21 Dec 2023 16:30:09 -0000 Subject: SUSE-SU-2023:4952-1: moderate: Security update for gnutls Message-ID: <170317620920.31968.14600230289456443625@smelt2.prg2.suse.org> # Security update for gnutls Announcement ID: SUSE-SU-2023:4952-1 Rating: moderate References: * bsc#1208143 * bsc#1217277 Cross-References: * CVE-2023-0361 * CVE-2023-5981 CVSS scores: * CVE-2023-0361 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0361 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-5981 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-5981 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves two vulnerabilities can now be installed. ## Description: This update for gnutls fixes the following issues: * CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143). * CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4952=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4952=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4952=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * gnutls-debuginfo-3.6.7-150000.6.50.1 * libgnutls30-debuginfo-3.6.7-150000.6.50.1 * libgnutls-devel-3.6.7-150000.6.50.1 * libgnutlsxx28-debuginfo-3.6.7-150000.6.50.1 * libgnutlsxx28-3.6.7-150000.6.50.1 * gnutls-3.6.7-150000.6.50.1 * libgnutls30-3.6.7-150000.6.50.1 * gnutls-debugsource-3.6.7-150000.6.50.1 * libgnutlsxx-devel-3.6.7-150000.6.50.1 * libgnutls30-hmac-3.6.7-150000.6.50.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libgnutls30-32bit-3.6.7-150000.6.50.1 * libgnutls30-hmac-32bit-3.6.7-150000.6.50.1 * libgnutls30-32bit-debuginfo-3.6.7-150000.6.50.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * gnutls-debuginfo-3.6.7-150000.6.50.1 * libgnutls30-debuginfo-3.6.7-150000.6.50.1 * libgnutls-devel-3.6.7-150000.6.50.1 * libgnutlsxx28-debuginfo-3.6.7-150000.6.50.1 * libgnutlsxx28-3.6.7-150000.6.50.1 * gnutls-3.6.7-150000.6.50.1 * libgnutls30-3.6.7-150000.6.50.1 * gnutls-debugsource-3.6.7-150000.6.50.1 * libgnutlsxx-devel-3.6.7-150000.6.50.1 * libgnutls30-hmac-3.6.7-150000.6.50.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libgnutls30-32bit-3.6.7-150000.6.50.1 * libgnutls30-hmac-32bit-3.6.7-150000.6.50.1 * libgnutls30-32bit-debuginfo-3.6.7-150000.6.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * gnutls-debuginfo-3.6.7-150000.6.50.1 * libgnutls30-debuginfo-3.6.7-150000.6.50.1 * libgnutls-devel-3.6.7-150000.6.50.1 * libgnutlsxx28-debuginfo-3.6.7-150000.6.50.1 * libgnutlsxx28-3.6.7-150000.6.50.1 * gnutls-3.6.7-150000.6.50.1 * libgnutls30-3.6.7-150000.6.50.1 * gnutls-debugsource-3.6.7-150000.6.50.1 * libgnutlsxx-devel-3.6.7-150000.6.50.1 * libgnutls30-hmac-3.6.7-150000.6.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libgnutls30-32bit-3.6.7-150000.6.50.1 * libgnutls30-hmac-32bit-3.6.7-150000.6.50.1 * libgnutls30-32bit-debuginfo-3.6.7-150000.6.50.1 * SUSE CaaS Platform 4.0 (x86_64) * gnutls-debuginfo-3.6.7-150000.6.50.1 * libgnutls30-32bit-3.6.7-150000.6.50.1 * libgnutls30-debuginfo-3.6.7-150000.6.50.1 * libgnutls-devel-3.6.7-150000.6.50.1 * libgnutlsxx28-debuginfo-3.6.7-150000.6.50.1 * libgnutlsxx28-3.6.7-150000.6.50.1 * gnutls-3.6.7-150000.6.50.1 * libgnutlsxx-devel-3.6.7-150000.6.50.1 * libgnutls30-3.6.7-150000.6.50.1 * gnutls-debugsource-3.6.7-150000.6.50.1 * libgnutls30-hmac-32bit-3.6.7-150000.6.50.1 * libgnutls30-32bit-debuginfo-3.6.7-150000.6.50.1 * libgnutls30-hmac-3.6.7-150000.6.50.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0361.html * https://www.suse.com/security/cve/CVE-2023-5981.html * https://bugzilla.suse.com/show_bug.cgi?id=1208143 * https://bugzilla.suse.com/show_bug.cgi?id=1217277 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 21 16:30:11 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 21 Dec 2023 16:30:11 -0000 Subject: SUSE-SU-2023:4951-1: moderate: Security update for libqt5-qtbase Message-ID: <170317621129.31968.3279355577046501935@smelt2.prg2.suse.org> # Security update for libqt5-qtbase Announcement ID: SUSE-SU-2023:4951-1 Rating: moderate References: * bsc#1214327 * jsc#PED-6193 Cross-References: * CVE-2023-37369 CVSS scores: * CVE-2023-37369 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37369 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for libqt5-qtbase fixes the following issues: * CVE-2023-37369: Fixed buffer overflow in QXmlStreamReader (bsc#1214327). * libq5-qtbase was rebuild against icu 73. jsc#PED-6193 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4951=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4951=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4951=1 openSUSE-SLE-15.5-2023-4951=1 ## Package List: * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libQt5Widgets5-5.15.8+kde185-150500.4.13.1 * libQt5Concurrent-devel-5.15.8+kde185-150500.4.13.1 * libQt5Network-devel-5.15.8+kde185-150500.4.13.1 * libQt5PrintSupport5-debuginfo-5.15.8+kde185-150500.4.13.1 * libqt5-qtbase-debugsource-5.15.8+kde185-150500.4.13.1 * libQt5PlatformSupport-devel-static-5.15.8+kde185-150500.4.13.1 * libQt5DBus5-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5PlatformHeaders-devel-5.15.8+kde185-150500.4.13.1 * libQt5Core5-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Gui-devel-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Xml-devel-5.15.8+kde185-150500.4.13.1 * libQt5Test5-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5DBus-devel-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Core-devel-5.15.8+kde185-150500.4.13.1 * libqt5-qtbase-common-devel-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5PrintSupport5-5.15.8+kde185-150500.4.13.1 * libQt5Sql-devel-5.15.8+kde185-150500.4.13.1 * libQt5KmsSupport-devel-static-5.15.8+kde185-150500.4.13.1 * libQt5Gui5-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Network5-5.15.8+kde185-150500.4.13.1 * libQt5Xml5-5.15.8+kde185-150500.4.13.1 * libQt5Network5-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Xml5-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-5.15.8+kde185-150500.4.13.1 * libQt5Widgets5-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Widgets-devel-5.15.8+kde185-150500.4.13.1 * libQt5Gui5-5.15.8+kde185-150500.4.13.1 * libQt5OpenGL5-5.15.8+kde185-150500.4.13.1 * libQt5Test5-5.15.8+kde185-150500.4.13.1 * libQt5PrintSupport-devel-5.15.8+kde185-150500.4.13.1 * libQt5DBus5-5.15.8+kde185-150500.4.13.1 * libQt5Test-devel-5.15.8+kde185-150500.4.13.1 * libQt5Concurrent5-5.15.8+kde185-150500.4.13.1 * libqt5-qtbase-devel-5.15.8+kde185-150500.4.13.1 * libQt5Concurrent5-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-sqlite-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-sqlite-5.15.8+kde185-150500.4.13.1 * libQt5OpenGL-devel-5.15.8+kde185-150500.4.13.1 * libQt5Core5-5.15.8+kde185-150500.4.13.1 * libqt5-qtbase-common-devel-5.15.8+kde185-150500.4.13.1 * libQt5DBus-devel-5.15.8+kde185-150500.4.13.1 * libQt5OpenGL5-debuginfo-5.15.8+kde185-150500.4.13.1 * Basesystem Module 15-SP5 (noarch) * libQt5Test-private-headers-devel-5.15.8+kde185-150500.4.13.1 * libQt5KmsSupport-private-headers-devel-5.15.8+kde185-150500.4.13.1 * libQt5Widgets-private-headers-devel-5.15.8+kde185-150500.4.13.1 * libqt5-qtbase-private-headers-devel-5.15.8+kde185-150500.4.13.1 * libQt5Sql-private-headers-devel-5.15.8+kde185-150500.4.13.1 * libQt5PlatformSupport-private-headers-devel-5.15.8+kde185-150500.4.13.1 * libQt5Core-private-headers-devel-5.15.8+kde185-150500.4.13.1 * libQt5Gui-private-headers-devel-5.15.8+kde185-150500.4.13.1 * libQt5PrintSupport-private-headers-devel-5.15.8+kde185-150500.4.13.1 * libQt5Network-private-headers-devel-5.15.8+kde185-150500.4.13.1 * libQt5OpenGL-private-headers-devel-5.15.8+kde185-150500.4.13.1 * libQt5DBus-private-headers-devel-5.15.8+kde185-150500.4.13.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libQt5Sql5-unixODBC-5.15.8+kde185-150500.4.13.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-mysql-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-postgresql-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-mysql-debuginfo-5.15.8+kde185-150500.4.13.1 * libqt5-qtbase-platformtheme-gtk3-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-unixODBC-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-postgresql-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5OpenGLExtensions-devel-static-5.15.8+kde185-150500.4.13.1 * libqt5-qtbase-debugsource-5.15.8+kde185-150500.4.13.1 * openSUSE Leap 15.5 (x86_64) * libQt5OpenGL5-32bit-5.15.8+kde185-150500.4.13.1 * libQt5Widgets5-32bit-5.15.8+kde185-150500.4.13.1 * libqt5-qtbase-examples-32bit-5.15.8+kde185-150500.4.13.1 * libQt5Xml-devel-32bit-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-postgresql-32bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-sqlite-32bit-5.15.8+kde185-150500.4.13.1 * libQt5Test5-32bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Gui5-32bit-5.15.8+kde185-150500.4.13.1 * libQt5Core5-32bit-5.15.8+kde185-150500.4.13.1 * libQt5PrintSupport5-32bit-5.15.8+kde185-150500.4.13.1 * libQt5Network-devel-32bit-5.15.8+kde185-150500.4.13.1 * libQt5Core5-32bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Xml5-32bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Widgets-devel-32bit-5.15.8+kde185-150500.4.13.1 * libQt5DBus5-32bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5OpenGL5-32bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Core-devel-32bit-5.15.8+kde185-150500.4.13.1 * libQt5Gui5-32bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libqt5-qtbase-examples-32bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5OpenGL-devel-32bit-5.15.8+kde185-150500.4.13.1 * libQt5DBus-devel-32bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-mysql-32bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Sql-devel-32bit-5.15.8+kde185-150500.4.13.1 * libQt5Widgets5-32bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-32bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-mysql-32bit-5.15.8+kde185-150500.4.13.1 * libQt5PrintSupport-devel-32bit-5.15.8+kde185-150500.4.13.1 * libQt5DBus-devel-32bit-5.15.8+kde185-150500.4.13.1 * libQt5Network5-32bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-postgresql-32bit-5.15.8+kde185-150500.4.13.1 * libQt5Concurrent5-32bit-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-sqlite-32bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Bootstrap-devel-static-32bit-5.15.8+kde185-150500.4.13.1 * libQt5Xml5-32bit-5.15.8+kde185-150500.4.13.1 * libQt5Test-devel-32bit-5.15.8+kde185-150500.4.13.1 * libQt5Concurrent-devel-32bit-5.15.8+kde185-150500.4.13.1 * libQt5Gui-devel-32bit-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-32bit-5.15.8+kde185-150500.4.13.1 * libQt5Test5-32bit-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-unixODBC-32bit-5.15.8+kde185-150500.4.13.1 * libQt5OpenGLExtensions-devel-static-32bit-5.15.8+kde185-150500.4.13.1 * libQt5PrintSupport5-32bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Concurrent5-32bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5DBus5-32bit-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-unixODBC-32bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Network5-32bit-5.15.8+kde185-150500.4.13.1 * libQt5PlatformSupport-devel-static-32bit-5.15.8+kde185-150500.4.13.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libQt5Widgets5-5.15.8+kde185-150500.4.13.1 * libQt5Concurrent-devel-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-postgresql-5.15.8+kde185-150500.4.13.1 * libQt5Network-devel-5.15.8+kde185-150500.4.13.1 * libQt5PrintSupport5-debuginfo-5.15.8+kde185-150500.4.13.1 * libqt5-qtbase-debugsource-5.15.8+kde185-150500.4.13.1 * libQt5PlatformSupport-devel-static-5.15.8+kde185-150500.4.13.1 * libQt5DBus5-debuginfo-5.15.8+kde185-150500.4.13.1 * libqt5-qtbase-platformtheme-xdgdesktopportal-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5PlatformHeaders-devel-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-unixODBC-5.15.8+kde185-150500.4.13.1 * libQt5Core5-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-mysql-5.15.8+kde185-150500.4.13.1 * libQt5Bootstrap-devel-static-5.15.8+kde185-150500.4.13.1 * libQt5Gui-devel-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Xml-devel-5.15.8+kde185-150500.4.13.1 * libQt5Test5-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-mysql-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5DBus-devel-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5OpenGLExtensions-devel-static-5.15.8+kde185-150500.4.13.1 * libQt5Core-devel-5.15.8+kde185-150500.4.13.1 * libqt5-qtbase-common-devel-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5PrintSupport5-5.15.8+kde185-150500.4.13.1 * libQt5Sql-devel-5.15.8+kde185-150500.4.13.1 * libQt5KmsSupport-devel-static-5.15.8+kde185-150500.4.13.1 * libQt5Gui5-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Network5-5.15.8+kde185-150500.4.13.1 * libQt5Xml5-5.15.8+kde185-150500.4.13.1 * libQt5Network5-debuginfo-5.15.8+kde185-150500.4.13.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Xml5-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-5.15.8+kde185-150500.4.13.1 * libQt5Widgets5-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Widgets-devel-5.15.8+kde185-150500.4.13.1 * libQt5Gui5-5.15.8+kde185-150500.4.13.1 * libQt5OpenGL5-5.15.8+kde185-150500.4.13.1 * libqt5-qtbase-examples-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Test5-5.15.8+kde185-150500.4.13.1 * libqt5-qtbase-platformtheme-xdgdesktopportal-5.15.8+kde185-150500.4.13.1 * libQt5PrintSupport-devel-5.15.8+kde185-150500.4.13.1 * libQt5DBus5-5.15.8+kde185-150500.4.13.1 * libQt5Test-devel-5.15.8+kde185-150500.4.13.1 * libQt5Concurrent5-5.15.8+kde185-150500.4.13.1 * libqt5-qtbase-devel-5.15.8+kde185-150500.4.13.1 * libQt5Concurrent5-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-sqlite-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-sqlite-5.15.8+kde185-150500.4.13.1 * libQt5OpenGL-devel-5.15.8+kde185-150500.4.13.1 * libQt5Core5-5.15.8+kde185-150500.4.13.1 * libqt5-qtbase-common-devel-5.15.8+kde185-150500.4.13.1 * libqt5-qtbase-platformtheme-gtk3-5.15.8+kde185-150500.4.13.1 * libQt5DBus-devel-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-postgresql-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-unixODBC-debuginfo-5.15.8+kde185-150500.4.13.1 * libqt5-qtbase-examples-5.15.8+kde185-150500.4.13.1 * libQt5OpenGL5-debuginfo-5.15.8+kde185-150500.4.13.1 * openSUSE Leap 15.5 (noarch) * libQt5Test-private-headers-devel-5.15.8+kde185-150500.4.13.1 * libQt5KmsSupport-private-headers-devel-5.15.8+kde185-150500.4.13.1 * libQt5Widgets-private-headers-devel-5.15.8+kde185-150500.4.13.1 * libqt5-qtbase-private-headers-devel-5.15.8+kde185-150500.4.13.1 * libQt5Sql-private-headers-devel-5.15.8+kde185-150500.4.13.1 * libQt5PlatformSupport-private-headers-devel-5.15.8+kde185-150500.4.13.1 * libQt5Core-private-headers-devel-5.15.8+kde185-150500.4.13.1 * libQt5Gui-private-headers-devel-5.15.8+kde185-150500.4.13.1 * libQt5PrintSupport-private-headers-devel-5.15.8+kde185-150500.4.13.1 * libQt5Network-private-headers-devel-5.15.8+kde185-150500.4.13.1 * libQt5OpenGL-private-headers-devel-5.15.8+kde185-150500.4.13.1 * libQt5DBus-private-headers-devel-5.15.8+kde185-150500.4.13.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libQt5Xml-devel-64bit-5.15.8+kde185-150500.4.13.1 * libQt5Xml5-64bit-5.15.8+kde185-150500.4.13.1 * libQt5DBus-devel-64bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5DBus-devel-64bit-5.15.8+kde185-150500.4.13.1 * libQt5Bootstrap-devel-static-64bit-5.15.8+kde185-150500.4.13.1 * libQt5PrintSupport5-64bit-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-64bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-mysql-64bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Concurrent5-64bit-5.15.8+kde185-150500.4.13.1 * libQt5Widgets5-64bit-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-mysql-64bit-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-sqlite-64bit-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-sqlite-64bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-64bit-5.15.8+kde185-150500.4.13.1 * libQt5DBus5-64bit-5.15.8+kde185-150500.4.13.1 * libQt5Gui-devel-64bit-5.15.8+kde185-150500.4.13.1 * libQt5PlatformSupport-devel-static-64bit-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-unixODBC-64bit-5.15.8+kde185-150500.4.13.1 * libQt5Xml5-64bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Network5-64bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-unixODBC-64bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Core5-64bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Concurrent-devel-64bit-5.15.8+kde185-150500.4.13.1 * libQt5PrintSupport-devel-64bit-5.15.8+kde185-150500.4.13.1 * libQt5OpenGLExtensions-devel-static-64bit-5.15.8+kde185-150500.4.13.1 * libQt5Test5-64bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Gui5-64bit-5.15.8+kde185-150500.4.13.1 * libQt5Widgets5-64bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5DBus5-64bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5OpenGL-devel-64bit-5.15.8+kde185-150500.4.13.1 * libQt5PrintSupport5-64bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Sql-devel-64bit-5.15.8+kde185-150500.4.13.1 * libQt5Gui5-64bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Concurrent5-64bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Core-devel-64bit-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-postgresql-64bit-5.15.8+kde185-150500.4.13.1 * libQt5Test5-64bit-5.15.8+kde185-150500.4.13.1 * libqt5-qtbase-examples-64bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5OpenGL5-64bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libqt5-qtbase-examples-64bit-5.15.8+kde185-150500.4.13.1 * libQt5Widgets-devel-64bit-5.15.8+kde185-150500.4.13.1 * libQt5Test-devel-64bit-5.15.8+kde185-150500.4.13.1 * libQt5Network5-64bit-5.15.8+kde185-150500.4.13.1 * libQt5OpenGL5-64bit-5.15.8+kde185-150500.4.13.1 * libQt5Sql5-postgresql-64bit-debuginfo-5.15.8+kde185-150500.4.13.1 * libQt5Core5-64bit-5.15.8+kde185-150500.4.13.1 * libQt5Network-devel-64bit-5.15.8+kde185-150500.4.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-37369.html * https://bugzilla.suse.com/show_bug.cgi?id=1214327 * https://jira.suse.com/browse/PED-6193 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 21 20:30:05 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 21 Dec 2023 20:30:05 -0000 Subject: SUSE-SU-2023:4957-1: moderate: Security update for libcryptopp Message-ID: <170319060584.31470.17506557973697368752@smelt2.prg2.suse.org> # Security update for libcryptopp Announcement ID: SUSE-SU-2023:4957-1 Rating: moderate References: * bsc#1218219 Cross-References: * CVE-2023-50980 CVSS scores: * CVE-2023-50980 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability can now be installed. ## Description: This update for libcryptopp fixes the following issues: * CVE-2023-50980: Fixed DoS via malformed DER public key file (bsc#1218219). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4957=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * libcryptopp5_6_5-32bit-debuginfo-5.6.5-150000.1.9.1 * libcryptopp5_6_5-32bit-5.6.5-150000.1.9.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libcryptopp5_6_5-debuginfo-5.6.5-150000.1.9.1 * libcryptopp5_6_5-5.6.5-150000.1.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-50980.html * https://bugzilla.suse.com/show_bug.cgi?id=1218219 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 21 20:30:07 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 21 Dec 2023 20:30:07 -0000 Subject: SUSE-SU-2023:4950-1: moderate: Security update for libqt5-qtbase Message-ID: <170319060725.31470.16086488396136617988@smelt2.prg2.suse.org> # Security update for libqt5-qtbase Announcement ID: SUSE-SU-2023:4950-1 Rating: moderate References: * bsc#1214327 * jsc#PED-6193 Cross-References: * CVE-2023-37369 CVSS scores: * CVE-2023-37369 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37369 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for libqt5-qtbase fixes the following issues: * CVE-2023-37369: Fixed buffer overflow in QXmlStreamReader (bsc#1214327). * libq5-qtbase was rebuild against icu 73. jsc#PED-6193 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4950=1 openSUSE-SLE-15.4-2023-4950=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4950=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4950=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * libQt5DBus-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Test5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-32bit-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Bootstrap-devel-static-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Gui-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-devel-32bit-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Network5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-32bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-32bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGLExtensions-devel-static-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Network5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Xml-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-32bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-devel-static-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Network-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Core5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-32bit-5.15.2+kde294-150400.6.10.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libQt5Sql5-postgresql-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Network5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-debuginfo-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-xdgdesktopportal-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test5-5.15.2+kde294-150400.6.10.1 * libQt5KmsSupport-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Network-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-devel-5.15.2+kde294-150400.6.10.1 * libQt5Core-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-5.15.2+kde294-150400.6.10.1 * libQt5Network5-5.15.2+kde294-150400.6.10.1 * libQt5Test-devel-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-devel-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-5.15.2+kde294-150400.6.10.1 * libQt5Bootstrap-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-debuginfo-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-xdgdesktopportal-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-debuginfo-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-common-devel-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-5.15.2+kde294-150400.6.10.1 * libQt5OpenGLExtensions-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5Xml-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Gui-devel-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-debugsource-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-devel-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent-devel-5.15.2+kde294-150400.6.10.1 * libQt5Core5-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-5.15.2+kde294-150400.6.10.1 * libQt5PlatformHeaders-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-gtk3-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-debuginfo-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport-devel-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-common-devel-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core5-debuginfo-5.15.2+kde294-150400.6.10.1 * openSUSE Leap 15.4 (noarch) * libQt5Widgets-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5KmsSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5DBus-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Core-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Gui-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Network-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Test-private-headers-devel-5.15.2+kde294-150400.6.10.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libQt5Concurrent-devel-64bit-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5OpenGLExtensions-devel-static-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Test5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Network5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Network5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Gui-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Bootstrap-devel-static-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Test5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-devel-static-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-64bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Test-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Core5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Network-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml-devel-64bit-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-64bit-5.15.2+kde294-150400.6.10.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libQt5Concurrent5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Network5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test5-5.15.2+kde294-150400.6.10.1 * libQt5KmsSupport-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Network-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-devel-5.15.2+kde294-150400.6.10.1 * libQt5Core-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-5.15.2+kde294-150400.6.10.1 * libQt5Network5-5.15.2+kde294-150400.6.10.1 * libQt5Test-devel-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-devel-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-debuginfo-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-common-devel-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml-devel-5.15.2+kde294-150400.6.10.1 * libQt5Gui-devel-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-debugsource-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-devel-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent-devel-5.15.2+kde294-150400.6.10.1 * libQt5Core5-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-5.15.2+kde294-150400.6.10.1 * libQt5PlatformHeaders-devel-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport-devel-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-common-devel-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core5-debuginfo-5.15.2+kde294-150400.6.10.1 * Basesystem Module 15-SP4 (noarch) * libQt5Widgets-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5KmsSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5DBus-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Core-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Gui-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Network-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Test-private-headers-devel-5.15.2+kde294-150400.6.10.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libQt5Sql5-postgresql-debuginfo-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-gtk3-5.15.2+kde294-150400.6.10.1 * libQt5OpenGLExtensions-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-debugsource-5.15.2+kde294-150400.6.10.1 ## References: * https://www.suse.com/security/cve/CVE-2023-37369.html * https://bugzilla.suse.com/show_bug.cgi?id=1214327 * https://jira.suse.com/browse/PED-6193 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 21 20:33:08 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 21 Dec 2023 20:33:08 -0000 Subject: SUSE-SU-2023:4950-1: moderate: Security update for libqt5-qtbase Message-ID: <170319078851.31760.17229009498263165337@smelt2.prg2.suse.org> # Security update for libqt5-qtbase Announcement ID: SUSE-SU-2023:4950-1 Rating: moderate References: * bsc#1214327 * jsc#PED-6193 Cross-References: * CVE-2023-37369 CVSS scores: * CVE-2023-37369 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37369 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for libqt5-qtbase fixes the following issues: * CVE-2023-37369: Fixed buffer overflow in QXmlStreamReader (bsc#1214327). * libq5-qtbase was rebuild against icu 73. jsc#PED-6193 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4950=1 openSUSE-SLE-15.4-2023-4950=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4950=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4950=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * libQt5Network5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Bootstrap-devel-static-32bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGLExtensions-devel-static-32bit-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-devel-static-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Test5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Gui-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Network5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-32bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent-devel-32bit-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-32bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Test5-32bit-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Core5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Network-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libQt5Core-devel-5.15.2+kde294-150400.6.10.1 * libQt5Gui-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-5.15.2+kde294-150400.6.10.1 * libQt5Network-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-common-devel-5.15.2+kde294-150400.6.10.1 * libQt5Network5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PlatformHeaders-devel-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-debugsource-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core5-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-5.15.2+kde294-150400.6.10.1 * libQt5Xml-devel-5.15.2+kde294-150400.6.10.1 * libQt5Bootstrap-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-xdgdesktopportal-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-debuginfo-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-debuginfo-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-xdgdesktopportal-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql-devel-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-5.15.2+kde294-150400.6.10.1 * libQt5KmsSupport-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5Test-devel-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5OpenGLExtensions-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-devel-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Network5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-gtk3-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-common-devel-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test5-5.15.2+kde294-150400.6.10.1 * openSUSE Leap 15.4 (noarch) * libQt5PrintSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Network-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5DBus-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Gui-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5KmsSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Test-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Core-private-headers-devel-5.15.2+kde294-150400.6.10.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libQt5Core5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-64bit-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-devel-static-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Test5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Gui-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGLExtensions-devel-static-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Bootstrap-devel-static-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Core-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-64bit-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Network-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Test-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-64bit-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Network5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Network5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-64bit-5.15.2+kde294-150400.6.10.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libQt5Core-devel-5.15.2+kde294-150400.6.10.1 * libQt5Gui-devel-5.15.2+kde294-150400.6.10.1 * libQt5Network-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-common-devel-5.15.2+kde294-150400.6.10.1 * libQt5Network5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PlatformHeaders-devel-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-debugsource-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core5-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport-devel-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml-devel-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-5.15.2+kde294-150400.6.10.1 * libQt5Core5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-debuginfo-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-devel-5.15.2+kde294-150400.6.10.1 * libQt5Test5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql-devel-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-5.15.2+kde294-150400.6.10.1 * libQt5KmsSupport-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5Test-devel-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-devel-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Network5-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-common-devel-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test5-5.15.2+kde294-150400.6.10.1 * Basesystem Module 15-SP4 (noarch) * libQt5PrintSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Network-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5DBus-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Gui-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5KmsSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Test-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Core-private-headers-devel-5.15.2+kde294-150400.6.10.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libqt5-qtbase-debugsource-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5OpenGLExtensions-devel-static-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-debuginfo-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-gtk3-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-5.15.2+kde294-150400.6.10.1 ## References: * https://www.suse.com/security/cve/CVE-2023-37369.html * https://bugzilla.suse.com/show_bug.cgi?id=1214327 * https://jira.suse.com/browse/PED-6193 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 21 20:36:09 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 21 Dec 2023 20:36:09 -0000 Subject: SUSE-SU-2023:4950-1: moderate: Security update for libqt5-qtbase Message-ID: <170319096989.31760.6727989541299179753@smelt2.prg2.suse.org> # Security update for libqt5-qtbase Announcement ID: SUSE-SU-2023:4950-1 Rating: moderate References: * bsc#1214327 * jsc#PED-6193 Cross-References: * CVE-2023-37369 CVSS scores: * CVE-2023-37369 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37369 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for libqt5-qtbase fixes the following issues: * CVE-2023-37369: Fixed buffer overflow in QXmlStreamReader (bsc#1214327). * libq5-qtbase was rebuild against icu 73. jsc#PED-6193 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4950=1 openSUSE-SLE-15.4-2023-4950=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4950=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4950=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * libQt5Network5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Bootstrap-devel-static-32bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGLExtensions-devel-static-32bit-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-devel-static-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Test5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Gui-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Network5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-32bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent-devel-32bit-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-32bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Test5-32bit-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Core5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Network-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libQt5Core-devel-5.15.2+kde294-150400.6.10.1 * libQt5Gui-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-5.15.2+kde294-150400.6.10.1 * libQt5Network-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-common-devel-5.15.2+kde294-150400.6.10.1 * libQt5Network5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PlatformHeaders-devel-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-debugsource-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core5-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-5.15.2+kde294-150400.6.10.1 * libQt5Xml-devel-5.15.2+kde294-150400.6.10.1 * libQt5Bootstrap-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-xdgdesktopportal-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-debuginfo-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-debuginfo-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-xdgdesktopportal-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql-devel-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-5.15.2+kde294-150400.6.10.1 * libQt5KmsSupport-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5Test-devel-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5OpenGLExtensions-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-devel-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Network5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-gtk3-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-common-devel-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test5-5.15.2+kde294-150400.6.10.1 * openSUSE Leap 15.4 (noarch) * libQt5PrintSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Network-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5DBus-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Gui-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5KmsSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Test-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Core-private-headers-devel-5.15.2+kde294-150400.6.10.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libQt5Core5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-64bit-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-devel-static-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Test5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Gui-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGLExtensions-devel-static-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Bootstrap-devel-static-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Core-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-64bit-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Network-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Test-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-64bit-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Network5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Network5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-64bit-5.15.2+kde294-150400.6.10.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libQt5Core-devel-5.15.2+kde294-150400.6.10.1 * libQt5Gui-devel-5.15.2+kde294-150400.6.10.1 * libQt5Network-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-common-devel-5.15.2+kde294-150400.6.10.1 * libQt5Network5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PlatformHeaders-devel-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-debugsource-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core5-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport-devel-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml-devel-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-5.15.2+kde294-150400.6.10.1 * libQt5Core5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-debuginfo-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-devel-5.15.2+kde294-150400.6.10.1 * libQt5Test5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql-devel-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-5.15.2+kde294-150400.6.10.1 * libQt5KmsSupport-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5Test-devel-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-devel-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Network5-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-common-devel-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test5-5.15.2+kde294-150400.6.10.1 * Basesystem Module 15-SP4 (noarch) * libQt5PrintSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Network-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5DBus-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Gui-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5KmsSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Test-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Core-private-headers-devel-5.15.2+kde294-150400.6.10.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libqt5-qtbase-debugsource-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5OpenGLExtensions-devel-static-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-debuginfo-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-gtk3-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-5.15.2+kde294-150400.6.10.1 ## References: * https://www.suse.com/security/cve/CVE-2023-37369.html * https://bugzilla.suse.com/show_bug.cgi?id=1214327 * https://jira.suse.com/browse/PED-6193 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 21 20:39:11 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 21 Dec 2023 20:39:11 -0000 Subject: SUSE-SU-2023:4950-1: moderate: Security update for libqt5-qtbase Message-ID: <170319115166.31760.6408769919175681170@smelt2.prg2.suse.org> # Security update for libqt5-qtbase Announcement ID: SUSE-SU-2023:4950-1 Rating: moderate References: * bsc#1214327 * jsc#PED-6193 Cross-References: * CVE-2023-37369 CVSS scores: * CVE-2023-37369 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37369 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for libqt5-qtbase fixes the following issues: * CVE-2023-37369: Fixed buffer overflow in QXmlStreamReader (bsc#1214327). * libq5-qtbase was rebuild against icu 73. jsc#PED-6193 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4950=1 openSUSE-SLE-15.4-2023-4950=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4950=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4950=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * libQt5Network5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Bootstrap-devel-static-32bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGLExtensions-devel-static-32bit-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-devel-static-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Test5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Gui-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Network5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-32bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent-devel-32bit-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-32bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Test5-32bit-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Core5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Network-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libQt5Core-devel-5.15.2+kde294-150400.6.10.1 * libQt5Gui-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-5.15.2+kde294-150400.6.10.1 * libQt5Network-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-common-devel-5.15.2+kde294-150400.6.10.1 * libQt5Network5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PlatformHeaders-devel-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-debugsource-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core5-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-5.15.2+kde294-150400.6.10.1 * libQt5Xml-devel-5.15.2+kde294-150400.6.10.1 * libQt5Bootstrap-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-xdgdesktopportal-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-debuginfo-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-debuginfo-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-xdgdesktopportal-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql-devel-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-5.15.2+kde294-150400.6.10.1 * libQt5KmsSupport-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5Test-devel-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5OpenGLExtensions-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-devel-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Network5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-gtk3-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-common-devel-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test5-5.15.2+kde294-150400.6.10.1 * openSUSE Leap 15.4 (noarch) * libQt5PrintSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Network-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5DBus-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Gui-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5KmsSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Test-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Core-private-headers-devel-5.15.2+kde294-150400.6.10.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libQt5Core5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-64bit-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-devel-static-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Test5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Gui-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGLExtensions-devel-static-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Bootstrap-devel-static-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Core-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-64bit-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Network-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Test-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-64bit-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Network5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Network5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-64bit-5.15.2+kde294-150400.6.10.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libQt5Core-devel-5.15.2+kde294-150400.6.10.1 * libQt5Gui-devel-5.15.2+kde294-150400.6.10.1 * libQt5Network-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-common-devel-5.15.2+kde294-150400.6.10.1 * libQt5Network5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PlatformHeaders-devel-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-debugsource-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core5-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport-devel-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml-devel-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-5.15.2+kde294-150400.6.10.1 * libQt5Core5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-debuginfo-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-devel-5.15.2+kde294-150400.6.10.1 * libQt5Test5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql-devel-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-5.15.2+kde294-150400.6.10.1 * libQt5KmsSupport-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5Test-devel-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-devel-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Network5-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-common-devel-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test5-5.15.2+kde294-150400.6.10.1 * Basesystem Module 15-SP4 (noarch) * libQt5PrintSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Network-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5DBus-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Gui-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5KmsSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Test-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Core-private-headers-devel-5.15.2+kde294-150400.6.10.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libqt5-qtbase-debugsource-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5OpenGLExtensions-devel-static-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-debuginfo-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-gtk3-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-5.15.2+kde294-150400.6.10.1 ## References: * https://www.suse.com/security/cve/CVE-2023-37369.html * https://bugzilla.suse.com/show_bug.cgi?id=1214327 * https://jira.suse.com/browse/PED-6193 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Dec 22 08:30:21 2023 From: null at suse.de (SLE-UPDATES) Date: Fri, 22 Dec 2023 08:30:21 -0000 Subject: SUSE-SU-2023:4958-1: moderate: Security update for tinyxml Message-ID: <170323382146.23456.9898348573722805117@smelt2.prg2.suse.org> # Security update for tinyxml Announcement ID: SUSE-SU-2023:4958-1 Rating: moderate References: * bsc#1218040 Cross-References: * CVE-2023-34194 CVSS scores: * CVE-2023-34194 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-34194 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for tinyxml fixes the following issues: * CVE-2023-34194: Fixed reachable assertion may lead to denial of service (bsc#1218040). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4958=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4958=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4958=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libtinyxml0-2.6.2-150000.3.6.1 * libtinyxml0-debuginfo-2.6.2-150000.3.6.1 * tinyxml-devel-2.6.2-150000.3.6.1 * tinyxml-debugsource-2.6.2-150000.3.6.1 * tinyxml-docs-2.6.2-150000.3.6.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * libtinyxml0-2.6.2-150000.3.6.1 * libtinyxml0-debuginfo-2.6.2-150000.3.6.1 * tinyxml-devel-2.6.2-150000.3.6.1 * tinyxml-debugsource-2.6.2-150000.3.6.1 * tinyxml-docs-2.6.2-150000.3.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libtinyxml0-2.6.2-150000.3.6.1 * libtinyxml0-debuginfo-2.6.2-150000.3.6.1 * tinyxml-devel-2.6.2-150000.3.6.1 * tinyxml-debugsource-2.6.2-150000.3.6.1 * tinyxml-docs-2.6.2-150000.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34194.html * https://bugzilla.suse.com/show_bug.cgi?id=1218040 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Dec 22 08:30:22 2023 From: null at suse.de (SLE-UPDATES) Date: Fri, 22 Dec 2023 08:30:22 -0000 Subject: SUSE-SU-2023:4950-1: moderate: Security update for libqt5-qtbase Message-ID: <170323382269.23456.4096359584318171736@smelt2.prg2.suse.org> # Security update for libqt5-qtbase Announcement ID: SUSE-SU-2023:4950-1 Rating: moderate References: * bsc#1214327 * jsc#PED-6193 Cross-References: * CVE-2023-37369 CVSS scores: * CVE-2023-37369 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37369 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for libqt5-qtbase fixes the following issues: * CVE-2023-37369: Fixed buffer overflow in QXmlStreamReader (bsc#1214327). * libq5-qtbase was rebuild against icu 73. jsc#PED-6193 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4950=1 openSUSE-SLE-15.4-2023-4950=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4950=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4950=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * libQt5Network5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Bootstrap-devel-static-32bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGLExtensions-devel-static-32bit-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-devel-static-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Test5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Gui-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Network5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-32bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent-devel-32bit-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-32bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Test5-32bit-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Core5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Network-devel-32bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-32bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-32bit-debuginfo-5.15.2+kde294-150400.6.10.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libQt5Core-devel-5.15.2+kde294-150400.6.10.1 * libQt5Gui-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-5.15.2+kde294-150400.6.10.1 * libQt5Network-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-common-devel-5.15.2+kde294-150400.6.10.1 * libQt5Network5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PlatformHeaders-devel-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-debugsource-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core5-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-5.15.2+kde294-150400.6.10.1 * libQt5Xml-devel-5.15.2+kde294-150400.6.10.1 * libQt5Bootstrap-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-xdgdesktopportal-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-debuginfo-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-debuginfo-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-xdgdesktopportal-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql-devel-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-5.15.2+kde294-150400.6.10.1 * libQt5KmsSupport-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5Test-devel-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5OpenGLExtensions-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-devel-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Network5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-gtk3-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-common-devel-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test5-5.15.2+kde294-150400.6.10.1 * openSUSE Leap 15.4 (noarch) * libQt5PrintSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Network-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5DBus-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Gui-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5KmsSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Test-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Core-private-headers-devel-5.15.2+kde294-150400.6.10.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libQt5Core5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-64bit-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-devel-static-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Test5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Gui-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGLExtensions-devel-static-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Bootstrap-devel-static-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Core-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-64bit-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Network-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Sql-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Test-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-64bit-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-examples-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Network5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport-devel-64bit-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-64bit-5.15.2+kde294-150400.6.10.1 * libQt5Network5-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-64bit-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-64bit-5.15.2+kde294-150400.6.10.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libQt5Core-devel-5.15.2+kde294-150400.6.10.1 * libQt5Gui-devel-5.15.2+kde294-150400.6.10.1 * libQt5Network-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-common-devel-5.15.2+kde294-150400.6.10.1 * libQt5Network5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PlatformHeaders-devel-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-debugsource-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Core5-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport-devel-5.15.2+kde294-150400.6.10.1 * libQt5DBus5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml-devel-5.15.2+kde294-150400.6.10.1 * libQt5Concurrent5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-5.15.2+kde294-150400.6.10.1 * libQt5Core5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-devel-5.15.2+kde294-150400.6.10.1 * libQt5Xml5-debuginfo-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-devel-5.15.2+kde294-150400.6.10.1 * libQt5Test5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Gui5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5DBus-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql-devel-5.15.2+kde294-150400.6.10.1 * libQt5PrintSupport5-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-sqlite-5.15.2+kde294-150400.6.10.1 * libQt5KmsSupport-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5Test-devel-5.15.2+kde294-150400.6.10.1 * libQt5Widgets5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-devel-static-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-devel-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Network5-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL5-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-common-devel-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Test5-5.15.2+kde294-150400.6.10.1 * Basesystem Module 15-SP4 (noarch) * libQt5PrintSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5OpenGL-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Network-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Sql-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5DBus-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Widgets-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Gui-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5PlatformSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5KmsSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Test-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-private-headers-devel-5.15.2+kde294-150400.6.10.1 * libQt5Core-private-headers-devel-5.15.2+kde294-150400.6.10.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libqt5-qtbase-debugsource-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-unixODBC-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5OpenGLExtensions-devel-static-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-postgresql-debuginfo-5.15.2+kde294-150400.6.10.1 * libqt5-qtbase-platformtheme-gtk3-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-debuginfo-5.15.2+kde294-150400.6.10.1 * libQt5Sql5-mysql-5.15.2+kde294-150400.6.10.1 ## References: * https://www.suse.com/security/cve/CVE-2023-37369.html * https://bugzilla.suse.com/show_bug.cgi?id=1214327 * https://jira.suse.com/browse/PED-6193 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Dec 22 08:30:25 2023 From: null at suse.de (SLE-UPDATES) Date: Fri, 22 Dec 2023 08:30:25 -0000 Subject: SUSE-SU-2023:4949-1: important: Security update for xorg-x11-server Message-ID: <170323382509.23456.1237156721031773881@smelt2.prg2.suse.org> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2023:4949-1 Rating: important References: * bsc#1217765 Cross-References: * CVE-2023-6377 CVSS scores: * CVE-2023-6377 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6377 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions (bsc#1217765). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4949=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4949=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4949=1 openSUSE-SLE-15.4-2023-4949=1 ## Package List: * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-1.20.3-150400.38.35.1 * xorg-x11-server-extra-1.20.3-150400.38.35.1 * xorg-x11-server-debugsource-1.20.3-150400.38.35.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.35.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.35.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-sdk-1.20.3-150400.38.35.1 * xorg-x11-server-debugsource-1.20.3-150400.38.35.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.35.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * xorg-x11-server-1.20.3-150400.38.35.1 * xorg-x11-server-extra-1.20.3-150400.38.35.1 * xorg-x11-server-debugsource-1.20.3-150400.38.35.1 * xorg-x11-server-sdk-1.20.3-150400.38.35.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.35.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.35.1 * xorg-x11-server-source-1.20.3-150400.38.35.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6377.html * https://bugzilla.suse.com/show_bug.cgi?id=1217765 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Dec 22 08:30:27 2023 From: null at suse.de (SLE-UPDATES) Date: Fri, 22 Dec 2023 08:30:27 -0000 Subject: SUSE-SU-2023:4948-1: moderate: Security update for zbar Message-ID: <170323382747.23456.5327640516290543405@smelt2.prg2.suse.org> # Security update for zbar Announcement ID: SUSE-SU-2023:4948-1 Rating: moderate References: * bsc#1214770 * bsc#1214771 Cross-References: * CVE-2023-40889 * CVE-2023-40890 CVSS scores: * CVE-2023-40889 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-40889 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-40890 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-40890 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for zbar fixes the following issues: * CVE-2023-40889: Fixed heap-based buffer overflow in the qr_reader_match_centers function (bsc#1214770). * CVE-2023-40890: Fixed stack-based buffer overflow in the lookup_sequence function (bsc#1214771). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4948=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4948=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4948=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4948=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4948=1 * SUSE Linux Enterprise Real Time 15 SP4 zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2023-4948=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libzbarqt0-0.23.1-150300.3.3.1 * libzbarqt0-debuginfo-0.23.1-150300.3.3.1 * zbar-debuginfo-0.23.1-150300.3.3.1 * libzbarqt-devel-0.23.1-150300.3.3.1 * zbar-0.23.1-150300.3.3.1 * libzbar0-0.23.1-150300.3.3.1 * zbar-debugsource-0.23.1-150300.3.3.1 * libzbar-devel-0.23.1-150300.3.3.1 * libzbar0-debuginfo-0.23.1-150300.3.3.1 * openSUSE Leap 15.3 (x86_64) * libzbarqt0-32bit-0.23.1-150300.3.3.1 * libzbar0-32bit-debuginfo-0.23.1-150300.3.3.1 * libzbar0-32bit-0.23.1-150300.3.3.1 * libzbarqt0-32bit-debuginfo-0.23.1-150300.3.3.1 * openSUSE Leap 15.3 (aarch64_ilp32) * libzbar0-64bit-0.23.1-150300.3.3.1 * libzbarqt0-64bit-debuginfo-0.23.1-150300.3.3.1 * libzbar0-64bit-debuginfo-0.23.1-150300.3.3.1 * libzbarqt0-64bit-0.23.1-150300.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libzbarqt0-0.23.1-150300.3.3.1 * libzbarqt0-debuginfo-0.23.1-150300.3.3.1 * zbar-debuginfo-0.23.1-150300.3.3.1 * libzbarqt-devel-0.23.1-150300.3.3.1 * zbar-0.23.1-150300.3.3.1 * libzbar0-0.23.1-150300.3.3.1 * zbar-debugsource-0.23.1-150300.3.3.1 * libzbar-devel-0.23.1-150300.3.3.1 * libzbar0-debuginfo-0.23.1-150300.3.3.1 * openSUSE Leap 15.4 (x86_64) * libzbarqt0-32bit-0.23.1-150300.3.3.1 * libzbar0-32bit-debuginfo-0.23.1-150300.3.3.1 * libzbar0-32bit-0.23.1-150300.3.3.1 * libzbarqt0-32bit-debuginfo-0.23.1-150300.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libzbarqt0-0.23.1-150300.3.3.1 * libzbarqt0-debuginfo-0.23.1-150300.3.3.1 * zbar-debuginfo-0.23.1-150300.3.3.1 * libzbarqt-devel-0.23.1-150300.3.3.1 * zbar-0.23.1-150300.3.3.1 * libzbar0-0.23.1-150300.3.3.1 * zbar-debugsource-0.23.1-150300.3.3.1 * libzbar-devel-0.23.1-150300.3.3.1 * libzbar0-debuginfo-0.23.1-150300.3.3.1 * openSUSE Leap 15.5 (x86_64) * libzbarqt0-32bit-0.23.1-150300.3.3.1 * libzbar0-32bit-debuginfo-0.23.1-150300.3.3.1 * libzbar0-32bit-0.23.1-150300.3.3.1 * libzbarqt0-32bit-debuginfo-0.23.1-150300.3.3.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * zbar-debugsource-0.23.1-150300.3.3.1 * zbar-debuginfo-0.23.1-150300.3.3.1 * libzbar0-0.23.1-150300.3.3.1 * libzbar0-debuginfo-0.23.1-150300.3.3.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * libzbarqt0-debuginfo-0.23.1-150300.3.3.1 * libzbarqt0-0.23.1-150300.3.3.1 * zbar-debuginfo-0.23.1-150300.3.3.1 * libzbarqt-devel-0.23.1-150300.3.3.1 * zbar-0.23.1-150300.3.3.1 * zbar-debugsource-0.23.1-150300.3.3.1 * libzbar-devel-0.23.1-150300.3.3.1 * SUSE Linux Enterprise Real Time 15 SP4 (x86_64) * zbar-debugsource-0.23.1-150300.3.3.1 * zbar-debuginfo-0.23.1-150300.3.3.1 * libzbar0-0.23.1-150300.3.3.1 * libzbar0-debuginfo-0.23.1-150300.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40889.html * https://www.suse.com/security/cve/CVE-2023-40890.html * https://bugzilla.suse.com/show_bug.cgi?id=1214770 * https://bugzilla.suse.com/show_bug.cgi?id=1214771 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Dec 22 08:30:29 2023 From: null at suse.de (SLE-UPDATES) Date: Fri, 22 Dec 2023 08:30:29 -0000 Subject: SUSE-SU-2023:4947-1: important: Security update for gstreamer-plugins-bad Message-ID: <170323382971.23456.8361942508265549247@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4947-1 Rating: important References: * bsc#1215792 Cross-References: * CVE-2023-40475 CVSS scores: * CVE-2023-40475 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: CVE-2023-40475: Fixed GStreamer MXF File Parsing Integer Overflow (bsc#1215792). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4947=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4947=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4947=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libgstsctp-1_0-0-1.16.3-150200.4.16.1 * libgstplayer-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgstphotography-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgsturidownloader-1_0-0-1.16.3-150200.4.16.1 * typelib-1_0-GstPlayer-1_0-1.16.3-150200.4.16.1 * libgstwayland-1_0-0-1.16.3-150200.4.16.1 * libgstphotography-1_0-0-1.16.3-150200.4.16.1 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150200.4.16.1 * typelib-1_0-GstWebRTC-1_0-1.16.3-150200.4.16.1 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgstinsertbin-1_0-0-1.16.3-150200.4.16.1 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150200.4.16.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150200.4.16.1 * gstreamer-plugins-bad-devel-1.16.3-150200.4.16.1 * libgstwayland-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgstwebrtc-1_0-0-1.16.3-150200.4.16.1 * gstreamer-plugins-bad-chromaprint-1.16.3-150200.4.16.1 * gstreamer-plugins-bad-debugsource-1.16.3-150200.4.16.1 * typelib-1_0-GstInsertBin-1_0-1.16.3-150200.4.16.1 * libgstadaptivedemux-1_0-0-1.16.3-150200.4.16.1 * libgstbasecamerabinsrc-1_0-0-1.16.3-150200.4.16.1 * gstreamer-plugins-bad-1.16.3-150200.4.16.1 * libgstbadaudio-1_0-0-1.16.3-150200.4.16.1 * libgstcodecparsers-1_0-0-1.16.3-150200.4.16.1 * libgstisoff-1_0-0-debuginfo-1.16.3-150200.4.16.1 * gstreamer-plugins-bad-debuginfo-1.16.3-150200.4.16.1 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgstsctp-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgstmpegts-1_0-0-1.16.3-150200.4.16.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgstplayer-1_0-0-1.16.3-150200.4.16.1 * libgstisoff-1_0-0-1.16.3-150200.4.16.1 * typelib-1_0-GstMpegts-1_0-1.16.3-150200.4.16.1 * libgstmpegts-1_0-0-debuginfo-1.16.3-150200.4.16.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150200.4.16.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libgstsctp-1_0-0-1.16.3-150200.4.16.1 * libgstplayer-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgstphotography-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgsturidownloader-1_0-0-1.16.3-150200.4.16.1 * typelib-1_0-GstPlayer-1_0-1.16.3-150200.4.16.1 * libgstwayland-1_0-0-1.16.3-150200.4.16.1 * libgstphotography-1_0-0-1.16.3-150200.4.16.1 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150200.4.16.1 * typelib-1_0-GstWebRTC-1_0-1.16.3-150200.4.16.1 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgstinsertbin-1_0-0-1.16.3-150200.4.16.1 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150200.4.16.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150200.4.16.1 * gstreamer-plugins-bad-devel-1.16.3-150200.4.16.1 * libgstwayland-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgstwebrtc-1_0-0-1.16.3-150200.4.16.1 * gstreamer-plugins-bad-chromaprint-1.16.3-150200.4.16.1 * gstreamer-plugins-bad-debugsource-1.16.3-150200.4.16.1 * typelib-1_0-GstInsertBin-1_0-1.16.3-150200.4.16.1 * libgstadaptivedemux-1_0-0-1.16.3-150200.4.16.1 * libgstbasecamerabinsrc-1_0-0-1.16.3-150200.4.16.1 * gstreamer-plugins-bad-1.16.3-150200.4.16.1 * libgstbadaudio-1_0-0-1.16.3-150200.4.16.1 * libgstcodecparsers-1_0-0-1.16.3-150200.4.16.1 * libgstisoff-1_0-0-debuginfo-1.16.3-150200.4.16.1 * gstreamer-plugins-bad-debuginfo-1.16.3-150200.4.16.1 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgstsctp-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgstmpegts-1_0-0-1.16.3-150200.4.16.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgstplayer-1_0-0-1.16.3-150200.4.16.1 * libgstisoff-1_0-0-1.16.3-150200.4.16.1 * typelib-1_0-GstMpegts-1_0-1.16.3-150200.4.16.1 * libgstmpegts-1_0-0-debuginfo-1.16.3-150200.4.16.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150200.4.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libgstsctp-1_0-0-1.16.3-150200.4.16.1 * libgstplayer-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgstphotography-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgsturidownloader-1_0-0-1.16.3-150200.4.16.1 * typelib-1_0-GstPlayer-1_0-1.16.3-150200.4.16.1 * libgstwayland-1_0-0-1.16.3-150200.4.16.1 * libgstphotography-1_0-0-1.16.3-150200.4.16.1 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150200.4.16.1 * typelib-1_0-GstWebRTC-1_0-1.16.3-150200.4.16.1 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgstinsertbin-1_0-0-1.16.3-150200.4.16.1 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150200.4.16.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150200.4.16.1 * gstreamer-plugins-bad-devel-1.16.3-150200.4.16.1 * libgstwayland-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgstwebrtc-1_0-0-1.16.3-150200.4.16.1 * gstreamer-plugins-bad-chromaprint-1.16.3-150200.4.16.1 * gstreamer-plugins-bad-debugsource-1.16.3-150200.4.16.1 * typelib-1_0-GstInsertBin-1_0-1.16.3-150200.4.16.1 * libgstadaptivedemux-1_0-0-1.16.3-150200.4.16.1 * libgstbasecamerabinsrc-1_0-0-1.16.3-150200.4.16.1 * gstreamer-plugins-bad-1.16.3-150200.4.16.1 * libgstbadaudio-1_0-0-1.16.3-150200.4.16.1 * libgstcodecparsers-1_0-0-1.16.3-150200.4.16.1 * libgstisoff-1_0-0-debuginfo-1.16.3-150200.4.16.1 * gstreamer-plugins-bad-debuginfo-1.16.3-150200.4.16.1 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgstsctp-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgstmpegts-1_0-0-1.16.3-150200.4.16.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150200.4.16.1 * libgstplayer-1_0-0-1.16.3-150200.4.16.1 * libgstisoff-1_0-0-1.16.3-150200.4.16.1 * typelib-1_0-GstMpegts-1_0-1.16.3-150200.4.16.1 * libgstmpegts-1_0-0-debuginfo-1.16.3-150200.4.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150200.4.16.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40475.html * https://bugzilla.suse.com/show_bug.cgi?id=1215792 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Dec 22 12:30:03 2023 From: null at suse.de (SLE-UPDATES) Date: Fri, 22 Dec 2023 12:30:03 -0000 Subject: SUSE-SU-2023:4961-1: moderate: Security update for ppp Message-ID: <170324820336.9332.5627698493931015@smelt2.prg2.suse.org> # Security update for ppp Announcement ID: SUSE-SU-2023:4961-1 Rating: moderate References: * bsc#1218251 Cross-References: * CVE-2022-4603 CVSS scores: * CVE-2022-4603 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2022-4603 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ppp fixes the following issues: * CVE-2022-4603: Fixed improper validation of array index of the component pppdump (bsc#1218251). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4961=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4961=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4961=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4961=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * ppp-debugsource-2.4.7-4.6.1 * ppp-debuginfo-2.4.7-4.6.1 * ppp-devel-2.4.7-4.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * ppp-2.4.7-4.6.1 * ppp-debuginfo-2.4.7-4.6.1 * ppp-debugsource-2.4.7-4.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * ppp-2.4.7-4.6.1 * ppp-debuginfo-2.4.7-4.6.1 * ppp-debugsource-2.4.7-4.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * ppp-2.4.7-4.6.1 * ppp-debuginfo-2.4.7-4.6.1 * ppp-debugsource-2.4.7-4.6.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4603.html * https://bugzilla.suse.com/show_bug.cgi?id=1218251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Dec 22 12:30:05 2023 From: null at suse.de (SLE-UPDATES) Date: Fri, 22 Dec 2023 12:30:05 -0000 Subject: SUSE-RU-2023:4960-1: moderate: Recommended update for yast2-registration Message-ID: <170324820561.9332.12296769459286108725@smelt2.prg2.suse.org> # Recommended update for yast2-registration Announcement ID: SUSE-RU-2023:4960-1 Rating: moderate References: * bsc#1217317 Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that has one fix can now be installed. ## Description: This update for yast2-registration fixes the following issues: * Fix yast2 migration fail for undefined method `friendly_name' for nil:NilClass (bsc#1217317) * Update to version 4.2.49 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP2 zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2023-4960=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4960=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4960=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4960=1 ## Package List: * SUSE Linux Enterprise Server 15 SP2 (noarch) * yast2-registration-4.2.49-150200.3.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * yast2-registration-4.2.49-150200.3.20.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * yast2-registration-4.2.49-150200.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * yast2-registration-4.2.49-150200.3.20.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1217317 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Dec 22 12:30:09 2023 From: null at suse.de (SLE-UPDATES) Date: Fri, 22 Dec 2023 12:30:09 -0000 Subject: SUSE-RU-2023:4959-1: important: Recommended update for xmlsec1 Message-ID: <170324820917.9332.8315662974197202649@smelt2.prg2.suse.org> # Recommended update for xmlsec1 Announcement ID: SUSE-RU-2023:4959-1 Rating: important References: * bsc#1217972 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has one fix can now be installed. ## Description: This update for xmlsec1 fixes the following issues: * Support older versions of OpenSSL were UI_null() is not defined (bsc#1217972) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4959=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4959=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4959=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4959=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * xmlsec1-1.2.37-8.12.2 * xmlsec1-openssl-devel-1.2.37-8.12.2 * xmlsec1-gnutls-devel-1.2.37-8.12.2 * xmlsec1-devel-1.2.37-8.12.2 * xmlsec1-gcrypt-devel-1.2.37-8.12.2 * xmlsec1-nss-devel-1.2.37-8.12.2 * xmlsec1-debugsource-1.2.37-8.12.2 * xmlsec1-debuginfo-1.2.37-8.12.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libxmlsec1-gnutls1-1.2.37-8.12.2 * libxmlsec1-gcrypt1-1.2.37-8.12.2 * libxmlsec1-nss1-debuginfo-1.2.37-8.12.2 * xmlsec1-1.2.37-8.12.2 * libxmlsec1-nss1-1.2.37-8.12.2 * libxmlsec1-openssl1-1.2.37-8.12.2 * libxmlsec1-openssl1-debuginfo-1.2.37-8.12.2 * xmlsec1-debugsource-1.2.37-8.12.2 * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.12.2 * libxmlsec1-1-debuginfo-1.2.37-8.12.2 * libxmlsec1-gnutls1-debuginfo-1.2.37-8.12.2 * libxmlsec1-1-1.2.37-8.12.2 * xmlsec1-debuginfo-1.2.37-8.12.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libxmlsec1-gnutls1-1.2.37-8.12.2 * libxmlsec1-gcrypt1-1.2.37-8.12.2 * libxmlsec1-nss1-debuginfo-1.2.37-8.12.2 * xmlsec1-1.2.37-8.12.2 * libxmlsec1-nss1-1.2.37-8.12.2 * libxmlsec1-openssl1-1.2.37-8.12.2 * libxmlsec1-openssl1-debuginfo-1.2.37-8.12.2 * xmlsec1-debugsource-1.2.37-8.12.2 * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.12.2 * libxmlsec1-1-debuginfo-1.2.37-8.12.2 * libxmlsec1-gnutls1-debuginfo-1.2.37-8.12.2 * libxmlsec1-1-1.2.37-8.12.2 * xmlsec1-debuginfo-1.2.37-8.12.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libxmlsec1-gnutls1-1.2.37-8.12.2 * libxmlsec1-gcrypt1-1.2.37-8.12.2 * libxmlsec1-nss1-debuginfo-1.2.37-8.12.2 * xmlsec1-1.2.37-8.12.2 * libxmlsec1-nss1-1.2.37-8.12.2 * libxmlsec1-openssl1-1.2.37-8.12.2 * libxmlsec1-openssl1-debuginfo-1.2.37-8.12.2 * xmlsec1-debugsource-1.2.37-8.12.2 * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.12.2 * libxmlsec1-1-debuginfo-1.2.37-8.12.2 * libxmlsec1-gnutls1-debuginfo-1.2.37-8.12.2 * libxmlsec1-1-1.2.37-8.12.2 * xmlsec1-debuginfo-1.2.37-8.12.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1217972 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Dec 22 12:32:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:32:01 +0100 (CET) Subject: SUSE-CU-2023:4242-1: Security update of suse/sle15 Message-ID: <20231222123201.A63C9FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4242-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.384 Container Release : 9.5.384 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated From sle-updates at lists.suse.com Fri Dec 22 12:33:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:33:25 +0100 (CET) Subject: SUSE-CU-2023:4243-1: Security update of suse/sle15 Message-ID: <20231222123325.0F069FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4243-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.228 , suse/sle15:15.3 , suse/sle15:15.3.17.20.228 Container Release : 17.20.228 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated From sle-updates at lists.suse.com Fri Dec 22 12:34:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:34:19 +0100 (CET) Subject: SUSE-CU-2023:4244-1: Recommended update of bci/bci-init Message-ID: <20231222123419.12D9FFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4244-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.30.45 Container Release : 30.45 Severity : important Type : recommended References : 1215229 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4916-1 Released: Wed Dec 20 08:49:04 2023 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1215229 This update for lvm2 fixes the following issues: - Fixed error creating linux volume on SAN device lvmlockd (bsc#1215229) The following package changes have been done: - libdevmapper1_03-2.03.05_1.02.163-150400.191.1 updated From sle-updates at lists.suse.com Fri Dec 22 12:34:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:34:39 +0100 (CET) Subject: SUSE-CU-2023:4245-1: Security update of suse/389-ds Message-ID: <20231222123439.B3BE6FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4245-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.70 , suse/389-ds:latest Container Release : 16.70 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Fri Dec 22 12:34:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:34:56 +0100 (CET) Subject: SUSE-CU-2023:4246-1: Security update of bci/golang Message-ID: <20231222123456.B04B2FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4246-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.4.69 , bci/golang:oldstable , bci/golang:oldstable-2.4.69 Container Release : 4.69 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Fri Dec 22 12:35:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:35:07 +0100 (CET) Subject: SUSE-CU-2023:4247-1: Security update of bci/golang Message-ID: <20231222123507.4A542FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4247-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-8.30 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-8.30 Container Release : 8.30 Severity : important Type : security References : 1206346 1216943 1217833 1217834 CVE-2023-39326 CVE-2023-45284 CVE-2023-45285 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4930-1 Released: Wed Dec 20 15:25:13 2023 Summary: Security update for go1.20-openssl Type: security Severity: important References: 1206346,1216943,1217833,1217834,CVE-2023-39326,CVE-2023-45284,CVE-2023-45285 This update for go1.20-openssl fixes the following issues: Update to version 1.20.12.1: - CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834). - CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943). - CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833). - cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents - cmd/go: TestScript/mod_get_direct fails with 'Filename too long' on Windows The following package changes have been done: - go1.20-openssl-doc-1.20.12.1-150000.1.17.1 updated - go1.20-openssl-1.20.12.1-150000.1.17.1 updated - go1.20-openssl-race-1.20.12.1-150000.1.17.1 updated From sle-updates at lists.suse.com Fri Dec 22 12:35:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:35:24 +0100 (CET) Subject: SUSE-CU-2023:4248-1: Security update of bci/golang Message-ID: <20231222123524.69E05FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4248-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-1.4.67 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.4.67 Container Release : 4.67 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Fri Dec 22 12:35:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:35:33 +0100 (CET) Subject: SUSE-CU-2023:4249-1: Security update of bci/golang Message-ID: <20231222123533.47B8BFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4249-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-8.30 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-8.30 Container Release : 8.30 Severity : important Type : security References : 1212475 1216943 1217833 1217834 CVE-2023-39326 CVE-2023-45284 CVE-2023-45285 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4931-1 Released: Wed Dec 20 15:25:42 2023 Summary: Security update for go1.21-openssl Type: security Severity: important References: 1212475,1216943,1217833,1217834,CVE-2023-39326,CVE-2023-45284,CVE-2023-45285 This update for go1.21-openssl fixes the following issues: Update to version 1.21.5.1: - CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834). - CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943). - CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833). - cmd/go: go mod download needs to support toolchain upgrades - cmd/compile: invalid pointer found on stack when compiled with -race - os: NTFS deduped file changed from regular to irregular - net: TCPConn.ReadFrom hangs when io.Reader is TCPConn or UnixConn, Linux kernel < 5.1 - cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents - syscall: TestOpenFileLimit unintentionally runs on non-Unix platforms - runtime: self-deadlock on mheap_.lock - crypto/rand: Legacy RtlGenRandom use on Windows The following package changes have been done: - go1.21-openssl-doc-1.21.5.1-150000.1.8.1 updated - go1.21-openssl-1.21.5.1-150000.1.8.1 updated - go1.21-openssl-race-1.21.5.1-150000.1.8.1 updated From sle-updates at lists.suse.com Fri Dec 22 12:35:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:35:39 +0100 (CET) Subject: SUSE-CU-2023:4250-1: Security update of suse/helm Message-ID: <20231222123539.81FB6FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4250-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-3.28 , suse/helm:latest Container Release : 3.28 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - container:micro-image-15.5.0-12.8 updated From sle-updates at lists.suse.com Fri Dec 22 12:35:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:35:56 +0100 (CET) Subject: SUSE-CU-2023:4251-1: Security update of bci/nodejs Message-ID: <20231222123556.CF100FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4251-1 Container Tags : bci/node:18 , bci/node:18-12.27 , bci/nodejs:18 , bci/nodejs:18-12.27 Container Release : 12.27 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Fri Dec 22 12:36:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:36:19 +0100 (CET) Subject: SUSE-CU-2023:4252-1: Security update of bci/openjdk-devel Message-ID: <20231222123619.C901AFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4252-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-12.117 , bci/openjdk-devel:latest Container Release : 12.117 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:bci-openjdk-17-15.5.17-12.59 updated From sle-updates at lists.suse.com Fri Dec 22 12:36:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:36:41 +0100 (CET) Subject: SUSE-CU-2023:4253-1: Security update of suse/pcp Message-ID: <20231222123641.8DC21FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4253-1 Container Tags : suse/pcp:5 , suse/pcp:5-18.5 , suse/pcp:5.2 , suse/pcp:5.2-18.5 , suse/pcp:5.2.5 , suse/pcp:5.2.5-18.5 , suse/pcp:latest Container Release : 18.5 Severity : moderate Type : security References : 1201384 1216853 1218014 CVE-2023-38472 CVE-2023-50495 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4901-1 Released: Tue Dec 19 11:25:47 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1216853,CVE-2023-38472 This update for avahi fixes the following issues: - CVE-2023-38472: Fixed reachable assertion in avahi_rdata_parse (bsc#1216853). The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - libavahi-common3-0.8-150400.7.13.1 updated - libavahi-client3-0.8-150400.7.13.1 updated - container:bci-bci-init-15.5-15.5-10.61 updated From sle-updates at lists.suse.com Fri Dec 22 12:36:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:36:44 +0100 (CET) Subject: SUSE-CU-2023:4254-1: Security update of suse/postgres Message-ID: <20231222123644.061C7FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4254-1 Container Tags : suse/postgres:16 , suse/postgres:16-2.13 , suse/postgres:16.1 , suse/postgres:16.1-2.13 , suse/postgres:latest Container Release : 2.13 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Fri Dec 22 12:37:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:37:03 +0100 (CET) Subject: SUSE-CU-2023:4255-1: Security update of bci/python Message-ID: <20231222123703.7761BFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4255-1 Container Tags : bci/python:3 , bci/python:3-12.54 , bci/python:3.11 , bci/python:3.11-12.54 , bci/python:latest Container Release : 12.54 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Fri Dec 22 12:37:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:37:23 +0100 (CET) Subject: SUSE-CU-2023:4256-1: Security update of bci/python Message-ID: <20231222123723.9753FFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4256-1 Container Tags : bci/python:3 , bci/python:3-14.54 , bci/python:3.6 , bci/python:3.6-14.54 Container Release : 14.54 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Fri Dec 22 12:37:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:37:43 +0100 (CET) Subject: SUSE-CU-2023:4257-1: Security update of bci/ruby Message-ID: <20231222123743.32F78FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4257-1 Container Tags : bci/ruby:2 , bci/ruby:2-12.54 , bci/ruby:2.5 , bci/ruby:2.5-12.54 , bci/ruby:latest Container Release : 12.54 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Fri Dec 22 12:38:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:38:00 +0100 (CET) Subject: SUSE-CU-2023:4258-1: Security update of bci/rust Message-ID: <20231222123800.92C61FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4258-1 Container Tags : bci/rust:1.73 , bci/rust:1.73-2.2.15 , bci/rust:oldstable , bci/rust:oldstable-2.2.15 Container Release : 2.15 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-updates at lists.suse.com Fri Dec 22 12:38:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:38:17 +0100 (CET) Subject: SUSE-CU-2023:4259-1: Security update of bci/rust Message-ID: <20231222123817.A54F3FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4259-1 Container Tags : bci/rust:1.74 , bci/rust:1.74-1.2.15 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.15 Container Release : 2.15 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From null at suse.de Fri Dec 22 16:30:06 2023 From: null at suse.de (SLE-UPDATES) Date: Fri, 22 Dec 2023 16:30:06 -0000 Subject: SUSE-SU-2023:4965-1: moderate: Security update for ppp Message-ID: <170326260690.23889.2958149062794073146@smelt2.prg2.suse.org> # Security update for ppp Announcement ID: SUSE-SU-2023:4965-1 Rating: moderate References: * bsc#1218251 Cross-References: * CVE-2022-4603 CVSS scores: * CVE-2022-4603 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2022-4603 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ppp fixes the following issues: * CVE-2022-4603: Fixed improper validation of array index of the component pppdump (bsc#1218251). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4965=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4965=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4965=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4965=1 * SUSE Linux Enterprise Real Time 15 SP4 zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2023-4965=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4965=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4965=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4965=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4965=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4965=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4965=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * ppp-devel-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Real Time 15 SP4 (x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * ppp-devel-2.4.7-150000.5.13.1 * openSUSE Leap Micro 5.3 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * ppp-devel-2.4.7-150000.5.13.1 * openSUSE Leap 15.4 (noarch) * ppp-modem-2.4.7-150000.5.13.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * ppp-devel-2.4.7-150000.5.13.1 * openSUSE Leap 15.5 (noarch) * ppp-modem-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4603.html * https://bugzilla.suse.com/show_bug.cgi?id=1218251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Dec 22 16:33:08 2023 From: null at suse.de (SLE-UPDATES) Date: Fri, 22 Dec 2023 16:33:08 -0000 Subject: SUSE-SU-2023:4965-1: moderate: Security update for ppp Message-ID: <170326278859.24758.16419850651175648348@smelt2.prg2.suse.org> # Security update for ppp Announcement ID: SUSE-SU-2023:4965-1 Rating: moderate References: * bsc#1218251 Cross-References: * CVE-2022-4603 CVSS scores: * CVE-2022-4603 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2022-4603 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ppp fixes the following issues: * CVE-2022-4603: Fixed improper validation of array index of the component pppdump (bsc#1218251). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4965=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4965=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4965=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4965=1 * SUSE Linux Enterprise Real Time 15 SP4 zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2023-4965=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4965=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4965=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4965=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4965=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4965=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4965=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * ppp-devel-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Real Time 15 SP4 (x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * ppp-devel-2.4.7-150000.5.13.1 * openSUSE Leap Micro 5.3 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * ppp-devel-2.4.7-150000.5.13.1 * openSUSE Leap 15.4 (noarch) * ppp-modem-2.4.7-150000.5.13.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * ppp-devel-2.4.7-150000.5.13.1 * openSUSE Leap 15.5 (noarch) * ppp-modem-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4603.html * https://bugzilla.suse.com/show_bug.cgi?id=1218251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Dec 22 16:36:15 2023 From: null at suse.de (SLE-UPDATES) Date: Fri, 22 Dec 2023 16:36:15 -0000 Subject: SUSE-SU-2023:4965-1: moderate: Security update for ppp Message-ID: <170326297512.24758.13288780946559747767@smelt2.prg2.suse.org> # Security update for ppp Announcement ID: SUSE-SU-2023:4965-1 Rating: moderate References: * bsc#1218251 Cross-References: * CVE-2022-4603 CVSS scores: * CVE-2022-4603 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2022-4603 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ppp fixes the following issues: * CVE-2022-4603: Fixed improper validation of array index of the component pppdump (bsc#1218251). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4965=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4965=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4965=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4965=1 * SUSE Linux Enterprise Real Time 15 SP4 zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2023-4965=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4965=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4965=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4965=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4965=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4965=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4965=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * ppp-devel-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Real Time 15 SP4 (x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * ppp-devel-2.4.7-150000.5.13.1 * openSUSE Leap Micro 5.3 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * ppp-devel-2.4.7-150000.5.13.1 * openSUSE Leap 15.4 (noarch) * ppp-modem-2.4.7-150000.5.13.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * ppp-devel-2.4.7-150000.5.13.1 * openSUSE Leap 15.5 (noarch) * ppp-modem-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4603.html * https://bugzilla.suse.com/show_bug.cgi?id=1218251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Dec 22 16:36:19 2023 From: null at suse.de (SLE-UPDATES) Date: Fri, 22 Dec 2023 16:36:19 -0000 Subject: SUSE-RU-2023:4964-1: important: Recommended update for curl Message-ID: <170326297956.24758.13257519515729780572@smelt2.prg2.suse.org> # Recommended update for curl Announcement ID: SUSE-RU-2023:4964-1 Rating: important References: * bsc#1216987 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has one fix can now be installed. ## Description: This update for curl fixes the following issues: * libssh: Implement SFTP packet size limit (bsc#1216987) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4964=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4964=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4964=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4964=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * curl-debugsource-8.0.1-11.83.2 * curl-debuginfo-8.0.1-11.83.2 * libcurl-devel-8.0.1-11.83.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libcurl4-8.0.1-11.83.2 * curl-debugsource-8.0.1-11.83.2 * curl-debuginfo-8.0.1-11.83.2 * libcurl4-debuginfo-8.0.1-11.83.2 * curl-8.0.1-11.83.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libcurl4-32bit-8.0.1-11.83.2 * libcurl4-debuginfo-32bit-8.0.1-11.83.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libcurl4-8.0.1-11.83.2 * curl-debugsource-8.0.1-11.83.2 * curl-debuginfo-8.0.1-11.83.2 * libcurl4-debuginfo-8.0.1-11.83.2 * curl-8.0.1-11.83.2 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libcurl4-32bit-8.0.1-11.83.2 * libcurl4-debuginfo-32bit-8.0.1-11.83.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libcurl4-8.0.1-11.83.2 * curl-debugsource-8.0.1-11.83.2 * curl-debuginfo-8.0.1-11.83.2 * libcurl4-debuginfo-8.0.1-11.83.2 * curl-8.0.1-11.83.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libcurl4-32bit-8.0.1-11.83.2 * libcurl4-debuginfo-32bit-8.0.1-11.83.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216987 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Dec 22 16:36:22 2023 From: null at suse.de (SLE-UPDATES) Date: Fri, 22 Dec 2023 16:36:22 -0000 Subject: SUSE-RU-2023:4963-1: important: Recommended update for curl Message-ID: <170326298248.24758.1298613921160038055@smelt2.prg2.suse.org> # Recommended update for curl Announcement ID: SUSE-RU-2023:4963-1 Rating: important References: * bsc#1216987 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that has one fix can now be installed. ## Description: This update for curl fixes the following issues: * libssh: Implement SFTP packet size limit (bsc#1216987) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4963=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4963=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4963=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4963=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4963=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4963=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4963=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4963=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4963=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4963=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4963=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * curl-debugsource-7.66.0-150200.4.66.1 * curl-7.66.0-150200.4.66.1 * libcurl4-7.66.0-150200.4.66.1 * curl-debuginfo-7.66.0-150200.4.66.1 * libcurl-devel-7.66.0-150200.4.66.1 * libcurl4-debuginfo-7.66.0-150200.4.66.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libcurl4-32bit-debuginfo-7.66.0-150200.4.66.1 * libcurl4-32bit-7.66.0-150200.4.66.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * curl-debugsource-7.66.0-150200.4.66.1 * curl-7.66.0-150200.4.66.1 * libcurl4-7.66.0-150200.4.66.1 * curl-debuginfo-7.66.0-150200.4.66.1 * libcurl-devel-7.66.0-150200.4.66.1 * libcurl4-debuginfo-7.66.0-150200.4.66.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libcurl4-32bit-debuginfo-7.66.0-150200.4.66.1 * libcurl4-32bit-7.66.0-150200.4.66.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * curl-debugsource-7.66.0-150200.4.66.1 * curl-7.66.0-150200.4.66.1 * libcurl4-7.66.0-150200.4.66.1 * curl-debuginfo-7.66.0-150200.4.66.1 * libcurl-devel-7.66.0-150200.4.66.1 * libcurl4-debuginfo-7.66.0-150200.4.66.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libcurl4-32bit-debuginfo-7.66.0-150200.4.66.1 * libcurl4-32bit-7.66.0-150200.4.66.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * curl-debugsource-7.66.0-150200.4.66.1 * curl-7.66.0-150200.4.66.1 * libcurl4-7.66.0-150200.4.66.1 * curl-debuginfo-7.66.0-150200.4.66.1 * libcurl-devel-7.66.0-150200.4.66.1 * libcurl4-debuginfo-7.66.0-150200.4.66.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libcurl4-32bit-debuginfo-7.66.0-150200.4.66.1 * libcurl4-32bit-7.66.0-150200.4.66.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * curl-debugsource-7.66.0-150200.4.66.1 * curl-7.66.0-150200.4.66.1 * libcurl4-7.66.0-150200.4.66.1 * curl-debuginfo-7.66.0-150200.4.66.1 * libcurl-devel-7.66.0-150200.4.66.1 * libcurl4-debuginfo-7.66.0-150200.4.66.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libcurl4-32bit-debuginfo-7.66.0-150200.4.66.1 * libcurl4-32bit-7.66.0-150200.4.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * curl-debugsource-7.66.0-150200.4.66.1 * curl-7.66.0-150200.4.66.1 * libcurl4-7.66.0-150200.4.66.1 * curl-debuginfo-7.66.0-150200.4.66.1 * libcurl-devel-7.66.0-150200.4.66.1 * libcurl4-debuginfo-7.66.0-150200.4.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libcurl4-32bit-debuginfo-7.66.0-150200.4.66.1 * libcurl4-32bit-7.66.0-150200.4.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * curl-debugsource-7.66.0-150200.4.66.1 * curl-7.66.0-150200.4.66.1 * libcurl4-7.66.0-150200.4.66.1 * curl-debuginfo-7.66.0-150200.4.66.1 * libcurl-devel-7.66.0-150200.4.66.1 * libcurl4-debuginfo-7.66.0-150200.4.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libcurl4-32bit-debuginfo-7.66.0-150200.4.66.1 * libcurl4-32bit-7.66.0-150200.4.66.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * curl-debugsource-7.66.0-150200.4.66.1 * curl-7.66.0-150200.4.66.1 * libcurl4-7.66.0-150200.4.66.1 * curl-debuginfo-7.66.0-150200.4.66.1 * libcurl-devel-7.66.0-150200.4.66.1 * libcurl4-debuginfo-7.66.0-150200.4.66.1 * SUSE Enterprise Storage 7.1 (x86_64) * libcurl4-32bit-debuginfo-7.66.0-150200.4.66.1 * libcurl4-32bit-7.66.0-150200.4.66.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * curl-debugsource-7.66.0-150200.4.66.1 * curl-7.66.0-150200.4.66.1 * libcurl4-7.66.0-150200.4.66.1 * curl-debuginfo-7.66.0-150200.4.66.1 * libcurl4-debuginfo-7.66.0-150200.4.66.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * curl-debugsource-7.66.0-150200.4.66.1 * curl-7.66.0-150200.4.66.1 * libcurl4-7.66.0-150200.4.66.1 * curl-debuginfo-7.66.0-150200.4.66.1 * libcurl4-debuginfo-7.66.0-150200.4.66.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * curl-debugsource-7.66.0-150200.4.66.1 * curl-7.66.0-150200.4.66.1 * libcurl4-7.66.0-150200.4.66.1 * curl-debuginfo-7.66.0-150200.4.66.1 * libcurl4-debuginfo-7.66.0-150200.4.66.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216987 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Dec 22 16:36:24 2023 From: null at suse.de (SLE-UPDATES) Date: Fri, 22 Dec 2023 16:36:24 -0000 Subject: SUSE-RU-2023:4073-3: low: Recommended update for rpm Message-ID: <170326298409.24758.7589544728266966864@smelt2.prg2.suse.org> # Recommended update for rpm Announcement ID: SUSE-RU-2023:4073-3 Rating: low References: * jsc#PED-1988 * jsc#PED-68 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that contains two features can now be installed. ## Description: This update for rpm fixes the following issue: * Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4073=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4073=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * rpm-debugsource-4.14.3-150400.59.3.1 * rpm-ndb-4.14.3-150400.59.3.1 * python3-rpm-4.14.3-150400.59.3.1 * python311-rpm-4.14.3-150400.59.3.1 * rpm-4.14.3-150400.59.3.1 * python3-rpm-debuginfo-4.14.3-150400.59.3.1 * rpm-debuginfo-4.14.3-150400.59.3.1 * rpm-devel-4.14.3-150400.59.3.1 * rpm-build-4.14.3-150400.59.3.1 * rpm-ndb-debugsource-4.14.3-150400.59.3.1 * rpm-build-debuginfo-4.14.3-150400.59.3.1 * rpm-ndb-debuginfo-4.14.3-150400.59.3.1 * python311-rpm-debuginfo-4.14.3-150400.59.3.1 * python-rpm-debugsource-4.14.3-150400.59.3.1 * openSUSE Leap 15.4 (x86_64) * rpm-ndb-32bit-debuginfo-4.14.3-150400.59.3.1 * rpm-ndb-32bit-4.14.3-150400.59.3.1 * rpm-32bit-4.14.3-150400.59.3.1 * rpm-32bit-debuginfo-4.14.3-150400.59.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * rpm-debugsource-4.14.3-150400.59.3.1 * rpm-ndb-4.14.3-150400.59.3.1 * python3-rpm-4.14.3-150400.59.3.1 * python311-rpm-4.14.3-150400.59.3.1 * rpm-4.14.3-150400.59.3.1 * python3-rpm-debuginfo-4.14.3-150400.59.3.1 * rpm-debuginfo-4.14.3-150400.59.3.1 * rpm-devel-4.14.3-150400.59.3.1 * rpm-build-4.14.3-150400.59.3.1 * rpm-ndb-debugsource-4.14.3-150400.59.3.1 * rpm-build-debuginfo-4.14.3-150400.59.3.1 * rpm-ndb-debuginfo-4.14.3-150400.59.3.1 * python311-rpm-debuginfo-4.14.3-150400.59.3.1 * python-rpm-debugsource-4.14.3-150400.59.3.1 * openSUSE Leap 15.5 (x86_64) * rpm-ndb-32bit-debuginfo-4.14.3-150400.59.3.1 * rpm-ndb-32bit-4.14.3-150400.59.3.1 * rpm-32bit-4.14.3-150400.59.3.1 * rpm-32bit-debuginfo-4.14.3-150400.59.3.1 ## References: * https://jira.suse.com/browse/PED-1988 * https://jira.suse.com/browse/PED-68 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Dec 22 16:36:26 2023 From: null at suse.de (SLE-UPDATES) Date: Fri, 22 Dec 2023 16:36:26 -0000 Subject: SUSE-RU-2023:4962-1: important: Recommended update for curl Message-ID: <170326298626.24758.5251736849272903734@smelt2.prg2.suse.org> # Recommended update for curl Announcement ID: SUSE-RU-2023:4962-1 Rating: important References: * bsc#1216987 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for curl fixes the following issues: * libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4962=1 openSUSE-SLE-15.4-2023-4962=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4962=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4962=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4962=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4962=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4962=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4962=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4962=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4962=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4962=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4962=1 * SUSE Linux Enterprise High Performance Computing 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4962=1 * SUSE Linux Enterprise Server 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4962=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4962=1 * SUSE Linux Enterprise Desktop 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4962=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4962=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4962=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4962=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4962=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4962=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4962=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4962=1 * SUSE Linux Enterprise Real Time 15 SP4 zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2023-4962=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * curl-debugsource-8.0.1-150400.5.41.1 * curl-8.0.1-150400.5.41.1 * libcurl4-debuginfo-8.0.1-150400.5.41.1 * libcurl4-8.0.1-150400.5.41.1 * libcurl-devel-8.0.1-150400.5.41.1 * curl-debuginfo-8.0.1-150400.5.41.1 * openSUSE Leap 15.4 (x86_64) * libcurl4-32bit-8.0.1-150400.5.41.1 * libcurl4-32bit-debuginfo-8.0.1-150400.5.41.1 * libcurl-devel-32bit-8.0.1-150400.5.41.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libcurl4-64bit-8.0.1-150400.5.41.1 * libcurl4-64bit-debuginfo-8.0.1-150400.5.41.1 * libcurl-devel-64bit-8.0.1-150400.5.41.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * curl-debugsource-8.0.1-150400.5.41.1 * curl-8.0.1-150400.5.41.1 * libcurl4-debuginfo-8.0.1-150400.5.41.1 * libcurl4-8.0.1-150400.5.41.1 * curl-debuginfo-8.0.1-150400.5.41.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * curl-debugsource-8.0.1-150400.5.41.1 * curl-8.0.1-150400.5.41.1 * libcurl4-debuginfo-8.0.1-150400.5.41.1 * libcurl4-8.0.1-150400.5.41.1 * curl-debuginfo-8.0.1-150400.5.41.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * curl-debugsource-8.0.1-150400.5.41.1 * curl-8.0.1-150400.5.41.1 * libcurl4-debuginfo-8.0.1-150400.5.41.1 * libcurl4-8.0.1-150400.5.41.1 * libcurl-devel-8.0.1-150400.5.41.1 * curl-debuginfo-8.0.1-150400.5.41.1 * openSUSE Leap 15.5 (x86_64) * libcurl4-32bit-8.0.1-150400.5.41.1 * libcurl4-32bit-debuginfo-8.0.1-150400.5.41.1 * libcurl-devel-32bit-8.0.1-150400.5.41.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * libcurl4-8.0.1-150400.5.41.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * libcurl4-8.0.1-150400.5.41.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libcurl4-8.0.1-150400.5.41.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libcurl4-8.0.1-150400.5.41.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * libcurl4-8.0.1-150400.5.41.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libcurl4-8.0.1-150400.5.41.1 * SUSE Manager Proxy 4.3 (x86_64) * libcurl4-8.0.1-150400.5.41.1 * SUSE Linux Enterprise High Performance Computing 15 SP5 (aarch64 x86_64) * libcurl4-8.0.1-150400.5.41.1 * SUSE Linux Enterprise Server 15 SP5 (aarch64 ppc64le s390x x86_64) * libcurl4-8.0.1-150400.5.41.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libcurl4-8.0.1-150400.5.41.1 * SUSE Linux Enterprise Desktop 15 SP5 (x86_64) * libcurl4-8.0.1-150400.5.41.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * curl-debugsource-8.0.1-150400.5.41.1 * curl-8.0.1-150400.5.41.1 * libcurl4-debuginfo-8.0.1-150400.5.41.1 * libcurl4-8.0.1-150400.5.41.1 * curl-debuginfo-8.0.1-150400.5.41.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * curl-debugsource-8.0.1-150400.5.41.1 * curl-8.0.1-150400.5.41.1 * libcurl4-debuginfo-8.0.1-150400.5.41.1 * libcurl4-8.0.1-150400.5.41.1 * curl-debuginfo-8.0.1-150400.5.41.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * curl-debugsource-8.0.1-150400.5.41.1 * curl-8.0.1-150400.5.41.1 * libcurl4-debuginfo-8.0.1-150400.5.41.1 * libcurl4-8.0.1-150400.5.41.1 * curl-debuginfo-8.0.1-150400.5.41.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * curl-debugsource-8.0.1-150400.5.41.1 * curl-8.0.1-150400.5.41.1 * libcurl4-debuginfo-8.0.1-150400.5.41.1 * libcurl4-8.0.1-150400.5.41.1 * curl-debuginfo-8.0.1-150400.5.41.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * curl-debugsource-8.0.1-150400.5.41.1 * curl-8.0.1-150400.5.41.1 * libcurl4-debuginfo-8.0.1-150400.5.41.1 * libcurl4-8.0.1-150400.5.41.1 * curl-debuginfo-8.0.1-150400.5.41.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * curl-debugsource-8.0.1-150400.5.41.1 * curl-8.0.1-150400.5.41.1 * libcurl4-debuginfo-8.0.1-150400.5.41.1 * libcurl4-8.0.1-150400.5.41.1 * libcurl-devel-8.0.1-150400.5.41.1 * curl-debuginfo-8.0.1-150400.5.41.1 * Basesystem Module 15-SP4 (x86_64) * libcurl4-32bit-8.0.1-150400.5.41.1 * libcurl4-32bit-debuginfo-8.0.1-150400.5.41.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * curl-debugsource-8.0.1-150400.5.41.1 * curl-8.0.1-150400.5.41.1 * libcurl4-debuginfo-8.0.1-150400.5.41.1 * libcurl4-8.0.1-150400.5.41.1 * libcurl-devel-8.0.1-150400.5.41.1 * curl-debuginfo-8.0.1-150400.5.41.1 * Basesystem Module 15-SP5 (x86_64) * libcurl4-32bit-8.0.1-150400.5.41.1 * libcurl4-32bit-debuginfo-8.0.1-150400.5.41.1 * SUSE Linux Enterprise Real Time 15 SP4 (x86_64) * libcurl4-32bit-8.0.1-150400.5.41.1 * curl-debugsource-8.0.1-150400.5.41.1 * curl-8.0.1-150400.5.41.1 * libcurl4-debuginfo-8.0.1-150400.5.41.1 * libcurl4-8.0.1-150400.5.41.1 * libcurl-devel-8.0.1-150400.5.41.1 * libcurl4-32bit-debuginfo-8.0.1-150400.5.41.1 * curl-debuginfo-8.0.1-150400.5.41.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216987 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Dec 22 20:30:02 2023 From: null at suse.de (SLE-UPDATES) Date: Fri, 22 Dec 2023 20:30:02 -0000 Subject: SUSE-RU-2023:4967-1: critical: Recommended update for cloud-regionsrv-client Message-ID: <170327700290.11436.4642098678270045519@smelt2.prg2.suse.org> # Recommended update for cloud-regionsrv-client Announcement ID: SUSE-RU-2023:4967-1 Rating: critical References: * bsc#1217451 * bsc#1217583 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has two fixes can now be installed. ## Description: This update for cloud-regionsrv-client fixes the following issues: * Update to version 10.1.5 (bsc#1217583) * Fix fallback path when IPv6 network path is not usable * Enable an IPv6 fallback path in IMDS access if it cannot be accessed over IPv4 * Enable IMDS access over IPv6 * Update to version 10.1.4 (bsc#1217451) * Fetch cert for new update server during failover ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-4967=1 ## Package List: * Public Cloud Module 12 (noarch) * cloud-regionsrv-client-generic-config-1.0.0-52.102.1 * cloud-regionsrv-client-plugin-gce-1.0.0-52.102.1 * cloud-regionsrv-client-plugin-azure-2.0.0-52.102.1 * cloud-regionsrv-client-addon-azure-1.0.5-52.102.1 * cloud-regionsrv-client-plugin-ec2-1.0.3-52.102.1 * cloud-regionsrv-client-10.1.5-52.102.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1217451 * https://bugzilla.suse.com/show_bug.cgi?id=1217583 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Dec 22 20:30:04 2023 From: null at suse.de (SLE-UPDATES) Date: Fri, 22 Dec 2023 20:30:04 -0000 Subject: SUSE-RU-2023:4966-1: critical: Recommended update for cloud-regionsrv-client Message-ID: <170327700448.11436.674255692589360501@smelt2.prg2.suse.org> # Recommended update for cloud-regionsrv-client Announcement ID: SUSE-RU-2023:4966-1 Rating: critical References: * bsc#1217451 * bsc#1217583 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has two fixes can now be installed. ## Description: This update for cloud-regionsrv-client fixes the following issues: * Update to version 10.1.5 (bsc#1217583) * Fix fallback path when IPv6 network path is not usable * Enable an IPv6 fallback path in IMDS access if it cannot be accessed over IPv4 * Enable IMDS access over IPv6 * Update to version 10.1.4 (bsc#1217451) * Fetch cert for new update server during failover ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4966=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4966=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4966=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4966=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4966=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4966=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4966=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4966=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4966=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-4966=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-4966=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-4966=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4966=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4966=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-ec2-1.0.3-150000.6.102.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.102.1 * cloud-regionsrv-client-10.1.5-150000.6.102.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.102.1 * openSUSE Leap Micro 5.4 (noarch) * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-ec2-1.0.3-150000.6.102.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.102.1 * cloud-regionsrv-client-10.1.5-150000.6.102.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.102.1 * openSUSE Leap 15.4 (noarch) * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-ec2-1.0.3-150000.6.102.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.102.1 * cloud-regionsrv-client-10.1.5-150000.6.102.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.102.1 * openSUSE Leap 15.5 (noarch) * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-ec2-1.0.3-150000.6.102.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.102.1 * cloud-regionsrv-client-10.1.5-150000.6.102.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.102.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-ec2-1.0.3-150000.6.102.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.102.1 * cloud-regionsrv-client-10.1.5-150000.6.102.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.102.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-ec2-1.0.3-150000.6.102.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.102.1 * cloud-regionsrv-client-10.1.5-150000.6.102.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.102.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-ec2-1.0.3-150000.6.102.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.102.1 * cloud-regionsrv-client-10.1.5-150000.6.102.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.102.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-ec2-1.0.3-150000.6.102.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.102.1 * cloud-regionsrv-client-10.1.5-150000.6.102.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.102.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-ec2-1.0.3-150000.6.102.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.102.1 * cloud-regionsrv-client-10.1.5-150000.6.102.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.102.1 * Public Cloud Module 15-SP1 (noarch) * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-ec2-1.0.3-150000.6.102.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.102.1 * cloud-regionsrv-client-10.1.5-150000.6.102.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.102.1 * Public Cloud Module 15-SP2 (noarch) * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-ec2-1.0.3-150000.6.102.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.102.1 * cloud-regionsrv-client-10.1.5-150000.6.102.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.102.1 * Public Cloud Module 15-SP3 (noarch) * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-ec2-1.0.3-150000.6.102.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.102.1 * cloud-regionsrv-client-10.1.5-150000.6.102.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.102.1 * Public Cloud Module 15-SP4 (noarch) * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-ec2-1.0.3-150000.6.102.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.102.1 * cloud-regionsrv-client-10.1.5-150000.6.102.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.102.1 * Public Cloud Module 15-SP5 (noarch) * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-ec2-1.0.3-150000.6.102.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.102.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.102.1 * cloud-regionsrv-client-10.1.5-150000.6.102.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.102.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1217451 * https://bugzilla.suse.com/show_bug.cgi?id=1217583 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Dec 23 08:06:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:06:19 +0100 (CET) Subject: SUSE-CU-2023:4262-1: Recommended update of suse/sle15 Message-ID: <20231223080619.F0445FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4262-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.229 , suse/sle15:15.3 , suse/sle15:15.3.17.20.229 Container Release : 17.20.229 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4963-1 Released: Fri Dec 22 14:37:08 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) The following package changes have been done: - curl-7.66.0-150200.4.66.1 updated - libcurl4-7.66.0-150200.4.66.1 updated From sle-updates at lists.suse.com Sat Dec 23 08:07:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:07:14 +0100 (CET) Subject: SUSE-CU-2023:4263-1: Recommended update of bci/bci-init Message-ID: <20231223080714.71B18FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4263-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.30.46 Container Release : 30.46 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-27.14.130 updated From sle-updates at lists.suse.com Sat Dec 23 08:07:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:07:49 +0100 (CET) Subject: SUSE-CU-2023:4264-1: Recommended update of bci/nodejs Message-ID: <20231223080749.310D9FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4264-1 Container Tags : bci/node:16 , bci/node:16-18.41 , bci/nodejs:16 , bci/nodejs:16-18.41 Container Release : 18.41 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-27.14.130 updated From sle-updates at lists.suse.com Sat Dec 23 08:08:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:08:10 +0100 (CET) Subject: SUSE-CU-2023:4265-1: Recommended update of suse/postgres Message-ID: <20231223080810.6D52BFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4265-1 Container Tags : suse/postgres:14 , suse/postgres:14-24.30 , suse/postgres:14.10 , suse/postgres:14.10-24.30 Container Release : 24.30 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-27.14.130 updated From sle-updates at lists.suse.com Sat Dec 23 08:09:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:09:00 +0100 (CET) Subject: SUSE-CU-2023:4266-1: Recommended update of bci/python Message-ID: <20231223080900.5969AFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4266-1 Container Tags : bci/python:3 , bci/python:3-16.44 , bci/python:3.10 , bci/python:3.10-16.44 Container Release : 16.44 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - curl-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-27.14.130 updated From sle-updates at lists.suse.com Sat Dec 23 08:09:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:09:44 +0100 (CET) Subject: SUSE-CU-2023:4267-1: Recommended update of suse/sle15 Message-ID: <20231223080944.E2266FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4267-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.130 , suse/sle15:15.4 , suse/sle15:15.4.27.14.130 Container Release : 27.14.130 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - curl-8.0.1-150400.5.41.1 updated - libcurl4-8.0.1-150400.5.41.1 updated From sle-updates at lists.suse.com Sat Dec 23 08:10:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:10:05 +0100 (CET) Subject: SUSE-CU-2023:4268-1: Recommended update of suse/389-ds Message-ID: <20231223081005.87E7EFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4268-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.71 , suse/389-ds:latest Container Release : 16.71 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sat Dec 23 08:10:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:10:26 +0100 (CET) Subject: SUSE-CU-2023:4269-1: Recommended update of bci/dotnet-aspnet Message-ID: <20231223081026.B843DFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4269-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-18.25 , bci/dotnet-aspnet:6.0.25 , bci/dotnet-aspnet:6.0.25-18.25 Container Release : 18.25 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sat Dec 23 08:10:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:10:47 +0100 (CET) Subject: SUSE-CU-2023:4270-1: Recommended update of bci/dotnet-aspnet Message-ID: <20231223081047.AF444FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4270-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-18.26 , bci/dotnet-aspnet:7.0.14 , bci/dotnet-aspnet:7.0.14-18.26 , bci/dotnet-aspnet:latest Container Release : 18.26 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sat Dec 23 08:11:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:11:13 +0100 (CET) Subject: SUSE-CU-2023:4271-1: Recommended update of bci/dotnet-sdk Message-ID: <20231223081113.8DA23FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4271-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-17.26 , bci/dotnet-sdk:6.0.25 , bci/dotnet-sdk:6.0.25-17.26 Container Release : 17.26 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sat Dec 23 08:11:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:11:38 +0100 (CET) Subject: SUSE-CU-2023:4272-1: Recommended update of bci/dotnet-sdk Message-ID: <20231223081138.63B0CFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4272-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-19.25 , bci/dotnet-sdk:7.0.14 , bci/dotnet-sdk:7.0.14-19.25 , bci/dotnet-sdk:latest Container Release : 19.25 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sat Dec 23 08:11:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:11:56 +0100 (CET) Subject: SUSE-CU-2023:4273-1: Recommended update of bci/dotnet-runtime Message-ID: <20231223081156.92A7EFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4273-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-17.26 , bci/dotnet-runtime:6.0.25 , bci/dotnet-runtime:6.0.25-17.26 Container Release : 17.26 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sat Dec 23 08:12:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:12:14 +0100 (CET) Subject: SUSE-CU-2023:4274-1: Recommended update of bci/dotnet-runtime Message-ID: <20231223081214.D5CF9FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4274-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-19.26 , bci/dotnet-runtime:7.0.14 , bci/dotnet-runtime:7.0.14-19.26 , bci/dotnet-runtime:latest Container Release : 19.26 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sat Dec 23 08:12:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:12:21 +0100 (CET) Subject: SUSE-CU-2023:4275-1: Recommended update of suse/git Message-ID: <20231223081221.9C7BFFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4275-1 Container Tags : suse/git:2.35 , suse/git:2.35-4.27 , suse/git:latest Container Release : 4.27 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated From sle-updates at lists.suse.com Sat Dec 23 08:12:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:12:33 +0100 (CET) Subject: SUSE-CU-2023:4276-1: Recommended update of bci/golang Message-ID: <20231223081233.318CDFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4276-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-8.31 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-8.31 Container Release : 8.31 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sat Dec 23 08:12:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:12:51 +0100 (CET) Subject: SUSE-CU-2023:4277-1: Recommended update of bci/golang Message-ID: <20231223081251.01D1CFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4277-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-1.4.68 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.4.68 Container Release : 4.68 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sat Dec 23 08:13:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:13:02 +0100 (CET) Subject: SUSE-CU-2023:4278-1: Recommended update of bci/golang Message-ID: <20231223081302.01C1EFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4278-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-8.31 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-8.31 Container Release : 8.31 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sat Dec 23 08:13:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:13:20 +0100 (CET) Subject: SUSE-CU-2023:4279-1: Recommended update of bci/bci-init Message-ID: <20231223081320.6E31CFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4279-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.10.62 , bci/bci-init:latest Container Release : 10.62 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sat Dec 23 08:13:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:13:32 +0100 (CET) Subject: SUSE-CU-2023:4280-1: Recommended update of suse/nginx Message-ID: <20231223081332.9CBE9FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4280-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-5.61 , suse/nginx:latest Container Release : 5.61 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sat Dec 23 08:13:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:13:36 +0100 (CET) Subject: SUSE-CU-2023:4281-1: Recommended update of bci/nodejs Message-ID: <20231223081336.A88FDFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4281-1 Container Tags : bci/node:20 , bci/node:20-2.26 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-2.26 , bci/nodejs:latest Container Release : 2.26 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sat Dec 23 08:14:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:14:02 +0100 (CET) Subject: SUSE-CU-2023:4282-1: Recommended update of bci/openjdk-devel Message-ID: <20231223081402.E3B0AFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4282-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-10.124 Container Release : 10.124 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:bci-openjdk-11-15.5.11-11.61 updated From sle-updates at lists.suse.com Sun Dec 24 08:02:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:02:25 +0100 (CET) Subject: SUSE-CU-2023:4283-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20231224080225.0BA60FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4283-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.281 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.281 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-27.14.130 updated From sle-updates at lists.suse.com Sun Dec 24 08:03:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:03:03 +0100 (CET) Subject: SUSE-CU-2023:4284-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20231224080303.4868CFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4284-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.179 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.179 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-27.14.130 updated From sle-updates at lists.suse.com Sun Dec 24 08:03:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:03:23 +0100 (CET) Subject: SUSE-CU-2023:4285-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20231224080323.0C095FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4285-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.123 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.123 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sun Dec 24 08:05:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:05:24 +0100 (CET) Subject: SUSE-CU-2023:4286-1: Recommended update of suse/sles12sp5 Message-ID: <20231224080524.B982CFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4286-1 Container Tags : suse/sles12sp5:6.5.546 , suse/sles12sp5:latest Container Release : 6.5.546 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4964-1 Released: Fri Dec 22 14:38:31 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) The following package changes have been done: - libcurl4-8.0.1-11.83.2 updated From sle-updates at lists.suse.com Sun Dec 24 08:08:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:08:00 +0100 (CET) Subject: SUSE-CU-2023:4287-1: Security update of suse/sle15 Message-ID: <20231224080800.B096AFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4287-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.857 Container Release : 6.2.857 Severity : moderate Type : security References : 1201384 1208143 1217277 1218014 CVE-2023-0361 CVE-2023-50495 CVE-2023-5981 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4952-1 Released: Thu Dec 21 15:08:30 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1208143,1217277,CVE-2023-0361,CVE-2023-5981 This update for gnutls fixes the following issues: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143). - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). The following package changes have been done: - libgnutls30-3.6.7-150000.6.50.1 updated - libncurses6-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated From sle-updates at lists.suse.com Sun Dec 24 08:09:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:09:59 +0100 (CET) Subject: SUSE-CU-2023:4288-1: Recommended update of suse/sle15 Message-ID: <20231224080959.9EE5AFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4288-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.385 Container Release : 9.5.385 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4963-1 Released: Fri Dec 22 14:37:08 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) The following package changes have been done: - libcurl4-7.66.0-150200.4.66.1 updated From sle-updates at lists.suse.com Sun Dec 24 08:10:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:10:33 +0100 (CET) Subject: SUSE-CU-2023:4282-1: Recommended update of bci/openjdk-devel Message-ID: <20231224081033.649D3FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4282-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-10.124 Container Release : 10.124 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:bci-openjdk-11-15.5.11-11.61 updated From sle-updates at lists.suse.com Sun Dec 24 08:10:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:10:57 +0100 (CET) Subject: SUSE-CU-2023:4289-1: Recommended update of bci/openjdk Message-ID: <20231224081057.19028FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4289-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-11.61 Container Release : 11.61 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sun Dec 24 08:11:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:11:28 +0100 (CET) Subject: SUSE-CU-2023:4290-1: Recommended update of bci/openjdk-devel Message-ID: <20231224081128.9DCDCFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4290-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-12.119 , bci/openjdk-devel:latest Container Release : 12.119 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:bci-openjdk-17-15.5.17-12.60 updated From sle-updates at lists.suse.com Sun Dec 24 08:12:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:12:10 +0100 (CET) Subject: SUSE-CU-2023:4291-1: Recommended update of suse/pcp Message-ID: <20231224081210.EC3CAFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4291-1 Container Tags : suse/pcp:5 , suse/pcp:5-18.7 , suse/pcp:5.2 , suse/pcp:5.2-18.7 , suse/pcp:5.2.5 , suse/pcp:5.2.5-18.7 , suse/pcp:latest Container Release : 18.7 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:bci-bci-init-15.5-15.5-10.62 updated From sle-updates at lists.suse.com Sun Dec 24 08:12:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:12:34 +0100 (CET) Subject: SUSE-CU-2023:4292-1: Recommended update of bci/php-apache Message-ID: <20231224081234.2C1EBFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4292-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-8.56 Container Release : 8.56 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sun Dec 24 08:12:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:12:57 +0100 (CET) Subject: SUSE-CU-2023:4293-1: Recommended update of bci/php-fpm Message-ID: <20231224081257.33149FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4293-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-8.61 Container Release : 8.61 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sun Dec 24 08:13:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:13:19 +0100 (CET) Subject: SUSE-CU-2023:4294-1: Recommended update of bci/php Message-ID: <20231224081319.0A3CAFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4294-1 Container Tags : bci/php:8 , bci/php:8-8.56 Container Release : 8.56 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sun Dec 24 08:13:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:13:42 +0100 (CET) Subject: SUSE-CU-2023:4295-1: Recommended update of suse/postgres Message-ID: <20231224081342.7B545FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4295-1 Container Tags : suse/postgres:15 , suse/postgres:15-13.15 , suse/postgres:15.5 , suse/postgres:15.5-13.15 Container Release : 13.15 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sun Dec 24 08:13:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:13:45 +0100 (CET) Subject: SUSE-CU-2023:4296-1: Recommended update of suse/postgres Message-ID: <20231224081345.A73CDFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4296-1 Container Tags : suse/postgres:16 , suse/postgres:16-2.14 , suse/postgres:16.1 , suse/postgres:16.1-2.14 , suse/postgres:latest Container Release : 2.14 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sun Dec 24 08:14:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:14:10 +0100 (CET) Subject: SUSE-CU-2023:4297-1: Recommended update of bci/python Message-ID: <20231224081410.C9106FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4297-1 Container Tags : bci/python:3 , bci/python:3-14.55 , bci/python:3.6 , bci/python:3.6-14.55 Container Release : 14.55 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - curl-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sun Dec 24 08:14:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:14:20 +0100 (CET) Subject: SUSE-CU-2023:4298-1: Recommended update of suse/rmt-server Message-ID: <20231224081420.B7A6FFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4298-1 Container Tags : suse/rmt-server:2.14 , suse/rmt-server:2.14-11.55 , suse/rmt-server:latest Container Release : 11.55 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sun Dec 24 08:14:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:14:44 +0100 (CET) Subject: SUSE-CU-2023:4299-1: Recommended update of bci/ruby Message-ID: <20231224081444.B50E5FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4299-1 Container Tags : bci/ruby:2 , bci/ruby:2-12.55 , bci/ruby:2.5 , bci/ruby:2.5-12.55 , bci/ruby:latest Container Release : 12.55 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - curl-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sun Dec 24 08:15:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:15:07 +0100 (CET) Subject: SUSE-CU-2023:4300-1: Recommended update of bci/rust Message-ID: <20231224081507.A6283FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4300-1 Container Tags : bci/rust:1.73 , bci/rust:1.73-2.2.16 , bci/rust:oldstable , bci/rust:oldstable-2.2.16 Container Release : 2.16 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sun Dec 24 08:15:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:15:30 +0100 (CET) Subject: SUSE-CU-2023:4301-1: Recommended update of bci/rust Message-ID: <20231224081530.673AFFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4301-1 Container Tags : bci/rust:1.74 , bci/rust:1.74-1.2.16 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.16 Container Release : 2.16 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Sun Dec 24 08:15:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:15:50 +0100 (CET) Subject: SUSE-CU-2023:4302-1: Recommended update of suse/sle15 Message-ID: <20231224081550.95243FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4302-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.68 , suse/sle15:15.5 , suse/sle15:15.5.36.5.68 Container Release : 36.5.68 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - curl-8.0.1-150400.5.41.1 updated - libcurl4-8.0.1-150400.5.41.1 updated From sle-updates at lists.suse.com Mon Dec 25 08:02:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Dec 2023 09:02:09 +0100 (CET) Subject: SUSE-CU-2023:4302-1: Recommended update of suse/sle15 Message-ID: <20231225080209.F365BFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4302-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.68 , suse/sle15:15.5 , suse/sle15:15.5.36.5.68 Container Release : 36.5.68 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - curl-8.0.1-150400.5.41.1 updated - libcurl4-8.0.1-150400.5.41.1 updated From sle-updates at lists.suse.com Mon Dec 25 08:02:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Dec 2023 09:02:23 +0100 (CET) Subject: SUSE-CU-2023:4303-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20231225080223.BC414FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4303-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.9 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.9 Container Release : 9.43.9 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - curl-8.0.1-150400.5.41.1 updated From sle-updates at lists.suse.com Mon Dec 25 08:02:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Dec 2023 09:02:32 +0100 (CET) Subject: SUSE-CU-2023:4304-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20231225080232.C7000FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4304-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.10 , suse/manager/4.3/proxy-salt-broker:4.3.10.9.33.8 , suse/manager/4.3/proxy-salt-broker:latest , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.10 , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.10.9.33.8 Container Release : 9.33.8 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - curl-8.0.1-150400.5.41.1 updated From sle-updates at lists.suse.com Mon Dec 25 08:02:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Dec 2023 09:02:42 +0100 (CET) Subject: SUSE-CU-2023:4305-1: Recommended update of suse/manager/4.3/proxy-squid Message-ID: <20231225080242.0610DFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4305-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.10 , suse/manager/4.3/proxy-squid:4.3.10.9.42.6 , suse/manager/4.3/proxy-squid:latest , suse/manager/4.3/proxy-squid:susemanager-4.3.10 , suse/manager/4.3/proxy-squid:susemanager-4.3.10.9.42.6 Container Release : 9.42.6 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated From sle-updates at lists.suse.com Mon Dec 25 08:02:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Dec 2023 09:02:50 +0100 (CET) Subject: SUSE-CU-2023:4306-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20231225080250.682BEFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4306-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.10 , suse/manager/4.3/proxy-ssh:4.3.10.9.33.7 , suse/manager/4.3/proxy-ssh:latest , suse/manager/4.3/proxy-ssh:susemanager-4.3.10 , suse/manager/4.3/proxy-ssh:susemanager-4.3.10.9.33.7 Container Release : 9.33.7 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated From sle-updates at lists.suse.com Mon Dec 25 08:02:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Dec 2023 09:02:59 +0100 (CET) Subject: SUSE-CU-2023:4307-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20231225080259.BF68FFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4307-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.10 , suse/manager/4.3/proxy-tftpd:4.3.10.9.33.7 , suse/manager/4.3/proxy-tftpd:latest , suse/manager/4.3/proxy-tftpd:susemanager-4.3.10 , suse/manager/4.3/proxy-tftpd:susemanager-4.3.10.9.33.7 Container Release : 9.33.7 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated From sle-updates at lists.suse.com Mon Dec 25 08:03:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Dec 2023 09:03:27 +0100 (CET) Subject: SUSE-CU-2023:4308-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20231225080327.DD772FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4308-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.517 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.517 Severity : important Type : security References : 1201384 1216987 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4963-1 Released: Fri Dec 22 14:37:08 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) The following package changes have been done: - libcurl4-7.66.0-150200.4.66.1 updated - libncurses6-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-17.20.229 updated From sle-updates at lists.suse.com Mon Dec 25 08:04:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Dec 2023 09:04:53 +0100 (CET) Subject: SUSE-CU-2023:4310-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20231225080453.92F79FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4310-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.339 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.339 Severity : important Type : security References : 1201384 1216987 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4963-1 Released: Fri Dec 22 14:37:08 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) The following package changes have been done: - libcurl4-7.66.0-150200.4.66.1 updated - libncurses6-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-17.20.229 updated From null at suse.de Mon Dec 25 12:30:03 2023 From: null at suse.de (SLE-UPDATES) Date: Mon, 25 Dec 2023 12:30:03 -0000 Subject: SUSE-SU-2023:4971-1: important: Security update for gstreamer-plugins-bad Message-ID: <170350740319.4564.12502577259108178420@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4971-1 Rating: important References: * bsc#1213126 * bsc#1215792 Cross-References: * CVE-2023-37329 * CVE-2023-40475 CVSS scores: * CVE-2023-37329 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40475 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-44446: Fixed GStreamer MXF File Parsing Use-After-Free (bsc#1217213). * CVE-2023-40475: Fixed GStreamer MXF File Parsing Integer Overflow (bsc#1215792). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4971=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4971=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4971=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4971=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4971=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4971=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.15.1 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.15.1 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.15.1 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-devel-1.16.3-150300.9.15.1 * libgstinsertbin-1_0-0-1.16.3-150300.9.15.1 * libgstwebrtc-1_0-0-1.16.3-150300.9.15.1 * libgstisoff-1_0-0-1.16.3-150300.9.15.1 * libgstbadaudio-1_0-0-1.16.3-150300.9.15.1 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.15.1 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.15.1 * libgstcodecparsers-1_0-0-1.16.3-150300.9.15.1 * libgstmpegts-1_0-0-1.16.3-150300.9.15.1 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-1.16.3-150300.9.15.1 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.15.1 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.15.1 * libgstsctp-1_0-0-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.15.1 * libgstwayland-1_0-0-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.15.1 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.15.1 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.15.1 * libgstphotography-1_0-0-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-doc-1.16.3-150300.9.15.1 * libgstplayer-1_0-0-1.16.3-150300.9.15.1 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgsturidownloader-1_0-0-1.16.3-150300.9.15.1 * openSUSE Leap 15.3 (x86_64) * libgstplayer-1_0-0-32bit-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-32bit-debuginfo-1.16.3-150300.9.15.1 * libgstwayland-1_0-0-32bit-debuginfo-1.16.3-150300.9.15.1 * libgstsctp-1_0-0-32bit-debuginfo-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.16.3-150300.9.15.1 * libgstadaptivedemux-1_0-0-32bit-debuginfo-1.16.3-150300.9.15.1 * libgstisoff-1_0-0-32bit-debuginfo-1.16.3-150300.9.15.1 * libgstwebrtc-1_0-0-32bit-1.16.3-150300.9.15.1 * libgstinsertbin-1_0-0-32bit-debuginfo-1.16.3-150300.9.15.1 * libgstmpegts-1_0-0-32bit-debuginfo-1.16.3-150300.9.15.1 * libgstsctp-1_0-0-32bit-1.16.3-150300.9.15.1 * libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.16.3-150300.9.15.1 * libgstphotography-1_0-0-32bit-debuginfo-1.16.3-150300.9.15.1 * libgstcodecparsers-1_0-0-32bit-debuginfo-1.16.3-150300.9.15.1 * libgstphotography-1_0-0-32bit-1.16.3-150300.9.15.1 * libgstinsertbin-1_0-0-32bit-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-32bit-1.16.3-150300.9.15.1 * libgstwebrtc-1_0-0-32bit-debuginfo-1.16.3-150300.9.15.1 * libgstcodecparsers-1_0-0-32bit-1.16.3-150300.9.15.1 * libgstbadaudio-1_0-0-32bit-debuginfo-1.16.3-150300.9.15.1 * libgstadaptivedemux-1_0-0-32bit-1.16.3-150300.9.15.1 * libgstbasecamerabinsrc-1_0-0-32bit-1.16.3-150300.9.15.1 * libgstisoff-1_0-0-32bit-1.16.3-150300.9.15.1 * libgstwayland-1_0-0-32bit-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-chromaprint-32bit-1.16.3-150300.9.15.1 * libgstbadaudio-1_0-0-32bit-1.16.3-150300.9.15.1 * libgsturidownloader-1_0-0-32bit-1.16.3-150300.9.15.1 * libgstmpegts-1_0-0-32bit-1.16.3-150300.9.15.1 * libgstplayer-1_0-0-32bit-debuginfo-1.16.3-150300.9.15.1 * libgsturidownloader-1_0-0-32bit-debuginfo-1.16.3-150300.9.15.1 * openSUSE Leap 15.3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.15.1 * openSUSE Leap 15.3 (aarch64_ilp32) * libgstadaptivedemux-1_0-0-64bit-debuginfo-1.16.3-150300.9.15.1 * libgsturidownloader-1_0-0-64bit-1.16.3-150300.9.15.1 * libgstbadaudio-1_0-0-64bit-1.16.3-150300.9.15.1 * libgstwebrtc-1_0-0-64bit-debuginfo-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-chromaprint-64bit-1.16.3-150300.9.15.1 * libgstbadaudio-1_0-0-64bit-debuginfo-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-64bit-debuginfo-1.16.3-150300.9.15.1 * libgstplayer-1_0-0-64bit-1.16.3-150300.9.15.1 * libgstwayland-1_0-0-64bit-1.16.3-150300.9.15.1 * libgstplayer-1_0-0-64bit-debuginfo-1.16.3-150300.9.15.1 * libgstadaptivedemux-1_0-0-64bit-1.16.3-150300.9.15.1 * libgstinsertbin-1_0-0-64bit-1.16.3-150300.9.15.1 * libgstinsertbin-1_0-0-64bit-debuginfo-1.16.3-150300.9.15.1 * libgstisoff-1_0-0-64bit-debuginfo-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.16.3-150300.9.15.1 * libgstwayland-1_0-0-64bit-debuginfo-1.16.3-150300.9.15.1 * libgstwebrtc-1_0-0-64bit-1.16.3-150300.9.15.1 * libgstmpegts-1_0-0-64bit-debuginfo-1.16.3-150300.9.15.1 * libgstbasecamerabinsrc-1_0-0-64bit-1.16.3-150300.9.15.1 * libgstcodecparsers-1_0-0-64bit-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-64bit-1.16.3-150300.9.15.1 * libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.16.3-150300.9.15.1 * libgstmpegts-1_0-0-64bit-1.16.3-150300.9.15.1 * libgstisoff-1_0-0-64bit-1.16.3-150300.9.15.1 * libgstphotography-1_0-0-64bit-debuginfo-1.16.3-150300.9.15.1 * libgstcodecparsers-1_0-0-64bit-debuginfo-1.16.3-150300.9.15.1 * libgsturidownloader-1_0-0-64bit-debuginfo-1.16.3-150300.9.15.1 * libgstphotography-1_0-0-64bit-1.16.3-150300.9.15.1 * libgstsctp-1_0-0-64bit-debuginfo-1.16.3-150300.9.15.1 * libgstsctp-1_0-0-64bit-1.16.3-150300.9.15.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.15.1 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.15.1 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.15.1 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-devel-1.16.3-150300.9.15.1 * libgstinsertbin-1_0-0-1.16.3-150300.9.15.1 * libgstwebrtc-1_0-0-1.16.3-150300.9.15.1 * libgstisoff-1_0-0-1.16.3-150300.9.15.1 * libgstbadaudio-1_0-0-1.16.3-150300.9.15.1 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.15.1 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.15.1 * libgstcodecparsers-1_0-0-1.16.3-150300.9.15.1 * libgstmpegts-1_0-0-1.16.3-150300.9.15.1 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-1.16.3-150300.9.15.1 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.15.1 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.15.1 * libgstsctp-1_0-0-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.15.1 * libgstwayland-1_0-0-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.15.1 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.15.1 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.15.1 * libgstphotography-1_0-0-1.16.3-150300.9.15.1 * libgstplayer-1_0-0-1.16.3-150300.9.15.1 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgsturidownloader-1_0-0-1.16.3-150300.9.15.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.15.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.15.1 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.15.1 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.15.1 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-devel-1.16.3-150300.9.15.1 * libgstinsertbin-1_0-0-1.16.3-150300.9.15.1 * libgstwebrtc-1_0-0-1.16.3-150300.9.15.1 * libgstisoff-1_0-0-1.16.3-150300.9.15.1 * libgstbadaudio-1_0-0-1.16.3-150300.9.15.1 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.15.1 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.15.1 * libgstcodecparsers-1_0-0-1.16.3-150300.9.15.1 * libgstmpegts-1_0-0-1.16.3-150300.9.15.1 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-1.16.3-150300.9.15.1 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.15.1 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.15.1 * libgstsctp-1_0-0-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.15.1 * libgstwayland-1_0-0-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.15.1 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.15.1 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.15.1 * libgstphotography-1_0-0-1.16.3-150300.9.15.1 * libgstplayer-1_0-0-1.16.3-150300.9.15.1 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgsturidownloader-1_0-0-1.16.3-150300.9.15.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.15.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.15.1 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.15.1 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.15.1 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-devel-1.16.3-150300.9.15.1 * libgstinsertbin-1_0-0-1.16.3-150300.9.15.1 * libgstwebrtc-1_0-0-1.16.3-150300.9.15.1 * libgstisoff-1_0-0-1.16.3-150300.9.15.1 * libgstbadaudio-1_0-0-1.16.3-150300.9.15.1 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.15.1 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.15.1 * libgstcodecparsers-1_0-0-1.16.3-150300.9.15.1 * libgstmpegts-1_0-0-1.16.3-150300.9.15.1 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-1.16.3-150300.9.15.1 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.15.1 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.15.1 * libgstsctp-1_0-0-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.15.1 * libgstwayland-1_0-0-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.15.1 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.15.1 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.15.1 * libgstphotography-1_0-0-1.16.3-150300.9.15.1 * libgstplayer-1_0-0-1.16.3-150300.9.15.1 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgsturidownloader-1_0-0-1.16.3-150300.9.15.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.15.1 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.15.1 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.15.1 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-devel-1.16.3-150300.9.15.1 * libgstinsertbin-1_0-0-1.16.3-150300.9.15.1 * libgstwebrtc-1_0-0-1.16.3-150300.9.15.1 * libgstisoff-1_0-0-1.16.3-150300.9.15.1 * libgstbadaudio-1_0-0-1.16.3-150300.9.15.1 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.15.1 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.15.1 * libgstcodecparsers-1_0-0-1.16.3-150300.9.15.1 * libgstmpegts-1_0-0-1.16.3-150300.9.15.1 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-1.16.3-150300.9.15.1 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.15.1 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.15.1 * libgstsctp-1_0-0-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.15.1 * libgstwayland-1_0-0-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.15.1 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.15.1 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.15.1 * libgstphotography-1_0-0-1.16.3-150300.9.15.1 * libgstplayer-1_0-0-1.16.3-150300.9.15.1 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgsturidownloader-1_0-0-1.16.3-150300.9.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.15.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.15.1 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.15.1 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.15.1 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-devel-1.16.3-150300.9.15.1 * libgstinsertbin-1_0-0-1.16.3-150300.9.15.1 * libgstwebrtc-1_0-0-1.16.3-150300.9.15.1 * libgstisoff-1_0-0-1.16.3-150300.9.15.1 * libgstbadaudio-1_0-0-1.16.3-150300.9.15.1 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.15.1 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.15.1 * libgstcodecparsers-1_0-0-1.16.3-150300.9.15.1 * libgstmpegts-1_0-0-1.16.3-150300.9.15.1 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-1.16.3-150300.9.15.1 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.15.1 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.15.1 * libgstsctp-1_0-0-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.15.1 * libgstwayland-1_0-0-1.16.3-150300.9.15.1 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.15.1 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.15.1 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.15.1 * libgstphotography-1_0-0-1.16.3-150300.9.15.1 * libgstplayer-1_0-0-1.16.3-150300.9.15.1 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.15.1 * libgsturidownloader-1_0-0-1.16.3-150300.9.15.1 * SUSE Enterprise Storage 7.1 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-37329.html * https://www.suse.com/security/cve/CVE-2023-40475.html * https://bugzilla.suse.com/show_bug.cgi?id=1213126 * https://bugzilla.suse.com/show_bug.cgi?id=1215792 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Dec 25 12:30:09 2023 From: null at suse.de (SLE-UPDATES) Date: Mon, 25 Dec 2023 12:30:09 -0000 Subject: SUSE-RU-2023:4970-1: moderate: Recommended update for icu73_2 Message-ID: <170350740904.4564.6551485006880508961@smelt2.prg2.suse.org> # Recommended update for icu73_2 Announcement ID: SUSE-RU-2023:4970-1 Rating: moderate References: * bsc#1217354 * bsc#1217479 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two fixes can now be installed. ## Description: This update for icu73_2 fixes the following issue: * ships 32bit icu library on SLES 15 SP3 to complement the ICU 69 32bit libraries. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4970=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4970=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4970=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4970=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4970=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4970=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4970=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4970=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4970=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4970=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4970=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4970=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4970=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4970=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4970=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4970=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4970=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4970=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4970=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4970=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4970=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4970=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4970=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4970=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 ppc64le s390x x86_64) * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * openSUSE Leap Micro 5.3 (noarch) * libicu73_2-bedata-73.2-150000.1.7.1 * libicu73_2-ledata-73.2-150000.1.7.1 * openSUSE Leap Micro 5.4 (aarch64 ppc64le s390x x86_64) * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * openSUSE Leap Micro 5.4 (noarch) * libicu73_2-bedata-73.2-150000.1.7.1 * libicu73_2-ledata-73.2-150000.1.7.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libicu73_2-doc-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-devel-73.2-150000.1.7.1 * icu73_2-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * openSUSE Leap 15.4 (x86_64) * libicu73_2-32bit-debuginfo-73.2-150000.1.7.1 * libicu73_2-32bit-73.2-150000.1.7.1 * openSUSE Leap 15.4 (noarch) * libicu73_2-bedata-73.2-150000.1.7.1 * libicu73_2-ledata-73.2-150000.1.7.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libicu73_2-doc-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-devel-73.2-150000.1.7.1 * icu73_2-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * openSUSE Leap 15.5 (x86_64) * libicu73_2-32bit-debuginfo-73.2-150000.1.7.1 * libicu73_2-32bit-73.2-150000.1.7.1 * openSUSE Leap 15.5 (noarch) * libicu73_2-bedata-73.2-150000.1.7.1 * libicu73_2-ledata-73.2-150000.1.7.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * libicu73_2-bedata-73.2-150000.1.7.1 * libicu73_2-ledata-73.2-150000.1.7.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * libicu73_2-bedata-73.2-150000.1.7.1 * libicu73_2-ledata-73.2-150000.1.7.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * libicu73_2-bedata-73.2-150000.1.7.1 * libicu73_2-ledata-73.2-150000.1.7.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * libicu73_2-bedata-73.2-150000.1.7.1 * libicu73_2-ledata-73.2-150000.1.7.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libicu73_2-doc-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-devel-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * Basesystem Module 15-SP4 (noarch) * libicu73_2-bedata-73.2-150000.1.7.1 * libicu73_2-ledata-73.2-150000.1.7.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libicu73_2-doc-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-devel-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * Basesystem Module 15-SP5 (noarch) * libicu73_2-bedata-73.2-150000.1.7.1 * libicu73_2-ledata-73.2-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libicu73_2-doc-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-devel-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * libicu73_2-ledata-73.2-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libicu73_2-doc-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-devel-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * libicu73_2-ledata-73.2-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libicu73_2-doc-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-devel-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * libicu73_2-ledata-73.2-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libicu73_2-32bit-debuginfo-73.2-150000.1.7.1 * libicu73_2-32bit-73.2-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libicu73_2-doc-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-devel-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * libicu73_2-ledata-73.2-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libicu73_2-32bit-debuginfo-73.2-150000.1.7.1 * libicu73_2-32bit-73.2-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libicu73_2-doc-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-devel-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * libicu73_2-bedata-73.2-150000.1.7.1 * libicu73_2-ledata-73.2-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libicu73_2-doc-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-devel-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * libicu73_2-bedata-73.2-150000.1.7.1 * libicu73_2-ledata-73.2-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libicu73_2-doc-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-devel-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * libicu73_2-bedata-73.2-150000.1.7.1 * libicu73_2-ledata-73.2-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libicu73_2-32bit-debuginfo-73.2-150000.1.7.1 * libicu73_2-32bit-73.2-150000.1.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libicu73_2-doc-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-devel-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * libicu73_2-ledata-73.2-150000.1.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libicu73_2-doc-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-devel-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * libicu73_2-ledata-73.2-150000.1.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libicu73_2-doc-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-devel-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * libicu73_2-ledata-73.2-150000.1.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libicu73_2-32bit-debuginfo-73.2-150000.1.7.1 * libicu73_2-32bit-73.2-150000.1.7.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libicu73_2-doc-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-devel-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * SUSE Enterprise Storage 7.1 (noarch) * libicu73_2-ledata-73.2-150000.1.7.1 * SUSE Enterprise Storage 7.1 (x86_64) * libicu73_2-32bit-debuginfo-73.2-150000.1.7.1 * libicu73_2-32bit-73.2-150000.1.7.1 * SUSE CaaS Platform 4.0 (x86_64) * libicu73_2-doc-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-devel-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * SUSE CaaS Platform 4.0 (noarch) * libicu73_2-ledata-73.2-150000.1.7.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * libicu73_2-bedata-73.2-150000.1.7.1 * libicu73_2-ledata-73.2-150000.1.7.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * libicu73_2-bedata-73.2-150000.1.7.1 * libicu73_2-ledata-73.2-150000.1.7.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * icu73_2-debugsource-73.2-150000.1.7.1 * libicu73_2-debuginfo-73.2-150000.1.7.1 * icu73_2-debuginfo-73.2-150000.1.7.1 * libicu73_2-73.2-150000.1.7.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * libicu73_2-bedata-73.2-150000.1.7.1 * libicu73_2-ledata-73.2-150000.1.7.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1217354 * https://bugzilla.suse.com/show_bug.cgi?id=1217479 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Dec 25 12:30:11 2023 From: null at suse.de (SLE-UPDATES) Date: Mon, 25 Dec 2023 12:30:11 -0000 Subject: SUSE-SU-2023:4969-1: low: Security update for jbigkit Message-ID: <170350741167.4564.5210662570049053092@smelt2.prg2.suse.org> # Security update for jbigkit Announcement ID: SUSE-SU-2023:4969-1 Rating: low References: * bsc#1198146 Cross-References: * CVE-2022-1210 CVSS scores: * CVE-2022-1210 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-1210 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for jbigkit fixes the following issues: * CVE-2022-1210: Fixed denial of service in TIFF File Handler (bsc#1198146). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4969=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4969=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4969=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4969=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * jbigkit-debuginfo-2.0-14.3.1 * jbigkit-debugsource-2.0-14.3.1 * libjbig-devel-2.0-14.3.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * jbigkit-debuginfo-2.0-14.3.1 * jbigkit-debugsource-2.0-14.3.1 * libjbig2-2.0-14.3.1 * libjbig2-debuginfo-2.0-14.3.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libjbig2-debuginfo-32bit-2.0-14.3.1 * libjbig2-32bit-2.0-14.3.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * jbigkit-debuginfo-2.0-14.3.1 * jbigkit-debugsource-2.0-14.3.1 * libjbig2-2.0-14.3.1 * libjbig2-debuginfo-2.0-14.3.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libjbig2-debuginfo-32bit-2.0-14.3.1 * libjbig2-32bit-2.0-14.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * jbigkit-debuginfo-2.0-14.3.1 * jbigkit-debugsource-2.0-14.3.1 * libjbig2-2.0-14.3.1 * libjbig2-debuginfo-2.0-14.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libjbig2-debuginfo-32bit-2.0-14.3.1 * libjbig2-32bit-2.0-14.3.1 ## References: * https://www.suse.com/security/cve/CVE-2022-1210.html * https://bugzilla.suse.com/show_bug.cgi?id=1198146 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Dec 25 12:36:16 2023 From: null at suse.de (SLE-UPDATES) Date: Mon, 25 Dec 2023 12:36:16 -0000 Subject: SUSE-SU-2023:4968-1: low: Security update for jbigkit Message-ID: <170350777694.7021.7480811368461065305@smelt2.prg2.suse.org> # Security update for jbigkit Announcement ID: SUSE-SU-2023:4968-1 Rating: low References: * bsc#1198146 Cross-References: * CVE-2022-1210 CVSS scores: * CVE-2022-1210 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-1210 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for jbigkit fixes the following issues: * CVE-2022-1210: Fixed denial of service in TIFF File Handler (bsc#1198146). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4968=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4968=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4968=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4968=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4968=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4968=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4968=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4968=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4968=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4968=1 * SUSE Linux Enterprise Real Time 15 SP4 zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2023-4968=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4968=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4968=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * jbigkit-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * libjbig-devel-2.1-150000.3.5.1 * libjbig2-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * openSUSE Leap 15.4 (x86_64) * libjbig2-32bit-debuginfo-2.1-150000.3.5.1 * libjbig-devel-32bit-2.1-150000.3.5.1 * libjbig2-32bit-2.1-150000.3.5.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * jbigkit-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * libjbig-devel-2.1-150000.3.5.1 * libjbig2-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * openSUSE Leap 15.5 (x86_64) * libjbig2-32bit-debuginfo-2.1-150000.3.5.1 * libjbig-devel-32bit-2.1-150000.3.5.1 * libjbig2-32bit-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * jbigkit-debuginfo-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * libjbig-devel-2.1-150000.3.5.1 * libjbig2-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * Basesystem Module 15-SP5 (x86_64) * libjbig2-32bit-debuginfo-2.1-150000.3.5.1 * libjbig2-32bit-2.1-150000.3.5.1 * SUSE Linux Enterprise Real Time 15 SP4 (x86_64) * jbigkit-debuginfo-2.1-150000.3.5.1 * libjbig2-32bit-debuginfo-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * libjbig-devel-2.1-150000.3.5.1 * libjbig2-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * libjbig2-32bit-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 ## References: * https://www.suse.com/security/cve/CVE-2022-1210.html * https://bugzilla.suse.com/show_bug.cgi?id=1198146 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Dec 25 12:39:18 2023 From: null at suse.de (SLE-UPDATES) Date: Mon, 25 Dec 2023 12:39:18 -0000 Subject: SUSE-SU-2023:4968-1: low: Security update for jbigkit Message-ID: <170350795833.7021.14249588117729259516@smelt2.prg2.suse.org> # Security update for jbigkit Announcement ID: SUSE-SU-2023:4968-1 Rating: low References: * bsc#1198146 Cross-References: * CVE-2022-1210 CVSS scores: * CVE-2022-1210 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-1210 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for jbigkit fixes the following issues: * CVE-2022-1210: Fixed denial of service in TIFF File Handler (bsc#1198146). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4968=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4968=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4968=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4968=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4968=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4968=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4968=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4968=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4968=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4968=1 * SUSE Linux Enterprise Real Time 15 SP4 zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2023-4968=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4968=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4968=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * jbigkit-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * libjbig-devel-2.1-150000.3.5.1 * libjbig2-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * openSUSE Leap 15.4 (x86_64) * libjbig2-32bit-debuginfo-2.1-150000.3.5.1 * libjbig-devel-32bit-2.1-150000.3.5.1 * libjbig2-32bit-2.1-150000.3.5.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * jbigkit-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * libjbig-devel-2.1-150000.3.5.1 * libjbig2-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * openSUSE Leap 15.5 (x86_64) * libjbig2-32bit-debuginfo-2.1-150000.3.5.1 * libjbig-devel-32bit-2.1-150000.3.5.1 * libjbig2-32bit-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * jbigkit-debuginfo-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * libjbig-devel-2.1-150000.3.5.1 * libjbig2-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * Basesystem Module 15-SP5 (x86_64) * libjbig2-32bit-debuginfo-2.1-150000.3.5.1 * libjbig2-32bit-2.1-150000.3.5.1 * SUSE Linux Enterprise Real Time 15 SP4 (x86_64) * jbigkit-debuginfo-2.1-150000.3.5.1 * libjbig2-32bit-debuginfo-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * libjbig-devel-2.1-150000.3.5.1 * libjbig2-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * libjbig2-32bit-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 ## References: * https://www.suse.com/security/cve/CVE-2022-1210.html * https://bugzilla.suse.com/show_bug.cgi?id=1198146 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Dec 25 16:30:00 2023 From: null at suse.de (SLE-UPDATES) Date: Mon, 25 Dec 2023 16:30:00 -0000 Subject: SUSE-SU-2023:4968-1: low: Security update for jbigkit Message-ID: <170352180065.24304.5870508961076709717@smelt2.prg2.suse.org> # Security update for jbigkit Announcement ID: SUSE-SU-2023:4968-1 Rating: low References: * bsc#1198146 Cross-References: * CVE-2022-1210 CVSS scores: * CVE-2022-1210 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-1210 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for jbigkit fixes the following issues: * CVE-2022-1210: Fixed denial of service in TIFF File Handler (bsc#1198146). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4968=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4968=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4968=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4968=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4968=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4968=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4968=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4968=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4968=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4968=1 * SUSE Linux Enterprise Real Time 15 SP4 zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2023-4968=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4968=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4968=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * jbigkit-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * libjbig-devel-2.1-150000.3.5.1 * libjbig2-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * openSUSE Leap 15.4 (x86_64) * libjbig2-32bit-debuginfo-2.1-150000.3.5.1 * libjbig-devel-32bit-2.1-150000.3.5.1 * libjbig2-32bit-2.1-150000.3.5.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * jbigkit-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * libjbig-devel-2.1-150000.3.5.1 * libjbig2-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * openSUSE Leap 15.5 (x86_64) * libjbig2-32bit-debuginfo-2.1-150000.3.5.1 * libjbig-devel-32bit-2.1-150000.3.5.1 * libjbig2-32bit-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * jbigkit-debuginfo-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * libjbig-devel-2.1-150000.3.5.1 * libjbig2-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * Basesystem Module 15-SP5 (x86_64) * libjbig2-32bit-debuginfo-2.1-150000.3.5.1 * libjbig2-32bit-2.1-150000.3.5.1 * SUSE Linux Enterprise Real Time 15 SP4 (x86_64) * jbigkit-debuginfo-2.1-150000.3.5.1 * libjbig2-32bit-debuginfo-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * libjbig-devel-2.1-150000.3.5.1 * libjbig2-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * libjbig2-32bit-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 ## References: * https://www.suse.com/security/cve/CVE-2022-1210.html * https://bugzilla.suse.com/show_bug.cgi?id=1198146 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Dec 25 16:33:03 2023 From: null at suse.de (SLE-UPDATES) Date: Mon, 25 Dec 2023 16:33:03 -0000 Subject: SUSE-SU-2023:4968-1: low: Security update for jbigkit Message-ID: <170352198355.21795.528813379651539907@smelt2.prg2.suse.org> # Security update for jbigkit Announcement ID: SUSE-SU-2023:4968-1 Rating: low References: * bsc#1198146 Cross-References: * CVE-2022-1210 CVSS scores: * CVE-2022-1210 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-1210 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for jbigkit fixes the following issues: * CVE-2022-1210: Fixed denial of service in TIFF File Handler (bsc#1198146). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4968=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4968=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4968=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4968=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4968=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4968=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4968=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4968=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4968=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4968=1 * SUSE Linux Enterprise Real Time 15 SP4 zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2023-4968=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4968=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4968=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libjbig2-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * jbigkit-debugsource-2.1-150000.3.5.1 * libjbig-devel-2.1-150000.3.5.1 * jbigkit-2.1-150000.3.5.1 * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * openSUSE Leap 15.4 (x86_64) * libjbig2-32bit-debuginfo-2.1-150000.3.5.1 * libjbig2-32bit-2.1-150000.3.5.1 * libjbig-devel-32bit-2.1-150000.3.5.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * jbigkit-debugsource-2.1-150000.3.5.1 * libjbig-devel-2.1-150000.3.5.1 * jbigkit-2.1-150000.3.5.1 * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * openSUSE Leap 15.5 (x86_64) * libjbig2-32bit-debuginfo-2.1-150000.3.5.1 * libjbig2-32bit-2.1-150000.3.5.1 * libjbig-devel-32bit-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * jbigkit-debugsource-2.1-150000.3.5.1 * libjbig-devel-2.1-150000.3.5.1 * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * Basesystem Module 15-SP5 (x86_64) * libjbig2-32bit-debuginfo-2.1-150000.3.5.1 * libjbig2-32bit-2.1-150000.3.5.1 * SUSE Linux Enterprise Real Time 15 SP4 (x86_64) * libjbig2-32bit-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * libjbig-devel-2.1-150000.3.5.1 * libjbig2-32bit-2.1-150000.3.5.1 * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 ## References: * https://www.suse.com/security/cve/CVE-2022-1210.html * https://bugzilla.suse.com/show_bug.cgi?id=1198146 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Dec 25 16:36:05 2023 From: null at suse.de (SLE-UPDATES) Date: Mon, 25 Dec 2023 16:36:05 -0000 Subject: SUSE-SU-2023:4968-1: low: Security update for jbigkit Message-ID: <170352216580.24304.12528025088897648444@smelt2.prg2.suse.org> # Security update for jbigkit Announcement ID: SUSE-SU-2023:4968-1 Rating: low References: * bsc#1198146 Cross-References: * CVE-2022-1210 CVSS scores: * CVE-2022-1210 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-1210 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for jbigkit fixes the following issues: * CVE-2022-1210: Fixed denial of service in TIFF File Handler (bsc#1198146). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4968=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4968=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4968=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4968=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4968=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4968=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4968=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4968=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4968=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4968=1 * SUSE Linux Enterprise Real Time 15 SP4 zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2023-4968=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4968=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4968=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * jbigkit-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * libjbig-devel-2.1-150000.3.5.1 * libjbig2-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * openSUSE Leap 15.4 (x86_64) * libjbig2-32bit-debuginfo-2.1-150000.3.5.1 * libjbig-devel-32bit-2.1-150000.3.5.1 * libjbig2-32bit-2.1-150000.3.5.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * jbigkit-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * libjbig-devel-2.1-150000.3.5.1 * libjbig2-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * openSUSE Leap 15.5 (x86_64) * libjbig2-32bit-debuginfo-2.1-150000.3.5.1 * libjbig-devel-32bit-2.1-150000.3.5.1 * libjbig2-32bit-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * jbigkit-debuginfo-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * libjbig-devel-2.1-150000.3.5.1 * libjbig2-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * Basesystem Module 15-SP5 (x86_64) * libjbig2-32bit-debuginfo-2.1-150000.3.5.1 * libjbig2-32bit-2.1-150000.3.5.1 * SUSE Linux Enterprise Real Time 15 SP4 (x86_64) * jbigkit-debuginfo-2.1-150000.3.5.1 * libjbig2-32bit-debuginfo-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * libjbig-devel-2.1-150000.3.5.1 * libjbig2-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * libjbig2-32bit-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libjbig2-2.1-150000.3.5.1 * libjbig2-debuginfo-2.1-150000.3.5.1 * jbigkit-debugsource-2.1-150000.3.5.1 * jbigkit-debuginfo-2.1-150000.3.5.1 ## References: * https://www.suse.com/security/cve/CVE-2022-1210.html * https://bugzilla.suse.com/show_bug.cgi?id=1198146 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Dec 26 08:02:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Dec 2023 09:02:46 +0100 (CET) Subject: SUSE-CU-2023:4311-1: Recommended update of bci/nodejs Message-ID: <20231226080246.51EC5FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4311-1 Container Tags : bci/node:16 , bci/node:16-18.42 , bci/nodejs:16 , bci/nodejs:16-18.42 Container Release : 18.42 Severity : moderate Type : recommended References : 1217354 1217479 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4970-1 Released: Mon Dec 25 09:48:21 2023 Summary: Recommended update for icu73_2 Type: recommended Severity: moderate References: 1217354,1217479 This update for icu73_2 fixes the following issue: - ships 32bit icu library on SLES 15 SP3 to complement the ICU 69 32bit libraries. The following package changes have been done: - libicu73_2-ledata-73.2-150000.1.7.1 updated - libicu73_2-73.2-150000.1.7.1 updated From sle-updates at lists.suse.com Tue Dec 26 08:03:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Dec 2023 09:03:10 +0100 (CET) Subject: SUSE-CU-2023:4312-1: Recommended update of bci/dotnet-aspnet Message-ID: <20231226080310.7C292FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4312-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-18.26 , bci/dotnet-aspnet:6.0.25 , bci/dotnet-aspnet:6.0.25-18.26 Container Release : 18.26 Severity : moderate Type : recommended References : 1217354 1217479 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4970-1 Released: Mon Dec 25 09:48:21 2023 Summary: Recommended update for icu73_2 Type: recommended Severity: moderate References: 1217354,1217479 This update for icu73_2 fixes the following issue: - ships 32bit icu library on SLES 15 SP3 to complement the ICU 69 32bit libraries. The following package changes have been done: - libicu73_2-ledata-73.2-150000.1.7.1 updated - libicu73_2-73.2-150000.1.7.1 updated From sle-updates at lists.suse.com Tue Dec 26 08:03:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Dec 2023 09:03:28 +0100 (CET) Subject: SUSE-CU-2023:4313-1: Recommended update of bci/dotnet-aspnet Message-ID: <20231226080328.3A498FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4313-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-18.27 , bci/dotnet-aspnet:7.0.14 , bci/dotnet-aspnet:7.0.14-18.27 , bci/dotnet-aspnet:latest Container Release : 18.27 Severity : moderate Type : recommended References : 1217354 1217479 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4970-1 Released: Mon Dec 25 09:48:21 2023 Summary: Recommended update for icu73_2 Type: recommended Severity: moderate References: 1217354,1217479 This update for icu73_2 fixes the following issue: - ships 32bit icu library on SLES 15 SP3 to complement the ICU 69 32bit libraries. The following package changes have been done: - libicu73_2-ledata-73.2-150000.1.7.1 updated - libicu73_2-73.2-150000.1.7.1 updated From sle-updates at lists.suse.com Tue Dec 26 08:03:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Dec 2023 09:03:55 +0100 (CET) Subject: SUSE-CU-2023:4314-1: Recommended update of bci/dotnet-sdk Message-ID: <20231226080355.33D61FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4314-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-17.27 , bci/dotnet-sdk:6.0.25 , bci/dotnet-sdk:6.0.25-17.27 Container Release : 17.27 Severity : moderate Type : recommended References : 1217354 1217479 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4970-1 Released: Mon Dec 25 09:48:21 2023 Summary: Recommended update for icu73_2 Type: recommended Severity: moderate References: 1217354,1217479 This update for icu73_2 fixes the following issue: - ships 32bit icu library on SLES 15 SP3 to complement the ICU 69 32bit libraries. The following package changes have been done: - libicu73_2-ledata-73.2-150000.1.7.1 updated - libicu73_2-73.2-150000.1.7.1 updated From sle-updates at lists.suse.com Tue Dec 26 08:04:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Dec 2023 09:04:19 +0100 (CET) Subject: SUSE-CU-2023:4315-1: Recommended update of bci/dotnet-sdk Message-ID: <20231226080419.8270EFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4315-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-19.26 , bci/dotnet-sdk:7.0.14 , bci/dotnet-sdk:7.0.14-19.26 , bci/dotnet-sdk:latest Container Release : 19.26 Severity : moderate Type : recommended References : 1217354 1217479 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4970-1 Released: Mon Dec 25 09:48:21 2023 Summary: Recommended update for icu73_2 Type: recommended Severity: moderate References: 1217354,1217479 This update for icu73_2 fixes the following issue: - ships 32bit icu library on SLES 15 SP3 to complement the ICU 69 32bit libraries. The following package changes have been done: - libicu73_2-ledata-73.2-150000.1.7.1 updated - libicu73_2-73.2-150000.1.7.1 updated From sle-updates at lists.suse.com Tue Dec 26 08:04:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Dec 2023 09:04:37 +0100 (CET) Subject: SUSE-CU-2023:4316-1: Recommended update of bci/dotnet-runtime Message-ID: <20231226080437.8981CFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4316-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-17.27 , bci/dotnet-runtime:6.0.25 , bci/dotnet-runtime:6.0.25-17.27 Container Release : 17.27 Severity : moderate Type : recommended References : 1217354 1217479 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4970-1 Released: Mon Dec 25 09:48:21 2023 Summary: Recommended update for icu73_2 Type: recommended Severity: moderate References: 1217354,1217479 This update for icu73_2 fixes the following issue: - ships 32bit icu library on SLES 15 SP3 to complement the ICU 69 32bit libraries. The following package changes have been done: - libicu73_2-ledata-73.2-150000.1.7.1 updated - libicu73_2-73.2-150000.1.7.1 updated From sle-updates at lists.suse.com Tue Dec 26 08:04:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Dec 2023 09:04:59 +0100 (CET) Subject: SUSE-CU-2023:4317-1: Recommended update of bci/dotnet-runtime Message-ID: <20231226080459.DFC8CFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4317-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-19.27 , bci/dotnet-runtime:7.0.14 , bci/dotnet-runtime:7.0.14-19.27 , bci/dotnet-runtime:latest Container Release : 19.27 Severity : moderate Type : recommended References : 1217354 1217479 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4970-1 Released: Mon Dec 25 09:48:21 2023 Summary: Recommended update for icu73_2 Type: recommended Severity: moderate References: 1217354,1217479 This update for icu73_2 fixes the following issue: - ships 32bit icu library on SLES 15 SP3 to complement the ICU 69 32bit libraries. The following package changes have been done: - libicu73_2-ledata-73.2-150000.1.7.1 updated - libicu73_2-73.2-150000.1.7.1 updated From sle-updates at lists.suse.com Tue Dec 26 08:05:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Dec 2023 09:05:13 +0100 (CET) Subject: SUSE-CU-2023:4318-1: Security update of suse/nginx Message-ID: <20231226080513.B0EA7FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4318-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-5.62 , suse/nginx:latest Container Release : 5.62 Severity : low Type : security References : 1198146 CVE-2022-1210 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4968-1 Released: Mon Dec 25 09:12:49 2023 Summary: Security update for jbigkit Type: security Severity: low References: 1198146,CVE-2022-1210 This update for jbigkit fixes the following issues: - CVE-2022-1210: Fixed denial of service in TIFF File Handler (bsc#1198146). The following package changes have been done: - libjbig2-2.1-150000.3.5.1 updated From sle-updates at lists.suse.com Tue Dec 26 08:05:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Dec 2023 09:05:16 +0100 (CET) Subject: SUSE-CU-2023:4319-1: Recommended update of bci/nodejs Message-ID: <20231226080516.EBBDEFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4319-1 Container Tags : bci/node:20 , bci/node:20-2.27 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-2.27 , bci/nodejs:latest Container Release : 2.27 Severity : moderate Type : recommended References : 1217354 1217479 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4970-1 Released: Mon Dec 25 09:48:21 2023 Summary: Recommended update for icu73_2 Type: recommended Severity: moderate References: 1217354,1217479 This update for icu73_2 fixes the following issue: - ships 32bit icu library on SLES 15 SP3 to complement the ICU 69 32bit libraries. The following package changes have been done: - libicu73_2-ledata-73.2-150000.1.7.1 updated - libicu73_2-73.2-150000.1.7.1 updated From null at suse.de Tue Dec 26 08:30:05 2023 From: null at suse.de (SLE-UPDATES) Date: Tue, 26 Dec 2023 08:30:05 -0000 Subject: SUSE-SU-2023:4974-1: moderate: Security update for distribution Message-ID: <170357940591.7126.15364453720952628877@smelt2.prg2.suse.org> # Security update for distribution Announcement ID: SUSE-SU-2023:4974-1 Rating: moderate References: * bsc#1216491 Affected Products: * Containers Module 15-SP4 * Containers Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one security fix can now be installed. ## Description: This update for distribution fixes the following issues: distribution was updated to 2.8.3 (bsc#1216491): * Pass `BUILDTAGS` argument to `go build` * Enable Go build tags * `reference`: replace deprecated function `SplitHostname` * Dont parse errors as JSON unless Content-Type is set to JSON * update to go 1.20.8 * Set `Content-Type` header in registry client `ReadFrom` * deprecate reference package, migrate to github.com/distribution/reference * `digestset`: deprecate package in favor of `go-digest/digestset` * Do not close HTTP request body in HTTP handler ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4974=1 SUSE-2023-4974=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4974=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4974=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4974=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * distribution-registry-2.8.3-150400.9.24.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * distribution-registry-2.8.3-150400.9.24.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * distribution-registry-2.8.3-150400.9.24.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * distribution-registry-2.8.3-150400.9.24.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216491 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Dec 26 08:30:09 2023 From: null at suse.de (SLE-UPDATES) Date: Tue, 26 Dec 2023 08:30:09 -0000 Subject: SUSE-RU-2023:4973-1: moderate: Recommended update for duktape Message-ID: <170357940902.7126.16921969775686436595@smelt2.prg2.suse.org> # Recommended update for duktape Announcement ID: SUSE-RU-2023:4973-1 Rating: moderate References: * bsc#1216296 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update of duktape fixes the following issue: * duktape-devel is shipped to Basesystem module (bsc#1216296). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4973=1 openSUSE-SLE-15.5-2023-4973=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4973=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4973=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libduktape206-debuginfo-2.6.0-150500.4.2.1 * duktape-debugsource-2.6.0-150500.4.2.1 * libduktape206-2.6.0-150500.4.2.1 * duktape-devel-2.6.0-150500.4.2.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libduktape206-debuginfo-2.6.0-150500.4.2.1 * duktape-debugsource-2.6.0-150500.4.2.1 * libduktape206-2.6.0-150500.4.2.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libduktape206-debuginfo-2.6.0-150500.4.2.1 * duktape-debugsource-2.6.0-150500.4.2.1 * libduktape206-2.6.0-150500.4.2.1 * duktape-devel-2.6.0-150500.4.2.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216296 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Dec 26 08:30:10 2023 From: null at suse.de (SLE-UPDATES) Date: Tue, 26 Dec 2023 08:30:10 -0000 Subject: SUSE-SU-2023:4972-1: important: Security update for gstreamer-plugins-bad Message-ID: <170357941088.7126.8044682420311602360@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4972-1 Rating: important References: * bsc#1215792 Cross-References: * CVE-2023-40475 CVSS scores: * CVE-2023-40475 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40475: Fixed GStreamer MXF File Parsing Integer Overflow (bsc#1215792). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4972=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4972=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4972=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4972=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libgsturidownloader-1_0-0-1.8.3-18.12.1 * libgsturidownloader-1_0-0-debuginfo-1.8.3-18.12.1 * gstreamer-plugins-bad-debugsource-1.8.3-18.12.1 * gstreamer-plugins-bad-devel-1.8.3-18.12.1 * libgstinsertbin-1_0-0-debuginfo-1.8.3-18.12.1 * gstreamer-plugins-bad-debuginfo-1.8.3-18.12.1 * libgstinsertbin-1_0-0-1.8.3-18.12.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libgstbasecamerabinsrc-1_0-0-1.8.3-18.12.1 * libgsturidownloader-1_0-0-1.8.3-18.12.1 * libgstcodecparsers-1_0-0-1.8.3-18.12.1 * libgstadaptivedemux-1_0-0-debuginfo-1.8.3-18.12.1 * libgstbadbase-1_0-0-1.8.3-18.12.1 * libgstbadaudio-1_0-0-1.8.3-18.12.1 * libgstbadbase-1_0-0-debuginfo-1.8.3-18.12.1 * libgstadaptivedemux-1_0-0-1.8.3-18.12.1 * libgstbadvideo-1_0-0-1.8.3-18.12.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.8.3-18.12.1 * libgstmpegts-1_0-0-1.8.3-18.12.1 * gstreamer-plugins-bad-debugsource-1.8.3-18.12.1 * libgstgl-1_0-0-debuginfo-1.8.3-18.12.1 * libgsturidownloader-1_0-0-debuginfo-1.8.3-18.12.1 * libgstbadvideo-1_0-0-debuginfo-1.8.3-18.12.1 * gstreamer-plugins-bad-1.8.3-18.12.1 * libgstphotography-1_0-0-debuginfo-1.8.3-18.12.1 * gstreamer-plugins-bad-debuginfo-1.8.3-18.12.1 * libgstphotography-1_0-0-1.8.3-18.12.1 * libgstmpegts-1_0-0-debuginfo-1.8.3-18.12.1 * libgstbadaudio-1_0-0-debuginfo-1.8.3-18.12.1 * libgstgl-1_0-0-1.8.3-18.12.1 * libgstcodecparsers-1_0-0-debuginfo-1.8.3-18.12.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * gstreamer-plugins-bad-lang-1.8.3-18.12.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libgstbasecamerabinsrc-1_0-0-1.8.3-18.12.1 * libgsturidownloader-1_0-0-1.8.3-18.12.1 * libgstcodecparsers-1_0-0-1.8.3-18.12.1 * libgstadaptivedemux-1_0-0-debuginfo-1.8.3-18.12.1 * libgstbadbase-1_0-0-1.8.3-18.12.1 * libgstbadaudio-1_0-0-1.8.3-18.12.1 * libgstbadbase-1_0-0-debuginfo-1.8.3-18.12.1 * libgstadaptivedemux-1_0-0-1.8.3-18.12.1 * libgstbadvideo-1_0-0-1.8.3-18.12.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.8.3-18.12.1 * libgstmpegts-1_0-0-1.8.3-18.12.1 * gstreamer-plugins-bad-debugsource-1.8.3-18.12.1 * libgstgl-1_0-0-debuginfo-1.8.3-18.12.1 * libgsturidownloader-1_0-0-debuginfo-1.8.3-18.12.1 * libgstbadvideo-1_0-0-debuginfo-1.8.3-18.12.1 * gstreamer-plugins-bad-1.8.3-18.12.1 * libgstphotography-1_0-0-debuginfo-1.8.3-18.12.1 * gstreamer-plugins-bad-debuginfo-1.8.3-18.12.1 * libgstphotography-1_0-0-1.8.3-18.12.1 * libgstmpegts-1_0-0-debuginfo-1.8.3-18.12.1 * libgstbadaudio-1_0-0-debuginfo-1.8.3-18.12.1 * libgstgl-1_0-0-1.8.3-18.12.1 * libgstcodecparsers-1_0-0-debuginfo-1.8.3-18.12.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * gstreamer-plugins-bad-lang-1.8.3-18.12.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libgstbasecamerabinsrc-1_0-0-1.8.3-18.12.1 * libgsturidownloader-1_0-0-1.8.3-18.12.1 * libgstcodecparsers-1_0-0-1.8.3-18.12.1 * libgstadaptivedemux-1_0-0-debuginfo-1.8.3-18.12.1 * libgstbadbase-1_0-0-1.8.3-18.12.1 * libgstbadaudio-1_0-0-1.8.3-18.12.1 * libgstbadbase-1_0-0-debuginfo-1.8.3-18.12.1 * libgstadaptivedemux-1_0-0-1.8.3-18.12.1 * libgstbadvideo-1_0-0-1.8.3-18.12.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.8.3-18.12.1 * libgstmpegts-1_0-0-1.8.3-18.12.1 * gstreamer-plugins-bad-debugsource-1.8.3-18.12.1 * libgstgl-1_0-0-debuginfo-1.8.3-18.12.1 * libgsturidownloader-1_0-0-debuginfo-1.8.3-18.12.1 * libgstbadvideo-1_0-0-debuginfo-1.8.3-18.12.1 * gstreamer-plugins-bad-1.8.3-18.12.1 * libgstphotography-1_0-0-debuginfo-1.8.3-18.12.1 * gstreamer-plugins-bad-debuginfo-1.8.3-18.12.1 * libgstphotography-1_0-0-1.8.3-18.12.1 * libgstmpegts-1_0-0-debuginfo-1.8.3-18.12.1 * libgstbadaudio-1_0-0-debuginfo-1.8.3-18.12.1 * libgstgl-1_0-0-1.8.3-18.12.1 * libgstcodecparsers-1_0-0-debuginfo-1.8.3-18.12.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * gstreamer-plugins-bad-lang-1.8.3-18.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40475.html * https://bugzilla.suse.com/show_bug.cgi?id=1215792 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Dec 27 08:02:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Dec 2023 09:02:22 +0100 (CET) Subject: SUSE-CU-2023:4320-1: Security update of suse/registry Message-ID: <20231227080222.C40A1FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4320-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-15.31 , suse/registry:latest Container Release : 15.31 Severity : moderate Type : security References : 1216491 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4974-1 Released: Tue Dec 26 05:02:31 2023 Summary: Security update for distribution Type: security Severity: moderate References: 1216491 This update for distribution fixes the following issues: distribution was updated to 2.8.3 (bsc#1216491): * Pass `BUILDTAGS` argument to `go build` * Enable Go build tags * `reference`: replace deprecated function `SplitHostname` * Dont parse errors as JSON unless Content-Type is set to JSON * update to go 1.20.8 * Set `Content-Type` header in registry client `ReadFrom` * deprecate reference package, migrate to github.com/distribution/reference * `digestset`: deprecate package in favor of `go-digest/digestset` * Do not close HTTP request body in HTTP handler The following package changes have been done: - distribution-registry-2.8.3-150400.9.24.1 updated From null at suse.de Wed Dec 27 12:30:03 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 27 Dec 2023 12:30:03 -0000 Subject: SUSE-RU-2023:4977-1: moderate: Recommended update for procps Message-ID: <170368020377.17241.15010796038799215649@smelt2.prg2.suse.org> # Recommended update for procps Announcement ID: SUSE-RU-2023:4977-1 Rating: moderate References: * bsc#1216825 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has one fix can now be installed. ## Description: This update for procps fixes the following issue: * Avoid SIGSEGV in case of sending SIGTERM to a top command running in batch mode (bsc#1216825) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4977=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4977=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4977=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4977=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * procps-debugsource-3.3.9-11.30.1 * procps-3.3.9-11.30.1 * procps-debuginfo-3.3.9-11.30.1 * libprocps3-3.3.9-11.30.1 * libprocps3-debuginfo-3.3.9-11.30.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * procps-debugsource-3.3.9-11.30.1 * procps-3.3.9-11.30.1 * procps-debuginfo-3.3.9-11.30.1 * libprocps3-3.3.9-11.30.1 * libprocps3-debuginfo-3.3.9-11.30.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * procps-debugsource-3.3.9-11.30.1 * procps-3.3.9-11.30.1 * procps-debuginfo-3.3.9-11.30.1 * libprocps3-3.3.9-11.30.1 * libprocps3-debuginfo-3.3.9-11.30.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * procps-debuginfo-3.3.9-11.30.1 * procps-debugsource-3.3.9-11.30.1 * procps-devel-3.3.9-11.30.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216825 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 27 12:30:05 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 27 Dec 2023 12:30:05 -0000 Subject: SUSE-RU-2023:4976-1: moderate: Recommended update for mariadb-connector-c Message-ID: <170368020523.17241.3128843874044807506@smelt2.prg2.suse.org> # Recommended update for mariadb-connector-c Announcement ID: SUSE-RU-2023:4976-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for mariadb-connector-c fixes the following issue: * Update to release 3.1.22: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4976=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4976=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4976=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4976=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4976=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4976=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4976=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4976=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4976=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4976=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4976=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4976=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4976=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4976=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4976=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4976=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4976=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libmariadb3-3.1.22-150000.3.36.1 * mariadb-connector-c-debugsource-3.1.22-150000.3.36.1 * libmariadb-devel-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-debuginfo-3.1.22-150000.3.36.1 * libmariadbprivate-3.1.22-150000.3.36.1 * libmariadb3-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-3.1.22-150000.3.36.1 * libmariadb-devel-3.1.22-150000.3.36.1 * libmariadbprivate-debuginfo-3.1.22-150000.3.36.1 * openSUSE Leap 15.4 (x86_64) * libmariadb3-32bit-debuginfo-3.1.22-150000.3.36.1 * libmariadb3-32bit-3.1.22-150000.3.36.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libmariadb3-3.1.22-150000.3.36.1 * mariadb-connector-c-debugsource-3.1.22-150000.3.36.1 * libmariadb-devel-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-debuginfo-3.1.22-150000.3.36.1 * libmariadbprivate-3.1.22-150000.3.36.1 * libmariadb3-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-3.1.22-150000.3.36.1 * libmariadb-devel-3.1.22-150000.3.36.1 * libmariadbprivate-debuginfo-3.1.22-150000.3.36.1 * openSUSE Leap 15.5 (x86_64) * libmariadb3-32bit-debuginfo-3.1.22-150000.3.36.1 * libmariadb3-32bit-3.1.22-150000.3.36.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libmariadb3-3.1.22-150000.3.36.1 * mariadb-connector-c-debugsource-3.1.22-150000.3.36.1 * libmariadbprivate-3.1.22-150000.3.36.1 * libmariadb3-debuginfo-3.1.22-150000.3.36.1 * libmariadbprivate-debuginfo-3.1.22-150000.3.36.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libmariadb3-3.1.22-150000.3.36.1 * mariadb-connector-c-debugsource-3.1.22-150000.3.36.1 * libmariadbprivate-3.1.22-150000.3.36.1 * libmariadb3-debuginfo-3.1.22-150000.3.36.1 * libmariadbprivate-debuginfo-3.1.22-150000.3.36.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * mariadb-connector-c-debugsource-3.1.22-150000.3.36.1 * libmariadb-devel-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-3.1.22-150000.3.36.1 * libmariadb-devel-3.1.22-150000.3.36.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * mariadb-connector-c-debugsource-3.1.22-150000.3.36.1 * libmariadb-devel-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-3.1.22-150000.3.36.1 * libmariadb-devel-3.1.22-150000.3.36.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libmariadb3-3.1.22-150000.3.36.1 * mariadb-connector-c-debugsource-3.1.22-150000.3.36.1 * libmariadb-devel-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-debuginfo-3.1.22-150000.3.36.1 * libmariadbprivate-3.1.22-150000.3.36.1 * libmariadb3-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-3.1.22-150000.3.36.1 * libmariadb-devel-3.1.22-150000.3.36.1 * libmariadbprivate-debuginfo-3.1.22-150000.3.36.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libmariadb3-3.1.22-150000.3.36.1 * mariadb-connector-c-debugsource-3.1.22-150000.3.36.1 * libmariadb-devel-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-debuginfo-3.1.22-150000.3.36.1 * libmariadbprivate-3.1.22-150000.3.36.1 * libmariadb3-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-3.1.22-150000.3.36.1 * libmariadb-devel-3.1.22-150000.3.36.1 * libmariadbprivate-debuginfo-3.1.22-150000.3.36.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libmariadb3-3.1.22-150000.3.36.1 * mariadb-connector-c-debugsource-3.1.22-150000.3.36.1 * libmariadb-devel-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-debuginfo-3.1.22-150000.3.36.1 * libmariadbprivate-3.1.22-150000.3.36.1 * libmariadb3-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-3.1.22-150000.3.36.1 * libmariadb-devel-3.1.22-150000.3.36.1 * libmariadbprivate-debuginfo-3.1.22-150000.3.36.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libmariadb3-3.1.22-150000.3.36.1 * mariadb-connector-c-debugsource-3.1.22-150000.3.36.1 * libmariadb-devel-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-debuginfo-3.1.22-150000.3.36.1 * libmariadbprivate-3.1.22-150000.3.36.1 * libmariadb3-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-3.1.22-150000.3.36.1 * libmariadb-devel-3.1.22-150000.3.36.1 * libmariadbprivate-debuginfo-3.1.22-150000.3.36.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libmariadb3-3.1.22-150000.3.36.1 * mariadb-connector-c-debugsource-3.1.22-150000.3.36.1 * libmariadb-devel-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-debuginfo-3.1.22-150000.3.36.1 * libmariadbprivate-3.1.22-150000.3.36.1 * libmariadb3-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-3.1.22-150000.3.36.1 * libmariadb-devel-3.1.22-150000.3.36.1 * libmariadbprivate-debuginfo-3.1.22-150000.3.36.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libmariadb3-3.1.22-150000.3.36.1 * mariadb-connector-c-debugsource-3.1.22-150000.3.36.1 * libmariadb-devel-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-debuginfo-3.1.22-150000.3.36.1 * libmariadbprivate-3.1.22-150000.3.36.1 * libmariadb3-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-3.1.22-150000.3.36.1 * libmariadb-devel-3.1.22-150000.3.36.1 * libmariadbprivate-debuginfo-3.1.22-150000.3.36.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libmariadb3-3.1.22-150000.3.36.1 * mariadb-connector-c-debugsource-3.1.22-150000.3.36.1 * libmariadb-devel-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-debuginfo-3.1.22-150000.3.36.1 * libmariadbprivate-3.1.22-150000.3.36.1 * libmariadb3-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-3.1.22-150000.3.36.1 * libmariadb-devel-3.1.22-150000.3.36.1 * libmariadbprivate-debuginfo-3.1.22-150000.3.36.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libmariadb3-3.1.22-150000.3.36.1 * mariadb-connector-c-debugsource-3.1.22-150000.3.36.1 * libmariadb-devel-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-debuginfo-3.1.22-150000.3.36.1 * libmariadbprivate-3.1.22-150000.3.36.1 * libmariadb3-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-3.1.22-150000.3.36.1 * libmariadb-devel-3.1.22-150000.3.36.1 * libmariadbprivate-debuginfo-3.1.22-150000.3.36.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libmariadb3-3.1.22-150000.3.36.1 * mariadb-connector-c-debugsource-3.1.22-150000.3.36.1 * libmariadb-devel-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-debuginfo-3.1.22-150000.3.36.1 * libmariadbprivate-3.1.22-150000.3.36.1 * libmariadb3-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-3.1.22-150000.3.36.1 * libmariadb-devel-3.1.22-150000.3.36.1 * libmariadbprivate-debuginfo-3.1.22-150000.3.36.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libmariadb3-3.1.22-150000.3.36.1 * mariadb-connector-c-debugsource-3.1.22-150000.3.36.1 * libmariadb-devel-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-debuginfo-3.1.22-150000.3.36.1 * libmariadbprivate-3.1.22-150000.3.36.1 * libmariadb3-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-3.1.22-150000.3.36.1 * libmariadb-devel-3.1.22-150000.3.36.1 * libmariadbprivate-debuginfo-3.1.22-150000.3.36.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libmariadb3-3.1.22-150000.3.36.1 * mariadb-connector-c-debugsource-3.1.22-150000.3.36.1 * libmariadb-devel-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-debuginfo-3.1.22-150000.3.36.1 * libmariadbprivate-3.1.22-150000.3.36.1 * libmariadb3-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-3.1.22-150000.3.36.1 * libmariadb-devel-3.1.22-150000.3.36.1 * libmariadbprivate-debuginfo-3.1.22-150000.3.36.1 * SUSE CaaS Platform 4.0 (x86_64) * libmariadb3-3.1.22-150000.3.36.1 * mariadb-connector-c-debugsource-3.1.22-150000.3.36.1 * libmariadb-devel-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-debuginfo-3.1.22-150000.3.36.1 * libmariadbprivate-3.1.22-150000.3.36.1 * libmariadb3-debuginfo-3.1.22-150000.3.36.1 * libmariadb_plugins-3.1.22-150000.3.36.1 * libmariadb-devel-3.1.22-150000.3.36.1 * libmariadbprivate-debuginfo-3.1.22-150000.3.36.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 27 12:30:06 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 27 Dec 2023 12:30:06 -0000 Subject: SUSE-RU-2023:4975-1: moderate: Recommended update for mariadb-connector-c Message-ID: <170368020679.17241.5462143410487477761@smelt2.prg2.suse.org> # Recommended update for mariadb-connector-c Announcement ID: SUSE-RU-2023:4975-1 Rating: moderate References: Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that can now be installed. ## Description: This update for mariadb-connector-c fixes the following issues: * Update to release 3.1.22: * https://mariadb.com/kb/en/mariadb-connector-c-3-1-22-release-notes/ ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4975=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4975=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4975=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * mariadb-connector-c-debugsource-3.1.22-2.33.3 * libmariadb_plugins-debuginfo-3.1.22-2.33.3 * libmariadb_plugins-3.1.22-2.33.3 * libmariadb3-debuginfo-3.1.22-2.33.3 * libmariadb3-3.1.22-2.33.3 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * mariadb-connector-c-debugsource-3.1.22-2.33.3 * libmariadb_plugins-debuginfo-3.1.22-2.33.3 * libmariadb_plugins-3.1.22-2.33.3 * libmariadb3-debuginfo-3.1.22-2.33.3 * libmariadb3-3.1.22-2.33.3 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * mariadb-connector-c-debugsource-3.1.22-2.33.3 * libmariadb_plugins-debuginfo-3.1.22-2.33.3 * libmariadb_plugins-3.1.22-2.33.3 * libmariadb3-debuginfo-3.1.22-2.33.3 * libmariadb3-3.1.22-2.33.3 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 27 16:30:03 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 27 Dec 2023 16:30:03 -0000 Subject: SUSE-SU-2023:4980-1: important: Security update for gstreamer Message-ID: <170369460381.8888.11969299919289648920@smelt2.prg2.suse.org> # Security update for gstreamer Announcement ID: SUSE-SU-2023:4980-1 Rating: important References: * bsc#1215796 Cross-References: * CVE-2023-40474 CVSS scores: * CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer fixes the following issues: * CVE-2023-40474: Fixed GStreamer MXF File Parsing Integer Overflow (bsc#1215796). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4980=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4980=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4980=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * gstreamer-utils-debuginfo-1.12.5-150000.3.17.1 * gstreamer-debugsource-1.12.5-150000.3.17.1 * gstreamer-1.12.5-150000.3.17.1 * typelib-1_0-Gst-1_0-1.12.5-150000.3.17.1 * gstreamer-debuginfo-1.12.5-150000.3.17.1 * gstreamer-devel-1.12.5-150000.3.17.1 * gstreamer-utils-1.12.5-150000.3.17.1 * libgstreamer-1_0-0-1.12.5-150000.3.17.1 * libgstreamer-1_0-0-debuginfo-1.12.5-150000.3.17.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * gstreamer-lang-1.12.5-150000.3.17.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * gstreamer-utils-debuginfo-1.12.5-150000.3.17.1 * gstreamer-debugsource-1.12.5-150000.3.17.1 * gstreamer-1.12.5-150000.3.17.1 * typelib-1_0-Gst-1_0-1.12.5-150000.3.17.1 * gstreamer-debuginfo-1.12.5-150000.3.17.1 * gstreamer-devel-1.12.5-150000.3.17.1 * gstreamer-utils-1.12.5-150000.3.17.1 * libgstreamer-1_0-0-1.12.5-150000.3.17.1 * libgstreamer-1_0-0-debuginfo-1.12.5-150000.3.17.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * gstreamer-lang-1.12.5-150000.3.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * gstreamer-utils-debuginfo-1.12.5-150000.3.17.1 * gstreamer-debugsource-1.12.5-150000.3.17.1 * gstreamer-1.12.5-150000.3.17.1 * typelib-1_0-Gst-1_0-1.12.5-150000.3.17.1 * gstreamer-debuginfo-1.12.5-150000.3.17.1 * gstreamer-devel-1.12.5-150000.3.17.1 * gstreamer-utils-1.12.5-150000.3.17.1 * libgstreamer-1_0-0-1.12.5-150000.3.17.1 * libgstreamer-1_0-0-debuginfo-1.12.5-150000.3.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * gstreamer-lang-1.12.5-150000.3.17.1 * SUSE CaaS Platform 4.0 (x86_64) * gstreamer-utils-debuginfo-1.12.5-150000.3.17.1 * gstreamer-debugsource-1.12.5-150000.3.17.1 * gstreamer-1.12.5-150000.3.17.1 * typelib-1_0-Gst-1_0-1.12.5-150000.3.17.1 * gstreamer-debuginfo-1.12.5-150000.3.17.1 * gstreamer-devel-1.12.5-150000.3.17.1 * gstreamer-utils-1.12.5-150000.3.17.1 * libgstreamer-1_0-0-1.12.5-150000.3.17.1 * libgstreamer-1_0-0-debuginfo-1.12.5-150000.3.17.1 * SUSE CaaS Platform 4.0 (noarch) * gstreamer-lang-1.12.5-150000.3.17.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40474.html * https://bugzilla.suse.com/show_bug.cgi?id=1215796 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Dec 27 16:30:06 2023 From: null at suse.de (SLE-UPDATES) Date: Wed, 27 Dec 2023 16:30:06 -0000 Subject: SUSE-SU-2023:4978-1: important: Security update for webkit2gtk3 Message-ID: <170369460618.8888.13990823824680399766@smelt2.prg2.suse.org> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:4978-1 Rating: important References: * bsc#1215868 * bsc#1215869 * bsc#1215870 * bsc#1218032 * bsc#1218033 Cross-References: * CVE-2023-39928 * CVE-2023-40451 * CVE-2023-41074 * CVE-2023-42883 * CVE-2023-42890 CVSS scores: * CVE-2023-39928 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-39928 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40451 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40451 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-41074 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-41074 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-42883 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-42883 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-42890 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-42890 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: * CVE-2023-42890: Fixed processing malicious web content may lead to arbitrary code execution (bsc#1218033). * CVE-2023-42883: Fixed processing a malicious image may lead to a denial-of- service (bsc#1218032). * CVE-2023-41074: Fixed use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (bsc#1215870). * CVE-2023-39928: Fixed use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (bsc#1215868). * CVE-2023-40451: Update to version 2.42.4 (bsc#1215869). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4978=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4978=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4978=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4978=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4978=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-debugsource-2.42.4-2.164.1 * webkit2gtk3-devel-2.42.4-2.164.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.4-2.164.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libjavascriptcoregtk-4_0-18-2.42.4-2.164.1 * webkit2gtk3-debugsource-2.42.4-2.164.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.4-2.164.1 * typelib-1_0-WebKit2-4_0-2.42.4-2.164.1 * typelib-1_0-JavaScriptCore-4_0-2.42.4-2.164.1 * webkit2gtk-4_0-injected-bundles-2.42.4-2.164.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.4-2.164.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.4-2.164.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.4-2.164.1 * libwebkit2gtk-4_0-37-2.42.4-2.164.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * libwebkit2gtk3-lang-2.42.4-2.164.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-4_0-18-2.42.4-2.164.1 * webkit2gtk3-debugsource-2.42.4-2.164.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.4-2.164.1 * typelib-1_0-WebKit2-4_0-2.42.4-2.164.1 * typelib-1_0-JavaScriptCore-4_0-2.42.4-2.164.1 * webkit2gtk-4_0-injected-bundles-2.42.4-2.164.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.4-2.164.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.4-2.164.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.4-2.164.1 * libwebkit2gtk-4_0-37-2.42.4-2.164.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * libwebkit2gtk3-lang-2.42.4-2.164.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libjavascriptcoregtk-4_0-18-2.42.4-2.164.1 * webkit2gtk3-debugsource-2.42.4-2.164.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.4-2.164.1 * typelib-1_0-WebKit2-4_0-2.42.4-2.164.1 * typelib-1_0-JavaScriptCore-4_0-2.42.4-2.164.1 * webkit2gtk-4_0-injected-bundles-2.42.4-2.164.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.4-2.164.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.4-2.164.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.4-2.164.1 * libwebkit2gtk-4_0-37-2.42.4-2.164.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * libwebkit2gtk3-lang-2.42.4-2.164.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libjavascriptcoregtk-4_0-18-32bit-2.42.4-2.164.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39928.html * https://www.suse.com/security/cve/CVE-2023-40451.html * https://www.suse.com/security/cve/CVE-2023-41074.html * https://www.suse.com/security/cve/CVE-2023-42883.html * https://www.suse.com/security/cve/CVE-2023-42890.html * https://bugzilla.suse.com/show_bug.cgi?id=1215868 * https://bugzilla.suse.com/show_bug.cgi?id=1215869 * https://bugzilla.suse.com/show_bug.cgi?id=1215870 * https://bugzilla.suse.com/show_bug.cgi?id=1218032 * https://bugzilla.suse.com/show_bug.cgi?id=1218033 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Dec 28 08:03:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Dec 2023 09:03:19 +0100 (CET) Subject: SUSE-CU-2023:4323-1: Recommended update of bci/golang Message-ID: <20231228080319.20F2EFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4323-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.4.72 , bci/golang:oldstable , bci/golang:oldstable-2.4.72 Container Release : 4.72 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From null at suse.de Thu Dec 28 08:30:04 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 28 Dec 2023 08:30:04 -0000 Subject: SUSE-SU-2023:4981-1: important: Security update for postfix Message-ID: <170375220431.24842.15326072778861751296@smelt2.prg2.suse.org> # Security update for postfix Announcement ID: SUSE-SU-2023:4981-1 Rating: important References: * bsc#1218304 * bsc#1218314 Cross-References: * CVE-2023-51764 CVSS scores: * CVE-2023-51764 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP5 * Legacy Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for postfix fixes the following issues: * CVE-2023-51764: Fixed new SMTP smuggling attack (bsc#1218304). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4981=1 openSUSE-SLE-15.5-2023-4981=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4981=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4981=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4981=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * postfix-bdb-debugsource-3.7.3-150500.3.11.1 * postfix-debugsource-3.7.3-150500.3.11.1 * postfix-3.7.3-150500.3.11.1 * postfix-debuginfo-3.7.3-150500.3.11.1 * postfix-ldap-debuginfo-3.7.3-150500.3.11.1 * postfix-postgresql-3.7.3-150500.3.11.1 * postfix-bdb-debuginfo-3.7.3-150500.3.11.1 * postfix-ldap-3.7.3-150500.3.11.1 * postfix-postgresql-debuginfo-3.7.3-150500.3.11.1 * postfix-bdb-lmdb-debuginfo-3.7.3-150500.3.11.1 * postfix-bdb-3.7.3-150500.3.11.1 * postfix-bdb-lmdb-3.7.3-150500.3.11.1 * postfix-devel-3.7.3-150500.3.11.1 * postfix-mysql-3.7.3-150500.3.11.1 * postfix-mysql-debuginfo-3.7.3-150500.3.11.1 * openSUSE Leap 15.5 (noarch) * postfix-doc-3.7.3-150500.3.11.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * postfix-debugsource-3.7.3-150500.3.11.1 * postfix-3.7.3-150500.3.11.1 * postfix-debuginfo-3.7.3-150500.3.11.1 * postfix-ldap-debuginfo-3.7.3-150500.3.11.1 * postfix-ldap-3.7.3-150500.3.11.1 * postfix-devel-3.7.3-150500.3.11.1 * Basesystem Module 15-SP5 (noarch) * postfix-doc-3.7.3-150500.3.11.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * postfix-bdb-debugsource-3.7.3-150500.3.11.1 * postfix-bdb-debuginfo-3.7.3-150500.3.11.1 * postfix-bdb-lmdb-debuginfo-3.7.3-150500.3.11.1 * postfix-bdb-3.7.3-150500.3.11.1 * postfix-bdb-lmdb-3.7.3-150500.3.11.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * postfix-debuginfo-3.7.3-150500.3.11.1 * postfix-debugsource-3.7.3-150500.3.11.1 * postfix-mysql-3.7.3-150500.3.11.1 * postfix-mysql-debuginfo-3.7.3-150500.3.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-51764.html * https://bugzilla.suse.com/show_bug.cgi?id=1218304 * https://bugzilla.suse.com/show_bug.cgi?id=1218314 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 28 16:30:03 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 28 Dec 2023 16:30:03 -0000 Subject: SUSE-SU-2023:4988-1: low: Security update for python-pip Message-ID: <170378100354.32141.3951250817093744597@smelt2.prg2.suse.org> # Security update for python-pip Announcement ID: SUSE-SU-2023:4988-1 Rating: low References: * bsc#1217353 Cross-References: * CVE-2023-5752 CVSS scores: * CVE-2023-5752 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2023-5752 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Python 3 Module 15-SP4 * Python 3 Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-pip fixes the following issues: * CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial parameter (bsc#1217353). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4988=1 openSUSE-SLE-15.4-2023-4988=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4988=1 * Python 3 Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-4988=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2023-4988=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-pip-22.3.1-150400.17.12.1 * openSUSE Leap 15.5 (noarch) * python311-pip-22.3.1-150400.17.12.1 * Python 3 Module 15-SP4 (noarch) * python311-pip-22.3.1-150400.17.12.1 * Python 3 Module 15-SP5 (noarch) * python311-pip-22.3.1-150400.17.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5752.html * https://bugzilla.suse.com/show_bug.cgi?id=1217353 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 28 16:30:05 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 28 Dec 2023 16:30:05 -0000 Subject: SUSE-SU-2023:4987-1: low: Security update for python-pip Message-ID: <170378100552.32141.4975816968021509061@smelt2.prg2.suse.org> # Security update for python-pip Announcement ID: SUSE-SU-2023:4987-1 Rating: low References: * bsc#1217353 Cross-References: * CVE-2023-5752 CVSS scores: * CVE-2023-5752 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2023-5752 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-pip fixes the following issues: * CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial parameter (bsc#1217353). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4987=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4987=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4987=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * python3-pip-10.0.1-13.14.1 * python-pip-10.0.1-13.14.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * python3-pip-10.0.1-13.14.1 * python-pip-10.0.1-13.14.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * python3-pip-10.0.1-13.14.1 * python-pip-10.0.1-13.14.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5752.html * https://bugzilla.suse.com/show_bug.cgi?id=1217353 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 28 16:30:07 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 28 Dec 2023 16:30:07 -0000 Subject: SUSE-SU-2023:4986-1: moderate: Security update for gnutls Message-ID: <170378100758.32141.6584854603921755508@smelt2.prg2.suse.org> # Security update for gnutls Announcement ID: SUSE-SU-2023:4986-1 Rating: moderate References: * bsc#1217277 Cross-References: * CVE-2023-5981 CVSS scores: * CVE-2023-5981 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-5981 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for gnutls fixes the following issues: * CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4986=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4986=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4986=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4986=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4986=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4986=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4986=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4986=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4986=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4986=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4986=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libgnutlsxx-devel-3.6.7-150200.14.28.1 * gnutls-3.6.7-150200.14.28.1 * libgnutls30-debuginfo-3.6.7-150200.14.28.1 * libgnutlsxx28-3.6.7-150200.14.28.1 * libgnutls-devel-3.6.7-150200.14.28.1 * libgnutlsxx28-debuginfo-3.6.7-150200.14.28.1 * gnutls-debuginfo-3.6.7-150200.14.28.1 * gnutls-debugsource-3.6.7-150200.14.28.1 * libgnutls30-3.6.7-150200.14.28.1 * libgnutls30-hmac-3.6.7-150200.14.28.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libgnutls30-32bit-3.6.7-150200.14.28.1 * libgnutls30-32bit-debuginfo-3.6.7-150200.14.28.1 * libgnutls30-hmac-32bit-3.6.7-150200.14.28.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libgnutlsxx-devel-3.6.7-150200.14.28.1 * gnutls-3.6.7-150200.14.28.1 * libgnutls30-debuginfo-3.6.7-150200.14.28.1 * libgnutlsxx28-3.6.7-150200.14.28.1 * libgnutls-devel-3.6.7-150200.14.28.1 * libgnutlsxx28-debuginfo-3.6.7-150200.14.28.1 * gnutls-debuginfo-3.6.7-150200.14.28.1 * gnutls-debugsource-3.6.7-150200.14.28.1 * libgnutls30-3.6.7-150200.14.28.1 * libgnutls30-hmac-3.6.7-150200.14.28.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libgnutls30-hmac-32bit-3.6.7-150200.14.28.1 * libgnutls30-32bit-3.6.7-150200.14.28.1 * libgnutls30-32bit-debuginfo-3.6.7-150200.14.28.1 * libgnutls-devel-32bit-3.6.7-150200.14.28.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libgnutlsxx-devel-3.6.7-150200.14.28.1 * gnutls-3.6.7-150200.14.28.1 * libgnutls30-debuginfo-3.6.7-150200.14.28.1 * libgnutlsxx28-3.6.7-150200.14.28.1 * libgnutls-devel-3.6.7-150200.14.28.1 * libgnutlsxx28-debuginfo-3.6.7-150200.14.28.1 * gnutls-debuginfo-3.6.7-150200.14.28.1 * gnutls-debugsource-3.6.7-150200.14.28.1 * libgnutls30-3.6.7-150200.14.28.1 * libgnutls30-hmac-3.6.7-150200.14.28.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libgnutls30-hmac-32bit-3.6.7-150200.14.28.1 * libgnutls30-32bit-3.6.7-150200.14.28.1 * libgnutls30-32bit-debuginfo-3.6.7-150200.14.28.1 * libgnutls-devel-32bit-3.6.7-150200.14.28.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libgnutlsxx-devel-3.6.7-150200.14.28.1 * gnutls-3.6.7-150200.14.28.1 * libgnutls30-debuginfo-3.6.7-150200.14.28.1 * libgnutlsxx28-3.6.7-150200.14.28.1 * libgnutls-devel-3.6.7-150200.14.28.1 * libgnutlsxx28-debuginfo-3.6.7-150200.14.28.1 * gnutls-debuginfo-3.6.7-150200.14.28.1 * gnutls-debugsource-3.6.7-150200.14.28.1 * libgnutls30-3.6.7-150200.14.28.1 * libgnutls30-hmac-3.6.7-150200.14.28.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libgnutls30-32bit-3.6.7-150200.14.28.1 * libgnutls30-32bit-debuginfo-3.6.7-150200.14.28.1 * libgnutls30-hmac-32bit-3.6.7-150200.14.28.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libgnutlsxx-devel-3.6.7-150200.14.28.1 * gnutls-3.6.7-150200.14.28.1 * libgnutls30-debuginfo-3.6.7-150200.14.28.1 * libgnutlsxx28-3.6.7-150200.14.28.1 * libgnutls-devel-3.6.7-150200.14.28.1 * libgnutlsxx28-debuginfo-3.6.7-150200.14.28.1 * gnutls-debuginfo-3.6.7-150200.14.28.1 * gnutls-debugsource-3.6.7-150200.14.28.1 * libgnutls30-3.6.7-150200.14.28.1 * libgnutls30-hmac-3.6.7-150200.14.28.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libgnutls30-hmac-32bit-3.6.7-150200.14.28.1 * libgnutls30-32bit-3.6.7-150200.14.28.1 * libgnutls30-32bit-debuginfo-3.6.7-150200.14.28.1 * libgnutls-devel-32bit-3.6.7-150200.14.28.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libgnutlsxx-devel-3.6.7-150200.14.28.1 * gnutls-3.6.7-150200.14.28.1 * libgnutls30-debuginfo-3.6.7-150200.14.28.1 * libgnutlsxx28-3.6.7-150200.14.28.1 * libgnutls-devel-3.6.7-150200.14.28.1 * libgnutlsxx28-debuginfo-3.6.7-150200.14.28.1 * gnutls-debuginfo-3.6.7-150200.14.28.1 * gnutls-debugsource-3.6.7-150200.14.28.1 * libgnutls30-3.6.7-150200.14.28.1 * libgnutls30-hmac-3.6.7-150200.14.28.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libgnutls30-32bit-3.6.7-150200.14.28.1 * libgnutls30-32bit-debuginfo-3.6.7-150200.14.28.1 * libgnutls30-hmac-32bit-3.6.7-150200.14.28.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libgnutlsxx-devel-3.6.7-150200.14.28.1 * gnutls-3.6.7-150200.14.28.1 * libgnutls30-debuginfo-3.6.7-150200.14.28.1 * libgnutlsxx28-3.6.7-150200.14.28.1 * libgnutls-devel-3.6.7-150200.14.28.1 * libgnutlsxx28-debuginfo-3.6.7-150200.14.28.1 * gnutls-debuginfo-3.6.7-150200.14.28.1 * gnutls-debugsource-3.6.7-150200.14.28.1 * libgnutls30-3.6.7-150200.14.28.1 * libgnutls30-hmac-3.6.7-150200.14.28.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libgnutls30-hmac-32bit-3.6.7-150200.14.28.1 * libgnutls30-32bit-3.6.7-150200.14.28.1 * libgnutls30-32bit-debuginfo-3.6.7-150200.14.28.1 * libgnutls-devel-32bit-3.6.7-150200.14.28.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libgnutlsxx-devel-3.6.7-150200.14.28.1 * gnutls-3.6.7-150200.14.28.1 * libgnutls30-debuginfo-3.6.7-150200.14.28.1 * libgnutlsxx28-3.6.7-150200.14.28.1 * libgnutls-devel-3.6.7-150200.14.28.1 * libgnutlsxx28-debuginfo-3.6.7-150200.14.28.1 * gnutls-debuginfo-3.6.7-150200.14.28.1 * gnutls-debugsource-3.6.7-150200.14.28.1 * libgnutls30-3.6.7-150200.14.28.1 * libgnutls30-hmac-3.6.7-150200.14.28.1 * SUSE Enterprise Storage 7.1 (x86_64) * libgnutls30-hmac-32bit-3.6.7-150200.14.28.1 * libgnutls30-32bit-3.6.7-150200.14.28.1 * libgnutls30-32bit-debuginfo-3.6.7-150200.14.28.1 * libgnutls-devel-32bit-3.6.7-150200.14.28.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libgnutls30-debuginfo-3.6.7-150200.14.28.1 * gnutls-debuginfo-3.6.7-150200.14.28.1 * gnutls-debugsource-3.6.7-150200.14.28.1 * libgnutls30-3.6.7-150200.14.28.1 * libgnutls30-hmac-3.6.7-150200.14.28.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * gnutls-3.6.7-150200.14.28.1 * libgnutls30-debuginfo-3.6.7-150200.14.28.1 * gnutls-debuginfo-3.6.7-150200.14.28.1 * gnutls-debugsource-3.6.7-150200.14.28.1 * libgnutls30-3.6.7-150200.14.28.1 * libgnutls30-hmac-3.6.7-150200.14.28.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * gnutls-3.6.7-150200.14.28.1 * libgnutls30-debuginfo-3.6.7-150200.14.28.1 * gnutls-debuginfo-3.6.7-150200.14.28.1 * gnutls-debugsource-3.6.7-150200.14.28.1 * libgnutls30-3.6.7-150200.14.28.1 * libgnutls30-hmac-3.6.7-150200.14.28.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5981.html * https://bugzilla.suse.com/show_bug.cgi?id=1217277 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 28 16:30:09 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 28 Dec 2023 16:30:09 -0000 Subject: SUSE-RU-2023:4985-1: moderate: Recommended update for samba Message-ID: <170378100990.32141.18281898071703821209@smelt2.prg2.suse.org> # Recommended update for samba Announcement ID: SUSE-RU-2023:4985-1 Rating: moderate References: * bsc#1214076 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for samba fixes the following issues: * Add "net offlinejoin composeodj" command (bsc#1214076) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4985=1 openSUSE-SLE-15.5-2023-4985=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4985=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4985=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-4985=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * samba-libs-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-winbind-libs-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-client-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-test-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-libs-python3-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-devel-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-client-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-ldb-ldap-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * ctdb-pcp-pmda-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * libsamba-policy-devel-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-winbind-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-libs-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-client-libs-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-libs-python3-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-winbind-libs-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * libsamba-policy0-python3-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * ctdb-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-gpupdate-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-test-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-ldb-ldap-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-python3-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-winbind-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-debugsource-4.17.12+git.444.922f3bd625-150500.3.17.1 * ctdb-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * ctdb-pcp-pmda-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-python3-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-client-libs-4.17.12+git.444.922f3bd625-150500.3.17.1 * libsamba-policy-python3-devel-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-tool-4.17.12+git.444.922f3bd625-150500.3.17.1 * libsamba-policy0-python3-4.17.12+git.444.922f3bd625-150500.3.17.1 * openSUSE Leap 15.5 (x86_64) * samba-libs-32bit-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-winbind-libs-32bit-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-client-32bit-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-libs-python3-32bit-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-client-libs-32bit-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-client-libs-32bit-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-winbind-libs-32bit-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * libsamba-policy0-python3-32bit-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * libsamba-policy0-python3-32bit-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-libs-32bit-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-libs-python3-32bit-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-client-32bit-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-devel-32bit-4.17.12+git.444.922f3bd625-150500.3.17.1 * openSUSE Leap 15.5 (noarch) * samba-doc-4.17.12+git.444.922f3bd625-150500.3.17.1 * openSUSE Leap 15.5 (aarch64 x86_64) * samba-ceph-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-ceph-4.17.12+git.444.922f3bd625-150500.3.17.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libsamba-policy0-python3-64bit-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-client-64bit-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-client-libs-64bit-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-libs-python3-64bit-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-libs-64bit-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-winbind-libs-64bit-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-winbind-libs-64bit-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-client-libs-64bit-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * libsamba-policy0-python3-64bit-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-client-64bit-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-devel-64bit-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-libs-python3-64bit-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-libs-64bit-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * samba-client-libs-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-client-libs-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-debugsource-4.17.12+git.444.922f3bd625-150500.3.17.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * samba-libs-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-winbind-libs-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-client-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-libs-python3-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-devel-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-client-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-ldb-ldap-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * libsamba-policy-devel-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-winbind-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-libs-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-client-libs-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-libs-python3-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-winbind-libs-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * libsamba-policy0-python3-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-gpupdate-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-ldb-ldap-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-python3-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-winbind-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-debugsource-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-python3-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-client-libs-4.17.12+git.444.922f3bd625-150500.3.17.1 * libsamba-policy-python3-devel-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-tool-4.17.12+git.444.922f3bd625-150500.3.17.1 * libsamba-policy0-python3-4.17.12+git.444.922f3bd625-150500.3.17.1 * Basesystem Module 15-SP5 (aarch64 x86_64) * samba-ceph-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-ceph-4.17.12+git.444.922f3bd625-150500.3.17.1 * Basesystem Module 15-SP5 (x86_64) * samba-winbind-libs-32bit-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-client-libs-32bit-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-client-libs-32bit-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-winbind-libs-32bit-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-libs-32bit-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-libs-32bit-4.17.12+git.444.922f3bd625-150500.3.17.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * samba-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * samba-debugsource-4.17.12+git.444.922f3bd625-150500.3.17.1 * ctdb-debuginfo-4.17.12+git.444.922f3bd625-150500.3.17.1 * ctdb-4.17.12+git.444.922f3bd625-150500.3.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214076 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 28 16:30:11 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 28 Dec 2023 16:30:11 -0000 Subject: SUSE-SU-2023:4984-1: important: Security update for libreoffice Message-ID: <170378101179.32141.3787347935115511550@smelt2.prg2.suse.org> # Security update for libreoffice Announcement ID: SUSE-SU-2023:4984-1 Rating: important References: * bsc#1217577 * bsc#1217578 Cross-References: * CVE-2023-6185 * CVE-2023-6186 CVSS scores: * CVE-2023-6185 ( SUSE ): 8.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H * CVE-2023-6185 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6186 ( SUSE ): 8.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H * CVE-2023-6186 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for libreoffice fixes the following issues: * CVE-2023-6186: Fixed link targets allow arbitrary script execution (bsc#1217578). * CVE-2023-6185: Fixed Improper input validation enabling arbitrary Gstreamer pipeline injection (bsc#1217577). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4984=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4984=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libreoffice-officebean-7.6.2.1-48.51.4 * libreoffice-mailmerge-7.6.2.1-48.51.4 * libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-48.51.4 * libreoffice-librelogo-7.6.2.1-48.51.4 * libreoffice-pyuno-debuginfo-7.6.2.1-48.51.4 * libreoffice-gtk3-7.6.2.1-48.51.4 * libreoffice-base-debuginfo-7.6.2.1-48.51.4 * libreoffice-7.6.2.1-48.51.4 * libreoffice-calc-debuginfo-7.6.2.1-48.51.4 * libreoffice-gnome-debuginfo-7.6.2.1-48.51.4 * libreoffice-impress-7.6.2.1-48.51.4 * libreoffice-calc-extensions-7.6.2.1-48.51.4 * libreoffice-filters-optional-7.6.2.1-48.51.4 * libreoffice-impress-debuginfo-7.6.2.1-48.51.4 * libreoffice-officebean-debuginfo-7.6.2.1-48.51.4 * libreoffice-base-drivers-postgresql-7.6.2.1-48.51.4 * libreoffice-writer-debuginfo-7.6.2.1-48.51.4 * libreoffice-writer-7.6.2.1-48.51.4 * libreoffice-calc-7.6.2.1-48.51.4 * libreoffice-draw-7.6.2.1-48.51.4 * libreoffice-debuginfo-7.6.2.1-48.51.4 * libreoffice-debugsource-7.6.2.1-48.51.4 * libreoffice-math-debuginfo-7.6.2.1-48.51.4 * libreoffice-math-7.6.2.1-48.51.4 * libreoffice-pyuno-7.6.2.1-48.51.4 * libreoffice-draw-debuginfo-7.6.2.1-48.51.4 * libreoffice-writer-extensions-7.6.2.1-48.51.4 * libreoffice-gtk3-debuginfo-7.6.2.1-48.51.4 * libreoffice-base-7.6.2.1-48.51.4 * libreoffice-gnome-7.6.2.1-48.51.4 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch) * libreoffice-l10n-nn-7.6.2.1-48.51.4 * libreoffice-l10n-zh_TW-7.6.2.1-48.51.4 * libreoffice-l10n-it-7.6.2.1-48.51.4 * libreoffice-l10n-cs-7.6.2.1-48.51.4 * libreoffice-l10n-uk-7.6.2.1-48.51.4 * libreoffice-l10n-lt-7.6.2.1-48.51.4 * libreoffice-l10n-sv-7.6.2.1-48.51.4 * libreoffice-branding-upstream-7.6.2.1-48.51.4 * libreoffice-icon-themes-7.6.2.1-48.51.4 * libreoffice-l10n-bg-7.6.2.1-48.51.4 * libreoffice-l10n-da-7.6.2.1-48.51.4 * libreoffice-l10n-ar-7.6.2.1-48.51.4 * libreoffice-l10n-ja-7.6.2.1-48.51.4 * libreoffice-l10n-nl-7.6.2.1-48.51.4 * libreoffice-l10n-sk-7.6.2.1-48.51.4 * libreoffice-l10n-af-7.6.2.1-48.51.4 * libreoffice-l10n-fi-7.6.2.1-48.51.4 * libreoffice-l10n-fr-7.6.2.1-48.51.4 * libreoffice-l10n-xh-7.6.2.1-48.51.4 * libreoffice-l10n-ca-7.6.2.1-48.51.4 * libreoffice-l10n-hu-7.6.2.1-48.51.4 * libreoffice-l10n-hr-7.6.2.1-48.51.4 * libreoffice-l10n-ru-7.6.2.1-48.51.4 * libreoffice-l10n-pl-7.6.2.1-48.51.4 * libreoffice-l10n-ro-7.6.2.1-48.51.4 * libreoffice-l10n-pt_BR-7.6.2.1-48.51.4 * libreoffice-l10n-en-7.6.2.1-48.51.4 * libreoffice-l10n-hi-7.6.2.1-48.51.4 * libreoffice-l10n-nb-7.6.2.1-48.51.4 * libreoffice-l10n-zh_CN-7.6.2.1-48.51.4 * libreoffice-l10n-gu-7.6.2.1-48.51.4 * libreoffice-l10n-ko-7.6.2.1-48.51.4 * libreoffice-l10n-de-7.6.2.1-48.51.4 * libreoffice-l10n-es-7.6.2.1-48.51.4 * libreoffice-l10n-pt_PT-7.6.2.1-48.51.4 * libreoffice-l10n-zu-7.6.2.1-48.51.4 * SUSE Linux Enterprise Software Development Kit 12 SP5 (x86_64) * libreoffice-sdk-debuginfo-7.6.2.1-48.51.4 * libreoffice-sdk-7.6.2.1-48.51.4 * libreoffice-debuginfo-7.6.2.1-48.51.4 * libreoffice-debugsource-7.6.2.1-48.51.4 ## References: * https://www.suse.com/security/cve/CVE-2023-6185.html * https://www.suse.com/security/cve/CVE-2023-6186.html * https://bugzilla.suse.com/show_bug.cgi?id=1217577 * https://bugzilla.suse.com/show_bug.cgi?id=1217578 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 28 16:30:14 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 28 Dec 2023 16:30:14 -0000 Subject: SUSE-SU-2023:4983-1: moderate: Security update for gnutls Message-ID: <170378101416.32141.13843747553042268608@smelt2.prg2.suse.org> # Security update for gnutls Announcement ID: SUSE-SU-2023:4983-1 Rating: moderate References: * bsc#1217277 Cross-References: * CVE-2023-5981 CVSS scores: * CVE-2023-5981 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-5981 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for gnutls fixes the following issues: * CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4983=1 SUSE-2023-4983=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4983=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4983=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4983=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4983=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4983=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4983=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4983=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libgnutlsxx-devel-3.7.3-150400.4.38.1 * libgnutlsxx28-3.7.3-150400.4.38.1 * gnutls-debugsource-3.7.3-150400.4.38.1 * libgnutls30-hmac-3.7.3-150400.4.38.1 * libgnutlsxx28-debuginfo-3.7.3-150400.4.38.1 * gnutls-debuginfo-3.7.3-150400.4.38.1 * libgnutls30-3.7.3-150400.4.38.1 * gnutls-guile-debuginfo-3.7.3-150400.4.38.1 * gnutls-guile-3.7.3-150400.4.38.1 * libgnutls-devel-3.7.3-150400.4.38.1 * gnutls-3.7.3-150400.4.38.1 * libgnutls30-debuginfo-3.7.3-150400.4.38.1 * openSUSE Leap 15.4 (x86_64) * libgnutls-devel-32bit-3.7.3-150400.4.38.1 * libgnutls30-32bit-debuginfo-3.7.3-150400.4.38.1 * libgnutls30-32bit-3.7.3-150400.4.38.1 * libgnutls30-hmac-32bit-3.7.3-150400.4.38.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libgnutls30-64bit-3.7.3-150400.4.38.1 * libgnutls30-hmac-64bit-3.7.3-150400.4.38.1 * libgnutls-devel-64bit-3.7.3-150400.4.38.1 * libgnutls30-64bit-debuginfo-3.7.3-150400.4.38.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * gnutls-debugsource-3.7.3-150400.4.38.1 * libgnutls30-hmac-3.7.3-150400.4.38.1 * gnutls-debuginfo-3.7.3-150400.4.38.1 * libgnutls30-3.7.3-150400.4.38.1 * gnutls-3.7.3-150400.4.38.1 * libgnutls30-debuginfo-3.7.3-150400.4.38.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libgnutlsxx-devel-3.7.3-150400.4.38.1 * libgnutlsxx28-3.7.3-150400.4.38.1 * gnutls-debugsource-3.7.3-150400.4.38.1 * libgnutls30-hmac-3.7.3-150400.4.38.1 * libgnutlsxx28-debuginfo-3.7.3-150400.4.38.1 * gnutls-debuginfo-3.7.3-150400.4.38.1 * libgnutls30-3.7.3-150400.4.38.1 * gnutls-guile-debuginfo-3.7.3-150400.4.38.1 * gnutls-guile-3.7.3-150400.4.38.1 * libgnutls-devel-3.7.3-150400.4.38.1 * gnutls-3.7.3-150400.4.38.1 * libgnutls30-debuginfo-3.7.3-150400.4.38.1 * openSUSE Leap 15.5 (x86_64) * libgnutls-devel-32bit-3.7.3-150400.4.38.1 * libgnutls30-32bit-debuginfo-3.7.3-150400.4.38.1 * libgnutls30-32bit-3.7.3-150400.4.38.1 * libgnutls30-hmac-32bit-3.7.3-150400.4.38.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * gnutls-debugsource-3.7.3-150400.4.38.1 * libgnutls30-hmac-3.7.3-150400.4.38.1 * gnutls-debuginfo-3.7.3-150400.4.38.1 * libgnutls30-3.7.3-150400.4.38.1 * gnutls-3.7.3-150400.4.38.1 * libgnutls30-debuginfo-3.7.3-150400.4.38.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * gnutls-debugsource-3.7.3-150400.4.38.1 * libgnutls30-hmac-3.7.3-150400.4.38.1 * gnutls-debuginfo-3.7.3-150400.4.38.1 * libgnutls30-3.7.3-150400.4.38.1 * gnutls-3.7.3-150400.4.38.1 * libgnutls30-debuginfo-3.7.3-150400.4.38.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * gnutls-debugsource-3.7.3-150400.4.38.1 * libgnutls30-hmac-3.7.3-150400.4.38.1 * gnutls-debuginfo-3.7.3-150400.4.38.1 * libgnutls30-3.7.3-150400.4.38.1 * gnutls-3.7.3-150400.4.38.1 * libgnutls30-debuginfo-3.7.3-150400.4.38.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libgnutlsxx-devel-3.7.3-150400.4.38.1 * libgnutlsxx28-3.7.3-150400.4.38.1 * gnutls-debugsource-3.7.3-150400.4.38.1 * libgnutls30-hmac-3.7.3-150400.4.38.1 * libgnutlsxx28-debuginfo-3.7.3-150400.4.38.1 * gnutls-debuginfo-3.7.3-150400.4.38.1 * libgnutls30-3.7.3-150400.4.38.1 * libgnutls-devel-3.7.3-150400.4.38.1 * gnutls-3.7.3-150400.4.38.1 * libgnutls30-debuginfo-3.7.3-150400.4.38.1 * Basesystem Module 15-SP4 (x86_64) * libgnutls30-32bit-debuginfo-3.7.3-150400.4.38.1 * libgnutls30-32bit-3.7.3-150400.4.38.1 * libgnutls30-hmac-32bit-3.7.3-150400.4.38.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libgnutlsxx-devel-3.7.3-150400.4.38.1 * libgnutlsxx28-3.7.3-150400.4.38.1 * gnutls-debugsource-3.7.3-150400.4.38.1 * libgnutls30-hmac-3.7.3-150400.4.38.1 * libgnutlsxx28-debuginfo-3.7.3-150400.4.38.1 * gnutls-debuginfo-3.7.3-150400.4.38.1 * libgnutls30-3.7.3-150400.4.38.1 * libgnutls-devel-3.7.3-150400.4.38.1 * gnutls-3.7.3-150400.4.38.1 * libgnutls30-debuginfo-3.7.3-150400.4.38.1 * Basesystem Module 15-SP5 (x86_64) * libgnutls30-32bit-debuginfo-3.7.3-150400.4.38.1 * libgnutls30-32bit-3.7.3-150400.4.38.1 * libgnutls30-hmac-32bit-3.7.3-150400.4.38.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5981.html * https://bugzilla.suse.com/show_bug.cgi?id=1217277 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Dec 28 16:30:16 2023 From: null at suse.de (SLE-UPDATES) Date: Thu, 28 Dec 2023 16:30:16 -0000 Subject: SUSE-SU-2023:4982-1: important: Security update for gstreamer Message-ID: <170378101644.32141.5553179676247968062@smelt2.prg2.suse.org> # Security update for gstreamer Announcement ID: SUSE-SU-2023:4982-1 Rating: important References: * bsc#1215796 Cross-References: * CVE-2023-40474 CVSS scores: * CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer fixes the following issues: * CVE-2023-40474: Fixed GStreamer MXF File Parsing Integer Overflow (bsc#1215796). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4982=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4982=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4982=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4982=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * gstreamer-devel-1.8.3-10.6.1 * gstreamer-debuginfo-1.8.3-10.6.1 * gstreamer-debugsource-1.8.3-10.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * gstreamer-utils-debuginfo-1.8.3-10.6.1 * libgstreamer-1_0-0-debuginfo-1.8.3-10.6.1 * typelib-1_0-Gst-1_0-1.8.3-10.6.1 * gstreamer-utils-1.8.3-10.6.1 * libgstreamer-1_0-0-1.8.3-10.6.1 * gstreamer-debuginfo-1.8.3-10.6.1 * gstreamer-debugsource-1.8.3-10.6.1 * gstreamer-1.8.3-10.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * gstreamer-lang-1.8.3-10.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * gstreamer-debuginfo-32bit-1.8.3-10.6.1 * libgstreamer-1_0-0-32bit-1.8.3-10.6.1 * libgstreamer-1_0-0-debuginfo-32bit-1.8.3-10.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * gstreamer-utils-debuginfo-1.8.3-10.6.1 * libgstreamer-1_0-0-debuginfo-1.8.3-10.6.1 * typelib-1_0-Gst-1_0-1.8.3-10.6.1 * gstreamer-utils-1.8.3-10.6.1 * libgstreamer-1_0-0-1.8.3-10.6.1 * gstreamer-debuginfo-1.8.3-10.6.1 * gstreamer-debugsource-1.8.3-10.6.1 * gstreamer-1.8.3-10.6.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * gstreamer-lang-1.8.3-10.6.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * gstreamer-debuginfo-32bit-1.8.3-10.6.1 * libgstreamer-1_0-0-32bit-1.8.3-10.6.1 * libgstreamer-1_0-0-debuginfo-32bit-1.8.3-10.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * gstreamer-utils-debuginfo-1.8.3-10.6.1 * libgstreamer-1_0-0-debuginfo-1.8.3-10.6.1 * typelib-1_0-Gst-1_0-1.8.3-10.6.1 * gstreamer-utils-1.8.3-10.6.1 * libgstreamer-1_0-0-1.8.3-10.6.1 * gstreamer-debuginfo-1.8.3-10.6.1 * gstreamer-debugsource-1.8.3-10.6.1 * gstreamer-1.8.3-10.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * gstreamer-lang-1.8.3-10.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * gstreamer-debuginfo-32bit-1.8.3-10.6.1 * libgstreamer-1_0-0-32bit-1.8.3-10.6.1 * libgstreamer-1_0-0-debuginfo-32bit-1.8.3-10.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40474.html * https://bugzilla.suse.com/show_bug.cgi?id=1215796 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Dec 29 08:03:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Dec 2023 09:03:34 +0100 (CET) Subject: SUSE-CU-2023:4324-1: Recommended update of suse/sles12sp5 Message-ID: <20231229080334.A55C5FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4324-1 Container Tags : suse/sles12sp5:6.5.548 , suse/sles12sp5:latest Container Release : 6.5.548 Severity : moderate Type : recommended References : 1216825 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4977-1 Released: Wed Dec 27 10:35:46 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1216825 This update for procps fixes the following issue: - Avoid SIGSEGV in case of sending SIGTERM to a top command running in batch mode (bsc#1216825) The following package changes have been done: - libprocps3-3.3.9-11.30.1 updated - procps-3.3.9-11.30.1 updated From sle-updates at lists.suse.com Fri Dec 29 08:05:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Dec 2023 09:05:41 +0100 (CET) Subject: SUSE-CU-2023:4325-1: Security update of suse/sle15 Message-ID: <20231229080541.12561FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4325-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.387 Container Release : 9.5.387 Severity : moderate Type : security References : 1217277 CVE-2023-5981 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4986-1 Released: Thu Dec 28 16:05:33 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1217277,CVE-2023-5981 This update for gnutls fixes the following issues: - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). The following package changes have been done: - libgnutls30-hmac-3.6.7-150200.14.28.1 updated - libgnutls30-3.6.7-150200.14.28.1 updated From sle-updates at lists.suse.com Fri Dec 29 08:07:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Dec 2023 09:07:26 +0100 (CET) Subject: SUSE-CU-2023:4329-1: Recommended update of bci/openjdk Message-ID: <20231229080726.E803FFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4329-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.62 , bci/openjdk:latest Container Release : 12.62 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Fri Dec 29 08:08:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Dec 2023 09:08:10 +0100 (CET) Subject: SUSE-CU-2023:4331-1: Security update of bci/php-apache Message-ID: <20231229080810.EF98EFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4331-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-8.59 Container Release : 8.59 Severity : moderate Type : security References : 1217277 CVE-2023-5981 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4983-1 Released: Thu Dec 28 14:21:40 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1217277,CVE-2023-5981 This update for gnutls fixes the following issues: - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). The following package changes have been done: - libgnutls30-3.7.3-150400.4.38.1 updated - libgnutls30-hmac-3.7.3-150400.4.38.1 updated From sle-updates at lists.suse.com Fri Dec 29 08:08:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Dec 2023 09:08:31 +0100 (CET) Subject: SUSE-CU-2023:4332-1: Security update of bci/php-fpm Message-ID: <20231229080831.1279CFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4332-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-8.64 Container Release : 8.64 Severity : moderate Type : security References : 1217277 CVE-2023-5981 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4983-1 Released: Thu Dec 28 14:21:40 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1217277,CVE-2023-5981 This update for gnutls fixes the following issues: - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). The following package changes have been done: - libgnutls30-3.7.3-150400.4.38.1 updated - libgnutls30-hmac-3.7.3-150400.4.38.1 updated From sle-updates at lists.suse.com Fri Dec 29 08:08:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Dec 2023 09:08:50 +0100 (CET) Subject: SUSE-CU-2023:4333-1: Security update of bci/php Message-ID: <20231229080850.A9307FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4333-1 Container Tags : bci/php:8 , bci/php:8-8.59 Container Release : 8.59 Severity : moderate Type : security References : 1217277 CVE-2023-5981 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4983-1 Released: Thu Dec 28 14:21:40 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1217277,CVE-2023-5981 This update for gnutls fixes the following issues: - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). The following package changes have been done: - libgnutls30-3.7.3-150400.4.38.1 updated - libgnutls30-hmac-3.7.3-150400.4.38.1 updated From sle-updates at lists.suse.com Fri Dec 29 08:09:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Dec 2023 09:09:11 +0100 (CET) Subject: SUSE-CU-2023:4334-1: Security update of bci/python Message-ID: <20231229080911.4EAB4FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4334-1 Container Tags : bci/python:3 , bci/python:3-12.58 , bci/python:3.11 , bci/python:3.11-12.58 , bci/python:latest Container Release : 12.58 Severity : important Type : security References : 1216987 1217353 CVE-2023-5752 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4988-1 Released: Thu Dec 28 16:06:49 2023 Summary: Security update for python-pip Type: security Severity: low References: 1217353,CVE-2023-5752 This update for python-pip fixes the following issues: - CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial parameter (bsc#1217353). The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - curl-8.0.1-150400.5.41.1 updated - python311-pip-22.3.1-150400.17.12.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-updates at lists.suse.com Fri Dec 29 08:09:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Dec 2023 09:09:20 +0100 (CET) Subject: SUSE-CU-2023:4335-1: Recommended update of suse/rmt-server Message-ID: <20231229080920.0F288FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4335-1 Container Tags : suse/rmt-server:2.14 , suse/rmt-server:2.14-11.58 , suse/rmt-server:latest Container Release : 11.58 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4976-1 Released: Wed Dec 27 10:34:15 2023 Summary: Recommended update for mariadb-connector-c Type: recommended Severity: moderate References: This update for mariadb-connector-c fixes the following issue: - Update to release 3.1.22: The following package changes have been done: - libmariadb3-3.1.22-150000.3.36.1 updated From null at suse.de Fri Dec 29 12:30:39 2023 From: null at suse.de (SLE-UPDATES) Date: Fri, 29 Dec 2023 12:30:39 -0000 Subject: SUSE-RU-2023:4990-1: moderate: Recommended update for 389-ds Message-ID: <170385303998.31287.10657961877192948230@smelt2.prg2.suse.org> # Recommended update for 389-ds Announcement ID: SUSE-RU-2023:4990-1 Rating: moderate References: * bsc#1217581 Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for 389-ds fixes the following issues: * Fix 'Replica ID cannot be specified for consumer and hub roles' error when enabling replication (bsc#1217581) * Update to version 2.2.8~git51.3688d68 * Issue 5984 - Crash when paged result search are abandoned - fix2 (#5987) * Issue 5984 - Crash when paged result search are abandoned (#5985) * Issue 5971 - CLI - Fix password prompt for repl status (#5972) * Issue 5956 - After an upgrade the server won't start - nsslapd-connta? ?blesize (#5963) * Issue 3555 - UI - Fix audit issue with npm - babel/traverse (#5959) * Issue 5966 - CLI - Custom schema object is removed on a failed edit (#5967) * Issue 5956 - After an upgrade the server won't start - nsslapd-conntablesize (#5957) * issue 5924 - ASAN server build crash when looping opening/closing connections (#5926) * Issue 5848 - Fix condition and add a CI test (#5916) * Issue 5909 - Multi listener hang with 20k connections (#5917) * Issue 5853 - Revert MSRV check (#5908) * Issue 5722 - improve testcase (#5904) * Issue 5858 - WebUI monitoring test fails to run ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4990=1 openSUSE-SLE-15.5-2023-4990=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4990=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * lib389-2.2.8~git51.3688d68-150500.3.14.1 * 389-ds-2.2.8~git51.3688d68-150500.3.14.1 * 389-ds-devel-2.2.8~git51.3688d68-150500.3.14.1 * 389-ds-debugsource-2.2.8~git51.3688d68-150500.3.14.1 * libsvrcore0-2.2.8~git51.3688d68-150500.3.14.1 * libsvrcore0-debuginfo-2.2.8~git51.3688d68-150500.3.14.1 * 389-ds-snmp-2.2.8~git51.3688d68-150500.3.14.1 * 389-ds-debuginfo-2.2.8~git51.3688d68-150500.3.14.1 * 389-ds-snmp-debuginfo-2.2.8~git51.3688d68-150500.3.14.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * lib389-2.2.8~git51.3688d68-150500.3.14.1 * 389-ds-2.2.8~git51.3688d68-150500.3.14.1 * 389-ds-devel-2.2.8~git51.3688d68-150500.3.14.1 * 389-ds-debugsource-2.2.8~git51.3688d68-150500.3.14.1 * libsvrcore0-2.2.8~git51.3688d68-150500.3.14.1 * libsvrcore0-debuginfo-2.2.8~git51.3688d68-150500.3.14.1 * 389-ds-debuginfo-2.2.8~git51.3688d68-150500.3.14.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1217581 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Dec 29 12:30:38 2023 From: null at suse.de (SLE-UPDATES) Date: Fri, 29 Dec 2023 12:30:38 -0000 Subject: SUSE-RU-2023:4991-1: moderate: Recommended update for mariadb104 Message-ID: <170385303846.31287.1671928125609129721@smelt2.prg2.suse.org> # Recommended update for mariadb104 Announcement ID: SUSE-RU-2023:4991-1 Rating: moderate References: * bsc#1001367 * bsc#1005555 * bsc#1005558 * bsc#1005562 * bsc#1005564 * bsc#1005566 * bsc#1005569 * bsc#1005581 * bsc#1005582 * bsc#1006539 * bsc#1008253 * bsc#1012075 * bsc#1013882 * bsc#1019948 * bsc#1020873 * bsc#1020875 * bsc#1020877 * bsc#1020878 * bsc#1020882 * bsc#1020884 * bsc#1020885 * bsc#1020890 * bsc#1020891 * bsc#1020894 * bsc#1020896 * bsc#1020976 * bsc#1022428 * bsc#1038740 * bsc#1039034 * bsc#1041525 * bsc#1041891 * bsc#1042632 * bsc#1043328 * bsc#1047218 * bsc#1055165 * bsc#1055268 * bsc#1058374 * bsc#1058729 * bsc#1060110 * bsc#1062583 * bsc#1067443 * bsc#1068906 * bsc#1069401 * bsc#1080891 * bsc#1083087 * bsc#1088681 * bsc#1092544 * bsc#1098683 * bsc#1101676 * bsc#1101677 * bsc#1101678 * bsc#1103342 * bsc#1111858 * bsc#1111859 * bsc#1112368 * bsc#1112377 * bsc#1112384 * bsc#1112386 * bsc#1112391 * bsc#1112397 * bsc#1112404 * bsc#1112415 * bsc#1112417 * bsc#1112421 * bsc#1112432 * bsc#1112767 * bsc#1116686 * bsc#1118754 * bsc#1120041 * bsc#1122198 * bsc#1122475 * bsc#1127027 * bsc#1132666 * bsc#1136035 * bsc#1142909 * bsc#1143215 * bsc#1144314 * bsc#1156669 * bsc#1160285 * bsc#1160868 * bsc#1160878 * bsc#1160883 * bsc#1160895 * bsc#1160912 * bsc#1166781 * bsc#1168380 * bsc#1170204 * bsc#1173028 * bsc#1173516 * bsc#1174559 * bsc#1175596 * bsc#1177472 * bsc#1178428 * bsc#1180014 * bsc#1182218 * bsc#1182255 * bsc#1182739 * bsc#1183770 * bsc#1185870 * bsc#1185872 * bsc#1186031 * bsc#1189320 * bsc#1192497 * bsc#1195325 * bsc#1195334 * bsc#1195339 * bsc#1196016 * bsc#1197459 * bsc#1198603 * bsc#1198604 * bsc#1198605 * bsc#1198606 * bsc#1198607 * bsc#1198609 * bsc#1198610 * bsc#1198611 * bsc#1198612 * bsc#1198613 * bsc#1198628 * bsc#1198629 * bsc#1198630 * bsc#1198631 * bsc#1198632 * bsc#1198633 * bsc#1198634 * bsc#1198635 * bsc#1198636 * bsc#1198637 * bsc#1198638 * bsc#1198639 * bsc#1198640 * bsc#1199928 * bsc#1200105 * bsc#1201161 * bsc#1201163 * bsc#1201164 * bsc#1201165 * bsc#1201166 * bsc#1201167 * bsc#1201168 * bsc#1201169 * bsc#1201170 * bsc#1202863 * bsc#332530 * bsc#353120 * bsc#357634 * bsc#359522 * bsc#366820 * bsc#371000 * bsc#387746 * bsc#420313 * bsc#425079 * bsc#427384 * bsc#429618 * bsc#435519 * bsc#437293 * bsc#463586 * bsc#520876 * bsc#525065 * bsc#525325 * bsc#539243 * bsc#539249 * bsc#557669 * bsc#635645 * bsc#747811 * bsc#763150 * bsc#779476 * bsc#789263 * bsc#792444 * bsc#796164 * bsc#829430 * bsc#841709 * bsc#859345 * bsc#889126 * bsc#894479 * bsc#902396 * bsc#914370 * bsc#921955 * bsc#934789 * bsc#937754 * bsc#937767 * bsc#937787 * bsc#942908 * bsc#943096 * bsc#957174 * bsc#963810 * bsc#971456 * bsc#979524 * bsc#983938 * bsc#984858 * bsc#986251 * bsc#989913 * bsc#989919 * bsc#989922 * bsc#989926 * bsc#990890 * bsc#998309 * jsc#PED-2455 * jsc#SLE-12253 * jsc#SLE-8269 Cross-References: * CVE-2006-0903 * CVE-2006-4226 * CVE-2006-4227 * CVE-2007-5969 * CVE-2007-5970 * CVE-2007-6303 * CVE-2007-6304 * CVE-2008-2079 * CVE-2008-7247 * CVE-2009-4019 * CVE-2009-4028 * CVE-2009-4030 * CVE-2012-4414 * CVE-2012-5611 * CVE-2012-5612 * CVE-2012-5615 * CVE-2012-5627 * CVE-2013-1976 * CVE-2015-4792 * CVE-2015-4802 * CVE-2015-4807 * CVE-2015-4815 * CVE-2015-4816 * CVE-2015-4819 * CVE-2015-4826 * CVE-2015-4830 * CVE-2015-4836 * CVE-2015-4858 * CVE-2015-4861 * CVE-2015-4864 * CVE-2015-4866 * CVE-2015-4870 * CVE-2015-4879 * CVE-2015-4895 * CVE-2015-4913 * CVE-2015-5969 * CVE-2015-7744 * CVE-2016-0505 * CVE-2016-0546 * CVE-2016-0596 * CVE-2016-0597 * CVE-2016-0598 * CVE-2016-0600 * CVE-2016-0606 * CVE-2016-0608 * CVE-2016-0609 * CVE-2016-0610 * CVE-2016-0616 * CVE-2016-0640 * CVE-2016-0641 * CVE-2016-0642 * CVE-2016-0644 * CVE-2016-0646 * CVE-2016-0649 * CVE-2016-0650 * CVE-2016-0651 * CVE-2016-0668 * CVE-2016-2047 * CVE-2016-3477 * CVE-2016-3492 * CVE-2016-3521 * CVE-2016-3615 * CVE-2016-5440 * CVE-2016-5584 * CVE-2016-5616 * CVE-2016-5624 * CVE-2016-5626 * CVE-2016-5629 * CVE-2016-6662 * CVE-2016-6663 * CVE-2016-6664 * CVE-2016-7440 * CVE-2016-8283 * CVE-2016-9843 * CVE-2017-10268 * CVE-2017-10286 * CVE-2017-10320 * CVE-2017-10365 * CVE-2017-10378 * CVE-2017-10379 * CVE-2017-10384 * CVE-2017-15365 * CVE-2017-3238 * CVE-2017-3243 * CVE-2017-3244 * CVE-2017-3257 * CVE-2017-3258 * CVE-2017-3265 * CVE-2017-3291 * CVE-2017-3302 * CVE-2017-3308 * CVE-2017-3309 * CVE-2017-3312 * CVE-2017-3313 * CVE-2017-3317 * CVE-2017-3318 * CVE-2017-3453 * CVE-2017-3456 * CVE-2017-3464 * CVE-2017-3636 * CVE-2017-3641 * CVE-2017-3653 * CVE-2018-25032 * CVE-2018-2562 * CVE-2018-2612 * CVE-2018-2622 * CVE-2018-2640 * CVE-2018-2665 * CVE-2018-2668 * CVE-2018-2755 * CVE-2018-2759 * CVE-2018-2761 * CVE-2018-2766 * CVE-2018-2767 * CVE-2018-2771 * CVE-2018-2777 * CVE-2018-2781 * CVE-2018-2782 * CVE-2018-2784 * CVE-2018-2786 * CVE-2018-2787 * CVE-2018-2810 * CVE-2018-2813 * CVE-2018-2817 * CVE-2018-2819 * CVE-2018-3058 * CVE-2018-3060 * CVE-2018-3063 * CVE-2018-3064 * CVE-2018-3066 * CVE-2018-3143 * CVE-2018-3156 * CVE-2018-3162 * CVE-2018-3173 * CVE-2018-3174 * CVE-2018-3185 * CVE-2018-3200 * CVE-2018-3251 * CVE-2018-3277 * CVE-2018-3282 * CVE-2018-3284 * CVE-2019-18901 * CVE-2019-2510 * CVE-2019-2537 * CVE-2019-2614 * CVE-2019-2627 * CVE-2019-2628 * CVE-2019-2737 * CVE-2019-2739 * CVE-2019-2740 * CVE-2019-2758 * CVE-2019-2805 * CVE-2019-2938 * CVE-2019-2974 * CVE-2020-13249 * CVE-2020-14765 * CVE-2020-14776 * CVE-2020-14789 * CVE-2020-14812 * CVE-2020-15180 * CVE-2020-2574 * CVE-2020-2752 * CVE-2020-2760 * CVE-2020-2812 * CVE-2020-2814 * CVE-2020-7221 * CVE-2021-2154 * CVE-2021-2166 * CVE-2021-2372 * CVE-2021-2389 * CVE-2021-27928 * CVE-2021-35604 * CVE-2021-46657 * CVE-2021-46658 * CVE-2021-46659 * CVE-2021-46661 * CVE-2021-46663 * CVE-2021-46664 * CVE-2021-46665 * CVE-2021-46668 * CVE-2021-46669 * CVE-2022-21427 * CVE-2022-21595 * CVE-2022-24048 * CVE-2022-24050 * CVE-2022-24051 * CVE-2022-24052 * CVE-2022-27376 * CVE-2022-27377 * CVE-2022-27378 * CVE-2022-27379 * CVE-2022-27380 * CVE-2022-27381 * CVE-2022-27382 * CVE-2022-27383 * CVE-2022-27384 * CVE-2022-27386 * CVE-2022-27387 * CVE-2022-27444 * CVE-2022-27445 * CVE-2022-27446 * CVE-2022-27447 * CVE-2022-27448 * CVE-2022-27449 * CVE-2022-27451 * CVE-2022-27452 * CVE-2022-27455 * CVE-2022-27456 * CVE-2022-27457 * CVE-2022-27458 * CVE-2022-32081 * CVE-2022-32083 * CVE-2022-32084 * CVE-2022-32085 * CVE-2022-32086 * CVE-2022-32087 * CVE-2022-32088 * CVE-2022-32089 * CVE-2022-32091 * CVE-2022-38791 * CVE-2022-47015 CVSS scores: * CVE-2015-7744 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2016-0640 ( NVD ): 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2016-0641 ( NVD ): 5.1 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H * CVE-2016-0642 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2016-0642 ( NVD ): 4.7 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2016-0644 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-0646 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-0649 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-0650 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-0651 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-0651 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-0668 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2016-0668 ( NVD ): 4.1 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2016-2047 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2016-3477 ( NVD ): 8.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2016-3492 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-3492 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-3521 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-3615 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-5440 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2016-5584 ( NVD ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2016-5584 ( NVD ): 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2016-5624 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-5624 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-5624 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-5626 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-5626 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-5629 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2016-5629 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2016-5629 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2016-6662 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2016-6663 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2016-6664 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2016-6664 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2016-6664 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2016-7440 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2016-7440 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2016-8283 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2016-8283 ( NVD ): 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2016-9843 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2016-9843 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2017-10268 ( SUSE ): 4.1 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2017-10268 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2017-10268 ( NVD ): 4.1 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2017-10286 ( SUSE ): 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-10286 ( NVD ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-10286 ( NVD ): 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-10320 ( SUSE ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-10320 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-10320 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-10365 ( SUSE ): 3.8 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L * CVE-2017-10365 ( NVD ): 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L * CVE-2017-10365 ( NVD ): 3.8 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L * CVE-2017-10378 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-10378 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-10378 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-10379 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-10379 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2017-10379 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2017-10384 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-10384 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-10384 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-15365 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2017-15365 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2017-3238 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3238 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3243 ( NVD ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3243 ( NVD ): 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3244 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3244 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3257 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3257 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3258 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3258 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3258 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3265 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H * CVE-2017-3265 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H * CVE-2017-3291 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H * CVE-2017-3291 ( NVD ): 6.3 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H * CVE-2017-3302 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3308 ( NVD ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2017-3308 ( NVD ): 7.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2017-3309 ( NVD ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2017-3309 ( NVD ): 7.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2017-3312 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2017-3312 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2017-3312 ( NVD ): 6.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2017-3313 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2017-3313 ( NVD ): 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2017-3317 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2017-3317 ( NVD ): 4.0 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2017-3318 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N * CVE-2017-3318 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N * CVE-2017-3318 ( NVD ): 4.0 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N * CVE-2017-3453 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3453 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3456 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3456 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3464 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2017-3464 ( NVD ): 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2017-3636 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2017-3636 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2017-3636 ( NVD ): 5.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2017-3641 ( SUSE ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3641 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3641 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3653 ( SUSE ): 3.1 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2017-3653 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2017-3653 ( NVD ): 3.1 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2018-25032 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2018-25032 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2562 ( SUSE ): 7.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2018-2562 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2018-2562 ( NVD ): 7.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2018-2612 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2018-2612 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2018-2622 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2622 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2622 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2640 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2640 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2640 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2665 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2665 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2665 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2668 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2668 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2668 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2755 ( SUSE ): 7.7 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2018-2755 ( NVD ): 7.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2018-2755 ( NVD ): 7.7 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2018-2759 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2759 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2761 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2761 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2761 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2766 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2766 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2767 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2018-2767 ( NVD ): 3.1 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2018-2771 ( SUSE ): 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2771 ( NVD ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2771 ( NVD ): 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2777 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2777 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2781 ( SUSE ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2781 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2781 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2782 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2782 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2784 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2784 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2786 ( NVD ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2018-2786 ( NVD ): 5.5 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2018-2787 ( NVD ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2018-2787 ( NVD ): 5.5 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2018-2810 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2810 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2813 ( SUSE ): 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2018-2813 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2018-2813 ( NVD ): 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2018-2817 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2817 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2817 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2819 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2819 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2819 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3058 ( SUSE ): 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2018-3058 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2018-3058 ( NVD ): 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2018-3060 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2018-3060 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2018-3063 ( SUSE ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3063 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3063 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3064 ( SUSE ): 7.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2018-3064 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2018-3064 ( NVD ): 7.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2018-3066 ( SUSE ): 3.3 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N * CVE-2018-3066 ( NVD ): 3.3 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N * CVE-2018-3066 ( NVD ): 3.3 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N * CVE-2018-3143 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3143 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3156 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3156 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3162 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3162 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3173 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3173 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3174 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2018-3174 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2018-3174 ( NVD ): 5.3 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2018-3185 ( NVD ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2018-3185 ( NVD ): 5.5 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2018-3200 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3200 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3251 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3251 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3251 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3277 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3277 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3282 ( SUSE ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3282 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3282 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3284 ( SUSE ): 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3284 ( NVD ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3284 ( NVD ): 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-18901 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2019-18901 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2019-2510 ( SUSE ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2510 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2510 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2537 ( SUSE ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2537 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2537 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2614 ( SUSE ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2614 ( NVD ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2614 ( NVD ): 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2627 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2627 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2627 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2628 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2628 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2628 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2737 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2737 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2739 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2019-2739 ( NVD ): 5.1 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2019-2740 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2740 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2758 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2019-2758 ( NVD ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2019-2758 ( NVD ): 5.5 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2019-2805 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2805 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2805 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2938 ( SUSE ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2938 ( NVD ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2974 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2974 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-13249 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2020-13249 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2020-14765 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-14765 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-14776 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2020-14776 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2020-14789 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2020-14789 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2020-14812 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2020-14812 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2020-15180 ( SUSE ): 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2020-15180 ( NVD ): 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2020-2574 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-2574 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-2752 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-2760 ( NVD ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2020-2812 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2020-2814 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2020-7221 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-2154 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-2154 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-2166 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-2166 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-2372 ( SUSE ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-2372 ( NVD ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-2389 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-2389 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-27928 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2021-27928 ( NVD ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2021-35604 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2021-35604 ( NVD ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2021-46657 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-46657 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46658 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-46658 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46659 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-46659 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46661 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46661 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46663 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46663 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46664 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46665 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46668 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46669 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-21427 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-21595 ( SUSE ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-21595 ( NVD ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-24048 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-24050 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-24051 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-24052 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-27376 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27376 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27377 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27377 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27378 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27378 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27379 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27379 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27380 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27380 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27381 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27381 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27382 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27382 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27383 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27383 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27384 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27384 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27386 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27386 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27387 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-27387 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27444 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27444 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27445 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27445 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27446 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27446 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27447 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27447 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27448 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27448 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27449 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27449 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27451 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27451 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27452 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27452 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27455 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27455 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27456 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27456 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27457 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27457 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27458 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27458 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32081 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32081 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32083 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32083 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32084 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32084 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32085 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32085 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32086 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32086 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32087 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32087 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32088 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32088 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32089 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32089 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32091 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32091 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38791 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38791 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-47015 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2022-47015 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves 221 vulnerabilities and contains three features can now be installed. ## Description: This update for mariadb104 fixes the following issues: * Implement version 10.4 of MariaDB (jsc#PED-2455): * It is possible to use more than one authentication plugin for each user account. * The root user account is being created with the ability to use two authentication plugins. * All user accounts, passwords, and global privileges are now stored in the mysql.global_priv table. * Is being supported for User Password Expiry, which is not active by default. * Faster privilege checks for MariaDB setups with many user accounts or many database grants. * Update mysql-systemd-helper to be aware of custom group (bsc#1200105) * MariaDB is now support lz4 compression for 'INNODB'. (bsc#1186031) * Add 'mysql-user.conf' file to enable systemd generating mysql user in containers. (bsc#1173028) * Fixes an issue when MariaDB is ignoring the value of the parameter 'open_files_limit' in the global variables. (bsc#1180014) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4991=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4991=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4991=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4991=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libmariadbd104-devel-10.4.30-8.5.46 * liblz4-1-debuginfo-1.8.0-3.5.2 * python3-mysqlclient-1.3.14-8.9.2 * libmariadb-devel-3.1.22-2.35.1 * lz4-debuginfo-1.8.0-3.5.2 * lz4-debugsource-1.8.0-3.5.2 * liblz4-1-1.8.0-3.5.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libmariadb3-3.1.22-2.35.1 * libmariadb_plugins-3.1.22-2.35.1 * mariadb104-10.4.30-8.5.46 * libmariadbd19-debuginfo-10.4.30-8.5.46 * mariadb104-client-debuginfo-10.4.30-8.5.46 * mariadb104-test-10.4.30-8.5.46 * liblz4-1-1.8.0-3.5.2 * libmariadb3-debuginfo-3.1.22-2.35.1 * mariadb104-test-debuginfo-10.4.30-8.5.46 * mariadb-connector-c-debugsource-3.1.22-2.35.1 * mariadb104-tools-debuginfo-10.4.30-8.5.46 * mariadb104-bench-debuginfo-10.4.30-8.5.46 * mariadb104-debugsource-10.4.30-8.5.46 * mariadb104-bench-10.4.30-8.5.46 * mariadb104-tools-10.4.30-8.5.46 * mariadb104-galera-10.4.30-8.5.46 * libmariadbd19-10.4.30-8.5.46 * mariadb104-client-10.4.30-8.5.46 * mariadb104-debuginfo-10.4.30-8.5.46 * mariadb104-rpm-macros-10.4.30-8.5.46 * python3-mysqlclient-1.3.14-8.9.2 * libmariadb_plugins-debuginfo-3.1.22-2.35.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * mariadb104-errormessages-10.4.30-8.5.46 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libmariadb3-3.1.22-2.35.1 * libmariadb_plugins-3.1.22-2.35.1 * mariadb104-10.4.30-8.5.46 * libmariadbd19-debuginfo-10.4.30-8.5.46 * mariadb104-client-debuginfo-10.4.30-8.5.46 * mariadb104-test-10.4.30-8.5.46 * liblz4-1-1.8.0-3.5.2 * libmariadb3-debuginfo-3.1.22-2.35.1 * mariadb104-test-debuginfo-10.4.30-8.5.46 * mariadb-connector-c-debugsource-3.1.22-2.35.1 * mariadb104-tools-debuginfo-10.4.30-8.5.46 * mariadb104-bench-debuginfo-10.4.30-8.5.46 * mariadb104-debugsource-10.4.30-8.5.46 * mariadb104-bench-10.4.30-8.5.46 * mariadb104-tools-10.4.30-8.5.46 * mariadb104-galera-10.4.30-8.5.46 * libmariadbd19-10.4.30-8.5.46 * mariadb104-client-10.4.30-8.5.46 * mariadb104-debuginfo-10.4.30-8.5.46 * mariadb104-rpm-macros-10.4.30-8.5.46 * python3-mysqlclient-1.3.14-8.9.2 * libmariadb_plugins-debuginfo-3.1.22-2.35.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * mariadb104-errormessages-10.4.30-8.5.46 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libmariadb3-3.1.22-2.35.1 * libmariadb_plugins-3.1.22-2.35.1 * mariadb104-10.4.30-8.5.46 * libmariadbd19-debuginfo-10.4.30-8.5.46 * mariadb104-client-debuginfo-10.4.30-8.5.46 * mariadb104-test-10.4.30-8.5.46 * liblz4-1-1.8.0-3.5.2 * libmariadb3-debuginfo-3.1.22-2.35.1 * mariadb104-test-debuginfo-10.4.30-8.5.46 * mariadb-connector-c-debugsource-3.1.22-2.35.1 * mariadb104-tools-debuginfo-10.4.30-8.5.46 * mariadb104-bench-debuginfo-10.4.30-8.5.46 * mariadb104-debugsource-10.4.30-8.5.46 * mariadb104-bench-10.4.30-8.5.46 * mariadb104-tools-10.4.30-8.5.46 * mariadb104-galera-10.4.30-8.5.46 * libmariadbd19-10.4.30-8.5.46 * mariadb104-client-10.4.30-8.5.46 * mariadb104-debuginfo-10.4.30-8.5.46 * mariadb104-rpm-macros-10.4.30-8.5.46 * python3-mysqlclient-1.3.14-8.9.2 * libmariadb_plugins-debuginfo-3.1.22-2.35.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * mariadb104-errormessages-10.4.30-8.5.46 ## References: * https://www.suse.com/security/cve/CVE-2006-0903.html * https://www.suse.com/security/cve/CVE-2006-4226.html * https://www.suse.com/security/cve/CVE-2006-4227.html * https://www.suse.com/security/cve/CVE-2007-5969.html * https://www.suse.com/security/cve/CVE-2007-5970.html * https://www.suse.com/security/cve/CVE-2007-6303.html * https://www.suse.com/security/cve/CVE-2007-6304.html * https://www.suse.com/security/cve/CVE-2008-2079.html * https://www.suse.com/security/cve/CVE-2008-7247.html * https://www.suse.com/security/cve/CVE-2009-4019.html * https://www.suse.com/security/cve/CVE-2009-4028.html * https://www.suse.com/security/cve/CVE-2009-4030.html * https://www.suse.com/security/cve/CVE-2012-4414.html * https://www.suse.com/security/cve/CVE-2012-5611.html * https://www.suse.com/security/cve/CVE-2012-5612.html * https://www.suse.com/security/cve/CVE-2012-5615.html * https://www.suse.com/security/cve/CVE-2012-5627.html * https://www.suse.com/security/cve/CVE-2013-1976.html * https://www.suse.com/security/cve/CVE-2015-4792.html * https://www.suse.com/security/cve/CVE-2015-4802.html * https://www.suse.com/security/cve/CVE-2015-4807.html * https://www.suse.com/security/cve/CVE-2015-4815.html * https://www.suse.com/security/cve/CVE-2015-4816.html * https://www.suse.com/security/cve/CVE-2015-4819.html * https://www.suse.com/security/cve/CVE-2015-4826.html * https://www.suse.com/security/cve/CVE-2015-4830.html * https://www.suse.com/security/cve/CVE-2015-4836.html * https://www.suse.com/security/cve/CVE-2015-4858.html * https://www.suse.com/security/cve/CVE-2015-4861.html * https://www.suse.com/security/cve/CVE-2015-4864.html * https://www.suse.com/security/cve/CVE-2015-4866.html * https://www.suse.com/security/cve/CVE-2015-4870.html * https://www.suse.com/security/cve/CVE-2015-4879.html * https://www.suse.com/security/cve/CVE-2015-4895.html * https://www.suse.com/security/cve/CVE-2015-4913.html * https://www.suse.com/security/cve/CVE-2015-5969.html * https://www.suse.com/security/cve/CVE-2015-7744.html * https://www.suse.com/security/cve/CVE-2016-0505.html * https://www.suse.com/security/cve/CVE-2016-0546.html * https://www.suse.com/security/cve/CVE-2016-0596.html * https://www.suse.com/security/cve/CVE-2016-0597.html * https://www.suse.com/security/cve/CVE-2016-0598.html * https://www.suse.com/security/cve/CVE-2016-0600.html * https://www.suse.com/security/cve/CVE-2016-0606.html * https://www.suse.com/security/cve/CVE-2016-0608.html * https://www.suse.com/security/cve/CVE-2016-0609.html * https://www.suse.com/security/cve/CVE-2016-0610.html * https://www.suse.com/security/cve/CVE-2016-0616.html * https://www.suse.com/security/cve/CVE-2016-0640.html * https://www.suse.com/security/cve/CVE-2016-0641.html * https://www.suse.com/security/cve/CVE-2016-0642.html * https://www.suse.com/security/cve/CVE-2016-0644.html * https://www.suse.com/security/cve/CVE-2016-0646.html * https://www.suse.com/security/cve/CVE-2016-0649.html * https://www.suse.com/security/cve/CVE-2016-0650.html * https://www.suse.com/security/cve/CVE-2016-0651.html * https://www.suse.com/security/cve/CVE-2016-0668.html * https://www.suse.com/security/cve/CVE-2016-2047.html * https://www.suse.com/security/cve/CVE-2016-3477.html * https://www.suse.com/security/cve/CVE-2016-3492.html * https://www.suse.com/security/cve/CVE-2016-3521.html * https://www.suse.com/security/cve/CVE-2016-3615.html * https://www.suse.com/security/cve/CVE-2016-5440.html * https://www.suse.com/security/cve/CVE-2016-5584.html * https://www.suse.com/security/cve/CVE-2016-5616.html * https://www.suse.com/security/cve/CVE-2016-5624.html * https://www.suse.com/security/cve/CVE-2016-5626.html * https://www.suse.com/security/cve/CVE-2016-5629.html * https://www.suse.com/security/cve/CVE-2016-6662.html * https://www.suse.com/security/cve/CVE-2016-6663.html * https://www.suse.com/security/cve/CVE-2016-6664.html * https://www.suse.com/security/cve/CVE-2016-7440.html * https://www.suse.com/security/cve/CVE-2016-8283.html * https://www.suse.com/security/cve/CVE-2016-9843.html * https://www.suse.com/security/cve/CVE-2017-10268.html * https://www.suse.com/security/cve/CVE-2017-10286.html * https://www.suse.com/security/cve/CVE-2017-10320.html * https://www.suse.com/security/cve/CVE-2017-10365.html * https://www.suse.com/security/cve/CVE-2017-10378.html * https://www.suse.com/security/cve/CVE-2017-10379.html * https://www.suse.com/security/cve/CVE-2017-10384.html * https://www.suse.com/security/cve/CVE-2017-15365.html * https://www.suse.com/security/cve/CVE-2017-3238.html * https://www.suse.com/security/cve/CVE-2017-3243.html * https://www.suse.com/security/cve/CVE-2017-3244.html * https://www.suse.com/security/cve/CVE-2017-3257.html * https://www.suse.com/security/cve/CVE-2017-3258.html * https://www.suse.com/security/cve/CVE-2017-3265.html * https://www.suse.com/security/cve/CVE-2017-3291.html * https://www.suse.com/security/cve/CVE-2017-3302.html * https://www.suse.com/security/cve/CVE-2017-3308.html * https://www.suse.com/security/cve/CVE-2017-3309.html * https://www.suse.com/security/cve/CVE-2017-3312.html * https://www.suse.com/security/cve/CVE-2017-3313.html * https://www.suse.com/security/cve/CVE-2017-3317.html * https://www.suse.com/security/cve/CVE-2017-3318.html * https://www.suse.com/security/cve/CVE-2017-3453.html * https://www.suse.com/security/cve/CVE-2017-3456.html * https://www.suse.com/security/cve/CVE-2017-3464.html * https://www.suse.com/security/cve/CVE-2017-3636.html * https://www.suse.com/security/cve/CVE-2017-3641.html * https://www.suse.com/security/cve/CVE-2017-3653.html * https://www.suse.com/security/cve/CVE-2018-25032.html * https://www.suse.com/security/cve/CVE-2018-2562.html * https://www.suse.com/security/cve/CVE-2018-2612.html * https://www.suse.com/security/cve/CVE-2018-2622.html * https://www.suse.com/security/cve/CVE-2018-2640.html * https://www.suse.com/security/cve/CVE-2018-2665.html * https://www.suse.com/security/cve/CVE-2018-2668.html * https://www.suse.com/security/cve/CVE-2018-2755.html * https://www.suse.com/security/cve/CVE-2018-2759.html * https://www.suse.com/security/cve/CVE-2018-2761.html * https://www.suse.com/security/cve/CVE-2018-2766.html * https://www.suse.com/security/cve/CVE-2018-2767.html * https://www.suse.com/security/cve/CVE-2018-2771.html * https://www.suse.com/security/cve/CVE-2018-2777.html * https://www.suse.com/security/cve/CVE-2018-2781.html * https://www.suse.com/security/cve/CVE-2018-2782.html * https://www.suse.com/security/cve/CVE-2018-2784.html * https://www.suse.com/security/cve/CVE-2018-2786.html * https://www.suse.com/security/cve/CVE-2018-2787.html * https://www.suse.com/security/cve/CVE-2018-2810.html * https://www.suse.com/security/cve/CVE-2018-2813.html * https://www.suse.com/security/cve/CVE-2018-2817.html * https://www.suse.com/security/cve/CVE-2018-2819.html * https://www.suse.com/security/cve/CVE-2018-3058.html * https://www.suse.com/security/cve/CVE-2018-3060.html * https://www.suse.com/security/cve/CVE-2018-3063.html * https://www.suse.com/security/cve/CVE-2018-3064.html * https://www.suse.com/security/cve/CVE-2018-3066.html * https://www.suse.com/security/cve/CVE-2018-3143.html * https://www.suse.com/security/cve/CVE-2018-3156.html * https://www.suse.com/security/cve/CVE-2018-3162.html * https://www.suse.com/security/cve/CVE-2018-3173.html * https://www.suse.com/security/cve/CVE-2018-3174.html * https://www.suse.com/security/cve/CVE-2018-3185.html * https://www.suse.com/security/cve/CVE-2018-3200.html * https://www.suse.com/security/cve/CVE-2018-3251.html * https://www.suse.com/security/cve/CVE-2018-3277.html * https://www.suse.com/security/cve/CVE-2018-3282.html * https://www.suse.com/security/cve/CVE-2018-3284.html * https://www.suse.com/security/cve/CVE-2019-18901.html * https://www.suse.com/security/cve/CVE-2019-2510.html * https://www.suse.com/security/cve/CVE-2019-2537.html * https://www.suse.com/security/cve/CVE-2019-2614.html * https://www.suse.com/security/cve/CVE-2019-2627.html * https://www.suse.com/security/cve/CVE-2019-2628.html * https://www.suse.com/security/cve/CVE-2019-2737.html * https://www.suse.com/security/cve/CVE-2019-2739.html * https://www.suse.com/security/cve/CVE-2019-2740.html * https://www.suse.com/security/cve/CVE-2019-2758.html * https://www.suse.com/security/cve/CVE-2019-2805.html * https://www.suse.com/security/cve/CVE-2019-2938.html * https://www.suse.com/security/cve/CVE-2019-2974.html * https://www.suse.com/security/cve/CVE-2020-13249.html * https://www.suse.com/security/cve/CVE-2020-14765.html * https://www.suse.com/security/cve/CVE-2020-14776.html * https://www.suse.com/security/cve/CVE-2020-14789.html * https://www.suse.com/security/cve/CVE-2020-14812.html * https://www.suse.com/security/cve/CVE-2020-15180.html * https://www.suse.com/security/cve/CVE-2020-2574.html * https://www.suse.com/security/cve/CVE-2020-2752.html * https://www.suse.com/security/cve/CVE-2020-2760.html * https://www.suse.com/security/cve/CVE-2020-2812.html * https://www.suse.com/security/cve/CVE-2020-2814.html * https://www.suse.com/security/cve/CVE-2020-7221.html * https://www.suse.com/security/cve/CVE-2021-2154.html * https://www.suse.com/security/cve/CVE-2021-2166.html * https://www.suse.com/security/cve/CVE-2021-2372.html * https://www.suse.com/security/cve/CVE-2021-2389.html * https://www.suse.com/security/cve/CVE-2021-27928.html * https://www.suse.com/security/cve/CVE-2021-35604.html * https://www.suse.com/security/cve/CVE-2021-46657.html * https://www.suse.com/security/cve/CVE-2021-46658.html * https://www.suse.com/security/cve/CVE-2021-46659.html * https://www.suse.com/security/cve/CVE-2021-46661.html * https://www.suse.com/security/cve/CVE-2021-46663.html * https://www.suse.com/security/cve/CVE-2021-46664.html * https://www.suse.com/security/cve/CVE-2021-46665.html * https://www.suse.com/security/cve/CVE-2021-46668.html * https://www.suse.com/security/cve/CVE-2021-46669.html * https://www.suse.com/security/cve/CVE-2022-21427.html * https://www.suse.com/security/cve/CVE-2022-21595.html * https://www.suse.com/security/cve/CVE-2022-24048.html * https://www.suse.com/security/cve/CVE-2022-24050.html * https://www.suse.com/security/cve/CVE-2022-24051.html * https://www.suse.com/security/cve/CVE-2022-24052.html * https://www.suse.com/security/cve/CVE-2022-27376.html * https://www.suse.com/security/cve/CVE-2022-27377.html * https://www.suse.com/security/cve/CVE-2022-27378.html * https://www.suse.com/security/cve/CVE-2022-27379.html * https://www.suse.com/security/cve/CVE-2022-27380.html * https://www.suse.com/security/cve/CVE-2022-27381.html * https://www.suse.com/security/cve/CVE-2022-27382.html * https://www.suse.com/security/cve/CVE-2022-27383.html * https://www.suse.com/security/cve/CVE-2022-27384.html * https://www.suse.com/security/cve/CVE-2022-27386.html * https://www.suse.com/security/cve/CVE-2022-27387.html * https://www.suse.com/security/cve/CVE-2022-27444.html * https://www.suse.com/security/cve/CVE-2022-27445.html * https://www.suse.com/security/cve/CVE-2022-27446.html * https://www.suse.com/security/cve/CVE-2022-27447.html * https://www.suse.com/security/cve/CVE-2022-27448.html * https://www.suse.com/security/cve/CVE-2022-27449.html * https://www.suse.com/security/cve/CVE-2022-27451.html * https://www.suse.com/security/cve/CVE-2022-27452.html * https://www.suse.com/security/cve/CVE-2022-27455.html * https://www.suse.com/security/cve/CVE-2022-27456.html * https://www.suse.com/security/cve/CVE-2022-27457.html * https://www.suse.com/security/cve/CVE-2022-27458.html * https://www.suse.com/security/cve/CVE-2022-32081.html * https://www.suse.com/security/cve/CVE-2022-32083.html * https://www.suse.com/security/cve/CVE-2022-32084.html * https://www.suse.com/security/cve/CVE-2022-32085.html * https://www.suse.com/security/cve/CVE-2022-32086.html * https://www.suse.com/security/cve/CVE-2022-32087.html * https://www.suse.com/security/cve/CVE-2022-32088.html * https://www.suse.com/security/cve/CVE-2022-32089.html * https://www.suse.com/security/cve/CVE-2022-32091.html * https://www.suse.com/security/cve/CVE-2022-38791.html * https://www.suse.com/security/cve/CVE-2022-47015.html * https://bugzilla.suse.com/show_bug.cgi?id=1001367 * https://bugzilla.suse.com/show_bug.cgi?id=1005555 * https://bugzilla.suse.com/show_bug.cgi?id=1005558 * https://bugzilla.suse.com/show_bug.cgi?id=1005562 * https://bugzilla.suse.com/show_bug.cgi?id=1005564 * https://bugzilla.suse.com/show_bug.cgi?id=1005566 * https://bugzilla.suse.com/show_bug.cgi?id=1005569 * https://bugzilla.suse.com/show_bug.cgi?id=1005581 * https://bugzilla.suse.com/show_bug.cgi?id=1005582 * https://bugzilla.suse.com/show_bug.cgi?id=1006539 * https://bugzilla.suse.com/show_bug.cgi?id=1008253 * https://bugzilla.suse.com/show_bug.cgi?id=1012075 * https://bugzilla.suse.com/show_bug.cgi?id=1013882 * https://bugzilla.suse.com/show_bug.cgi?id=1019948 * https://bugzilla.suse.com/show_bug.cgi?id=1020873 * https://bugzilla.suse.com/show_bug.cgi?id=1020875 * https://bugzilla.suse.com/show_bug.cgi?id=1020877 * https://bugzilla.suse.com/show_bug.cgi?id=1020878 * https://bugzilla.suse.com/show_bug.cgi?id=1020882 * https://bugzilla.suse.com/show_bug.cgi?id=1020884 * https://bugzilla.suse.com/show_bug.cgi?id=1020885 * https://bugzilla.suse.com/show_bug.cgi?id=1020890 * https://bugzilla.suse.com/show_bug.cgi?id=1020891 * https://bugzilla.suse.com/show_bug.cgi?id=1020894 * https://bugzilla.suse.com/show_bug.cgi?id=1020896 * https://bugzilla.suse.com/show_bug.cgi?id=1020976 * https://bugzilla.suse.com/show_bug.cgi?id=1022428 * https://bugzilla.suse.com/show_bug.cgi?id=1038740 * https://bugzilla.suse.com/show_bug.cgi?id=1039034 * https://bugzilla.suse.com/show_bug.cgi?id=1041525 * https://bugzilla.suse.com/show_bug.cgi?id=1041891 * https://bugzilla.suse.com/show_bug.cgi?id=1042632 * https://bugzilla.suse.com/show_bug.cgi?id=1043328 * https://bugzilla.suse.com/show_bug.cgi?id=1047218 * https://bugzilla.suse.com/show_bug.cgi?id=1055165 * https://bugzilla.suse.com/show_bug.cgi?id=1055268 * https://bugzilla.suse.com/show_bug.cgi?id=1058374 * https://bugzilla.suse.com/show_bug.cgi?id=1058729 * https://bugzilla.suse.com/show_bug.cgi?id=1060110 * https://bugzilla.suse.com/show_bug.cgi?id=1062583 * https://bugzilla.suse.com/show_bug.cgi?id=1067443 * https://bugzilla.suse.com/show_bug.cgi?id=1068906 * https://bugzilla.suse.com/show_bug.cgi?id=1069401 * https://bugzilla.suse.com/show_bug.cgi?id=1080891 * https://bugzilla.suse.com/show_bug.cgi?id=1083087 * https://bugzilla.suse.com/show_bug.cgi?id=1088681 * https://bugzilla.suse.com/show_bug.cgi?id=1092544 * https://bugzilla.suse.com/show_bug.cgi?id=1098683 * https://bugzilla.suse.com/show_bug.cgi?id=1101676 * https://bugzilla.suse.com/show_bug.cgi?id=1101677 * https://bugzilla.suse.com/show_bug.cgi?id=1101678 * https://bugzilla.suse.com/show_bug.cgi?id=1103342 * https://bugzilla.suse.com/show_bug.cgi?id=1111858 * https://bugzilla.suse.com/show_bug.cgi?id=1111859 * https://bugzilla.suse.com/show_bug.cgi?id=1112368 * https://bugzilla.suse.com/show_bug.cgi?id=1112377 * https://bugzilla.suse.com/show_bug.cgi?id=1112384 * https://bugzilla.suse.com/show_bug.cgi?id=1112386 * https://bugzilla.suse.com/show_bug.cgi?id=1112391 * https://bugzilla.suse.com/show_bug.cgi?id=1112397 * https://bugzilla.suse.com/show_bug.cgi?id=1112404 * https://bugzilla.suse.com/show_bug.cgi?id=1112415 * https://bugzilla.suse.com/show_bug.cgi?id=1112417 * https://bugzilla.suse.com/show_bug.cgi?id=1112421 * https://bugzilla.suse.com/show_bug.cgi?id=1112432 * https://bugzilla.suse.com/show_bug.cgi?id=1112767 * https://bugzilla.suse.com/show_bug.cgi?id=1116686 * https://bugzilla.suse.com/show_bug.cgi?id=1118754 * https://bugzilla.suse.com/show_bug.cgi?id=1120041 * https://bugzilla.suse.com/show_bug.cgi?id=1122198 * https://bugzilla.suse.com/show_bug.cgi?id=1122475 * https://bugzilla.suse.com/show_bug.cgi?id=1127027 * https://bugzilla.suse.com/show_bug.cgi?id=1132666 * https://bugzilla.suse.com/show_bug.cgi?id=1136035 * https://bugzilla.suse.com/show_bug.cgi?id=1142909 * https://bugzilla.suse.com/show_bug.cgi?id=1143215 * https://bugzilla.suse.com/show_bug.cgi?id=1144314 * https://bugzilla.suse.com/show_bug.cgi?id=1156669 * https://bugzilla.suse.com/show_bug.cgi?id=1160285 * https://bugzilla.suse.com/show_bug.cgi?id=1160868 * https://bugzilla.suse.com/show_bug.cgi?id=1160878 * https://bugzilla.suse.com/show_bug.cgi?id=1160883 * https://bugzilla.suse.com/show_bug.cgi?id=1160895 * https://bugzilla.suse.com/show_bug.cgi?id=1160912 * https://bugzilla.suse.com/show_bug.cgi?id=1166781 * https://bugzilla.suse.com/show_bug.cgi?id=1168380 * https://bugzilla.suse.com/show_bug.cgi?id=1170204 * https://bugzilla.suse.com/show_bug.cgi?id=1173028 * https://bugzilla.suse.com/show_bug.cgi?id=1173516 * https://bugzilla.suse.com/show_bug.cgi?id=1174559 * https://bugzilla.suse.com/show_bug.cgi?id=1175596 * https://bugzilla.suse.com/show_bug.cgi?id=1177472 * https://bugzilla.suse.com/show_bug.cgi?id=1178428 * https://bugzilla.suse.com/show_bug.cgi?id=1180014 * https://bugzilla.suse.com/show_bug.cgi?id=1182218 * https://bugzilla.suse.com/show_bug.cgi?id=1182255 * https://bugzilla.suse.com/show_bug.cgi?id=1182739 * https://bugzilla.suse.com/show_bug.cgi?id=1183770 * https://bugzilla.suse.com/show_bug.cgi?id=1185870 * https://bugzilla.suse.com/show_bug.cgi?id=1185872 * https://bugzilla.suse.com/show_bug.cgi?id=1186031 * https://bugzilla.suse.com/show_bug.cgi?id=1189320 * https://bugzilla.suse.com/show_bug.cgi?id=1192497 * https://bugzilla.suse.com/show_bug.cgi?id=1195325 * https://bugzilla.suse.com/show_bug.cgi?id=1195334 * https://bugzilla.suse.com/show_bug.cgi?id=1195339 * https://bugzilla.suse.com/show_bug.cgi?id=1196016 * https://bugzilla.suse.com/show_bug.cgi?id=1197459 * https://bugzilla.suse.com/show_bug.cgi?id=1198603 * https://bugzilla.suse.com/show_bug.cgi?id=1198604 * https://bugzilla.suse.com/show_bug.cgi?id=1198605 * https://bugzilla.suse.com/show_bug.cgi?id=1198606 * https://bugzilla.suse.com/show_bug.cgi?id=1198607 * https://bugzilla.suse.com/show_bug.cgi?id=1198609 * https://bugzilla.suse.com/show_bug.cgi?id=1198610 * https://bugzilla.suse.com/show_bug.cgi?id=1198611 * https://bugzilla.suse.com/show_bug.cgi?id=1198612 * https://bugzilla.suse.com/show_bug.cgi?id=1198613 * https://bugzilla.suse.com/show_bug.cgi?id=1198628 * https://bugzilla.suse.com/show_bug.cgi?id=1198629 * https://bugzilla.suse.com/show_bug.cgi?id=1198630 * https://bugzilla.suse.com/show_bug.cgi?id=1198631 * https://bugzilla.suse.com/show_bug.cgi?id=1198632 * https://bugzilla.suse.com/show_bug.cgi?id=1198633 * https://bugzilla.suse.com/show_bug.cgi?id=1198634 * https://bugzilla.suse.com/show_bug.cgi?id=1198635 * https://bugzilla.suse.com/show_bug.cgi?id=1198636 * https://bugzilla.suse.com/show_bug.cgi?id=1198637 * https://bugzilla.suse.com/show_bug.cgi?id=1198638 * https://bugzilla.suse.com/show_bug.cgi?id=1198639 * https://bugzilla.suse.com/show_bug.cgi?id=1198640 * https://bugzilla.suse.com/show_bug.cgi?id=1199928 * https://bugzilla.suse.com/show_bug.cgi?id=1200105 * https://bugzilla.suse.com/show_bug.cgi?id=1201161 * https://bugzilla.suse.com/show_bug.cgi?id=1201163 * https://bugzilla.suse.com/show_bug.cgi?id=1201164 * https://bugzilla.suse.com/show_bug.cgi?id=1201165 * https://bugzilla.suse.com/show_bug.cgi?id=1201166 * https://bugzilla.suse.com/show_bug.cgi?id=1201167 * https://bugzilla.suse.com/show_bug.cgi?id=1201168 * https://bugzilla.suse.com/show_bug.cgi?id=1201169 * https://bugzilla.suse.com/show_bug.cgi?id=1201170 * https://bugzilla.suse.com/show_bug.cgi?id=1202863 * https://bugzilla.suse.com/show_bug.cgi?id=332530 * https://bugzilla.suse.com/show_bug.cgi?id=353120 * https://bugzilla.suse.com/show_bug.cgi?id=357634 * https://bugzilla.suse.com/show_bug.cgi?id=359522 * https://bugzilla.suse.com/show_bug.cgi?id=366820 * https://bugzilla.suse.com/show_bug.cgi?id=371000 * https://bugzilla.suse.com/show_bug.cgi?id=387746 * https://bugzilla.suse.com/show_bug.cgi?id=420313 * https://bugzilla.suse.com/show_bug.cgi?id=425079 * https://bugzilla.suse.com/show_bug.cgi?id=427384 * https://bugzilla.suse.com/show_bug.cgi?id=429618 * https://bugzilla.suse.com/show_bug.cgi?id=435519 * https://bugzilla.suse.com/show_bug.cgi?id=437293 * https://bugzilla.suse.com/show_bug.cgi?id=463586 * https://bugzilla.suse.com/show_bug.cgi?id=520876 * https://bugzilla.suse.com/show_bug.cgi?id=525065 * https://bugzilla.suse.com/show_bug.cgi?id=525325 * https://bugzilla.suse.com/show_bug.cgi?id=539243 * https://bugzilla.suse.com/show_bug.cgi?id=539249 * https://bugzilla.suse.com/show_bug.cgi?id=557669 * https://bugzilla.suse.com/show_bug.cgi?id=635645 * https://bugzilla.suse.com/show_bug.cgi?id=747811 * https://bugzilla.suse.com/show_bug.cgi?id=763150 * https://bugzilla.suse.com/show_bug.cgi?id=779476 * https://bugzilla.suse.com/show_bug.cgi?id=789263 * https://bugzilla.suse.com/show_bug.cgi?id=792444 * https://bugzilla.suse.com/show_bug.cgi?id=796164 * https://bugzilla.suse.com/show_bug.cgi?id=829430 * https://bugzilla.suse.com/show_bug.cgi?id=841709 * https://bugzilla.suse.com/show_bug.cgi?id=859345 * https://bugzilla.suse.com/show_bug.cgi?id=889126 * https://bugzilla.suse.com/show_bug.cgi?id=894479 * https://bugzilla.suse.com/show_bug.cgi?id=902396 * https://bugzilla.suse.com/show_bug.cgi?id=914370 * https://bugzilla.suse.com/show_bug.cgi?id=921955 * https://bugzilla.suse.com/show_bug.cgi?id=934789 * https://bugzilla.suse.com/show_bug.cgi?id=937754 * https://bugzilla.suse.com/show_bug.cgi?id=937767 * https://bugzilla.suse.com/show_bug.cgi?id=937787 * https://bugzilla.suse.com/show_bug.cgi?id=942908 * https://bugzilla.suse.com/show_bug.cgi?id=943096 * https://bugzilla.suse.com/show_bug.cgi?id=957174 * https://bugzilla.suse.com/show_bug.cgi?id=963810 * https://bugzilla.suse.com/show_bug.cgi?id=971456 * https://bugzilla.suse.com/show_bug.cgi?id=979524 * https://bugzilla.suse.com/show_bug.cgi?id=983938 * https://bugzilla.suse.com/show_bug.cgi?id=984858 * https://bugzilla.suse.com/show_bug.cgi?id=986251 * https://bugzilla.suse.com/show_bug.cgi?id=989913 * https://bugzilla.suse.com/show_bug.cgi?id=989919 * https://bugzilla.suse.com/show_bug.cgi?id=989922 * https://bugzilla.suse.com/show_bug.cgi?id=989926 * https://bugzilla.suse.com/show_bug.cgi?id=990890 * https://bugzilla.suse.com/show_bug.cgi?id=998309 * https://jira.suse.com/browse/PED-2455 * https://jira.suse.com/browse/SLE-12253 * https://jira.suse.com/browse/SLE-8269 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Dec 29 12:30:42 2023 From: null at suse.de (SLE-UPDATES) Date: Fri, 29 Dec 2023 12:30:42 -0000 Subject: SUSE-RU-2023:4989-1: moderate: Recommended update for 389-ds Message-ID: <170385304282.31287.3314013241307754411@smelt2.prg2.suse.org> # Recommended update for 389-ds Announcement ID: SUSE-RU-2023:4989-1 Rating: moderate References: * bsc#1217581 Affected Products: * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for 389-ds fixes the following issues: * Fix 'Replica ID cannot be specified for consumer and hub roles' error when enabling replication (bsc#1217581) * Update to version 2.0.17~git91.37da5ec * Issue 5984 - Crash when paged result search are abandoned - fix2 (#5987) * Issue 5984 - Crash when paged result search are abandoned (#5985) * Issue 5971 - CLI - Fix password prompt for repl status (#5972) * Issue 3555 - UI - Fix audit issue with npm - babel/traverse (#5959) * Issue 5966 - CLI - Custom schema object is removed on a failed edit (#5967) * Issue 5956 - After an upgrade the server won't start - nsslapd-connta? ?blesize (#5963) * Issue 5956 - After an upgrade the server won't start - nsslapd-conntablesize (#5957) * Issue 5848 - Fix condition and add a CI test (#5916) * Issue 5853 - Revert MSRV check (#5908) * Issue 5722 - improve testcase (#5904) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4989=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4989=1 openSUSE-SLE-15.4-2023-4989=1 ## Package List: * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * 389-ds-debuginfo-2.0.17~git91.37da5ec-150400.3.34.1 * 389-ds-2.0.17~git91.37da5ec-150400.3.34.1 * 389-ds-devel-2.0.17~git91.37da5ec-150400.3.34.1 * lib389-2.0.17~git91.37da5ec-150400.3.34.1 * libsvrcore0-2.0.17~git91.37da5ec-150400.3.34.1 * 389-ds-debugsource-2.0.17~git91.37da5ec-150400.3.34.1 * libsvrcore0-debuginfo-2.0.17~git91.37da5ec-150400.3.34.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * 389-ds-debuginfo-2.0.17~git91.37da5ec-150400.3.34.1 * 389-ds-2.0.17~git91.37da5ec-150400.3.34.1 * 389-ds-devel-2.0.17~git91.37da5ec-150400.3.34.1 * 389-ds-snmp-debuginfo-2.0.17~git91.37da5ec-150400.3.34.1 * lib389-2.0.17~git91.37da5ec-150400.3.34.1 * libsvrcore0-2.0.17~git91.37da5ec-150400.3.34.1 * 389-ds-debugsource-2.0.17~git91.37da5ec-150400.3.34.1 * 389-ds-snmp-2.0.17~git91.37da5ec-150400.3.34.1 * libsvrcore0-debuginfo-2.0.17~git91.37da5ec-150400.3.34.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1217581 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Dec 30 08:02:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 30 Dec 2023 09:02:23 +0100 (CET) Subject: SUSE-CU-2023:4336-1: Security update of suse/389-ds Message-ID: <20231230080223.9CC01FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4336-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.74 , suse/389-ds:latest Container Release : 16.74 Severity : moderate Type : security References : 1030253 1095425 1103893 1112183 1146907 1158955 1159131 1161007 1162882 1166844 1167603 1182252 1182645 1192935 1193951 1217354 1217479 354372 437293 824262 CVE-2020-10531 CVE-2020-21913 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3563-1 Released: Fri Sep 8 15:28:17 2023 Summary: Security update for icu73_2 Type: security Severity: moderate References: 1030253,1095425,1103893,1112183,1146907,1158955,1159131,1161007,1162882,1166844,1167603,1182252,1182645,1192935,1193951,354372,437293,824262,CVE-2020-10531,CVE-2020-21913 This update for icu73_2 fixes the following issues: - Update to release 73.2 * CLDR extends the support for ???short??? Chinese sort orders to cover some additional, required characters for Level 2. This is carried over into ICU collation. * ICU has a modified character conversion table, mapping some GB18030 characters to Unicode characters that were encoded after GB18030-2005. - fixes builds where UCHAR_TYPE is re-defined such as libqt5-qtwebengine - Update to release 73.1 * Improved Japanese and Korean short-text line breaking * Reduction of C++ memory use in date formatting - Update to release 72.1 * Support for Unicode 15, including new characters, scripts, emoji, and corresponding API constants. * Support for CLDR 42 locale data with various additions and corrections. * Shift to tzdb 2022e. Pre-1970 data for a number of timezones has been removed. - bump library packagename to libicu71 to match the version. - update to 71.1: * updates to CLDR 41 locale data with various additions and corrections. * phrase-based line breaking for Japanese. Existing line breaking methods follow standards and conventions for body text but do not work well for short Japanese text, such as in titles and headings. This new feature is optimized for these use cases. * support for Hindi written in Latin letters (hi_Latn). The CLDR data for this increasingly popular locale has been significantly revised and expanded. Note that based on user expectations, hi_Latn incorporates a large amount of English, and can also be referred to as ???Hinglish???. * time zone data updated to version 2022a. Note that pre-1970 data for a number of time zones has been removed, as has been the case in the upstream tzdata release since 2021b. - ICU-21793 Fix ucptrietest golden diff [bsc#1192935] - Update to release 70.1: * Unicode 14 (new characters, scripts, emoji, and API constants) * CLDR 40 (many additions and corrections) * Fixes for measurement unit formatting * Can now be built with up to C++20 compilers - ICU-21613 Fix undefined behaviour in ComplexUnitsConverter::applyRounder - Update to release 69.1 * CLDR 39 * For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as equivalent. This aligns handling of Norwegian with other macro language codes. * Binary prefixes in measurement units (KiB, MiB, etc.) * Time zone offsets from local time: New APIs BasicTimeZone::getOffsetFromLocal() (C++) and ucal_getTimeZoneOffsetFromLocal() - Backport ICU-21366 (bsc#1182645) - Update to release 68.2 * Fix memory problem in FormattedStringBuilder * Fix assertion when setKeywordValue w/ long value. * Fix UBSan breakage on 8bit of rbbi * fix int32_t overflow in listFormat * Fix memory handling in MemoryPool::operator=() * Fix memory leak in AliasReplacer - Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361 - Update to release 68.1 * CLDR 38 * Measurement unit preferences * PluralRules selection for ranges of numbers * Locale ID canonicalization now conforms to the CLDR spec including edge cases * DateIntervalFormat supports output options such as capitalization * Measurement units are normalized in skeleton string output * Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) - Update to version 67.1 * Unicode 13 (ICU-20893, same as in ICU 66) + Total of 5930 new characters + 4 new scripts + 55 new emoji characters, plus additional new sequences + New CJK extension, first characters in plane 3: U+30000..U+3134A * CLDR 37 + New language at Modern coverage: Nigerian Pidgin + New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese + Region containment: EU no longer includes GB + Unicode 13 root collation data and Chinese data for collation and transliteration * DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier (ICU-20442) * Various other improvements for ECMA-402 conformance * Number skeletons have a new 'concise' form that can be used in MessageFormat strings (ICU-20418) * Currency formatting options for formal and other currency display name variants (ICU-20854) * ListFormatter: new public API to select the style & type (ICU-12863) * ListFormatter now selects the proper ???and???/???or??? form for Spanish & Hebrew (ICU-21016) * Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272) * LocaleMatcher: New option to ignore one-way matches (ICU-20936), and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR) * acceptLanguage() reimplemented via LocaleMatcher (ICU-20700) * Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category (ICU-21073) * Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type (ICU-20972), * and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984). * Support for manipulating CLDR 37 unit identifiers in MeasureUnit. * Fix potential integer overflow in UnicodeString:doAppend (bsc#1166844, CVE-2020-10531). - Update to version 66.1 * Unicode 13 support * Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type. (ICU-20972) * use LocalMemory for cmd to prevent use after free (bsc#1193951 CVE-2020-21913). - Remove /usr/lib(64)/icu/current [bsc#1158955]. - Update to release 65.1 (jsc#SLE-11118). * Updated to CLDR 36 locale data with many additions and corrections, and some new measurement units. * The Java LocaleMatcher API is improved, and ported to C++. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4970-1 Released: Mon Dec 25 09:48:21 2023 Summary: Recommended update for icu73_2 Type: recommended Severity: moderate References: 1217354,1217479 This update for icu73_2 fixes the following issue: - ships 32bit icu library on SLES 15 SP3 to complement the ICU 69 32bit libraries. The following package changes have been done: - libicu73_2-ledata-73.2-150000.1.7.1 added - libicu73_2-73.2-150000.1.7.1 added - libsvrcore0-2.2.8~git51.3688d68-150500.3.14.1 updated - lib389-2.2.8~git51.3688d68-150500.3.14.1 updated - 389-ds-2.2.8~git51.3688d68-150500.3.14.1 updated - libicu-suse65_1-65.1-150200.4.10.1 removed - libicu65_1-ledata-65.1-150200.4.10.1 removed