From sle-updates at lists.suse.com Wed Feb 1 08:19:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Feb 2023 09:19:53 +0100 (CET) Subject: SUSE-RU-2023:0218-1: critical: Recommended update for SAPHanaSR Message-ID: <20230201081953.1EC1EF46D@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0218-1 Rating: critical References: #1205535 #1207466 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SAPHanaSR fixes the following issues: - Fix for SAPHanaTopology failing with error code 1 (OCF_ERR_GENERIC) during a normal stop action (bsc#1207466) - Set srhook attribute to PRIM during a probe so that there is no need to wait for the first srConnectionChanged() to set the attribute (bsc#1205535) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-218=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-218=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2023-218=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2023-218=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2023-218=1 Package List: - openSUSE Leap 15.4 (noarch): SAPHanaSR-0.162.1-150000.4.31.1 SAPHanaSR-doc-0.162.1-150000.4.31.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (noarch): SAPHanaSR-0.162.1-150000.4.31.1 SAPHanaSR-doc-0.162.1-150000.4.31.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): SAPHanaSR-0.162.1-150000.4.31.1 SAPHanaSR-doc-0.162.1-150000.4.31.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): SAPHanaSR-0.162.1-150000.4.31.1 SAPHanaSR-doc-0.162.1-150000.4.31.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): SAPHanaSR-0.162.1-150000.4.31.1 SAPHanaSR-doc-0.162.1-150000.4.31.1 References: https://bugzilla.suse.com/1205535 https://bugzilla.suse.com/1207466 From sle-updates at lists.suse.com Wed Feb 1 08:20:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Feb 2023 09:20:50 +0100 (CET) Subject: SUSE-RU-2023:0219-1: critical: Recommended update for SAPHanaSR Message-ID: <20230201082051.00A06F46D@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0219-1 Rating: critical References: #1205535 #1207466 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SAPHanaSR fixes the following issues: - Fix for SAPHanaTopology failing with error code 1 (OCF_ERR_GENERIC) during a normal stop action (bsc#1207466) - Set srhook attribute to PRIM during a probe so that there is no need to wait for the first srConnectionChanged() to set the attribute (bsc#1205535) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2023-219=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-219=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (noarch): SAPHanaSR-0.162.1-3.29.1 SAPHanaSR-doc-0.162.1-3.29.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): SAPHanaSR-0.162.1-3.29.1 SAPHanaSR-doc-0.162.1-3.29.1 References: https://bugzilla.suse.com/1205535 https://bugzilla.suse.com/1207466 From sle-updates at lists.suse.com Wed Feb 1 14:19:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Feb 2023 15:19:27 +0100 (CET) Subject: SUSE-SU-2023:0222-1: important: Security update for samba Message-ID: <20230201141927.88743FCFA@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0222-1 Rating: important References: #1205385 #1206504 #1206546 Cross-References: CVE-2021-20251 CVE-2022-37966 CVE-2022-38023 CVSS scores: CVE-2021-20251 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37966 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37966 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-38023 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-38023 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel (bsc#1206504). - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation (bsc#1205385). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-222=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-222=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-222=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-222=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-222=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-222=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libsamba-policy-python-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-python-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-python-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-python-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-python-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 - openSUSE Leap 15.4 (x86_64): libsamba-policy0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-python-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-python-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libdcerpc-binding0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-binding0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-samr-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-samr0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-samr0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy-python3-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy0-python3-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy0-python3-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbclient-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbclient0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbclient0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap2-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap2-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-ad-dc-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-ad-dc-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-client-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-client-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-core-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-debugsource-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-dsdb-modules-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-dsdb-modules-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-python-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-python-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-python3-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-python3-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-python-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-python-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-python3-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-python3-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-winbind-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-winbind-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap2-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap2-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-winbind-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-winbind-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-binding0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-samr-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-samr0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-samr0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy-python3-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy0-python3-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy0-python3-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbclient-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbclient0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbclient0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap2-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap2-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-ad-dc-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-ad-dc-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-client-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-client-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-core-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-debugsource-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-dsdb-modules-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-dsdb-modules-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-python-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-python-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-python3-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-python3-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-python-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-python-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-python3-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-python3-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-winbind-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-winbind-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libdcerpc-binding0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap2-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap2-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-winbind-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-winbind-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libdcerpc-binding0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-binding0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-samr-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-samr0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-samr0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy-python3-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy0-python3-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy0-python3-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbclient-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbclient0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbclient0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap2-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap2-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-ad-dc-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-ad-dc-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-client-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-client-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-core-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-debugsource-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-dsdb-modules-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-dsdb-modules-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-python-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-python-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-python3-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-python3-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-python-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-python-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-python3-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-python3-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-winbind-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-winbind-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libdcerpc-binding0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap2-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap2-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-winbind-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-winbind-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ctdb-4.9.5+git.552.fec1a5e57a-150100.3.73.1 ctdb-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-debugsource-4.9.5+git.552.fec1a5e57a-150100.3.73.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libdcerpc-binding0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-binding0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-samr-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-samr0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-samr0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy-python3-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy0-python3-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy0-python3-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbclient-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbclient0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbclient0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap2-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap2-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-ad-dc-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-ad-dc-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-ceph-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-ceph-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-client-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-client-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-core-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-debugsource-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-dsdb-modules-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-dsdb-modules-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-python-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-python-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-python3-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-python3-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-python-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-python-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-python3-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-python3-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-winbind-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-winbind-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 - SUSE Enterprise Storage 6 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap2-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap2-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-winbind-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-winbind-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 - SUSE CaaS Platform 4.0 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-binding0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-binding0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-samr-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-samr0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc-samr0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libdcerpc0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-krb5pac0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-nbt0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr-standard0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libndr0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libnetapi0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-credentials0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-errors0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-hostconfig0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-passdb0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy-python3-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy0-python3-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-policy0-python3-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamba-util0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsamdb0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbclient-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbclient0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbclient0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbconf0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap2-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap2-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap2-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libsmbldap2-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libtevent-util0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient0-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient0-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient0-4.9.5+git.552.fec1a5e57a-150100.3.73.1 libwbclient0-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-ad-dc-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-ad-dc-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-client-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-client-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-core-devel-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-debugsource-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-dsdb-modules-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-dsdb-modules-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-python-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-python-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-python3-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-libs-python3-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-python-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-python-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-python3-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-python3-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-winbind-32bit-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-winbind-32bit-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-winbind-4.9.5+git.552.fec1a5e57a-150100.3.73.1 samba-winbind-debuginfo-4.9.5+git.552.fec1a5e57a-150100.3.73.1 References: https://www.suse.com/security/cve/CVE-2021-20251.html https://www.suse.com/security/cve/CVE-2022-37966.html https://www.suse.com/security/cve/CVE-2022-38023.html https://bugzilla.suse.com/1205385 https://bugzilla.suse.com/1206504 https://bugzilla.suse.com/1206546 From sle-updates at lists.suse.com Wed Feb 1 14:20:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Feb 2023 15:20:42 +0100 (CET) Subject: SUSE-SU-2023:0224-1: important: Security update for ctags Message-ID: <20230201142042.89FF1FCFA@maintenance.suse.de> SUSE Security Update: Security update for ctags ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0224-1 Rating: important References: #1206543 Cross-References: CVE-2022-4515 CVSS scores: CVE-2022-4515 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-4515 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ctags fixes the following issues: - CVE-2022-4515: Fixed a command injection issue via a tag file wih a crafted filename (bsc#1206543). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-224=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-224=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-224=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-224=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-224=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-224=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ctags-5.8-8.3.1 ctags-debuginfo-5.8-8.3.1 ctags-debugsource-5.8-8.3.1 - SUSE OpenStack Cloud 9 (x86_64): ctags-5.8-8.3.1 ctags-debuginfo-5.8-8.3.1 ctags-debugsource-5.8-8.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): ctags-5.8-8.3.1 ctags-debuginfo-5.8-8.3.1 ctags-debugsource-5.8-8.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): ctags-5.8-8.3.1 ctags-debuginfo-5.8-8.3.1 ctags-debugsource-5.8-8.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): ctags-5.8-8.3.1 ctags-debuginfo-5.8-8.3.1 ctags-debugsource-5.8-8.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ctags-5.8-8.3.1 ctags-debuginfo-5.8-8.3.1 ctags-debugsource-5.8-8.3.1 References: https://www.suse.com/security/cve/CVE-2022-4515.html https://bugzilla.suse.com/1206543 From sle-updates at lists.suse.com Wed Feb 1 14:22:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Feb 2023 15:22:07 +0100 (CET) Subject: SUSE-SU-2023:0225-1: important: Security update for ctags Message-ID: <20230201142207.39878FCFA@maintenance.suse.de> SUSE Security Update: Security update for ctags ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0225-1 Rating: important References: #1206543 Cross-References: CVE-2022-4515 CVSS scores: CVE-2022-4515 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-4515 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ctags fixes the following issues: - CVE-2022-4515: Fixed a command injection issue via a tag file wih a crafted filename (bsc#1206543). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-225=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-225=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-225=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-225=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-225=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-225=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-225=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-225=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-225=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-225=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-225=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-225=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-225=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-225=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-225=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-225=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ctags-5.8-150000.3.3.1 ctags-debuginfo-5.8-150000.3.3.1 ctags-debugsource-5.8-150000.3.3.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): ctags-5.8-150000.3.3.1 ctags-debuginfo-5.8-150000.3.3.1 ctags-debugsource-5.8-150000.3.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): ctags-5.8-150000.3.3.1 ctags-debuginfo-5.8-150000.3.3.1 ctags-debugsource-5.8-150000.3.3.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): ctags-5.8-150000.3.3.1 ctags-debuginfo-5.8-150000.3.3.1 ctags-debugsource-5.8-150000.3.3.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): ctags-5.8-150000.3.3.1 ctags-debuginfo-5.8-150000.3.3.1 ctags-debugsource-5.8-150000.3.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): ctags-5.8-150000.3.3.1 ctags-debuginfo-5.8-150000.3.3.1 ctags-debugsource-5.8-150000.3.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): ctags-5.8-150000.3.3.1 ctags-debuginfo-5.8-150000.3.3.1 ctags-debugsource-5.8-150000.3.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): ctags-5.8-150000.3.3.1 ctags-debuginfo-5.8-150000.3.3.1 ctags-debugsource-5.8-150000.3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): ctags-5.8-150000.3.3.1 ctags-debuginfo-5.8-150000.3.3.1 ctags-debugsource-5.8-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): ctags-5.8-150000.3.3.1 ctags-debuginfo-5.8-150000.3.3.1 ctags-debugsource-5.8-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): ctags-5.8-150000.3.3.1 ctags-debuginfo-5.8-150000.3.3.1 ctags-debugsource-5.8-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): ctags-5.8-150000.3.3.1 ctags-debuginfo-5.8-150000.3.3.1 ctags-debugsource-5.8-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): ctags-5.8-150000.3.3.1 ctags-debuginfo-5.8-150000.3.3.1 ctags-debugsource-5.8-150000.3.3.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): ctags-5.8-150000.3.3.1 ctags-debuginfo-5.8-150000.3.3.1 ctags-debugsource-5.8-150000.3.3.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): ctags-5.8-150000.3.3.1 ctags-debuginfo-5.8-150000.3.3.1 ctags-debugsource-5.8-150000.3.3.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): ctags-5.8-150000.3.3.1 ctags-debuginfo-5.8-150000.3.3.1 ctags-debugsource-5.8-150000.3.3.1 - SUSE CaaS Platform 4.0 (x86_64): ctags-5.8-150000.3.3.1 ctags-debuginfo-5.8-150000.3.3.1 ctags-debugsource-5.8-150000.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-4515.html https://bugzilla.suse.com/1206543 From sle-updates at lists.suse.com Wed Feb 1 14:23:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Feb 2023 15:23:25 +0100 (CET) Subject: SUSE-SU-2023:0223-1: moderate: Security update for python-setuptools Message-ID: <20230201142325.87536FCFA@maintenance.suse.de> SUSE Security Update: Security update for python-setuptools ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0223-1 Rating: moderate References: #1206667 Cross-References: CVE-2022-40897 CVSS scores: CVE-2022-40897 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40897 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Realtime Extension 15-SP3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-223=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-223=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-223=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-223=1 Package List: - openSUSE Leap Micro 5.2 (noarch): python3-setuptools-40.5.0-150100.6.6.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): python3-setuptools-40.5.0-150100.6.6.1 python3-setuptools-test-40.5.0-150100.6.6.1 python3-setuptools-wheel-40.5.0-150100.6.6.1 - SUSE Linux Enterprise Micro 5.2 (noarch): python3-setuptools-40.5.0-150100.6.6.1 - SUSE Linux Enterprise Micro 5.1 (noarch): python3-setuptools-40.5.0-150100.6.6.1 References: https://www.suse.com/security/cve/CVE-2022-40897.html https://bugzilla.suse.com/1206667 From sle-updates at lists.suse.com Wed Feb 1 14:24:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Feb 2023 15:24:40 +0100 (CET) Subject: SUSE-SU-2023:0221-1: important: Security update for xterm Message-ID: <20230201142440.D24F7FCFA@maintenance.suse.de> SUSE Security Update: Security update for xterm ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0221-1 Rating: important References: #1205305 Cross-References: CVE-2022-45063 CVSS scores: CVE-2022-45063 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-45063 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xterm fixes the following issues: - CVE-2022-45063: Fixed an arbitrary code execution issue under configurations using vi and zsh (bsc#1205305). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-221=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-221=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-221=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-221=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-221=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-221=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-221=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-221=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-221=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-221=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-221=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-221=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-221=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-221=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-221=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): xterm-330-150200.11.9.1 xterm-bin-330-150200.11.9.1 xterm-bin-debuginfo-330-150200.11.9.1 xterm-debugsource-330-150200.11.9.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): xterm-330-150200.11.9.1 xterm-bin-330-150200.11.9.1 xterm-bin-debuginfo-330-150200.11.9.1 xterm-debugsource-330-150200.11.9.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): xterm-330-150200.11.9.1 xterm-bin-330-150200.11.9.1 xterm-bin-debuginfo-330-150200.11.9.1 xterm-debugsource-330-150200.11.9.1 - SUSE Manager Proxy 4.2 (x86_64): xterm-330-150200.11.9.1 xterm-bin-330-150200.11.9.1 xterm-bin-debuginfo-330-150200.11.9.1 xterm-debugsource-330-150200.11.9.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): xterm-330-150200.11.9.1 xterm-bin-330-150200.11.9.1 xterm-bin-debuginfo-330-150200.11.9.1 xterm-debugsource-330-150200.11.9.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): xterm-330-150200.11.9.1 xterm-bin-330-150200.11.9.1 xterm-bin-debuginfo-330-150200.11.9.1 xterm-debugsource-330-150200.11.9.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): xterm-330-150200.11.9.1 xterm-bin-330-150200.11.9.1 xterm-bin-debuginfo-330-150200.11.9.1 xterm-debugsource-330-150200.11.9.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): xterm-330-150200.11.9.1 xterm-bin-330-150200.11.9.1 xterm-bin-debuginfo-330-150200.11.9.1 xterm-debugsource-330-150200.11.9.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): xterm-330-150200.11.9.1 xterm-bin-330-150200.11.9.1 xterm-bin-debuginfo-330-150200.11.9.1 xterm-debugsource-330-150200.11.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): xterm-330-150200.11.9.1 xterm-bin-330-150200.11.9.1 xterm-bin-debuginfo-330-150200.11.9.1 xterm-debugsource-330-150200.11.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): xterm-330-150200.11.9.1 xterm-bin-330-150200.11.9.1 xterm-bin-debuginfo-330-150200.11.9.1 xterm-debugsource-330-150200.11.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): xterm-330-150200.11.9.1 xterm-bin-330-150200.11.9.1 xterm-bin-debuginfo-330-150200.11.9.1 xterm-debugsource-330-150200.11.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): xterm-330-150200.11.9.1 xterm-bin-330-150200.11.9.1 xterm-bin-debuginfo-330-150200.11.9.1 xterm-debugsource-330-150200.11.9.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): xterm-330-150200.11.9.1 xterm-bin-330-150200.11.9.1 xterm-bin-debuginfo-330-150200.11.9.1 xterm-debugsource-330-150200.11.9.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): xterm-330-150200.11.9.1 xterm-bin-330-150200.11.9.1 xterm-bin-debuginfo-330-150200.11.9.1 xterm-debugsource-330-150200.11.9.1 References: https://www.suse.com/security/cve/CVE-2022-45063.html https://bugzilla.suse.com/1205305 From sle-updates at lists.suse.com Wed Feb 1 14:25:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Feb 2023 15:25:52 +0100 (CET) Subject: SUSE-SU-2023:0220-1: moderate: Security update for tmux Message-ID: <20230201142552.57E4FFCFA@maintenance.suse.de> SUSE Security Update: Security update for tmux ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0220-1 Rating: moderate References: #1207393 Cross-References: CVE-2022-47016 CVSS scores: CVE-2022-47016 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-47016 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tmux fixes the following issues: - CVE-2022-47016: Fixed a null pointer dereference in window.c. (bsc#1207393) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-220=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): tmux-3.1c-150300.3.3.1 tmux-debuginfo-3.1c-150300.3.3.1 tmux-debugsource-3.1c-150300.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-47016.html https://bugzilla.suse.com/1207393 From sle-updates at lists.suse.com Wed Feb 1 23:17:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Feb 2023 00:17:52 +0100 (CET) Subject: SUSE-SU-2023:0226-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP4) Message-ID: <20230201231752.C6FCEFCFA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0226-1 Rating: important References: #1204167 #1204432 Cross-References: CVE-2022-3424 CVE-2022-3565 CVSS scores: CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-95_105 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204432). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-226=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_105-default-6-2.1 References: https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-3565.html https://bugzilla.suse.com/1204167 https://bugzilla.suse.com/1204432 From sle-updates at lists.suse.com Thu Feb 2 02:16:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Feb 2023 03:16:38 +0100 (CET) Subject: SUSE-SU-2023:0227-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP1) Message-ID: <20230202021638.EDBDDF78A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0227-1 Rating: important References: #1204167 Cross-References: CVE-2022-3424 CVSS scores: CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-150100_197_123 fixes one issue. The following security issue was fixed: - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-227=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-150100_197_123-default-3-150100.2.1 References: https://www.suse.com/security/cve/CVE-2022-3424.html https://bugzilla.suse.com/1204167 From sle-updates at lists.suse.com Thu Feb 2 08:27:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Feb 2023 09:27:00 +0100 (CET) Subject: SUSE-CU-2023:282-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20230202082700.5C47CF78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:282-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.74 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.74 Severity : important Type : security References : 1206543 CVE-2022-4515 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:225-1 Released: Wed Feb 1 09:37:51 2023 Summary: Security update for ctags Type: security Severity: important References: 1206543,CVE-2022-4515 This update for ctags fixes the following issues: - CVE-2022-4515: Fixed a command injection issue via a tag file wih a crafted filename (bsc#1206543). The following package changes have been done: - ctags-5.8-150000.3.3.1 updated From sle-updates at lists.suse.com Thu Feb 2 14:17:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Feb 2023 15:17:44 +0100 (CET) Subject: SUSE-SU-2023:0229-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP2) Message-ID: <20230202141744.DC2A4FCFA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0229-1 Rating: important References: #1204167 #1205186 Cross-References: CVE-2022-2602 CVE-2022-3424 CVSS scores: CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150200_24_126 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-228=1 SUSE-SLE-Module-Live-Patching-15-SP2-2023-229=1 SUSE-SLE-Module-Live-Patching-15-SP2-2023-230=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150200_24_115-default-10-150200.2.1 kernel-livepatch-5_3_18-150200_24_115-default-debuginfo-10-150200.2.1 kernel-livepatch-5_3_18-150200_24_126-default-7-150200.2.1 kernel-livepatch-5_3_18-150200_24_126-default-debuginfo-7-150200.2.1 kernel-livepatch-5_3_18-150200_24_129-default-4-150200.2.1 kernel-livepatch-5_3_18-150200_24_129-default-debuginfo-4-150200.2.1 kernel-livepatch-SLE15-SP2_Update_27-debugsource-10-150200.2.1 kernel-livepatch-SLE15-SP2_Update_29-debugsource-7-150200.2.1 kernel-livepatch-SLE15-SP2_Update_30-debugsource-4-150200.2.1 References: https://www.suse.com/security/cve/CVE-2022-2602.html https://www.suse.com/security/cve/CVE-2022-3424.html https://bugzilla.suse.com/1204167 https://bugzilla.suse.com/1205186 From sle-updates at lists.suse.com Thu Feb 2 17:17:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Feb 2023 18:17:01 +0100 (CET) Subject: SUSE-SU-2023:0231-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP1) Message-ID: <20230202171701.04B06FCFA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0231-1 Rating: important References: #1204167 Cross-References: CVE-2022-3424 CVSS scores: CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-197_108 fixes one issue. The following security issue was fixed: - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-231=1 SUSE-SLE-Module-Live-Patching-15-SP1-2023-232=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_105-default-13-150100.2.2 kernel-livepatch-4_12_14-197_108-default-12-150100.2.2 References: https://www.suse.com/security/cve/CVE-2022-3424.html https://bugzilla.suse.com/1204167 From sle-updates at lists.suse.com Fri Feb 3 02:16:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Feb 2023 03:16:56 +0100 (CET) Subject: SUSE-SU-2023:0235-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP1) Message-ID: <20230203021656.2F297F78A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0235-1 Rating: important References: #1204167 Cross-References: CVE-2022-3424 CVSS scores: CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-150100_197_120 fixes one issue. The following security issue was fixed: - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-233=1 SUSE-SLE-Module-Live-Patching-15-SP1-2023-234=1 SUSE-SLE-Module-Live-Patching-15-SP1-2023-235=1 SUSE-SLE-Module-Live-Patching-15-SP1-2023-236=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-150100_197_114-default-8-150100.2.1 kernel-livepatch-4_12_14-150100_197_117-default-6-150100.2.1 kernel-livepatch-4_12_14-150100_197_120-default-6-150100.2.1 kernel-livepatch-4_12_14-150100_197_126-default-3-150100.2.1 References: https://www.suse.com/security/cve/CVE-2022-3424.html https://bugzilla.suse.com/1204167 From sle-updates at lists.suse.com Fri Feb 3 02:17:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Feb 2023 03:17:40 +0100 (CET) Subject: SUSE-SU-2023:0237-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP2) Message-ID: <20230203021740.78A56F78A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0237-1 Rating: important References: #1204167 #1205186 Cross-References: CVE-2022-2602 CVE-2022-3424 CVSS scores: CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150200_24_134 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-237=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150200_24_134-default-4-150200.2.1 kernel-livepatch-5_3_18-150200_24_134-default-debuginfo-4-150200.2.1 kernel-livepatch-SLE15-SP2_Update_31-debugsource-4-150200.2.1 References: https://www.suse.com/security/cve/CVE-2022-2602.html https://www.suse.com/security/cve/CVE-2022-3424.html https://bugzilla.suse.com/1204167 https://bugzilla.suse.com/1205186 From sle-updates at lists.suse.com Sat Feb 4 08:51:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Feb 2023 09:51:55 +0100 (CET) Subject: SUSE-SU-2023:0238-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP4) Message-ID: <20230204085155.A5F4DF46D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0238-1 Rating: important References: #1204167 #1204432 Cross-References: CVE-2022-3424 CVE-2022-3565 CVSS scores: CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-95_102 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204432). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-238=1 SUSE-SLE-Live-Patching-12-SP4-2023-239=1 SUSE-SLE-Live-Patching-12-SP4-2023-242=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_102-default-6-2.1 kgraft-patch-4_12_14-95_108-default-4-2.1 kgraft-patch-4_12_14-95_111-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-3565.html https://bugzilla.suse.com/1204167 https://bugzilla.suse.com/1204432 From sle-updates at lists.suse.com Sat Feb 4 08:55:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Feb 2023 09:55:28 +0100 (CET) Subject: SUSE-SU-2023:0245-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP2) Message-ID: <20230204085528.E3C6BF46D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0245-1 Rating: important References: #1204167 #1205186 Cross-References: CVE-2022-2602 CVE-2022-3424 CVSS scores: CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150200_24_112 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-245=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-246=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-247=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-241=1 SUSE-SLE-Module-Live-Patching-15-SP2-2023-243=1 SUSE-SLE-Module-Live-Patching-15-SP2-2023-244=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_71-default-10-150300.2.1 kernel-livepatch-5_3_18-150300_59_90-default-7-150300.2.1 kernel-livepatch-5_3_18-150300_59_93-default-6-150300.2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150200_24_112-default-12-150200.2.2 kernel-livepatch-5_3_18-150200_24_112-default-debuginfo-12-150200.2.2 kernel-livepatch-5_3_18-24_102-default-17-150200.2.2 kernel-livepatch-5_3_18-24_102-default-debuginfo-17-150200.2.2 kernel-livepatch-5_3_18-24_107-default-16-150200.2.2 kernel-livepatch-5_3_18-24_107-default-debuginfo-16-150200.2.2 kernel-livepatch-SLE15-SP2_Update_24-debugsource-17-150200.2.2 kernel-livepatch-SLE15-SP2_Update_26-debugsource-12-150200.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le x86_64): kernel-livepatch-SLE15-SP2_Update_25-debugsource-16-150200.2.2 References: https://www.suse.com/security/cve/CVE-2022-2602.html https://www.suse.com/security/cve/CVE-2022-3424.html https://bugzilla.suse.com/1204167 https://bugzilla.suse.com/1205186 From sle-updates at lists.suse.com Sat Feb 4 09:01:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Feb 2023 10:01:51 +0100 (CET) Subject: SUSE-SU-2023:0240-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP1) Message-ID: <20230204090151.C079EF46D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0240-1 Rating: important References: #1204167 Cross-References: CVE-2022-3424 CVSS scores: CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-150100_197_111 fixes one issue. The following security issue was fixed: - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-240=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-150100_197_111-default-11-150100.2.2 References: https://www.suse.com/security/cve/CVE-2022-3424.html https://bugzilla.suse.com/1204167 From sle-updates at lists.suse.com Sat Feb 4 14:20:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Feb 2023 15:20:02 +0100 (CET) Subject: SUSE-SU-2023:0250-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP5) Message-ID: <20230204142002.1636BFCC9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0250-1 Rating: important References: #1204167 #1204432 Cross-References: CVE-2022-3424 CVE-2022-3565 CVSS scores: CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_136 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204432). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-249=1 SUSE-SLE-Live-Patching-12-SP5-2023-250=1 SUSE-SLE-Live-Patching-12-SP5-2023-251=1 SUSE-SLE-Live-Patching-12-SP5-2023-255=1 SUSE-SLE-Live-Patching-12-SP5-2023-256=1 SUSE-SLE-Live-Patching-12-SP5-2023-257=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-248=1 SUSE-SLE-Live-Patching-12-SP4-2023-253=1 SUSE-SLE-Live-Patching-12-SP4-2023-254=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_110-default-14-2.2 kgraft-patch-4_12_14-122_113-default-13-2.2 kgraft-patch-4_12_14-122_121-default-9-2.2 kgraft-patch-4_12_14-122_124-default-8-2.1 kgraft-patch-4_12_14-122_130-default-6-2.1 kgraft-patch-4_12_14-122_136-default-3-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_88-default-13-2.2 kgraft-patch-4_12_14-95_93-default-12-2.2 kgraft-patch-4_12_14-95_99-default-8-2.1 References: https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-3565.html https://bugzilla.suse.com/1204167 https://bugzilla.suse.com/1204432 From sle-updates at lists.suse.com Sat Feb 4 17:19:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Feb 2023 18:19:27 +0100 (CET) Subject: SUSE-SU-2023:0262-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP3) Message-ID: <20230204171927.5E2ABFCC9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0262-1 Rating: important References: #1204167 #1205186 Cross-References: CVE-2022-2602 CVE-2022-3424 CVSS scores: CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_43 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-258=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-259=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-260=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-261=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-262=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-252=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_43-default-18-150300.2.2 kernel-livepatch-5_3_18-150300_59_43-default-debuginfo-18-150300.2.2 kernel-livepatch-5_3_18-150300_59_46-default-18-150300.2.2 kernel-livepatch-5_3_18-150300_59_46-default-debuginfo-18-150300.2.2 kernel-livepatch-5_3_18-150300_59_49-default-17-150300.2.2 kernel-livepatch-5_3_18-150300_59_68-default-11-150300.2.2 kernel-livepatch-5_3_18-150300_59_76-default-9-150300.2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_99-default-18-150200.2.2 kernel-livepatch-5_3_18-24_99-default-debuginfo-18-150200.2.2 kernel-livepatch-SLE15-SP2_Update_23-debugsource-18-150200.2.2 References: https://www.suse.com/security/cve/CVE-2022-2602.html https://www.suse.com/security/cve/CVE-2022-3424.html https://bugzilla.suse.com/1204167 https://bugzilla.suse.com/1205186 From sle-updates at lists.suse.com Mon Feb 6 14:17:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Feb 2023 15:17:54 +0100 (CET) Subject: SUSE-SU-2023:0263-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP5) Message-ID: <20230206141754.D84A3FCC9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0263-1 Rating: important References: #1204167 #1204432 Cross-References: CVE-2022-3424 CVE-2022-3565 CVSS scores: CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_116 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204432). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-263=1 SUSE-SLE-Live-Patching-12-SP5-2023-265=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-264=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_116-default-11-2.2 kgraft-patch-4_12_14-122_133-default-4-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_96-default-11-2.2 References: https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-3565.html https://bugzilla.suse.com/1204167 https://bugzilla.suse.com/1204432 From sle-updates at lists.suse.com Mon Feb 6 17:20:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Feb 2023 18:20:59 +0100 (CET) Subject: SUSE-SU-2023:0267-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP3) Message-ID: <20230206172059.753D3FCFA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0267-1 Rating: important References: #1204167 #1205186 Cross-References: CVE-2022-2602 CVE-2022-3424 CVSS scores: CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_98 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-266=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-267=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_87-default-8-150300.2.1 kernel-livepatch-5_3_18-150300_59_98-default-4-150300.2.1 References: https://www.suse.com/security/cve/CVE-2022-2602.html https://www.suse.com/security/cve/CVE-2022-3424.html https://bugzilla.suse.com/1204167 https://bugzilla.suse.com/1205186 From sle-updates at lists.suse.com Mon Feb 6 20:20:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Feb 2023 21:20:42 +0100 (CET) Subject: SUSE-SU-2023:0276-1: moderate: Security update for rubygem-rack Message-ID: <20230206202042.8FA63FCFA@maintenance.suse.de> SUSE Security Update: Security update for rubygem-rack ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0276-1 Rating: moderate References: #1207596 #1207597 #1207599 Cross-References: CVE-2022-44570 CVE-2022-44571 CVE-2022-44572 CVSS scores: CVE-2022-44570 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-44571 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-44572 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for rubygem-rack fixes the following issues: - CVE-2022-44570: Fixed a potential denial of service when parsing a RFC2183 multipart boundary (bsc#1207597). - CVE-2022-44571: Fixed a potential denial of service when parsing a Range header (bsc#1207599). - CVE-2022-44572: Fixed a potential denial of service when parsing a Content-Disposition header (bsc#1207596). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-276=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-276=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-276=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-276=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-276=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rack-2.0.8-150000.3.12.1 ruby2.5-rubygem-rack-doc-2.0.8-150000.3.12.1 ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.12.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rack-2.0.8-150000.3.12.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rack-2.0.8-150000.3.12.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rack-2.0.8-150000.3.12.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rack-2.0.8-150000.3.12.1 References: https://www.suse.com/security/cve/CVE-2022-44570.html https://www.suse.com/security/cve/CVE-2022-44571.html https://www.suse.com/security/cve/CVE-2022-44572.html https://bugzilla.suse.com/1207596 https://bugzilla.suse.com/1207597 https://bugzilla.suse.com/1207599 From sle-updates at lists.suse.com Mon Feb 6 20:21:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Feb 2023 21:21:48 +0100 (CET) Subject: SUSE-SU-2023:0273-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP4) Message-ID: <20230206202148.7A0B8FCFA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0273-1 Rating: important References: #1206373 Cross-References: CVE-2022-4379 CVSS scores: CVE-2022-4379 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-4379 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 5.14.21-150400_24_38 fixes one issue. The following security issue was fixed: - CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-273=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-livepatch-5_14_21-150400_24_38-default-2-150400.2.1 kernel-livepatch-5_14_21-150400_24_38-default-debuginfo-2-150400.2.1 kernel-livepatch-SLE15-SP4_Update_6-debugsource-2-150400.2.1 References: https://www.suse.com/security/cve/CVE-2022-4379.html https://bugzilla.suse.com/1206373 From sle-updates at lists.suse.com Mon Feb 6 20:22:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Feb 2023 21:22:55 +0100 (CET) Subject: SUSE-SU-2023:0274-1: important: Security update for redis Message-ID: <20230206202255.56881FCFA@maintenance.suse.de> SUSE Security Update: Security update for redis ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0274-1 Rating: important References: #1207202 Cross-References: CVE-2022-35977 CVSS scores: CVE-2022-35977 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-35977 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for redis fixes the following issues: - CVE-2022-35977: Fixed an integer overflow that could allow authenticated users to cause a crash (bsc#1207202). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-274=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-274=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-274=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-274=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-274=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-274=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-274=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-274=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-274=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-274=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-274=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-274=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-274=1 Package List: - SUSE Manager Server 4.2 (ppc64le s390x x86_64): redis-6.0.14-150200.6.17.1 redis-debuginfo-6.0.14-150200.6.17.1 redis-debugsource-6.0.14-150200.6.17.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): redis-6.0.14-150200.6.17.1 redis-debuginfo-6.0.14-150200.6.17.1 redis-debugsource-6.0.14-150200.6.17.1 - SUSE Manager Proxy 4.2 (x86_64): redis-6.0.14-150200.6.17.1 redis-debuginfo-6.0.14-150200.6.17.1 redis-debugsource-6.0.14-150200.6.17.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): redis-6.0.14-150200.6.17.1 redis-debuginfo-6.0.14-150200.6.17.1 redis-debugsource-6.0.14-150200.6.17.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): redis-6.0.14-150200.6.17.1 redis-debuginfo-6.0.14-150200.6.17.1 redis-debugsource-6.0.14-150200.6.17.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): redis-6.0.14-150200.6.17.1 redis-debuginfo-6.0.14-150200.6.17.1 redis-debugsource-6.0.14-150200.6.17.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): redis-6.0.14-150200.6.17.1 redis-debuginfo-6.0.14-150200.6.17.1 redis-debugsource-6.0.14-150200.6.17.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): redis-6.0.14-150200.6.17.1 redis-debuginfo-6.0.14-150200.6.17.1 redis-debugsource-6.0.14-150200.6.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): redis-6.0.14-150200.6.17.1 redis-debuginfo-6.0.14-150200.6.17.1 redis-debugsource-6.0.14-150200.6.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): redis-6.0.14-150200.6.17.1 redis-debuginfo-6.0.14-150200.6.17.1 redis-debugsource-6.0.14-150200.6.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): redis-6.0.14-150200.6.17.1 redis-debuginfo-6.0.14-150200.6.17.1 redis-debugsource-6.0.14-150200.6.17.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): redis-6.0.14-150200.6.17.1 redis-debuginfo-6.0.14-150200.6.17.1 redis-debugsource-6.0.14-150200.6.17.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): redis-6.0.14-150200.6.17.1 redis-debuginfo-6.0.14-150200.6.17.1 redis-debugsource-6.0.14-150200.6.17.1 References: https://www.suse.com/security/cve/CVE-2022-35977.html https://bugzilla.suse.com/1207202 From sle-updates at lists.suse.com Mon Feb 6 20:24:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Feb 2023 21:24:12 +0100 (CET) Subject: SUSE-SU-2023:0275-1: moderate: Security update for rubygem-activesupport-5_1 Message-ID: <20230206202412.EFFA9FCFA@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activesupport-5_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0275-1 Rating: moderate References: #1207454 Cross-References: CVE-2023-22796 CVSS scores: CVE-2023-22796 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-activesupport-5_1 fixes the following issues: - CVE-2023-22796: Fixed a potential denial of service when passing a crafted input to the underscore method due to an inefficient regular expression (bsc#1207454). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-275=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-275=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-275=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-275=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-275=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1 ruby2.5-rubygem-activesupport-doc-5_1-5.1.4-150000.3.12.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1 References: https://www.suse.com/security/cve/CVE-2023-22796.html https://bugzilla.suse.com/1207454 From sle-updates at lists.suse.com Mon Feb 6 20:25:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Feb 2023 21:25:08 +0100 (CET) Subject: SUSE-SU-2023:0271-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP5) Message-ID: <20230206202508.E1DE1FCFA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0271-1 Rating: important References: #1204167 #1204432 Cross-References: CVE-2022-3424 CVE-2022-3565 CVSS scores: CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_127 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204432). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-271=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_127-default-6-2.1 References: https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-3565.html https://bugzilla.suse.com/1204167 https://bugzilla.suse.com/1204432 From sle-updates at lists.suse.com Mon Feb 6 20:26:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Feb 2023 21:26:09 +0100 (CET) Subject: SUSE-SU-2023:0270-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP4) Message-ID: <20230206202609.CCD1DFCFA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0270-1 Rating: important References: #1204167 #1205186 #1206373 Cross-References: CVE-2022-2602 CVE-2022-3424 CVE-2022-4379 CVSS scores: CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4379 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-4379 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 5.14.21-150400_24_28 fixes several issues. The following security issues were fixed: - CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-269=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-270=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-272=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-livepatch-5_14_21-150400_22-default-10-150400.4.2 kernel-livepatch-5_14_21-150400_22-default-debuginfo-10-150400.4.2 kernel-livepatch-5_14_21-150400_24_18-default-7-150400.2.1 kernel-livepatch-5_14_21-150400_24_28-default-4-150400.2.1 kernel-livepatch-5_14_21-150400_24_28-default-debuginfo-4-150400.2.1 kernel-livepatch-SLE15-SP4_Update_0-debugsource-10-150400.4.2 kernel-livepatch-SLE15-SP4_Update_4-debugsource-4-150400.2.1 References: https://www.suse.com/security/cve/CVE-2022-2602.html https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-4379.html https://bugzilla.suse.com/1204167 https://bugzilla.suse.com/1205186 https://bugzilla.suse.com/1206373 From sle-updates at lists.suse.com Tue Feb 7 08:04:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 09:04:45 +0100 (CET) Subject: SUSE-CU-2023:283-1: Security update of suse/sle15 Message-ID: <20230207080445.3CA46F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:283-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.100 , suse/sle15:15.3 , suse/sle15:15.3.17.20.100 Container Release : 17.20.100 Severity : important Type : security References : 1203652 1205126 CVE-2022-42898 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:198-1 Released: Fri Jan 27 14:26:54 2023 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - krb5-1.19.2-150300.10.1 updated - libz1-1.2.11-150000.3.39.1 updated From sle-updates at lists.suse.com Tue Feb 7 08:11:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 09:11:52 +0100 (CET) Subject: SUSE-CU-2023:291-1: Security update of bci/python Message-ID: <20230207081152.B4EADF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:291-1 Container Tags : bci/python:3 , bci/python:3-34.14 , bci/python:3.6 , bci/python:3.6-34.14 Container Release : 34.14 Severity : important Type : security References : 1203652 1204944 1205000 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libudev1-249.14-150400.8.19.1 updated - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - container:sles15-image-15.0.0-27.14.33 updated From sle-updates at lists.suse.com Tue Feb 7 11:21:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 12:21:07 +0100 (CET) Subject: SUSE-SU-2023:0277-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4) Message-ID: <20230207112107.12821FCC9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0277-1 Rating: important References: #1204167 #1205186 #1206373 Cross-References: CVE-2022-2602 CVE-2022-3424 CVE-2022-4379 CVSS scores: CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4379 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-4379 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 5.14.21-150400_24_11 fixes several issues. The following security issues were fixed: - CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-277=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1 kernel-livepatch-5_14_21-150400_24_11-default-debuginfo-7-150400.2.1 kernel-livepatch-SLE15-SP4_Update_1-debugsource-7-150400.2.1 References: https://www.suse.com/security/cve/CVE-2022-2602.html https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-4379.html https://bugzilla.suse.com/1204167 https://bugzilla.suse.com/1205186 https://bugzilla.suse.com/1206373 From sle-updates at lists.suse.com Tue Feb 7 11:22:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 12:22:06 +0100 (CET) Subject: SUSE-SU-2023:0281-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP3) Message-ID: <20230207112206.4AA53FCC9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0281-1 Rating: important References: #1204167 #1205186 Cross-References: CVE-2022-2602 CVE-2022-3424 CVSS scores: CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_63 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-278=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-279=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-281=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_54-default-16-150300.2.2 kernel-livepatch-5_3_18-150300_59_60-default-15-150300.2.2 kernel-livepatch-5_3_18-150300_59_63-default-12-150300.2.2 References: https://www.suse.com/security/cve/CVE-2022-2602.html https://www.suse.com/security/cve/CVE-2022-3424.html https://bugzilla.suse.com/1204167 https://bugzilla.suse.com/1205186 From sle-updates at lists.suse.com Tue Feb 7 11:23:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 12:23:31 +0100 (CET) Subject: SUSE-SU-2023:0280-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP4) Message-ID: <20230207112331.BC488FCC9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0280-1 Rating: important References: #1205186 #1206373 Cross-References: CVE-2022-2602 CVE-2022-4379 CVSS scores: CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4379 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-4379 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.14.21-150400_24_33 fixes several issues. The following security issues were fixed: - CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-280=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1 kernel-livepatch-5_14_21-150400_24_33-default-debuginfo-3-150400.2.1 kernel-livepatch-SLE15-SP4_Update_5-debugsource-3-150400.2.1 References: https://www.suse.com/security/cve/CVE-2022-2602.html https://www.suse.com/security/cve/CVE-2022-4379.html https://bugzilla.suse.com/1205186 https://bugzilla.suse.com/1206373 From sle-updates at lists.suse.com Tue Feb 7 11:24:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 12:24:21 +0100 (CET) Subject: SUSE-SU-2023:0282-1: important: Security update for xorg-x11-server Message-ID: <20230207112421.5F128FCC9@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0282-1 Rating: important References: #1207783 Cross-References: CVE-2023-0494 CVSS scores: CVE-2023-0494 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-282=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-282=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-282=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-282=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xorg-x11-server-1.19.6-4.42.1 xorg-x11-server-debuginfo-1.19.6-4.42.1 xorg-x11-server-debugsource-1.19.6-4.42.1 xorg-x11-server-extra-1.19.6-4.42.1 xorg-x11-server-extra-debuginfo-1.19.6-4.42.1 - SUSE OpenStack Cloud 9 (x86_64): xorg-x11-server-1.19.6-4.42.1 xorg-x11-server-debuginfo-1.19.6-4.42.1 xorg-x11-server-debugsource-1.19.6-4.42.1 xorg-x11-server-extra-1.19.6-4.42.1 xorg-x11-server-extra-debuginfo-1.19.6-4.42.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): xorg-x11-server-1.19.6-4.42.1 xorg-x11-server-debuginfo-1.19.6-4.42.1 xorg-x11-server-debugsource-1.19.6-4.42.1 xorg-x11-server-extra-1.19.6-4.42.1 xorg-x11-server-extra-debuginfo-1.19.6-4.42.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-4.42.1 xorg-x11-server-debuginfo-1.19.6-4.42.1 xorg-x11-server-debugsource-1.19.6-4.42.1 xorg-x11-server-extra-1.19.6-4.42.1 xorg-x11-server-extra-debuginfo-1.19.6-4.42.1 References: https://www.suse.com/security/cve/CVE-2023-0494.html https://bugzilla.suse.com/1207783 From sle-updates at lists.suse.com Tue Feb 7 14:18:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 15:18:24 +0100 (CET) Subject: SUSE-SU-2023:0295-1: important: Security update for redis Message-ID: <20230207141824.027E2F46D@maintenance.suse.de> SUSE Security Update: Security update for redis ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0295-1 Rating: important References: #1207202 #1207203 #1207448 Cross-References: CVE-2022-35977 CVE-2023-22458 CVSS scores: CVE-2022-35977 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-35977 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-22458 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-22458 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for redis fixes the following issues: - CVE-2022-35977: Fixed an integer overflow that could allow authenticated users to cause a crash (bsc#1207202). - CVE-2023-22458: Fixed a missing check that could allow authenticated users to cause a crash (bsc#1207203). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-295=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-295=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): redis-6.2.6-150400.3.11.1 redis-debuginfo-6.2.6-150400.3.11.1 redis-debugsource-6.2.6-150400.3.11.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): redis-6.2.6-150400.3.11.1 redis-debuginfo-6.2.6-150400.3.11.1 redis-debugsource-6.2.6-150400.3.11.1 References: https://www.suse.com/security/cve/CVE-2022-35977.html https://www.suse.com/security/cve/CVE-2023-22458.html https://bugzilla.suse.com/1207202 https://bugzilla.suse.com/1207203 https://bugzilla.suse.com/1207448 From sle-updates at lists.suse.com Tue Feb 7 14:19:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 15:19:14 +0100 (CET) Subject: SUSE-SU-2023:0292-1: important: Security update for sssd Message-ID: <20230207141914.3ED71F46D@maintenance.suse.de> SUSE Security Update: Security update for sssd ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0292-1 Rating: important References: #1207474 Cross-References: CVE-2022-4254 CVSS scores: CVE-2022-4254 (SUSE): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sssd fixes the following issues: - CVE-2022-4254: Fixed a bug in libsss_certmap which could allow an attacker to gain control of the admin account and perform a full domain takeover. (bsc#1207474) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-292=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-292=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-292=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-292=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libipa_hbac-devel-1.16.1-150000.8.70.1 libipa_hbac0-1.16.1-150000.8.70.1 libipa_hbac0-debuginfo-1.16.1-150000.8.70.1 libsss_certmap-devel-1.16.1-150000.8.70.1 libsss_certmap0-1.16.1-150000.8.70.1 libsss_certmap0-debuginfo-1.16.1-150000.8.70.1 libsss_idmap-devel-1.16.1-150000.8.70.1 libsss_idmap0-1.16.1-150000.8.70.1 libsss_idmap0-debuginfo-1.16.1-150000.8.70.1 libsss_nss_idmap-devel-1.16.1-150000.8.70.1 libsss_nss_idmap0-1.16.1-150000.8.70.1 libsss_nss_idmap0-debuginfo-1.16.1-150000.8.70.1 libsss_simpleifp-devel-1.16.1-150000.8.70.1 libsss_simpleifp0-1.16.1-150000.8.70.1 libsss_simpleifp0-debuginfo-1.16.1-150000.8.70.1 python3-sssd-config-1.16.1-150000.8.70.1 python3-sssd-config-debuginfo-1.16.1-150000.8.70.1 sssd-1.16.1-150000.8.70.1 sssd-ad-1.16.1-150000.8.70.1 sssd-ad-debuginfo-1.16.1-150000.8.70.1 sssd-dbus-1.16.1-150000.8.70.1 sssd-dbus-debuginfo-1.16.1-150000.8.70.1 sssd-debuginfo-1.16.1-150000.8.70.1 sssd-debugsource-1.16.1-150000.8.70.1 sssd-ipa-1.16.1-150000.8.70.1 sssd-ipa-debuginfo-1.16.1-150000.8.70.1 sssd-krb5-1.16.1-150000.8.70.1 sssd-krb5-common-1.16.1-150000.8.70.1 sssd-krb5-common-debuginfo-1.16.1-150000.8.70.1 sssd-krb5-debuginfo-1.16.1-150000.8.70.1 sssd-ldap-1.16.1-150000.8.70.1 sssd-ldap-debuginfo-1.16.1-150000.8.70.1 sssd-proxy-1.16.1-150000.8.70.1 sssd-proxy-debuginfo-1.16.1-150000.8.70.1 sssd-tools-1.16.1-150000.8.70.1 sssd-tools-debuginfo-1.16.1-150000.8.70.1 sssd-wbclient-1.16.1-150000.8.70.1 sssd-wbclient-debuginfo-1.16.1-150000.8.70.1 sssd-wbclient-devel-1.16.1-150000.8.70.1 sssd-winbind-idmap-1.16.1-150000.8.70.1 sssd-winbind-idmap-debuginfo-1.16.1-150000.8.70.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): sssd-32bit-1.16.1-150000.8.70.1 sssd-32bit-debuginfo-1.16.1-150000.8.70.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-150000.8.70.1 libipa_hbac0-1.16.1-150000.8.70.1 libipa_hbac0-debuginfo-1.16.1-150000.8.70.1 libsss_certmap-devel-1.16.1-150000.8.70.1 libsss_certmap0-1.16.1-150000.8.70.1 libsss_certmap0-debuginfo-1.16.1-150000.8.70.1 libsss_idmap-devel-1.16.1-150000.8.70.1 libsss_idmap0-1.16.1-150000.8.70.1 libsss_idmap0-debuginfo-1.16.1-150000.8.70.1 libsss_nss_idmap-devel-1.16.1-150000.8.70.1 libsss_nss_idmap0-1.16.1-150000.8.70.1 libsss_nss_idmap0-debuginfo-1.16.1-150000.8.70.1 libsss_simpleifp-devel-1.16.1-150000.8.70.1 libsss_simpleifp0-1.16.1-150000.8.70.1 libsss_simpleifp0-debuginfo-1.16.1-150000.8.70.1 python3-sssd-config-1.16.1-150000.8.70.1 python3-sssd-config-debuginfo-1.16.1-150000.8.70.1 sssd-1.16.1-150000.8.70.1 sssd-ad-1.16.1-150000.8.70.1 sssd-ad-debuginfo-1.16.1-150000.8.70.1 sssd-dbus-1.16.1-150000.8.70.1 sssd-dbus-debuginfo-1.16.1-150000.8.70.1 sssd-debuginfo-1.16.1-150000.8.70.1 sssd-debugsource-1.16.1-150000.8.70.1 sssd-ipa-1.16.1-150000.8.70.1 sssd-ipa-debuginfo-1.16.1-150000.8.70.1 sssd-krb5-1.16.1-150000.8.70.1 sssd-krb5-common-1.16.1-150000.8.70.1 sssd-krb5-common-debuginfo-1.16.1-150000.8.70.1 sssd-krb5-debuginfo-1.16.1-150000.8.70.1 sssd-ldap-1.16.1-150000.8.70.1 sssd-ldap-debuginfo-1.16.1-150000.8.70.1 sssd-proxy-1.16.1-150000.8.70.1 sssd-proxy-debuginfo-1.16.1-150000.8.70.1 sssd-tools-1.16.1-150000.8.70.1 sssd-tools-debuginfo-1.16.1-150000.8.70.1 sssd-wbclient-1.16.1-150000.8.70.1 sssd-wbclient-debuginfo-1.16.1-150000.8.70.1 sssd-wbclient-devel-1.16.1-150000.8.70.1 sssd-winbind-idmap-1.16.1-150000.8.70.1 sssd-winbind-idmap-debuginfo-1.16.1-150000.8.70.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): sssd-32bit-1.16.1-150000.8.70.1 sssd-32bit-debuginfo-1.16.1-150000.8.70.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libipa_hbac-devel-1.16.1-150000.8.70.1 libipa_hbac0-1.16.1-150000.8.70.1 libipa_hbac0-debuginfo-1.16.1-150000.8.70.1 libsss_certmap-devel-1.16.1-150000.8.70.1 libsss_certmap0-1.16.1-150000.8.70.1 libsss_certmap0-debuginfo-1.16.1-150000.8.70.1 libsss_idmap-devel-1.16.1-150000.8.70.1 libsss_idmap0-1.16.1-150000.8.70.1 libsss_idmap0-debuginfo-1.16.1-150000.8.70.1 libsss_nss_idmap-devel-1.16.1-150000.8.70.1 libsss_nss_idmap0-1.16.1-150000.8.70.1 libsss_nss_idmap0-debuginfo-1.16.1-150000.8.70.1 libsss_simpleifp-devel-1.16.1-150000.8.70.1 libsss_simpleifp0-1.16.1-150000.8.70.1 libsss_simpleifp0-debuginfo-1.16.1-150000.8.70.1 python3-sssd-config-1.16.1-150000.8.70.1 python3-sssd-config-debuginfo-1.16.1-150000.8.70.1 sssd-1.16.1-150000.8.70.1 sssd-ad-1.16.1-150000.8.70.1 sssd-ad-debuginfo-1.16.1-150000.8.70.1 sssd-dbus-1.16.1-150000.8.70.1 sssd-dbus-debuginfo-1.16.1-150000.8.70.1 sssd-debuginfo-1.16.1-150000.8.70.1 sssd-debugsource-1.16.1-150000.8.70.1 sssd-ipa-1.16.1-150000.8.70.1 sssd-ipa-debuginfo-1.16.1-150000.8.70.1 sssd-krb5-1.16.1-150000.8.70.1 sssd-krb5-common-1.16.1-150000.8.70.1 sssd-krb5-common-debuginfo-1.16.1-150000.8.70.1 sssd-krb5-debuginfo-1.16.1-150000.8.70.1 sssd-ldap-1.16.1-150000.8.70.1 sssd-ldap-debuginfo-1.16.1-150000.8.70.1 sssd-proxy-1.16.1-150000.8.70.1 sssd-proxy-debuginfo-1.16.1-150000.8.70.1 sssd-tools-1.16.1-150000.8.70.1 sssd-tools-debuginfo-1.16.1-150000.8.70.1 sssd-wbclient-1.16.1-150000.8.70.1 sssd-wbclient-debuginfo-1.16.1-150000.8.70.1 sssd-wbclient-devel-1.16.1-150000.8.70.1 sssd-winbind-idmap-1.16.1-150000.8.70.1 sssd-winbind-idmap-debuginfo-1.16.1-150000.8.70.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): sssd-32bit-1.16.1-150000.8.70.1 sssd-32bit-debuginfo-1.16.1-150000.8.70.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libipa_hbac-devel-1.16.1-150000.8.70.1 libipa_hbac0-1.16.1-150000.8.70.1 libipa_hbac0-debuginfo-1.16.1-150000.8.70.1 libsss_certmap-devel-1.16.1-150000.8.70.1 libsss_certmap0-1.16.1-150000.8.70.1 libsss_certmap0-debuginfo-1.16.1-150000.8.70.1 libsss_idmap-devel-1.16.1-150000.8.70.1 libsss_idmap0-1.16.1-150000.8.70.1 libsss_idmap0-debuginfo-1.16.1-150000.8.70.1 libsss_nss_idmap-devel-1.16.1-150000.8.70.1 libsss_nss_idmap0-1.16.1-150000.8.70.1 libsss_nss_idmap0-debuginfo-1.16.1-150000.8.70.1 libsss_simpleifp-devel-1.16.1-150000.8.70.1 libsss_simpleifp0-1.16.1-150000.8.70.1 libsss_simpleifp0-debuginfo-1.16.1-150000.8.70.1 python3-sssd-config-1.16.1-150000.8.70.1 python3-sssd-config-debuginfo-1.16.1-150000.8.70.1 sssd-1.16.1-150000.8.70.1 sssd-ad-1.16.1-150000.8.70.1 sssd-ad-debuginfo-1.16.1-150000.8.70.1 sssd-dbus-1.16.1-150000.8.70.1 sssd-dbus-debuginfo-1.16.1-150000.8.70.1 sssd-debuginfo-1.16.1-150000.8.70.1 sssd-debugsource-1.16.1-150000.8.70.1 sssd-ipa-1.16.1-150000.8.70.1 sssd-ipa-debuginfo-1.16.1-150000.8.70.1 sssd-krb5-1.16.1-150000.8.70.1 sssd-krb5-common-1.16.1-150000.8.70.1 sssd-krb5-common-debuginfo-1.16.1-150000.8.70.1 sssd-krb5-debuginfo-1.16.1-150000.8.70.1 sssd-ldap-1.16.1-150000.8.70.1 sssd-ldap-debuginfo-1.16.1-150000.8.70.1 sssd-proxy-1.16.1-150000.8.70.1 sssd-proxy-debuginfo-1.16.1-150000.8.70.1 sssd-tools-1.16.1-150000.8.70.1 sssd-tools-debuginfo-1.16.1-150000.8.70.1 sssd-wbclient-1.16.1-150000.8.70.1 sssd-wbclient-debuginfo-1.16.1-150000.8.70.1 sssd-wbclient-devel-1.16.1-150000.8.70.1 sssd-winbind-idmap-1.16.1-150000.8.70.1 sssd-winbind-idmap-debuginfo-1.16.1-150000.8.70.1 - SUSE Enterprise Storage 6 (x86_64): sssd-32bit-1.16.1-150000.8.70.1 sssd-32bit-debuginfo-1.16.1-150000.8.70.1 - SUSE CaaS Platform 4.0 (x86_64): libipa_hbac-devel-1.16.1-150000.8.70.1 libipa_hbac0-1.16.1-150000.8.70.1 libipa_hbac0-debuginfo-1.16.1-150000.8.70.1 libsss_certmap-devel-1.16.1-150000.8.70.1 libsss_certmap0-1.16.1-150000.8.70.1 libsss_certmap0-debuginfo-1.16.1-150000.8.70.1 libsss_idmap-devel-1.16.1-150000.8.70.1 libsss_idmap0-1.16.1-150000.8.70.1 libsss_idmap0-debuginfo-1.16.1-150000.8.70.1 libsss_nss_idmap-devel-1.16.1-150000.8.70.1 libsss_nss_idmap0-1.16.1-150000.8.70.1 libsss_nss_idmap0-debuginfo-1.16.1-150000.8.70.1 libsss_simpleifp-devel-1.16.1-150000.8.70.1 libsss_simpleifp0-1.16.1-150000.8.70.1 libsss_simpleifp0-debuginfo-1.16.1-150000.8.70.1 python3-sssd-config-1.16.1-150000.8.70.1 python3-sssd-config-debuginfo-1.16.1-150000.8.70.1 sssd-1.16.1-150000.8.70.1 sssd-32bit-1.16.1-150000.8.70.1 sssd-32bit-debuginfo-1.16.1-150000.8.70.1 sssd-ad-1.16.1-150000.8.70.1 sssd-ad-debuginfo-1.16.1-150000.8.70.1 sssd-dbus-1.16.1-150000.8.70.1 sssd-dbus-debuginfo-1.16.1-150000.8.70.1 sssd-debuginfo-1.16.1-150000.8.70.1 sssd-debugsource-1.16.1-150000.8.70.1 sssd-ipa-1.16.1-150000.8.70.1 sssd-ipa-debuginfo-1.16.1-150000.8.70.1 sssd-krb5-1.16.1-150000.8.70.1 sssd-krb5-common-1.16.1-150000.8.70.1 sssd-krb5-common-debuginfo-1.16.1-150000.8.70.1 sssd-krb5-debuginfo-1.16.1-150000.8.70.1 sssd-ldap-1.16.1-150000.8.70.1 sssd-ldap-debuginfo-1.16.1-150000.8.70.1 sssd-proxy-1.16.1-150000.8.70.1 sssd-proxy-debuginfo-1.16.1-150000.8.70.1 sssd-tools-1.16.1-150000.8.70.1 sssd-tools-debuginfo-1.16.1-150000.8.70.1 sssd-wbclient-1.16.1-150000.8.70.1 sssd-wbclient-debuginfo-1.16.1-150000.8.70.1 sssd-wbclient-devel-1.16.1-150000.8.70.1 sssd-winbind-idmap-1.16.1-150000.8.70.1 sssd-winbind-idmap-debuginfo-1.16.1-150000.8.70.1 References: https://www.suse.com/security/cve/CVE-2022-4254.html https://bugzilla.suse.com/1207474 From sle-updates at lists.suse.com Tue Feb 7 14:19:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 15:19:52 +0100 (CET) Subject: SUSE-SU-2023:0284-1: important: Security update for xorg-x11-server Message-ID: <20230207141952.7F501F46D@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0284-1 Rating: important References: #1207783 Cross-References: CVE-2023-0494 CVSS scores: CVE-2023-0494 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-284=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xorg-x11-server-7.6_1.18.3-76.60.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.60.1 xorg-x11-server-debugsource-7.6_1.18.3-76.60.1 xorg-x11-server-extra-7.6_1.18.3-76.60.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.60.1 References: https://www.suse.com/security/cve/CVE-2023-0494.html https://bugzilla.suse.com/1207783 From sle-updates at lists.suse.com Tue Feb 7 14:20:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 15:20:35 +0100 (CET) Subject: SUSE-SU-2023:0293-1: important: Security update for nginx Message-ID: <20230207142035.B2E3DF46D@maintenance.suse.de> SUSE Security Update: Security update for nginx ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0293-1 Rating: important References: #1204526 #1204527 Cross-References: CVE-2022-41741 CVE-2022-41742 CVSS scores: CVE-2022-41741 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41741 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-41742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-41742 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nginx fixes the following issues: - CVE-2022-41741: Handle duplicated atoms in mp4 streams, to mitigate out-of-bound reads. (bsc#1204526) - CVE-2022-41742: Handle duplicated atoms in mp4 streams, to mitigate out-of-bound reads. (bsc#1204527) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-293=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-293=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-293=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-293=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): nginx-1.16.1-150100.6.19.1 nginx-debuginfo-1.16.1-150100.6.19.1 nginx-debugsource-1.16.1-150100.6.19.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): nginx-source-1.16.1-150100.6.19.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): nginx-1.16.1-150100.6.19.1 nginx-debuginfo-1.16.1-150100.6.19.1 nginx-debugsource-1.16.1-150100.6.19.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): nginx-source-1.16.1-150100.6.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): nginx-1.16.1-150100.6.19.1 nginx-debuginfo-1.16.1-150100.6.19.1 nginx-debugsource-1.16.1-150100.6.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): nginx-source-1.16.1-150100.6.19.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): nginx-1.16.1-150100.6.19.1 nginx-debuginfo-1.16.1-150100.6.19.1 nginx-debugsource-1.16.1-150100.6.19.1 - SUSE Enterprise Storage 6 (noarch): nginx-source-1.16.1-150100.6.19.1 - SUSE CaaS Platform 4.0 (x86_64): nginx-1.16.1-150100.6.19.1 nginx-debuginfo-1.16.1-150100.6.19.1 nginx-debugsource-1.16.1-150100.6.19.1 - SUSE CaaS Platform 4.0 (noarch): nginx-source-1.16.1-150100.6.19.1 References: https://www.suse.com/security/cve/CVE-2022-41741.html https://www.suse.com/security/cve/CVE-2022-41742.html https://bugzilla.suse.com/1204526 https://bugzilla.suse.com/1204527 From sle-updates at lists.suse.com Tue Feb 7 14:21:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 15:21:26 +0100 (CET) Subject: SUSE-RU-2023:0290-1: moderate: Recommended update for rust, rust1.67 Message-ID: <20230207142126.72145F46D@maintenance.suse.de> SUSE Recommended Update: Recommended update for rust, rust1.67 ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0290-1 Rating: moderate References: SLE-18626 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for rust, rust1.67 fixes the following issues: Rust is shipped in version 1.67.0. Changes in rust1.67: Version 1.67.0 (2023-01-26) ========================== Language -------- - Make `Sized` predicates coinductive, allowing cycles. - #[must_use]` annotations on `async fn` also affect the `Future::Output`. - Elaborate supertrait obligations when deducing closure signatures. - Invalid literals are no longer an error under `cfg(FALSE)`. - Unreserve braced enum variants in value namespace. Compiler -------- - Enable varargs support for calling conventions other than `C` or `cdecl`. - Add new MIR constant propagation based on dataflow analysis. - Optimize field ordering by grouping m\*2^n-sized fields with equivalently aligned ones. - Stabilize native library modifier `verbatim`. Added and removed targets: - Remove tier 3 `linuxkernel` targets Refer to Rust's platform support page for more information on Rust's tiered platform support. Libraries --------- - Merge `crossbeam-channel` into `std::sync::mpsc`. - Fix inconsistent rounding of 0.5 when formatted to 0 decimal places. - Derive `Eq` and `Hash` for `ControlFlow`. - Don't build `compiler_builtins` with `-C panic=abort`. Stabilized APIs --------------- - {integer}::checked_ilog - {integer}::checked_ilog2 - {integer}::checked_ilog10 - {integer}::ilog - {integer}::ilog2 - {integer}::ilog10 - NonZeroU*::ilog2 - NonZeroU*::ilog10 - NonZero*::BITS These APIs are now stable in const contexts: - char::from_u32 - char::from_digit - char::to_digit - core::char::from_u32 - core::char::from_digit Compatibility Notes ------------------- - The layout of `repr(Rust)` types now groups m\*2^n-sized fields with equivalently aligned ones. This is intended to be an optimization, but it is also known to increase type sizes in a few cases for the placement of enum tags. As a reminder, the layout of `repr(Rust)` types is an implementation detail, subject to change. - 0.5 now rounds to 0 when formatted to 0 decimal places. This makes it consistent with the rest of floating point formatting that rounds ties toward even digits. - Chains of `&&` and `||` will now drop temporaries from their sub-expressions in evaluation order, left-to-right. Previously, it was "twisted" such that the _first_ expression dropped its temporaries _last_, after all of the other expressions dropped in order. - Underscore suffixes on string literals are now a hard error. This has been a future-compatibility warning since 1.20.0. - Stop passing `-export-dynamic` to `wasm-ld`. - main` is now mangled as `__main_void` on `wasm32-wasi`. - Cargo now emits an error if there are multiple registries in the configuration with the same index URL. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-290=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-290=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cargo-1.67.0-150400.24.6.1 cargo1.67-1.67.0-150400.9.3.1 cargo1.67-debuginfo-1.67.0-150400.9.3.1 rust-1.67.0-150400.24.6.1 rust1.67-1.67.0-150400.9.3.1 rust1.67-debuginfo-1.67.0-150400.9.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): cargo-1.67.0-150400.24.6.1 cargo1.67-1.67.0-150400.9.3.1 cargo1.67-debuginfo-1.67.0-150400.9.3.1 rust-1.67.0-150400.24.6.1 rust1.67-1.67.0-150400.9.3.1 rust1.67-debuginfo-1.67.0-150400.9.3.1 References: From sle-updates at lists.suse.com Tue Feb 7 14:21:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 15:21:57 +0100 (CET) Subject: SUSE-SU-2023:0289-1: important: Security update for xwayland Message-ID: <20230207142157.E2BFAF46D@maintenance.suse.de> SUSE Security Update: Security update for xwayland ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0289-1 Rating: important References: #1207783 Cross-References: CVE-2023-0494 CVSS scores: CVE-2023-0494 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xwayland fixes the following issues: - CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-289=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-289=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): xwayland-21.1.4-150400.3.9.1 xwayland-debuginfo-21.1.4-150400.3.9.1 xwayland-debugsource-21.1.4-150400.3.9.1 xwayland-devel-21.1.4-150400.3.9.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): xwayland-21.1.4-150400.3.9.1 xwayland-debuginfo-21.1.4-150400.3.9.1 xwayland-debugsource-21.1.4-150400.3.9.1 References: https://www.suse.com/security/cve/CVE-2023-0494.html https://bugzilla.suse.com/1207783 From sle-updates at lists.suse.com Tue Feb 7 14:22:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 15:22:53 +0100 (CET) Subject: SUSE-SU-2023:0285-1: important: Security update for xorg-x11-server Message-ID: <20230207142253.522F3F46D@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0285-1 Rating: important References: #1207783 Cross-References: CVE-2023-0494 CVSS scores: CVE-2023-0494 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-285=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-285=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-285=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-285=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-285=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-285=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-285=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-285=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-285=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-285=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-285=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-285=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-285=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-285=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-285=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-wayland-1.20.3-150200.22.5.66.1 xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.66.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.66.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.66.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.66.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): xorg-x11-server-1.20.3-150200.22.5.66.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.66.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.66.1 - SUSE Manager Proxy 4.2 (x86_64): xorg-x11-server-1.20.3-150200.22.5.66.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.66.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.66.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): xorg-x11-server-debuginfo-1.20.3-150200.22.5.66.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.66.1 xorg-x11-server-wayland-1.20.3-150200.22.5.66.1 xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.66.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): xorg-x11-server-1.20.3-150200.22.5.66.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.66.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.66.1 xorg-x11-server-sdk-1.20.3-150200.22.5.66.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): xorg-x11-server-1.20.3-150200.22.5.66.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.66.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.66.1 xorg-x11-server-sdk-1.20.3-150200.22.5.66.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.66.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.66.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.66.1 xorg-x11-server-sdk-1.20.3-150200.22.5.66.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.66.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.66.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.66.1 xorg-x11-server-sdk-1.20.3-150200.22.5.66.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): xorg-x11-server-1.20.3-150200.22.5.66.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.66.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.66.1 xorg-x11-server-sdk-1.20.3-150200.22.5.66.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): xorg-x11-server-1.20.3-150200.22.5.66.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.66.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.66.1 xorg-x11-server-sdk-1.20.3-150200.22.5.66.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): xorg-x11-server-1.20.3-150200.22.5.66.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.66.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.66.1 xorg-x11-server-sdk-1.20.3-150200.22.5.66.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): xorg-x11-server-1.20.3-150200.22.5.66.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.66.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.66.1 xorg-x11-server-sdk-1.20.3-150200.22.5.66.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): xorg-x11-server-1.20.3-150200.22.5.66.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.66.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.66.1 xorg-x11-server-sdk-1.20.3-150200.22.5.66.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): xorg-x11-server-1.20.3-150200.22.5.66.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.66.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-1.20.3-150200.22.5.66.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.66.1 xorg-x11-server-sdk-1.20.3-150200.22.5.66.1 References: https://www.suse.com/security/cve/CVE-2023-0494.html https://bugzilla.suse.com/1207783 From sle-updates at lists.suse.com Tue Feb 7 14:23:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 15:23:52 +0100 (CET) Subject: SUSE-SU-2023:0287-1: important: Security update for xorg-x11-server Message-ID: <20230207142352.D3349F46D@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0287-1 Rating: important References: #1207783 Cross-References: CVE-2023-0494 CVSS scores: CVE-2023-0494 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-287=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-287=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-287=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): xorg-x11-server-1.20.3-150100.14.5.36.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.36.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.36.1 xorg-x11-server-extra-1.20.3-150100.14.5.36.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.36.1 xorg-x11-server-sdk-1.20.3-150100.14.5.36.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150100.14.5.36.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.36.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.36.1 xorg-x11-server-extra-1.20.3-150100.14.5.36.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.36.1 xorg-x11-server-sdk-1.20.3-150100.14.5.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): xorg-x11-server-1.20.3-150100.14.5.36.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.36.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.36.1 xorg-x11-server-extra-1.20.3-150100.14.5.36.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.36.1 xorg-x11-server-sdk-1.20.3-150100.14.5.36.1 - SUSE CaaS Platform 4.0 (x86_64): xorg-x11-server-1.20.3-150100.14.5.36.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.36.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.36.1 xorg-x11-server-extra-1.20.3-150100.14.5.36.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.36.1 xorg-x11-server-sdk-1.20.3-150100.14.5.36.1 References: https://www.suse.com/security/cve/CVE-2023-0494.html https://bugzilla.suse.com/1207783 From sle-updates at lists.suse.com Tue Feb 7 14:24:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 15:24:37 +0100 (CET) Subject: SUSE-SU-2023:0294-1: important: Security update for apache2 Message-ID: <20230207142437.74F0CF46D@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0294-1 Rating: important References: #1207247 #1207250 #1207251 Cross-References: CVE-2006-20001 CVE-2022-36760 CVE-2022-37436 CVSS scores: CVE-2006-20001 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2006-20001 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-36760 (NVD) : 9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2022-36760 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L CVE-2022-37436 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-37436 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for apache2 fixes the following issues: - CVE-2022-37436: Fixed an issue in mod_proxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body (bsc#1207251). - CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow request smuggling attacks (bsc#1207250). - CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request header could cause memory corruption (bsc#1207247). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-294=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-294=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-294=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-294=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): apache2-2.4.33-150000.3.72.1 apache2-debuginfo-2.4.33-150000.3.72.1 apache2-debugsource-2.4.33-150000.3.72.1 apache2-devel-2.4.33-150000.3.72.1 apache2-prefork-2.4.33-150000.3.72.1 apache2-prefork-debuginfo-2.4.33-150000.3.72.1 apache2-utils-2.4.33-150000.3.72.1 apache2-utils-debuginfo-2.4.33-150000.3.72.1 apache2-worker-2.4.33-150000.3.72.1 apache2-worker-debuginfo-2.4.33-150000.3.72.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): apache2-doc-2.4.33-150000.3.72.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): apache2-2.4.33-150000.3.72.1 apache2-debuginfo-2.4.33-150000.3.72.1 apache2-debugsource-2.4.33-150000.3.72.1 apache2-devel-2.4.33-150000.3.72.1 apache2-prefork-2.4.33-150000.3.72.1 apache2-prefork-debuginfo-2.4.33-150000.3.72.1 apache2-utils-2.4.33-150000.3.72.1 apache2-utils-debuginfo-2.4.33-150000.3.72.1 apache2-worker-2.4.33-150000.3.72.1 apache2-worker-debuginfo-2.4.33-150000.3.72.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): apache2-doc-2.4.33-150000.3.72.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): apache2-2.4.33-150000.3.72.1 apache2-debuginfo-2.4.33-150000.3.72.1 apache2-debugsource-2.4.33-150000.3.72.1 apache2-devel-2.4.33-150000.3.72.1 apache2-prefork-2.4.33-150000.3.72.1 apache2-prefork-debuginfo-2.4.33-150000.3.72.1 apache2-utils-2.4.33-150000.3.72.1 apache2-utils-debuginfo-2.4.33-150000.3.72.1 apache2-worker-2.4.33-150000.3.72.1 apache2-worker-debuginfo-2.4.33-150000.3.72.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): apache2-doc-2.4.33-150000.3.72.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): apache2-2.4.33-150000.3.72.1 apache2-debuginfo-2.4.33-150000.3.72.1 apache2-debugsource-2.4.33-150000.3.72.1 apache2-devel-2.4.33-150000.3.72.1 apache2-prefork-2.4.33-150000.3.72.1 apache2-prefork-debuginfo-2.4.33-150000.3.72.1 apache2-utils-2.4.33-150000.3.72.1 apache2-utils-debuginfo-2.4.33-150000.3.72.1 apache2-worker-2.4.33-150000.3.72.1 apache2-worker-debuginfo-2.4.33-150000.3.72.1 - SUSE Enterprise Storage 6 (noarch): apache2-doc-2.4.33-150000.3.72.1 - SUSE CaaS Platform 4.0 (noarch): apache2-doc-2.4.33-150000.3.72.1 - SUSE CaaS Platform 4.0 (x86_64): apache2-2.4.33-150000.3.72.1 apache2-debuginfo-2.4.33-150000.3.72.1 apache2-debugsource-2.4.33-150000.3.72.1 apache2-devel-2.4.33-150000.3.72.1 apache2-prefork-2.4.33-150000.3.72.1 apache2-prefork-debuginfo-2.4.33-150000.3.72.1 apache2-utils-2.4.33-150000.3.72.1 apache2-utils-debuginfo-2.4.33-150000.3.72.1 apache2-worker-2.4.33-150000.3.72.1 apache2-worker-debuginfo-2.4.33-150000.3.72.1 References: https://www.suse.com/security/cve/CVE-2006-20001.html https://www.suse.com/security/cve/CVE-2022-36760.html https://www.suse.com/security/cve/CVE-2022-37436.html https://bugzilla.suse.com/1207247 https://bugzilla.suse.com/1207250 https://bugzilla.suse.com/1207251 From sle-updates at lists.suse.com Tue Feb 7 14:25:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 15:25:30 +0100 (CET) Subject: SUSE-SU-2023:0286-1: important: Security update for xorg-x11-server Message-ID: <20230207142530.CA423F46D@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0286-1 Rating: important References: #1207783 Cross-References: CVE-2023-0494 CVSS scores: CVE-2023-0494 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-286=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-286=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.19.6-10.43.1 xorg-x11-server-debugsource-1.19.6-10.43.1 xorg-x11-server-sdk-1.19.6-10.43.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-10.43.1 xorg-x11-server-debuginfo-1.19.6-10.43.1 xorg-x11-server-debugsource-1.19.6-10.43.1 xorg-x11-server-extra-1.19.6-10.43.1 xorg-x11-server-extra-debuginfo-1.19.6-10.43.1 References: https://www.suse.com/security/cve/CVE-2023-0494.html https://bugzilla.suse.com/1207783 From sle-updates at lists.suse.com Tue Feb 7 14:26:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 15:26:14 +0100 (CET) Subject: SUSE-SU-2023:0288-1: important: Security update for xorg-x11-server Message-ID: <20230207142614.192E0F46D@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0288-1 Rating: important References: #1207783 Cross-References: CVE-2023-0494 CVSS scores: CVE-2023-0494 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-288=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-288=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-288=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150400.38.16.1 xorg-x11-server-debuginfo-1.20.3-150400.38.16.1 xorg-x11-server-debugsource-1.20.3-150400.38.16.1 xorg-x11-server-extra-1.20.3-150400.38.16.1 xorg-x11-server-extra-debuginfo-1.20.3-150400.38.16.1 xorg-x11-server-sdk-1.20.3-150400.38.16.1 xorg-x11-server-source-1.20.3-150400.38.16.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-150400.38.16.1 xorg-x11-server-debugsource-1.20.3-150400.38.16.1 xorg-x11-server-sdk-1.20.3-150400.38.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150400.38.16.1 xorg-x11-server-debuginfo-1.20.3-150400.38.16.1 xorg-x11-server-debugsource-1.20.3-150400.38.16.1 xorg-x11-server-extra-1.20.3-150400.38.16.1 xorg-x11-server-extra-debuginfo-1.20.3-150400.38.16.1 References: https://www.suse.com/security/cve/CVE-2023-0494.html https://bugzilla.suse.com/1207783 From sle-updates at lists.suse.com Tue Feb 7 14:26:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 15:26:50 +0100 (CET) Subject: SUSE-SU-2022:3198-2: moderate: Security update for php8-pear Message-ID: <20230207142650.243D0F46D@maintenance.suse.de> SUSE Security Update: Security update for php8-pear ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3198-2 Rating: moderate References: SLE-24728 Cross-References: CVE-2021-32610 CVSS scores: CVE-2021-32610 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Affected Products: openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability, contains one feature is now available. Description: This update for php8-pear fixes the following issues: - Add php8-pear to SLE15-SP4 (jsc#SLE-24728) - Update to 1.10.21 - PEAR 1.10.13 * unsupported protocol - use --force to continue * Add $this operator to _determineIfPowerpc calls - Update to 1.10.20 - Archive_Tar 1.4.14 * Properly fix symbolic link path traversal (CVE-2021-32610) - Archive_Tar 1.4.13 * Relative symlinks failing (out-of path file extraction) - Archive_Tar 1.4.12 - Archive_Tar 1.4.11 - Archive_Tar 1.4.10 * Fix block padding when the file buffer length is a multiple of 512 and smaller than Archive_Tar buffer length * Don't try to copy username/groupname in chroot jail - provides and obsoletes php7-pear-Archive_Tar, former location of PEAR/Archive/Tar.php - Update to version 1.10.19 - PEAR 1.10.12 * adjust dependencies based on new releases - XML_Util 1.4.5 * fix Trying to access array offset on value of type int - Update to version 1.10.18 - Remove pear-cacheid-array-check.patch (upstreamed) - Contents of .filemap are now sorted internally - Sort contents of .filemap to make build reproducible - Recommend php7-openssl to allow https sources to be used - Modify metadata_dir for system configuration only - Add /var/lib/pear directory where xml files are stored - Cleanup %files section - Only use the GPG keys of Chuck Burgess. Extracted from the Release Manager public keys. - Add release versions of PEAR modules - Install metadata files (registry, filemap, channels, ...) in /var/lib/pear/ instead of /usr/share/php7/PEAR/ - Update to version 1.10.17 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-291=1 Package List: - openSUSE Leap 15.4 (noarch): php8-pear-1.10.21-150400.9.3.1 php8-pecl-1.10.21-150400.9.3.1 References: https://www.suse.com/security/cve/CVE-2021-32610.html From sle-updates at lists.suse.com Tue Feb 7 17:19:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 18:19:27 +0100 (CET) Subject: SUSE-RU-2023:0297-1: moderate: Recommended update for java-17-openjdk Message-ID: <20230207171927.DB26CFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for java-17-openjdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0297-1 Rating: moderate References: #1205916 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for java-17-openjdk fixes the following issues: - Modified patches: Revert fips patch to a version used with 17.0.4.0 (bsc#1205916) Apply nss-security-provider patch after the fips patch, thus rediff the hunk to changed context. - Fix jconsole.desktop icon Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-297=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-297=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): java-17-openjdk-17.0.5.0-150400.3.9.3 java-17-openjdk-accessibility-17.0.5.0-150400.3.9.3 java-17-openjdk-accessibility-debuginfo-17.0.5.0-150400.3.9.3 java-17-openjdk-debuginfo-17.0.5.0-150400.3.9.3 java-17-openjdk-debugsource-17.0.5.0-150400.3.9.3 java-17-openjdk-demo-17.0.5.0-150400.3.9.3 java-17-openjdk-devel-17.0.5.0-150400.3.9.3 java-17-openjdk-devel-debuginfo-17.0.5.0-150400.3.9.3 java-17-openjdk-headless-17.0.5.0-150400.3.9.3 java-17-openjdk-headless-debuginfo-17.0.5.0-150400.3.9.3 java-17-openjdk-jmods-17.0.5.0-150400.3.9.3 java-17-openjdk-src-17.0.5.0-150400.3.9.3 - openSUSE Leap 15.4 (noarch): java-17-openjdk-javadoc-17.0.5.0-150400.3.9.3 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): java-17-openjdk-17.0.5.0-150400.3.9.3 java-17-openjdk-debuginfo-17.0.5.0-150400.3.9.3 java-17-openjdk-debugsource-17.0.5.0-150400.3.9.3 java-17-openjdk-demo-17.0.5.0-150400.3.9.3 java-17-openjdk-devel-17.0.5.0-150400.3.9.3 java-17-openjdk-devel-debuginfo-17.0.5.0-150400.3.9.3 java-17-openjdk-headless-17.0.5.0-150400.3.9.3 java-17-openjdk-headless-debuginfo-17.0.5.0-150400.3.9.3 References: https://bugzilla.suse.com/1205916 From sle-updates at lists.suse.com Tue Feb 7 17:20:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 18:20:20 +0100 (CET) Subject: SUSE-RU-2023:0298-1: moderate: Recommended update for krb5 Message-ID: <20230207172020.43A29FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0298-1 Rating: moderate References: #1206152 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for krb5 fixes the following issues: - Update logrotate script, call systemd to reload the services instead of init-scripts. (bsc#1206152) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-298=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-298=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-298=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-298=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-298=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-298=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-298=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): krb5-1.12.5-40.46.1 krb5-32bit-1.12.5-40.46.1 krb5-client-1.12.5-40.46.1 krb5-client-debuginfo-1.12.5-40.46.1 krb5-debuginfo-1.12.5-40.46.1 krb5-debuginfo-32bit-1.12.5-40.46.1 krb5-debugsource-1.12.5-40.46.1 krb5-doc-1.12.5-40.46.1 krb5-plugin-kdb-ldap-1.12.5-40.46.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.46.1 krb5-plugin-preauth-otp-1.12.5-40.46.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.46.1 krb5-plugin-preauth-pkinit-1.12.5-40.46.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.46.1 krb5-server-1.12.5-40.46.1 krb5-server-debuginfo-1.12.5-40.46.1 - SUSE OpenStack Cloud 9 (x86_64): krb5-1.12.5-40.46.1 krb5-32bit-1.12.5-40.46.1 krb5-client-1.12.5-40.46.1 krb5-client-debuginfo-1.12.5-40.46.1 krb5-debuginfo-1.12.5-40.46.1 krb5-debuginfo-32bit-1.12.5-40.46.1 krb5-debugsource-1.12.5-40.46.1 krb5-doc-1.12.5-40.46.1 krb5-plugin-kdb-ldap-1.12.5-40.46.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.46.1 krb5-plugin-preauth-otp-1.12.5-40.46.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.46.1 krb5-plugin-preauth-pkinit-1.12.5-40.46.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.46.1 krb5-server-1.12.5-40.46.1 krb5-server-debuginfo-1.12.5-40.46.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.12.5-40.46.1 krb5-debugsource-1.12.5-40.46.1 krb5-devel-1.12.5-40.46.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): krb5-1.12.5-40.46.1 krb5-client-1.12.5-40.46.1 krb5-client-debuginfo-1.12.5-40.46.1 krb5-debuginfo-1.12.5-40.46.1 krb5-debugsource-1.12.5-40.46.1 krb5-doc-1.12.5-40.46.1 krb5-plugin-kdb-ldap-1.12.5-40.46.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.46.1 krb5-plugin-preauth-otp-1.12.5-40.46.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.46.1 krb5-plugin-preauth-pkinit-1.12.5-40.46.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.46.1 krb5-server-1.12.5-40.46.1 krb5-server-debuginfo-1.12.5-40.46.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): krb5-32bit-1.12.5-40.46.1 krb5-debuginfo-32bit-1.12.5-40.46.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): krb5-1.12.5-40.46.1 krb5-client-1.12.5-40.46.1 krb5-client-debuginfo-1.12.5-40.46.1 krb5-debuginfo-1.12.5-40.46.1 krb5-debugsource-1.12.5-40.46.1 krb5-doc-1.12.5-40.46.1 krb5-plugin-kdb-ldap-1.12.5-40.46.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.46.1 krb5-plugin-preauth-otp-1.12.5-40.46.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.46.1 krb5-plugin-preauth-pkinit-1.12.5-40.46.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.46.1 krb5-server-1.12.5-40.46.1 krb5-server-debuginfo-1.12.5-40.46.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): krb5-32bit-1.12.5-40.46.1 krb5-debuginfo-32bit-1.12.5-40.46.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): krb5-1.12.5-40.46.1 krb5-client-1.12.5-40.46.1 krb5-client-debuginfo-1.12.5-40.46.1 krb5-debuginfo-1.12.5-40.46.1 krb5-debugsource-1.12.5-40.46.1 krb5-doc-1.12.5-40.46.1 krb5-plugin-kdb-ldap-1.12.5-40.46.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.46.1 krb5-plugin-preauth-otp-1.12.5-40.46.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.46.1 krb5-plugin-preauth-pkinit-1.12.5-40.46.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.46.1 krb5-server-1.12.5-40.46.1 krb5-server-debuginfo-1.12.5-40.46.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): krb5-32bit-1.12.5-40.46.1 krb5-debuginfo-32bit-1.12.5-40.46.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): krb5-1.12.5-40.46.1 krb5-32bit-1.12.5-40.46.1 krb5-client-1.12.5-40.46.1 krb5-client-debuginfo-1.12.5-40.46.1 krb5-debuginfo-1.12.5-40.46.1 krb5-debuginfo-32bit-1.12.5-40.46.1 krb5-debugsource-1.12.5-40.46.1 krb5-doc-1.12.5-40.46.1 krb5-plugin-kdb-ldap-1.12.5-40.46.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.46.1 krb5-plugin-preauth-otp-1.12.5-40.46.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.46.1 krb5-plugin-preauth-pkinit-1.12.5-40.46.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.46.1 krb5-server-1.12.5-40.46.1 krb5-server-debuginfo-1.12.5-40.46.1 References: https://bugzilla.suse.com/1206152 From sle-updates at lists.suse.com Tue Feb 7 17:21:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 18:21:12 +0100 (CET) Subject: SUSE-RU-2023:0299-1: moderate: Recommended update for golang-packaging Message-ID: <20230207172112.67402FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for golang-packaging ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0299-1 Rating: moderate References: PED-1344 Affected Products: openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for golang-packaging fixes the following issue: - Update to version 15.0.17 Add *.proto to the list of src files. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-299=1 Package List: - openSUSE Leap 15.4 (noarch): golang-packaging-15.0.17-150000.3.12.1 References: From sle-updates at lists.suse.com Tue Feb 7 17:21:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 18:21:44 +0100 (CET) Subject: SUSE-RU-2023:0296-1: Recommended update for SLES_SAP-release Message-ID: <20230207172144.7BE53FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for SLES_SAP-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0296-1 Rating: low References: MSC-534 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for SLES_SAP-release provides the following fix: - Adjust the EOL date for the product. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-296=1 Package List: - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): SLES_SAP-release-15.3-150300.7.4.2 References: From sle-updates at lists.suse.com Tue Feb 7 17:22:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 18:22:19 +0100 (CET) Subject: SUSE-SU-2023:0301-1: important: Security update for sssd Message-ID: <20230207172219.9A9D5FCC9@maintenance.suse.de> SUSE Security Update: Security update for sssd ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0301-1 Rating: important References: #1203583 #1207474 Cross-References: CVE-2022-4254 CVSS scores: CVE-2022-4254 (SUSE): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for sssd fixes the following issues: - CVE-2022-4254: Fixed a bug in libsss_certmap which could allow an attacker to gain control of the admin account and perform a full domain takeover. (bsc#1207474) - Move systemd RPM macros managing the service from 'sssd-common' to 'sssd' package (bsc#1203583) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-301=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-301=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-7.49.1 libsss_idmap-devel-1.16.1-7.49.1 libsss_nss_idmap-devel-1.16.1-7.49.1 sssd-debugsource-1.16.1-7.49.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libipa_hbac0-1.16.1-7.49.1 libipa_hbac0-debuginfo-1.16.1-7.49.1 libsss_certmap0-1.16.1-7.49.1 libsss_certmap0-debuginfo-1.16.1-7.49.1 libsss_idmap0-1.16.1-7.49.1 libsss_idmap0-debuginfo-1.16.1-7.49.1 libsss_nss_idmap0-1.16.1-7.49.1 libsss_nss_idmap0-debuginfo-1.16.1-7.49.1 libsss_simpleifp0-1.16.1-7.49.1 libsss_simpleifp0-debuginfo-1.16.1-7.49.1 python-sssd-config-1.16.1-7.49.1 python-sssd-config-debuginfo-1.16.1-7.49.1 sssd-1.16.1-7.49.1 sssd-ad-1.16.1-7.49.1 sssd-ad-debuginfo-1.16.1-7.49.1 sssd-common-1.16.1-7.49.1 sssd-common-debuginfo-1.16.1-7.49.1 sssd-dbus-1.16.1-7.49.1 sssd-dbus-debuginfo-1.16.1-7.49.1 sssd-debugsource-1.16.1-7.49.1 sssd-ipa-1.16.1-7.49.1 sssd-ipa-debuginfo-1.16.1-7.49.1 sssd-krb5-1.16.1-7.49.1 sssd-krb5-common-1.16.1-7.49.1 sssd-krb5-common-debuginfo-1.16.1-7.49.1 sssd-krb5-debuginfo-1.16.1-7.49.1 sssd-ldap-1.16.1-7.49.1 sssd-ldap-debuginfo-1.16.1-7.49.1 sssd-proxy-1.16.1-7.49.1 sssd-proxy-debuginfo-1.16.1-7.49.1 sssd-tools-1.16.1-7.49.1 sssd-tools-debuginfo-1.16.1-7.49.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): sssd-common-32bit-1.16.1-7.49.1 sssd-common-debuginfo-32bit-1.16.1-7.49.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): libsss_nss_idmap-devel-1.16.1-7.49.1 References: https://www.suse.com/security/cve/CVE-2022-4254.html https://bugzilla.suse.com/1203583 https://bugzilla.suse.com/1207474 From sle-updates at lists.suse.com Tue Feb 7 17:23:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 18:23:12 +0100 (CET) Subject: SUSE-SU-2023:0300-1: important: Security update for sssd Message-ID: <20230207172312.93D12FCC9@maintenance.suse.de> SUSE Security Update: Security update for sssd ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0300-1 Rating: important References: #1207474 Cross-References: CVE-2022-4254 CVSS scores: CVE-2022-4254 (SUSE): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sssd fixes the following issues: - CVE-2022-4254: Fixed a bug in libsss_certmap which could allow an attacker to gain control of the admin account and perform a full domain takeover. (bsc#1207474) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-300=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-300=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-300=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-300=1 Package List: - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libipa_hbac-devel-1.16.1-150200.17.26.1 libipa_hbac0-1.16.1-150200.17.26.1 libipa_hbac0-debuginfo-1.16.1-150200.17.26.1 libsss_certmap-devel-1.16.1-150200.17.26.1 libsss_certmap0-1.16.1-150200.17.26.1 libsss_certmap0-debuginfo-1.16.1-150200.17.26.1 libsss_idmap-devel-1.16.1-150200.17.26.1 libsss_idmap0-1.16.1-150200.17.26.1 libsss_idmap0-debuginfo-1.16.1-150200.17.26.1 libsss_nss_idmap-devel-1.16.1-150200.17.26.1 libsss_nss_idmap0-1.16.1-150200.17.26.1 libsss_nss_idmap0-debuginfo-1.16.1-150200.17.26.1 libsss_simpleifp-devel-1.16.1-150200.17.26.1 libsss_simpleifp0-1.16.1-150200.17.26.1 libsss_simpleifp0-debuginfo-1.16.1-150200.17.26.1 python3-sssd-config-1.16.1-150200.17.26.1 python3-sssd-config-debuginfo-1.16.1-150200.17.26.1 sssd-1.16.1-150200.17.26.1 sssd-ad-1.16.1-150200.17.26.1 sssd-ad-debuginfo-1.16.1-150200.17.26.1 sssd-common-1.16.1-150200.17.26.1 sssd-common-debuginfo-1.16.1-150200.17.26.1 sssd-dbus-1.16.1-150200.17.26.1 sssd-dbus-debuginfo-1.16.1-150200.17.26.1 sssd-debugsource-1.16.1-150200.17.26.1 sssd-ipa-1.16.1-150200.17.26.1 sssd-ipa-debuginfo-1.16.1-150200.17.26.1 sssd-krb5-1.16.1-150200.17.26.1 sssd-krb5-common-1.16.1-150200.17.26.1 sssd-krb5-common-debuginfo-1.16.1-150200.17.26.1 sssd-krb5-debuginfo-1.16.1-150200.17.26.1 sssd-ldap-1.16.1-150200.17.26.1 sssd-ldap-debuginfo-1.16.1-150200.17.26.1 sssd-proxy-1.16.1-150200.17.26.1 sssd-proxy-debuginfo-1.16.1-150200.17.26.1 sssd-tools-1.16.1-150200.17.26.1 sssd-tools-debuginfo-1.16.1-150200.17.26.1 sssd-winbind-idmap-1.16.1-150200.17.26.1 sssd-winbind-idmap-debuginfo-1.16.1-150200.17.26.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): sssd-common-32bit-1.16.1-150200.17.26.1 sssd-common-32bit-debuginfo-1.16.1-150200.17.26.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-150200.17.26.1 libipa_hbac0-1.16.1-150200.17.26.1 libipa_hbac0-debuginfo-1.16.1-150200.17.26.1 libsss_certmap-devel-1.16.1-150200.17.26.1 libsss_certmap0-1.16.1-150200.17.26.1 libsss_certmap0-debuginfo-1.16.1-150200.17.26.1 libsss_idmap-devel-1.16.1-150200.17.26.1 libsss_idmap0-1.16.1-150200.17.26.1 libsss_idmap0-debuginfo-1.16.1-150200.17.26.1 libsss_nss_idmap-devel-1.16.1-150200.17.26.1 libsss_nss_idmap0-1.16.1-150200.17.26.1 libsss_nss_idmap0-debuginfo-1.16.1-150200.17.26.1 libsss_simpleifp-devel-1.16.1-150200.17.26.1 libsss_simpleifp0-1.16.1-150200.17.26.1 libsss_simpleifp0-debuginfo-1.16.1-150200.17.26.1 python3-sssd-config-1.16.1-150200.17.26.1 python3-sssd-config-debuginfo-1.16.1-150200.17.26.1 sssd-1.16.1-150200.17.26.1 sssd-ad-1.16.1-150200.17.26.1 sssd-ad-debuginfo-1.16.1-150200.17.26.1 sssd-common-1.16.1-150200.17.26.1 sssd-common-debuginfo-1.16.1-150200.17.26.1 sssd-dbus-1.16.1-150200.17.26.1 sssd-dbus-debuginfo-1.16.1-150200.17.26.1 sssd-debugsource-1.16.1-150200.17.26.1 sssd-ipa-1.16.1-150200.17.26.1 sssd-ipa-debuginfo-1.16.1-150200.17.26.1 sssd-krb5-1.16.1-150200.17.26.1 sssd-krb5-common-1.16.1-150200.17.26.1 sssd-krb5-common-debuginfo-1.16.1-150200.17.26.1 sssd-krb5-debuginfo-1.16.1-150200.17.26.1 sssd-ldap-1.16.1-150200.17.26.1 sssd-ldap-debuginfo-1.16.1-150200.17.26.1 sssd-proxy-1.16.1-150200.17.26.1 sssd-proxy-debuginfo-1.16.1-150200.17.26.1 sssd-tools-1.16.1-150200.17.26.1 sssd-tools-debuginfo-1.16.1-150200.17.26.1 sssd-winbind-idmap-1.16.1-150200.17.26.1 sssd-winbind-idmap-debuginfo-1.16.1-150200.17.26.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): sssd-common-32bit-1.16.1-150200.17.26.1 sssd-common-32bit-debuginfo-1.16.1-150200.17.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libipa_hbac-devel-1.16.1-150200.17.26.1 libipa_hbac0-1.16.1-150200.17.26.1 libipa_hbac0-debuginfo-1.16.1-150200.17.26.1 libsss_certmap-devel-1.16.1-150200.17.26.1 libsss_certmap0-1.16.1-150200.17.26.1 libsss_certmap0-debuginfo-1.16.1-150200.17.26.1 libsss_idmap-devel-1.16.1-150200.17.26.1 libsss_idmap0-1.16.1-150200.17.26.1 libsss_idmap0-debuginfo-1.16.1-150200.17.26.1 libsss_nss_idmap-devel-1.16.1-150200.17.26.1 libsss_nss_idmap0-1.16.1-150200.17.26.1 libsss_nss_idmap0-debuginfo-1.16.1-150200.17.26.1 libsss_simpleifp-devel-1.16.1-150200.17.26.1 libsss_simpleifp0-1.16.1-150200.17.26.1 libsss_simpleifp0-debuginfo-1.16.1-150200.17.26.1 python3-sssd-config-1.16.1-150200.17.26.1 python3-sssd-config-debuginfo-1.16.1-150200.17.26.1 sssd-1.16.1-150200.17.26.1 sssd-ad-1.16.1-150200.17.26.1 sssd-ad-debuginfo-1.16.1-150200.17.26.1 sssd-common-1.16.1-150200.17.26.1 sssd-common-debuginfo-1.16.1-150200.17.26.1 sssd-dbus-1.16.1-150200.17.26.1 sssd-dbus-debuginfo-1.16.1-150200.17.26.1 sssd-debugsource-1.16.1-150200.17.26.1 sssd-ipa-1.16.1-150200.17.26.1 sssd-ipa-debuginfo-1.16.1-150200.17.26.1 sssd-krb5-1.16.1-150200.17.26.1 sssd-krb5-common-1.16.1-150200.17.26.1 sssd-krb5-common-debuginfo-1.16.1-150200.17.26.1 sssd-krb5-debuginfo-1.16.1-150200.17.26.1 sssd-ldap-1.16.1-150200.17.26.1 sssd-ldap-debuginfo-1.16.1-150200.17.26.1 sssd-proxy-1.16.1-150200.17.26.1 sssd-proxy-debuginfo-1.16.1-150200.17.26.1 sssd-tools-1.16.1-150200.17.26.1 sssd-tools-debuginfo-1.16.1-150200.17.26.1 sssd-winbind-idmap-1.16.1-150200.17.26.1 sssd-winbind-idmap-debuginfo-1.16.1-150200.17.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): sssd-common-32bit-1.16.1-150200.17.26.1 sssd-common-32bit-debuginfo-1.16.1-150200.17.26.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libipa_hbac-devel-1.16.1-150200.17.26.1 libipa_hbac0-1.16.1-150200.17.26.1 libipa_hbac0-debuginfo-1.16.1-150200.17.26.1 libsss_certmap-devel-1.16.1-150200.17.26.1 libsss_certmap0-1.16.1-150200.17.26.1 libsss_certmap0-debuginfo-1.16.1-150200.17.26.1 libsss_idmap-devel-1.16.1-150200.17.26.1 libsss_idmap0-1.16.1-150200.17.26.1 libsss_idmap0-debuginfo-1.16.1-150200.17.26.1 libsss_nss_idmap-devel-1.16.1-150200.17.26.1 libsss_nss_idmap0-1.16.1-150200.17.26.1 libsss_nss_idmap0-debuginfo-1.16.1-150200.17.26.1 libsss_simpleifp-devel-1.16.1-150200.17.26.1 libsss_simpleifp0-1.16.1-150200.17.26.1 libsss_simpleifp0-debuginfo-1.16.1-150200.17.26.1 python3-sssd-config-1.16.1-150200.17.26.1 python3-sssd-config-debuginfo-1.16.1-150200.17.26.1 sssd-1.16.1-150200.17.26.1 sssd-ad-1.16.1-150200.17.26.1 sssd-ad-debuginfo-1.16.1-150200.17.26.1 sssd-common-1.16.1-150200.17.26.1 sssd-common-debuginfo-1.16.1-150200.17.26.1 sssd-dbus-1.16.1-150200.17.26.1 sssd-dbus-debuginfo-1.16.1-150200.17.26.1 sssd-debugsource-1.16.1-150200.17.26.1 sssd-ipa-1.16.1-150200.17.26.1 sssd-ipa-debuginfo-1.16.1-150200.17.26.1 sssd-krb5-1.16.1-150200.17.26.1 sssd-krb5-common-1.16.1-150200.17.26.1 sssd-krb5-common-debuginfo-1.16.1-150200.17.26.1 sssd-krb5-debuginfo-1.16.1-150200.17.26.1 sssd-ldap-1.16.1-150200.17.26.1 sssd-ldap-debuginfo-1.16.1-150200.17.26.1 sssd-proxy-1.16.1-150200.17.26.1 sssd-proxy-debuginfo-1.16.1-150200.17.26.1 sssd-tools-1.16.1-150200.17.26.1 sssd-tools-debuginfo-1.16.1-150200.17.26.1 sssd-winbind-idmap-1.16.1-150200.17.26.1 sssd-winbind-idmap-debuginfo-1.16.1-150200.17.26.1 - SUSE Enterprise Storage 7 (x86_64): sssd-common-32bit-1.16.1-150200.17.26.1 sssd-common-32bit-debuginfo-1.16.1-150200.17.26.1 References: https://www.suse.com/security/cve/CVE-2022-4254.html https://bugzilla.suse.com/1207474 From sle-updates at lists.suse.com Tue Feb 7 20:20:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 21:20:10 +0100 (CET) Subject: SUSE-RU-2023:0302-1: moderate: Recommended update for libpulp Message-ID: <20230207202010.6B4C7FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for libpulp ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0302-1 Rating: moderate References: PED-1078 Affected Products: openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for libpulp fixes the following issues: Update package with libpulp-0.2.7: * Add support to library to JSON library dumps, Removing any requirement of adding the original library .so file into the livepatch build tarball. * Update the ulp post hook script for transactional systems (jsc#PED-1078). * Add `setup_package.sh` as part of libpulp tools. Update package with libpulp-0.2.6 * Add new `-R` option to specify a prefix root for livepatches (jsc#PED-1078). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-302=1 Package List: - openSUSE Leap 15.4 (x86_64): libpulp-debuginfo-0.2.7-150400.3.9.1 libpulp-debugsource-0.2.7-150400.3.9.1 libpulp-tools-0.2.7-150400.3.9.1 libpulp-tools-debuginfo-0.2.7-150400.3.9.1 libpulp0-0.2.7-150400.3.9.1 libpulp0-debuginfo-0.2.7-150400.3.9.1 References: From sle-updates at lists.suse.com Tue Feb 7 20:20:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 21:20:55 +0100 (CET) Subject: SUSE-SU-2023:0312-1: important: Security update for openssl-3 Message-ID: <20230207202055.3FD5EFCC9@maintenance.suse.de> SUSE Security Update: Security update for openssl-3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0312-1 Rating: important References: #1195149 #1206222 #1207533 #1207534 #1207535 #1207536 #1207538 #1207539 #1207540 #1207541 Cross-References: CVE-2022-4203 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0216 CVE-2023-0217 CVE-2023-0286 CVE-2023-0401 CVSS scores: CVE-2022-4203 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-4304 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-4450 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-0215 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-0216 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-0217 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-0286 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2023-0401 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has two fixes is now available. Description: This update for openssl-3 fixes the following issues: Security fixes: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0401: Fixed NULL pointer dereference during PKCS7 data verification (bsc#1207541). - CVE-2023-0217: Fixed NULL pointer dereference validating DSA public key (bsc#1207540). - CVE-2023-0216: Fixed invalid pointer dereference in d2i_PKCS7 functions (bsc#1207539). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - CVE-2022-4203: Fixed read Buffer Overflow with X.509 Name Constraints (bsc#1207535). Non-security fixes: - Fix SHA, SHAKE, KECCAK ASM and EC ASM flag passing (bsc#1206222). - Enable zlib compression support (bsc#1195149). - Add crypto-policies dependency. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-312=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-312=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libopenssl-3-devel-3.0.1-150400.4.17.1 libopenssl3-3.0.1-150400.4.17.1 libopenssl3-debuginfo-3.0.1-150400.4.17.1 openssl-3-3.0.1-150400.4.17.1 openssl-3-debuginfo-3.0.1-150400.4.17.1 openssl-3-debugsource-3.0.1-150400.4.17.1 - openSUSE Leap 15.4 (x86_64): libopenssl-3-devel-32bit-3.0.1-150400.4.17.1 libopenssl3-32bit-3.0.1-150400.4.17.1 libopenssl3-32bit-debuginfo-3.0.1-150400.4.17.1 - openSUSE Leap 15.4 (noarch): openssl-3-doc-3.0.1-150400.4.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-3-devel-3.0.1-150400.4.17.1 libopenssl3-3.0.1-150400.4.17.1 libopenssl3-debuginfo-3.0.1-150400.4.17.1 openssl-3-3.0.1-150400.4.17.1 openssl-3-debuginfo-3.0.1-150400.4.17.1 openssl-3-debugsource-3.0.1-150400.4.17.1 References: https://www.suse.com/security/cve/CVE-2022-4203.html https://www.suse.com/security/cve/CVE-2022-4304.html https://www.suse.com/security/cve/CVE-2022-4450.html https://www.suse.com/security/cve/CVE-2023-0215.html https://www.suse.com/security/cve/CVE-2023-0216.html https://www.suse.com/security/cve/CVE-2023-0217.html https://www.suse.com/security/cve/CVE-2023-0286.html https://www.suse.com/security/cve/CVE-2023-0401.html https://bugzilla.suse.com/1195149 https://bugzilla.suse.com/1206222 https://bugzilla.suse.com/1207533 https://bugzilla.suse.com/1207534 https://bugzilla.suse.com/1207535 https://bugzilla.suse.com/1207536 https://bugzilla.suse.com/1207538 https://bugzilla.suse.com/1207539 https://bugzilla.suse.com/1207540 https://bugzilla.suse.com/1207541 From sle-updates at lists.suse.com Tue Feb 7 20:22:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 21:22:35 +0100 (CET) Subject: SUSE-SU-2023:0308-1: important: Security update for openssl-1_1 Message-ID: <20230207202235.8DA0FFCC9@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0308-1 Rating: important References: #1207533 #1207534 #1207536 Cross-References: CVE-2022-4304 CVE-2023-0215 CVE-2023-0286 CVSS scores: CVE-2022-4304 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2023-0215 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-0286 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-308=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-308=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-308=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.42.1 libopenssl1_1-1.1.0i-150100.14.42.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.42.1 libopenssl1_1-hmac-1.1.0i-150100.14.42.1 openssl-1_1-1.1.0i-150100.14.42.1 openssl-1_1-debuginfo-1.1.0i-150100.14.42.1 openssl-1_1-debugsource-1.1.0i-150100.14.42.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-150100.14.42.1 libopenssl1_1-32bit-1.1.0i-150100.14.42.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.42.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.42.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.42.1 libopenssl1_1-1.1.0i-150100.14.42.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.42.1 libopenssl1_1-hmac-1.1.0i-150100.14.42.1 openssl-1_1-1.1.0i-150100.14.42.1 openssl-1_1-debuginfo-1.1.0i-150100.14.42.1 openssl-1_1-debugsource-1.1.0i-150100.14.42.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-150100.14.42.1 libopenssl1_1-32bit-1.1.0i-150100.14.42.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.42.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.42.1 libopenssl1_1-1.1.0i-150100.14.42.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.42.1 libopenssl1_1-hmac-1.1.0i-150100.14.42.1 openssl-1_1-1.1.0i-150100.14.42.1 openssl-1_1-debuginfo-1.1.0i-150100.14.42.1 openssl-1_1-debugsource-1.1.0i-150100.14.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-150100.14.42.1 libopenssl1_1-32bit-1.1.0i-150100.14.42.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.42.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.42.1 - SUSE CaaS Platform 4.0 (x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.42.1 libopenssl-1_1-devel-32bit-1.1.0i-150100.14.42.1 libopenssl1_1-1.1.0i-150100.14.42.1 libopenssl1_1-32bit-1.1.0i-150100.14.42.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.42.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.42.1 libopenssl1_1-hmac-1.1.0i-150100.14.42.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.42.1 openssl-1_1-1.1.0i-150100.14.42.1 openssl-1_1-debuginfo-1.1.0i-150100.14.42.1 openssl-1_1-debugsource-1.1.0i-150100.14.42.1 References: https://www.suse.com/security/cve/CVE-2022-4304.html https://www.suse.com/security/cve/CVE-2023-0215.html https://www.suse.com/security/cve/CVE-2023-0286.html https://bugzilla.suse.com/1207533 https://bugzilla.suse.com/1207534 https://bugzilla.suse.com/1207536 From sle-updates at lists.suse.com Tue Feb 7 20:23:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 21:23:32 +0100 (CET) Subject: SUSE-SU-2023:0307-1: important: Security update for openssl1 Message-ID: <20230207202332.C424AFCC9@maintenance.suse.de> SUSE Security Update: Security update for openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0307-1 Rating: important References: #1207533 #1207534 #1207536 Cross-References: CVE-2022-4304 CVE-2023-0215 CVE-2023-0286 CVSS scores: CVE-2022-4304 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2023-0215 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-0286 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS-EXTREME-CORE ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for openssl1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS-EXTREME-CORE: zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-307=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS-EXTREME-CORE (x86_64): libopenssl1-devel-1.0.1g-0.58.56.1 libopenssl1_0_0-1.0.1g-0.58.56.1 libopenssl1_0_0-32bit-1.0.1g-0.58.56.1 openssl1-1.0.1g-0.58.56.1 openssl1-doc-1.0.1g-0.58.56.1 References: https://www.suse.com/security/cve/CVE-2022-4304.html https://www.suse.com/security/cve/CVE-2023-0215.html https://www.suse.com/security/cve/CVE-2023-0286.html https://bugzilla.suse.com/1207533 https://bugzilla.suse.com/1207534 https://bugzilla.suse.com/1207536 From sle-updates at lists.suse.com Tue Feb 7 20:24:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 21:24:50 +0100 (CET) Subject: SUSE-SU-2023:0305-1: important: Security update for openssl-1_0_0 Message-ID: <20230207202450.CA6ECFCC9@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0305-1 Rating: important References: #1207533 #1207534 #1207536 Cross-References: CVE-2022-4304 CVE-2023-0215 CVE-2023-0286 CVSS scores: CVE-2022-4304 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2023-0215 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-0286 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for openssl-1_0_0 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-305=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-305=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-305=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-305=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-305=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-305=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-305=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-305=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-305=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-305=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-305=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-305=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 libopenssl10-1.0.2p-150000.3.65.1 libopenssl10-debuginfo-1.0.2p-150000.3.65.1 libopenssl1_0_0-1.0.2p-150000.3.65.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 libopenssl1_0_0-hmac-1.0.2p-150000.3.65.1 libopenssl1_0_0-steam-1.0.2p-150000.3.65.1 libopenssl1_0_0-steam-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-1.0.2p-150000.3.65.1 openssl-1_0_0-cavs-1.0.2p-150000.3.65.1 openssl-1_0_0-cavs-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 - openSUSE Leap 15.4 (x86_64): libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.65.1 libopenssl1_0_0-32bit-1.0.2p-150000.3.65.1 libopenssl1_0_0-32bit-debuginfo-1.0.2p-150000.3.65.1 libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.65.1 libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.65.1 libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-150000.3.65.1 - openSUSE Leap 15.4 (noarch): openssl-1_0_0-doc-1.0.2p-150000.3.65.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 libopenssl10-1.0.2p-150000.3.65.1 libopenssl10-debuginfo-1.0.2p-150000.3.65.1 libopenssl1_0_0-1.0.2p-150000.3.65.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-1.0.2p-150000.3.65.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 libopenssl1_0_0-1.0.2p-150000.3.65.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-1.0.2p-150000.3.65.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 libopenssl1_0_0-1.0.2p-150000.3.65.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-1.0.2p-150000.3.65.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 libopenssl10-1.0.2p-150000.3.65.1 libopenssl10-debuginfo-1.0.2p-150000.3.65.1 libopenssl1_0_0-1.0.2p-150000.3.65.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-1.0.2p-150000.3.65.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 libopenssl1_0_0-1.0.2p-150000.3.65.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-1.0.2p-150000.3.65.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 libopenssl1_0_0-1.0.2p-150000.3.65.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-1.0.2p-150000.3.65.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 libopenssl10-1.0.2p-150000.3.65.1 libopenssl10-debuginfo-1.0.2p-150000.3.65.1 libopenssl1_0_0-1.0.2p-150000.3.65.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-1.0.2p-150000.3.65.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 libopenssl10-1.0.2p-150000.3.65.1 libopenssl10-debuginfo-1.0.2p-150000.3.65.1 libopenssl1_0_0-1.0.2p-150000.3.65.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-1.0.2p-150000.3.65.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 libopenssl10-1.0.2p-150000.3.65.1 libopenssl10-debuginfo-1.0.2p-150000.3.65.1 libopenssl1_0_0-1.0.2p-150000.3.65.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-1.0.2p-150000.3.65.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 libopenssl10-1.0.2p-150000.3.65.1 libopenssl10-debuginfo-1.0.2p-150000.3.65.1 libopenssl1_0_0-1.0.2p-150000.3.65.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-1.0.2p-150000.3.65.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 libopenssl1_0_0-1.0.2p-150000.3.65.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-1.0.2p-150000.3.65.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 - SUSE CaaS Platform 4.0 (x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 libopenssl1_0_0-1.0.2p-150000.3.65.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-1.0.2p-150000.3.65.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 References: https://www.suse.com/security/cve/CVE-2022-4304.html https://www.suse.com/security/cve/CVE-2023-0215.html https://www.suse.com/security/cve/CVE-2023-0286.html https://bugzilla.suse.com/1207533 https://bugzilla.suse.com/1207534 https://bugzilla.suse.com/1207536 From sle-updates at lists.suse.com Tue Feb 7 20:26:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 21:26:23 +0100 (CET) Subject: SUSE-SU-2023:0311-1: important: Security update for openssl-1_1 Message-ID: <20230207202623.B3F6EFCC9@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0311-1 Rating: important References: #1207533 #1207534 #1207536 #1207538 Cross-References: CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 CVSS scores: CVE-2022-4304 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-4450 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-0215 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-0286 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-311=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-311=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-311=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-311=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): libopenssl-1_1-devel-1.1.1l-150400.7.22.1 libopenssl1_1-1.1.1l-150400.7.22.1 libopenssl1_1-debuginfo-1.1.1l-150400.7.22.1 libopenssl1_1-hmac-1.1.1l-150400.7.22.1 openssl-1_1-1.1.1l-150400.7.22.1 openssl-1_1-debuginfo-1.1.1l-150400.7.22.1 openssl-1_1-debugsource-1.1.1l-150400.7.22.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1l-150400.7.22.1 libopenssl1_1-1.1.1l-150400.7.22.1 libopenssl1_1-debuginfo-1.1.1l-150400.7.22.1 libopenssl1_1-hmac-1.1.1l-150400.7.22.1 openssl-1_1-1.1.1l-150400.7.22.1 openssl-1_1-debuginfo-1.1.1l-150400.7.22.1 openssl-1_1-debugsource-1.1.1l-150400.7.22.1 - openSUSE Leap 15.4 (x86_64): libopenssl-1_1-devel-32bit-1.1.1l-150400.7.22.1 libopenssl1_1-32bit-1.1.1l-150400.7.22.1 libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.22.1 libopenssl1_1-hmac-32bit-1.1.1l-150400.7.22.1 - openSUSE Leap 15.4 (noarch): openssl-1_1-doc-1.1.1l-150400.7.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1l-150400.7.22.1 libopenssl1_1-1.1.1l-150400.7.22.1 libopenssl1_1-debuginfo-1.1.1l-150400.7.22.1 libopenssl1_1-hmac-1.1.1l-150400.7.22.1 openssl-1_1-1.1.1l-150400.7.22.1 openssl-1_1-debuginfo-1.1.1l-150400.7.22.1 openssl-1_1-debugsource-1.1.1l-150400.7.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libopenssl-1_1-devel-32bit-1.1.1l-150400.7.22.1 libopenssl1_1-32bit-1.1.1l-150400.7.22.1 libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.22.1 libopenssl1_1-hmac-32bit-1.1.1l-150400.7.22.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libopenssl-1_1-devel-1.1.1l-150400.7.22.1 libopenssl1_1-1.1.1l-150400.7.22.1 libopenssl1_1-debuginfo-1.1.1l-150400.7.22.1 libopenssl1_1-hmac-1.1.1l-150400.7.22.1 openssl-1_1-1.1.1l-150400.7.22.1 openssl-1_1-debuginfo-1.1.1l-150400.7.22.1 openssl-1_1-debugsource-1.1.1l-150400.7.22.1 References: https://www.suse.com/security/cve/CVE-2022-4304.html https://www.suse.com/security/cve/CVE-2022-4450.html https://www.suse.com/security/cve/CVE-2023-0215.html https://www.suse.com/security/cve/CVE-2023-0286.html https://bugzilla.suse.com/1207533 https://bugzilla.suse.com/1207534 https://bugzilla.suse.com/1207536 https://bugzilla.suse.com/1207538 From sle-updates at lists.suse.com Tue Feb 7 20:27:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 21:27:46 +0100 (CET) Subject: SUSE-SU-2023:0306-1: important: Security update for openssl-1_0_0 Message-ID: <20230207202746.79A1FFCC9@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0306-1 Rating: important References: #1201627 #1207533 #1207534 #1207536 Cross-References: CVE-2022-4304 CVE-2023-0215 CVE-2023-0286 CVSS scores: CVE-2022-4304 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2023-0215 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-0286 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for openssl-1_0_0 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - testsuite: Update further expiring certificates that affect tests [bsc#1201627] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-306=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-306=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-306=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-306=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-306=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-306=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.64.1 libopenssl1_0_0-1.0.2p-3.64.1 libopenssl1_0_0-32bit-1.0.2p-3.64.1 libopenssl1_0_0-debuginfo-1.0.2p-3.64.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.64.1 libopenssl1_0_0-hmac-1.0.2p-3.64.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.64.1 openssl-1_0_0-1.0.2p-3.64.1 openssl-1_0_0-debuginfo-1.0.2p-3.64.1 openssl-1_0_0-debugsource-1.0.2p-3.64.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): openssl-1_0_0-doc-1.0.2p-3.64.1 - SUSE OpenStack Cloud 9 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.64.1 libopenssl1_0_0-1.0.2p-3.64.1 libopenssl1_0_0-32bit-1.0.2p-3.64.1 libopenssl1_0_0-debuginfo-1.0.2p-3.64.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.64.1 libopenssl1_0_0-hmac-1.0.2p-3.64.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.64.1 openssl-1_0_0-1.0.2p-3.64.1 openssl-1_0_0-debuginfo-1.0.2p-3.64.1 openssl-1_0_0-debugsource-1.0.2p-3.64.1 - SUSE OpenStack Cloud 9 (noarch): openssl-1_0_0-doc-1.0.2p-3.64.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.64.1 openssl-1_0_0-debuginfo-1.0.2p-3.64.1 openssl-1_0_0-debugsource-1.0.2p-3.64.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): libopenssl-1_0_0-devel-32bit-1.0.2p-3.64.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-3.64.1 libopenssl1_0_0-1.0.2p-3.64.1 libopenssl1_0_0-debuginfo-1.0.2p-3.64.1 libopenssl1_0_0-hmac-1.0.2p-3.64.1 openssl-1_0_0-1.0.2p-3.64.1 openssl-1_0_0-debuginfo-1.0.2p-3.64.1 openssl-1_0_0-debugsource-1.0.2p-3.64.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libopenssl1_0_0-32bit-1.0.2p-3.64.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.64.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.64.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): openssl-1_0_0-doc-1.0.2p-3.64.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.64.1 libopenssl1_0_0-1.0.2p-3.64.1 libopenssl1_0_0-debuginfo-1.0.2p-3.64.1 libopenssl1_0_0-hmac-1.0.2p-3.64.1 openssl-1_0_0-1.0.2p-3.64.1 openssl-1_0_0-debuginfo-1.0.2p-3.64.1 openssl-1_0_0-debugsource-1.0.2p-3.64.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libopenssl1_0_0-32bit-1.0.2p-3.64.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.64.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.64.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): openssl-1_0_0-doc-1.0.2p-3.64.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.64.1 libopenssl1_0_0-1.0.2p-3.64.1 libopenssl1_0_0-debuginfo-1.0.2p-3.64.1 libopenssl1_0_0-hmac-1.0.2p-3.64.1 openssl-1_0_0-1.0.2p-3.64.1 openssl-1_0_0-debuginfo-1.0.2p-3.64.1 openssl-1_0_0-debugsource-1.0.2p-3.64.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.2p-3.64.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.64.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.64.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): openssl-1_0_0-doc-1.0.2p-3.64.1 References: https://www.suse.com/security/cve/CVE-2022-4304.html https://www.suse.com/security/cve/CVE-2023-0215.html https://www.suse.com/security/cve/CVE-2023-0286.html https://bugzilla.suse.com/1201627 https://bugzilla.suse.com/1207533 https://bugzilla.suse.com/1207534 https://bugzilla.suse.com/1207536 From sle-updates at lists.suse.com Tue Feb 7 20:29:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 21:29:00 +0100 (CET) Subject: SUSE-RU-2023:0303-1: moderate: Recommended update for sane-backends Message-ID: <20230207202900.E605DFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for sane-backends ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0303-1 Rating: moderate References: SLE-11203 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update of sane-backends fixes the following issues: - rebuild against the new net-snmp (jsc#SLE-11203). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-303=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-303=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-303=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): sane-backends-1.0.32-150400.15.2.1 sane-backends-autoconfig-1.0.32-150400.15.2.1 sane-backends-debuginfo-1.0.32-150400.15.2.1 sane-backends-debugsource-1.0.32-150400.15.2.1 sane-backends-devel-1.0.32-150400.15.2.1 - openSUSE Leap 15.4 (x86_64): sane-backends-32bit-1.0.32-150400.15.2.1 sane-backends-32bit-debuginfo-1.0.32-150400.15.2.1 sane-backends-devel-32bit-1.0.32-150400.15.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (x86_64): sane-backends-32bit-1.0.32-150400.15.2.1 sane-backends-32bit-debuginfo-1.0.32-150400.15.2.1 sane-backends-debugsource-1.0.32-150400.15.2.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): sane-backends-1.0.32-150400.15.2.1 sane-backends-autoconfig-1.0.32-150400.15.2.1 sane-backends-debuginfo-1.0.32-150400.15.2.1 sane-backends-debugsource-1.0.32-150400.15.2.1 sane-backends-devel-1.0.32-150400.15.2.1 References: From sle-updates at lists.suse.com Tue Feb 7 20:29:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 21:29:42 +0100 (CET) Subject: SUSE-RU-2023:0302-1: moderate: Recommended update for libpulp Message-ID: <20230207202942.7C3ECFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for libpulp ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0302-1 Rating: moderate References: PED-1078 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for libpulp fixes the following issues: Update package with libpulp-0.2.7: * Add support to library to JSON library dumps, Removing any requirement of adding the original library .so file into the livepatch build tarball. * Update the ulp post hook script for transactional systems (jsc#PED-1078). * Add `setup_package.sh` as part of libpulp tools. Update package with libpulp-0.2.6 * Add new `-R` option to specify a prefix root for livepatches (jsc#PED-1078). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-302=1 - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-302=1 Package List: - openSUSE Leap 15.4 (x86_64): libpulp-debuginfo-0.2.7-150400.3.9.1 libpulp-debugsource-0.2.7-150400.3.9.1 libpulp-tools-0.2.7-150400.3.9.1 libpulp-tools-debuginfo-0.2.7-150400.3.9.1 libpulp0-0.2.7-150400.3.9.1 libpulp0-debuginfo-0.2.7-150400.3.9.1 - SUSE Linux Enterprise Module for Live Patching 15-SP4 (x86_64): libpulp-debuginfo-0.2.7-150400.3.9.1 libpulp-debugsource-0.2.7-150400.3.9.1 libpulp-tools-0.2.7-150400.3.9.1 libpulp-tools-debuginfo-0.2.7-150400.3.9.1 libpulp0-0.2.7-150400.3.9.1 libpulp0-debuginfo-0.2.7-150400.3.9.1 References: From sle-updates at lists.suse.com Tue Feb 7 20:30:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 21:30:28 +0100 (CET) Subject: SUSE-SU-2022:0525-2: moderate: Security update for polkit Message-ID: <20230207203028.4DE4CFCC9@maintenance.suse.de> SUSE Security Update: Security update for polkit ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0525-2 Rating: moderate References: #1195542 Cross-References: CVE-2021-4115 CVSS scores: CVE-2021-4115 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-4115 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for polkit fixes the following issues: - CVE-2021-4115: Fixed a denial of service via file descriptor leak (bsc#1195542). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-304=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-304=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-304=1 Package List: - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libpolkit0-0.116-3.9.1 libpolkit0-debuginfo-0.116-3.9.1 polkit-0.116-3.9.1 polkit-debuginfo-0.116-3.9.1 polkit-debugsource-0.116-3.9.1 polkit-devel-0.116-3.9.1 polkit-devel-debuginfo-0.116-3.9.1 typelib-1_0-Polkit-1_0-0.116-3.9.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libpolkit0-0.116-3.9.1 libpolkit0-debuginfo-0.116-3.9.1 polkit-0.116-3.9.1 polkit-debuginfo-0.116-3.9.1 polkit-debugsource-0.116-3.9.1 polkit-devel-0.116-3.9.1 polkit-devel-debuginfo-0.116-3.9.1 typelib-1_0-Polkit-1_0-0.116-3.9.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libpolkit0-0.116-3.9.1 libpolkit0-debuginfo-0.116-3.9.1 polkit-0.116-3.9.1 polkit-debuginfo-0.116-3.9.1 polkit-debugsource-0.116-3.9.1 polkit-devel-0.116-3.9.1 polkit-devel-debuginfo-0.116-3.9.1 typelib-1_0-Polkit-1_0-0.116-3.9.1 References: https://www.suse.com/security/cve/CVE-2021-4115.html https://bugzilla.suse.com/1195542 From sle-updates at lists.suse.com Tue Feb 7 20:31:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 21:31:53 +0100 (CET) Subject: SUSE-SU-2023:0310-1: important: Security update for openssl-1_1 Message-ID: <20230207203153.E9F22FCC9@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0310-1 Rating: important References: #1121365 #1198472 #1207533 #1207534 #1207536 #1207538 Cross-References: CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 CVSS scores: CVE-2022-4304 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-4450 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-0215 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-0286 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-310=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-310=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-310=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-310=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-310=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-310=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-310=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-310=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-310=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-310=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-310=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-310=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-310=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-310=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-310=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-310=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.57.1 libopenssl1_1-1.1.1d-150200.11.57.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-1.1.1d-150200.11.57.1 openssl-1_1-1.1.1d-150200.11.57.1 openssl-1_1-debuginfo-1.1.1d-150200.11.57.1 openssl-1_1-debugsource-1.1.1d-150200.11.57.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.57.1 libopenssl1_1-1.1.1d-150200.11.57.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-1.1.1d-150200.11.57.1 openssl-1_1-1.1.1d-150200.11.57.1 openssl-1_1-debuginfo-1.1.1d-150200.11.57.1 openssl-1_1-debugsource-1.1.1d-150200.11.57.1 - SUSE Manager Server 4.2 (x86_64): libopenssl-1_1-devel-32bit-1.1.1d-150200.11.57.1 libopenssl1_1-32bit-1.1.1d-150200.11.57.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.57.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.57.1 libopenssl-1_1-devel-32bit-1.1.1d-150200.11.57.1 libopenssl1_1-1.1.1d-150200.11.57.1 libopenssl1_1-32bit-1.1.1d-150200.11.57.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.57.1 openssl-1_1-1.1.1d-150200.11.57.1 openssl-1_1-debuginfo-1.1.1d-150200.11.57.1 openssl-1_1-debugsource-1.1.1d-150200.11.57.1 - SUSE Manager Proxy 4.2 (x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.57.1 libopenssl-1_1-devel-32bit-1.1.1d-150200.11.57.1 libopenssl1_1-1.1.1d-150200.11.57.1 libopenssl1_1-32bit-1.1.1d-150200.11.57.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.57.1 openssl-1_1-1.1.1d-150200.11.57.1 openssl-1_1-debuginfo-1.1.1d-150200.11.57.1 openssl-1_1-debugsource-1.1.1d-150200.11.57.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.57.1 libopenssl1_1-1.1.1d-150200.11.57.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-1.1.1d-150200.11.57.1 openssl-1_1-1.1.1d-150200.11.57.1 openssl-1_1-debuginfo-1.1.1d-150200.11.57.1 openssl-1_1-debugsource-1.1.1d-150200.11.57.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch): openssl-1_1-doc-1.1.1d-150200.11.57.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (x86_64): libopenssl-1_1-devel-32bit-1.1.1d-150200.11.57.1 libopenssl1_1-32bit-1.1.1d-150200.11.57.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.57.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.57.1 libopenssl1_1-1.1.1d-150200.11.57.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-1.1.1d-150200.11.57.1 openssl-1_1-1.1.1d-150200.11.57.1 openssl-1_1-debuginfo-1.1.1d-150200.11.57.1 openssl-1_1-debugsource-1.1.1d-150200.11.57.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libopenssl1_1-32bit-1.1.1d-150200.11.57.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.57.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.57.1 libopenssl1_1-1.1.1d-150200.11.57.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-1.1.1d-150200.11.57.1 openssl-1_1-1.1.1d-150200.11.57.1 openssl-1_1-debuginfo-1.1.1d-150200.11.57.1 openssl-1_1-debugsource-1.1.1d-150200.11.57.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): openssl-1_1-doc-1.1.1d-150200.11.57.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (x86_64): libopenssl-1_1-devel-32bit-1.1.1d-150200.11.57.1 libopenssl1_1-32bit-1.1.1d-150200.11.57.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.57.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.57.1 libopenssl1_1-1.1.1d-150200.11.57.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-1.1.1d-150200.11.57.1 openssl-1_1-1.1.1d-150200.11.57.1 openssl-1_1-debuginfo-1.1.1d-150200.11.57.1 openssl-1_1-debugsource-1.1.1d-150200.11.57.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libopenssl1_1-32bit-1.1.1d-150200.11.57.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.57.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.57.1 libopenssl-1_1-devel-32bit-1.1.1d-150200.11.57.1 libopenssl1_1-1.1.1d-150200.11.57.1 libopenssl1_1-32bit-1.1.1d-150200.11.57.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.57.1 openssl-1_1-1.1.1d-150200.11.57.1 openssl-1_1-debuginfo-1.1.1d-150200.11.57.1 openssl-1_1-debugsource-1.1.1d-150200.11.57.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.57.1 libopenssl1_1-1.1.1d-150200.11.57.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-1.1.1d-150200.11.57.1 openssl-1_1-1.1.1d-150200.11.57.1 openssl-1_1-debuginfo-1.1.1d-150200.11.57.1 openssl-1_1-debugsource-1.1.1d-150200.11.57.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.57.1 libopenssl1_1-1.1.1d-150200.11.57.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-1.1.1d-150200.11.57.1 openssl-1_1-1.1.1d-150200.11.57.1 openssl-1_1-debuginfo-1.1.1d-150200.11.57.1 openssl-1_1-debugsource-1.1.1d-150200.11.57.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.57.1 libopenssl1_1-1.1.1d-150200.11.57.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-1.1.1d-150200.11.57.1 openssl-1_1-1.1.1d-150200.11.57.1 openssl-1_1-debuginfo-1.1.1d-150200.11.57.1 openssl-1_1-debugsource-1.1.1d-150200.11.57.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (x86_64): libopenssl-1_1-devel-32bit-1.1.1d-150200.11.57.1 libopenssl1_1-32bit-1.1.1d-150200.11.57.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.57.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): openssl-1_1-doc-1.1.1d-150200.11.57.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.57.1 libopenssl1_1-1.1.1d-150200.11.57.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-1.1.1d-150200.11.57.1 openssl-1_1-1.1.1d-150200.11.57.1 openssl-1_1-debuginfo-1.1.1d-150200.11.57.1 openssl-1_1-debugsource-1.1.1d-150200.11.57.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (x86_64): libopenssl-1_1-devel-32bit-1.1.1d-150200.11.57.1 libopenssl1_1-32bit-1.1.1d-150200.11.57.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.57.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): openssl-1_1-doc-1.1.1d-150200.11.57.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.57.1 libopenssl1_1-1.1.1d-150200.11.57.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-1.1.1d-150200.11.57.1 openssl-1_1-1.1.1d-150200.11.57.1 openssl-1_1-debuginfo-1.1.1d-150200.11.57.1 openssl-1_1-debugsource-1.1.1d-150200.11.57.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libopenssl1_1-32bit-1.1.1d-150200.11.57.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.57.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.57.1 libopenssl1_1-1.1.1d-150200.11.57.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-1.1.1d-150200.11.57.1 openssl-1_1-1.1.1d-150200.11.57.1 openssl-1_1-debuginfo-1.1.1d-150200.11.57.1 openssl-1_1-debugsource-1.1.1d-150200.11.57.1 - SUSE Enterprise Storage 7.1 (noarch): openssl-1_1-doc-1.1.1d-150200.11.57.1 - SUSE Enterprise Storage 7.1 (x86_64): libopenssl-1_1-devel-32bit-1.1.1d-150200.11.57.1 libopenssl1_1-32bit-1.1.1d-150200.11.57.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.57.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.57.1 libopenssl1_1-1.1.1d-150200.11.57.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-1.1.1d-150200.11.57.1 openssl-1_1-1.1.1d-150200.11.57.1 openssl-1_1-debuginfo-1.1.1d-150200.11.57.1 openssl-1_1-debugsource-1.1.1d-150200.11.57.1 - SUSE Enterprise Storage 7 (x86_64): libopenssl1_1-32bit-1.1.1d-150200.11.57.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.57.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.57.1 References: https://www.suse.com/security/cve/CVE-2022-4304.html https://www.suse.com/security/cve/CVE-2022-4450.html https://www.suse.com/security/cve/CVE-2023-0215.html https://www.suse.com/security/cve/CVE-2023-0286.html https://bugzilla.suse.com/1121365 https://bugzilla.suse.com/1198472 https://bugzilla.suse.com/1207533 https://bugzilla.suse.com/1207534 https://bugzilla.suse.com/1207536 https://bugzilla.suse.com/1207538 From sle-updates at lists.suse.com Tue Feb 7 20:33:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2023 21:33:55 +0100 (CET) Subject: SUSE-SU-2023:0309-1: important: Security update for openssl-1_1 Message-ID: <20230207203355.188E3FCC9@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0309-1 Rating: important References: #1207533 #1207534 #1207536 #1207538 Cross-References: CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 CVSS scores: CVE-2022-4304 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-4450 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-0215 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-0286 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-309=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-309=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-309=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-309=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-309=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-309=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libopenssl1_1-1.1.1d-2.75.1 libopenssl1_1-32bit-1.1.1d-2.75.1 libopenssl1_1-debuginfo-1.1.1d-2.75.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.75.1 libopenssl1_1-hmac-1.1.1d-2.75.1 libopenssl1_1-hmac-32bit-1.1.1d-2.75.1 openssl-1_1-1.1.1d-2.75.1 openssl-1_1-debuginfo-1.1.1d-2.75.1 openssl-1_1-debugsource-1.1.1d-2.75.1 - SUSE OpenStack Cloud 9 (x86_64): libopenssl1_1-1.1.1d-2.75.1 libopenssl1_1-32bit-1.1.1d-2.75.1 libopenssl1_1-debuginfo-1.1.1d-2.75.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.75.1 libopenssl1_1-hmac-1.1.1d-2.75.1 libopenssl1_1-hmac-32bit-1.1.1d-2.75.1 openssl-1_1-1.1.1d-2.75.1 openssl-1_1-debuginfo-1.1.1d-2.75.1 openssl-1_1-debugsource-1.1.1d-2.75.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-2.75.1 openssl-1_1-debuginfo-1.1.1d-2.75.1 openssl-1_1-debugsource-1.1.1d-2.75.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): libopenssl-1_1-devel-32bit-1.1.1d-2.75.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libopenssl1_1-1.1.1d-2.75.1 libopenssl1_1-debuginfo-1.1.1d-2.75.1 libopenssl1_1-hmac-1.1.1d-2.75.1 openssl-1_1-1.1.1d-2.75.1 openssl-1_1-debuginfo-1.1.1d-2.75.1 openssl-1_1-debugsource-1.1.1d-2.75.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libopenssl1_1-32bit-1.1.1d-2.75.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.75.1 libopenssl1_1-hmac-32bit-1.1.1d-2.75.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl1_1-1.1.1d-2.75.1 libopenssl1_1-debuginfo-1.1.1d-2.75.1 libopenssl1_1-hmac-1.1.1d-2.75.1 openssl-1_1-1.1.1d-2.75.1 openssl-1_1-debuginfo-1.1.1d-2.75.1 openssl-1_1-debugsource-1.1.1d-2.75.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libopenssl1_1-32bit-1.1.1d-2.75.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.75.1 libopenssl1_1-hmac-32bit-1.1.1d-2.75.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libopenssl1_1-1.1.1d-2.75.1 libopenssl1_1-debuginfo-1.1.1d-2.75.1 libopenssl1_1-hmac-1.1.1d-2.75.1 openssl-1_1-1.1.1d-2.75.1 openssl-1_1-debuginfo-1.1.1d-2.75.1 openssl-1_1-debugsource-1.1.1d-2.75.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libopenssl1_1-32bit-1.1.1d-2.75.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.75.1 libopenssl1_1-hmac-32bit-1.1.1d-2.75.1 References: https://www.suse.com/security/cve/CVE-2022-4304.html https://www.suse.com/security/cve/CVE-2022-4450.html https://www.suse.com/security/cve/CVE-2023-0215.html https://www.suse.com/security/cve/CVE-2023-0286.html https://bugzilla.suse.com/1207533 https://bugzilla.suse.com/1207534 https://bugzilla.suse.com/1207536 https://bugzilla.suse.com/1207538 From sle-updates at lists.suse.com Wed Feb 8 08:02:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Feb 2023 09:02:37 +0100 (CET) Subject: SUSE-CU-2023:292-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230208080237.B790CF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:292-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-3.2.49 , suse/sle-micro/5.4/toolbox:latest Container Release : 3.2.49 Severity : important Type : security References : 1206543 CVE-2022-4515 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:225-1 Released: Wed Feb 1 09:37:51 2023 Summary: Security update for ctags Type: security Severity: important References: 1206543,CVE-2022-4515 This update for ctags fixes the following issues: - CVE-2022-4515: Fixed a command injection issue via a tag file wih a crafted filename (bsc#1206543). The following package changes have been done: - ctags-5.8-150000.3.3.1 updated From sle-updates at lists.suse.com Wed Feb 8 08:03:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Feb 2023 09:03:26 +0100 (CET) Subject: SUSE-CU-2023:293-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230208080326.670F2F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:293-1 Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.170 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.170 Severity : moderate Type : security References : 1206866 1206867 1206868 1207162 1207396 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0288 CVE-2023-0433 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:211-1 Released: Mon Jan 30 17:26:10 2023 Summary: Security update for vim Type: security Severity: moderate References: 1206866,1206867,1206868,1207162,1207396,CVE-2023-0049,CVE-2023-0051,CVE-2023-0054,CVE-2023-0288,CVE-2023-0433 This update for vim fixes the following issues: - Updated to version 9.0.1234: - CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash (bsc#1207396). - CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash (bsc#1207162). - CVE-2023-0054: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1206868). - CVE-2023-0051: Fixed an out of bounds memory access that could cause a crash (bsc#1206867). - CVE-2023-0049: Fixed an out of bounds memory access that could cause a crash (bsc#1206866). The following package changes have been done: - vim-data-common-9.0.1234-150000.5.34.1 updated - vim-9.0.1234-150000.5.34.1 updated From sle-updates at lists.suse.com Thu Feb 9 10:28:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:28:00 +0100 (CET) Subject: SUSE-CU-2023:295-1: Security update of suse/sles12sp4 Message-ID: <20230209102800.DBF6BF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:295-1 Container Tags : suse/sles12sp4:26.563 , suse/sles12sp4:latest Container Release : 26.563 Severity : important Type : security References : 1201627 1206152 1207533 1207534 1207536 CVE-2022-4304 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:298-1 Released: Tue Feb 7 13:18:34 2023 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1206152 This update for krb5 fixes the following issues: - Update logrotate script, call systemd to reload the services instead of init-scripts. (bsc#1206152) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:306-1 Released: Tue Feb 7 17:32:56 2023 Summary: Security update for openssl-1_0_0 Type: security Severity: important References: 1201627,1207533,1207534,1207536,CVE-2022-4304,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_0_0 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - testsuite: Update further expiring certificates that affect tests [bsc#1201627] The following package changes have been done: - base-container-licenses-3.0-1.338 updated - container-suseconnect-2.0.0-1.221 updated - krb5-1.12.5-40.46.1 updated - libopenssl1_0_0-1.0.2p-3.64.1 updated - openssl-1_0_0-1.0.2p-3.64.1 updated From sle-updates at lists.suse.com Thu Feb 9 10:29:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:29:36 +0100 (CET) Subject: SUSE-CU-2023:296-1: Security update of suse/sles12sp5 Message-ID: <20230209102936.1E95BF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:296-1 Container Tags : suse/sles12sp5:6.5.435 , suse/sles12sp5:latest Container Release : 6.5.435 Severity : important Type : security References : 1201627 1206152 1207533 1207534 1207536 CVE-2022-4304 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:298-1 Released: Tue Feb 7 13:18:34 2023 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1206152 This update for krb5 fixes the following issues: - Update logrotate script, call systemd to reload the services instead of init-scripts. (bsc#1206152) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:306-1 Released: Tue Feb 7 17:32:56 2023 Summary: Security update for openssl-1_0_0 Type: security Severity: important References: 1201627,1207533,1207534,1207536,CVE-2022-4304,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_0_0 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - testsuite: Update further expiring certificates that affect tests [bsc#1201627] The following package changes have been done: - krb5-1.12.5-40.46.1 updated - libopenssl1_0_0-1.0.2p-3.64.1 updated - openssl-1_0_0-1.0.2p-3.64.1 updated From sle-updates at lists.suse.com Thu Feb 9 10:31:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:31:13 +0100 (CET) Subject: SUSE-CU-2023:297-1: Security update of suse/sle15 Message-ID: <20230209103113.5A103F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:297-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.101 , suse/sle15:15.3 , suse/sle15:15.3.17.20.101 Container Release : 17.20.101 Severity : important Type : security References : 1121365 1198472 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:310-1 Released: Tue Feb 7 17:35:34 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.57.1 updated - libopenssl1_1-1.1.1d-150200.11.57.1 updated - openssl-1_1-1.1.1d-150200.11.57.1 updated From sle-updates at lists.suse.com Thu Feb 9 10:31:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:31:42 +0100 (CET) Subject: SUSE-CU-2023:298-1: Security update of suse/389-ds Message-ID: <20230209103142.9A05FF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:298-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-19.15 , suse/389-ds:latest Container Release : 19.15 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - openssl-1_1-1.1.1l-150400.7.22.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:32:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:32:17 +0100 (CET) Subject: SUSE-CU-2023:299-1: Security update of bci/dotnet-aspnet Message-ID: <20230209103217.EAE00F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:299-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-46.25 , bci/dotnet-aspnet:3.1.32 , bci/dotnet-aspnet:3.1.32-46.25 Container Release : 46.25 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:32:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:32:49 +0100 (CET) Subject: SUSE-CU-2023:300-1: Security update of bci/dotnet-aspnet Message-ID: <20230209103249.B70D1F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:300-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-27.88 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-27.88 Container Release : 27.88 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:33:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:33:28 +0100 (CET) Subject: SUSE-CU-2023:302-1: Security update of suse/registry Message-ID: <20230209103328.865DCF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:302-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-5.5 , suse/registry:latest Container Release : 5.5 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - openssl-1_1-1.1.1l-150400.7.22.1 updated From sle-updates at lists.suse.com Thu Feb 9 10:33:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:33:23 +0100 (CET) Subject: SUSE-CU-2023:301-1: Security update of bci/dotnet-aspnet Message-ID: <20230209103323.C27E2F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:301-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-27.10 , bci/dotnet-aspnet:6.0.13 , bci/dotnet-aspnet:6.0.13-27.10 Container Release : 27.10 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:34:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:34:06 +0100 (CET) Subject: SUSE-CU-2023:303-1: Security update of bci/dotnet-sdk Message-ID: <20230209103406.388DBF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:303-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-51.25 , bci/dotnet-sdk:3.1.32 , bci/dotnet-sdk:3.1.32-51.25 Container Release : 51.25 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:34:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:34:42 +0100 (CET) Subject: SUSE-CU-2023:304-1: Security update of bci/dotnet-sdk Message-ID: <20230209103442.2723DF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:304-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-35.87 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-35.87 Container Release : 35.87 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:35:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:35:20 +0100 (CET) Subject: SUSE-CU-2023:305-1: Security update of bci/dotnet-sdk Message-ID: <20230209103520.622C8F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:305-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-29.10 , bci/dotnet-sdk:6.0.13 , bci/dotnet-sdk:6.0.13-29.10 Container Release : 29.10 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:35:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:35:56 +0100 (CET) Subject: SUSE-CU-2023:306-1: Security update of bci/dotnet-runtime Message-ID: <20230209103556.197B0F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:306-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-52.25 , bci/dotnet-runtime:3.1.32 , bci/dotnet-runtime:3.1.32-52.25 Container Release : 52.25 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:36:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:36:29 +0100 (CET) Subject: SUSE-CU-2023:307-1: Security update of bci/dotnet-runtime Message-ID: <20230209103629.EDDCAF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:307-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-34.86 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-34.86 Container Release : 34.86 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:37:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:37:03 +0100 (CET) Subject: SUSE-CU-2023:308-1: Security update of bci/dotnet-runtime Message-ID: <20230209103703.92299F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:308-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-26.10 , bci/dotnet-runtime:6.0.13 , bci/dotnet-runtime:6.0.13-26.10 Container Release : 26.10 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:37:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:37:29 +0100 (CET) Subject: SUSE-CU-2023:309-1: Security update of bci/golang Message-ID: <20230209103729.D8F75F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:309-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-19.28 Container Release : 19.28 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:37:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:37:49 +0100 (CET) Subject: SUSE-CU-2023:310-1: Security update of bci/golang Message-ID: <20230209103749.A33F8F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:310-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-20.13 , bci/golang:latest Container Release : 20.13 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:38:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:38:19 +0100 (CET) Subject: SUSE-CU-2023:311-1: Security update of bci/bci-init Message-ID: <20230209103819.08DF4F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:311-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.25.9 , bci/bci-init:latest Container Release : 25.9 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:38:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:38:45 +0100 (CET) Subject: SUSE-CU-2023:312-1: Security update of bci/nodejs Message-ID: <20230209103845.6DE2AF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:312-1 Container Tags : bci/node:14 , bci/node:14-36.28 , bci/nodejs:14 , bci/nodejs:14-36.28 Container Release : 36.28 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:39:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:39:07 +0100 (CET) Subject: SUSE-CU-2023:313-1: Security update of bci/nodejs Message-ID: <20230209103907.22BD0F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:313-1 Container Tags : bci/node:16 , bci/node:16-13.11 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-13.11 , bci/nodejs:latest Container Release : 13.11 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:39:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:39:43 +0100 (CET) Subject: SUSE-CU-2023:314-1: Security update of bci/openjdk-devel Message-ID: <20230209103943.C7523F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:314-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-38.60 Container Release : 38.60 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - openssl-1_1-1.1.1l-150400.7.22.1 updated - container:bci-openjdk-11-15.4.11-34.29 updated From sle-updates at lists.suse.com Thu Feb 9 10:40:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:40:13 +0100 (CET) Subject: SUSE-CU-2023:315-1: Security update of bci/openjdk Message-ID: <20230209104013.C3757F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:315-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-34.29 Container Release : 34.29 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - openssl-1_1-1.1.1l-150400.7.22.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:45:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:45:27 +0100 (CET) Subject: SUSE-CU-2023:315-1: Security update of bci/openjdk Message-ID: <20230209104527.41ED7F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:315-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-34.29 Container Release : 34.29 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - openssl-1_1-1.1.1l-150400.7.22.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:45:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:45:36 +0100 (CET) Subject: SUSE-CU-2023:316-1: Security update of bci/openjdk-devel Message-ID: <20230209104536.521F6F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:316-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-13.26 , bci/openjdk-devel:latest Container Release : 13.26 Severity : important Type : security References : 1205916 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:297-1 Released: Tue Feb 7 13:17:47 2023 Summary: Recommended update for java-17-openjdk Type: recommended Severity: moderate References: 1205916 This update for java-17-openjdk fixes the following issues: - Modified patches: Revert fips patch to a version used with 17.0.4.0 (bsc#1205916) Apply nss-security-provider patch after the fips patch, thus rediff the hunk to changed context. - Fix jconsole.desktop icon ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - openssl-1_1-1.1.1l-150400.7.22.1 updated - java-17-openjdk-headless-17.0.5.0-150400.3.9.3 updated - java-17-openjdk-17.0.5.0-150400.3.9.3 updated - java-17-openjdk-devel-17.0.5.0-150400.3.9.3 updated - container:bci-openjdk-17-15.4.17-12.14 updated From sle-updates at lists.suse.com Thu Feb 9 10:45:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:45:44 +0100 (CET) Subject: SUSE-CU-2023:317-1: Security update of bci/openjdk Message-ID: <20230209104544.11510F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:317-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.14 , bci/openjdk:latest Container Release : 12.14 Severity : important Type : security References : 1205916 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:297-1 Released: Tue Feb 7 13:17:47 2023 Summary: Recommended update for java-17-openjdk Type: recommended Severity: moderate References: 1205916 This update for java-17-openjdk fixes the following issues: - Modified patches: Revert fips patch to a version used with 17.0.4.0 (bsc#1205916) Apply nss-security-provider patch after the fips patch, thus rediff the hunk to changed context. - Fix jconsole.desktop icon ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - openssl-1_1-1.1.1l-150400.7.22.1 updated - java-17-openjdk-headless-17.0.5.0-150400.3.9.3 updated - java-17-openjdk-17.0.5.0-150400.3.9.3 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:46:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:46:22 +0100 (CET) Subject: SUSE-CU-2023:318-1: Security update of suse/pcp Message-ID: <20230209104622.02617F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:318-1 Container Tags : suse/pcp:5 , suse/pcp:5-12.22 , suse/pcp:5.2 , suse/pcp:5.2-12.22 , suse/pcp:5.2.2 , suse/pcp:5.2.2-12.22 , suse/pcp:latest Container Release : 12.22 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated From sle-updates at lists.suse.com Thu Feb 9 10:46:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:46:44 +0100 (CET) Subject: SUSE-CU-2023:319-1: Security update of bci/python Message-ID: <20230209104644.A017EF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:319-1 Container Tags : bci/python:3 , bci/python:3-11.14 , bci/python:3.10 , bci/python:3.10-11.14 , bci/python:latest Container Release : 11.14 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - openssl-1_1-1.1.1l-150400.7.22.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:47:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:47:10 +0100 (CET) Subject: SUSE-CU-2023:320-1: Security update of bci/python Message-ID: <20230209104710.60FE6F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:320-1 Container Tags : bci/python:3 , bci/python:3-34.15 , bci/python:3.6 , bci/python:3.6-34.15 Container Release : 34.15 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - openssl-1_1-1.1.1l-150400.7.22.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:47:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:47:21 +0100 (CET) Subject: SUSE-CU-2023:323-1: Security update of suse/rmt-nginx Message-ID: <20230209104721.CCF1AF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:323-1 Container Tags : suse/rmt-nginx:1.21 , suse/rmt-nginx:1.21-14.14 , suse/rmt-nginx:latest Container Release : 14.14 Severity : important Type : security References : 1040589 1047178 1073299 1093392 1104700 1112310 1113554 1120402 1121365 1130557 1137373 1140016 1150451 1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460 1177460 1177460 1178346 1178350 1178353 1179416 1180125 1180995 1181658 1181805 1182983 1183543 1183545 1183659 1185299 1185637 1187670 1188127 1188548 1190651 1190651 1190651 1190653 1190700 1190824 1190888 1191020 1191157 1192951 1193282 1193489 1193659 1193711 1193859 1194038 1194047 1194708 1194968 1195059 1195157 1195283 1195628 1195964 1195965 1196025 1196026 1196093 1196107 1196168 1196169 1196171 1196275 1196406 1196490 1196647 1196784 1196861 1197004 1197024 1197065 1197066 1197068 1197072 1197073 1197074 1197178 1197459 1197570 1197631 1197718 1197771 1197794 1198062 1198165 1198176 1198341 1198446 1198471 1198472 1198627 1198720 1198731 1198732 1198751 1198752 1198823 1198830 1198832 1198925 1199132 1199140 1199140 1199166 1199232 1199232 1199235 1199240 1199467 1199492 1200170 1200334 1200550 1200723 1200734 1200735 1200736 1200737 1200747 1200800 1200855 1200855 1201099 1201174 1201175 1201176 1201276 1201293 1201385 1201560 1201640 1201680 1201723 1201795 1201942 1201959 1201971 1202026 1202117 1202148 1202148 1202175 1202310 1202324 1202466 1202467 1202468 1202593 1202750 1202870 1202968 1202971 1202973 1203018 1203046 1203069 1203438 1203652 1203652 1203911 1204179 1204211 1204366 1204367 1204383 1204386 1204422 1204425 1204526 1204527 1204585 1204641 1204642 1204643 1204644 1204645 1204649 1204708 1204944 1204968 1205000 1205000 1205126 1205156 1205392 1205422 1205502 1205646 1206308 1206309 1207029 1207030 1207031 1207182 1207264 1207533 1207534 1207536 1207538 CVE-2017-6512 CVE-2018-25032 CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 CVE-2021-46828 CVE-2022-0561 CVE-2022-0561 CVE-2022-0562 CVE-2022-0865 CVE-2022-0891 CVE-2022-0908 CVE-2022-0909 CVE-2022-0924 CVE-2022-1056 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-1586 CVE-2022-1587 CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 CVE-2022-2068 CVE-2022-2097 CVE-2022-23308 CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824 CVE-2022-31252 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-32221 CVE-2022-34266 CVE-2022-34526 CVE-2022-35252 CVE-2022-3554 CVE-2022-3555 CVE-2022-3570 CVE-2022-3597 CVE-2022-3598 CVE-2022-3599 CVE-2022-3626 CVE-2022-3627 CVE-2022-37434 CVE-2022-3821 CVE-2022-3970 CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 CVE-2022-41741 CVE-2022-41742 CVE-2022-42898 CVE-2022-42916 CVE-2022-4304 CVE-2022-43551 CVE-2022-43552 CVE-2022-43680 CVE-2022-4415 CVE-2022-4415 CVE-2022-4450 CVE-2022-44617 CVE-2022-46285 CVE-2022-4883 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container suse/rmt-nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1718-1 Released: Tue May 17 17:44:43 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1882-1 Released: Mon May 30 12:37:13 2022 Summary: Security update for tiff Type: security Severity: important References: 1195964,1195965,1197066,1197068,1197072,1197073,1197074,1197631,CVE-2022-0561,CVE-2022-0562,CVE-2022-0865,CVE-2022-0891,CVE-2022-0908,CVE-2022-0909,CVE-2022-0924,CVE-2022-1056 This update for tiff fixes the following issues: - CVE-2022-0561: Fixed null source pointer passed as an argument to memcpy() within TIFFFetchStripThing() in tif_dirread.c (bsc#1195964). - CVE-2022-0562: Fixed null source pointer passed as an argument to memcpy() within TIFFReadDirectory() in tif_dirread.c (bsc#1195965). - CVE-2022-0865: Fixed assertion failure in TIFFReadAndRealloc (bsc#1197066). - CVE-2022-0909: Fixed divide by zero error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197072). - CVE-2022-0924: Fixed out-of-bounds read error in tiffcp that could have led to a denial-of-service via a crafted tiff file (bsc#1197073). - CVE-2022-0908: Fixed null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() (bsc#1197074). - CVE-2022-1056: Fixed out-of-bounds read error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197631). - CVE-2022-0891: Fixed heap buffer overflow in extractImageSection (bsc#1197068). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2360-1 Released: Tue Jul 12 12:01:39 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2566-1 Released: Wed Jul 27 15:04:49 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199235,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2647-1 Released: Wed Aug 3 13:44:01 2022 Summary: Security update for tiff Type: security Severity: low References: 1201174,1201175,1201176,CVE-2022-2056,CVE-2022-2057,CVE-2022-2058 This update for tiff fixes the following issues: - CVE-2022-2056: Fixed a division by zero denial of service (bsc#1201176). - CVE-2022-2057: Fixed a division by zero denial of service (bsc#1201175). - CVE-2022-2058: Fixed a division by zero denial of service (bsc#1201174). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2977-1 Released: Thu Sep 1 12:30:19 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731 This update for util-linux fixes the following issues: - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2994-1 Released: Fri Sep 2 10:44:54 2022 Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame Type: recommended Severity: moderate References: 1198925 This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925) No codechanges were done in this update. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3003-1 Released: Fri Sep 2 15:01:44 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3252-1 Released: Mon Sep 12 09:07:53 2022 Summary: Security update for freetype2 Type: security Severity: moderate References: 1198823,1198830,1198832,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406 This update for freetype2 fixes the following issues: - CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830). - CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832). - CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823). Non-security fixes: - Updated to version 2.10.4 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3353-1 Released: Fri Sep 23 15:23:40 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3690-1 Released: Fri Oct 21 15:06:45 2022 Summary: Security update for tiff Type: security Severity: important References: 1201723,1201971,1202026,1202466,1202467,1202468,1202968,1202971,1202973,CVE-2022-0561,CVE-2022-2519,CVE-2022-2520,CVE-2022-2521,CVE-2022-2867,CVE-2022-2868,CVE-2022-2869,CVE-2022-34266,CVE-2022-34526 This update for tiff fixes the following issues: - CVE-2022-2519: Fixed a double free in rotateImage() (bsc#1202968). - CVE-2022-2520: Fixed a assertion failure in rotateImage() (bsc#1202973). - CVE-2022-2521: Fixed invalid free in TIFFClose() (bsc#1202971). - CVE-2022-2867: Fixed out of bounds read and write in tiffcrop.c (bsc#1202466). - CVE-2022-2868: Fixed out of bounds read in reverseSamples16bits() (bsc#1202467). - CVE-2022-2869: Fixed out of bounds read and write in extractContigSamples8bits() (bsc#1202468). - CVE-2022-34526: Fixed stack overflow in the _TIFFVGetField function of Tiffsplit (bsc#1202026). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3986-1 Released: Tue Nov 15 12:57:41 2022 Summary: Security update for libX11 Type: security Severity: moderate References: 1204422,1204425,CVE-2022-3554,CVE-2022-3555 This update for libX11 fixes the following issues: - CVE-2022-3554: Fixed memory leak in XRegisterIMInstantiateCallback() (bsc#1204422). - CVE-2022-3555: Fixed memory leak in _XFreeX11XCBStructure() (bsc#1204425). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4259-1 Released: Mon Nov 28 15:42:54 2022 Summary: Security update for tiff Type: security Severity: important References: 1204641,1204643,1204644,1204645,1205392,CVE-2022-3597,CVE-2022-3599,CVE-2022-3626,CVE-2022-3627,CVE-2022-3970 This update for tiff fixes the following issues: - CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641). - CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643). - CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644) - CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645). - CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4411-1 Released: Tue Dec 13 04:21:08 2022 Summary: Security update for tiff Type: security Severity: important References: 1204642,1205422,CVE-2022-3570,CVE-2022-3598 This update for tiff fixes the following issues: - CVE-2022-3570: Fixed heap buffer overflows in tiffcrop.c (bsc#1205422). - CVE-2022-3598: Fixed out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c [bsc#1204642] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:45-1 Released: Mon Jan 9 10:32:26 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:50-1 Released: Mon Jan 9 10:42:21 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1205502 This update for shadow fixes the following issues: - Fix issue with user id field that cannot be interpreted (bsc#1205502) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:171-1 Released: Thu Jan 26 18:31:58 2023 Summary: Security update for libXpm Type: security Severity: important References: 1207029,1207030,1207031,CVE-2022-44617,CVE-2022-46285,CVE-2022-4883 This update for libXpm fixes the following issues: - CVE-2022-46285: Fixed an infinite loop that could be triggered when reading a XPM image with a C-style comment that is never closed (bsc#1207029). - CVE-2022-44617: Fixed an excessive resource consumption that could be triggered when reading small crafted XPM image (bsc#1207030). - CVE-2022-4883: Fixed an issue that made decompression commands susceptible to PATH environment variable manipulation attacks (bsc#1207031). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:212-1 Released: Mon Jan 30 17:26:44 2023 Summary: Security update for nginx Type: security Severity: important References: 1204526,1204527,CVE-2022-41741,CVE-2022-41742 This update for nginx fixes the following issues: - CVE-2022-41741: Handle duplicated atoms in mp4 streams, to mitigate out-of-bound reads. (bsc#1204526) - CVE-2022-41742: Handle duplicated atoms in mp4 streams, to mitigate out-of-bound reads. (bsc#1204527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - filesystem-15.0-11.8.1 updated - libldap-data-2.4.46-150200.14.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - glibc-2.31-150300.41.1 updated - libcrypt1-4.4.15-150300.4.4.3 updated - perl-base-5.26.1-150300.17.11.1 updated - libssh-config-0.9.6-150400.1.5 updated - libzstd1-1.5.0-150400.1.71 updated - libsepol1-3.1-150400.1.70 updated - liblz4-1-1.9.3-150400.1.7 updated - libgpg-error0-1.42-150400.1.101 updated - libcap2-2.63-150400.1.7 updated - libbz2-1-1.0.8-150400.1.122 updated - libaudit1-3.0.6-150400.2.13 updated - libuuid1-2.37.2-150400.8.14.1 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libcom_err2-1.46.4-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libgcrypt20-1.9.4-150400.6.5.1 updated - libgcrypt20-hmac-1.9.4-150400.6.5.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libz1-1.2.11-150000.3.39.1 updated - libpcre1-8.45-150000.20.13.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libjitterentropy3-3.4.0-150000.1.6.1 added - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - libelf1-0.185-150400.5.3.1 updated - libxml2-2-2.9.14-150400.5.13.1 updated - libsystemd0-249.14-150400.8.19.1 updated - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - libdw1-0.185-150400.5.3.1 updated - libselinux1-3.1-150400.1.69 updated - libreadline7-7.0-150400.25.22 updated - patterns-base-fips-20200124-150400.18.4 updated - libsemanage1-3.1-150400.1.65 updated - bash-4.4-150400.25.22 updated - bash-sh-4.4-150400.25.22 updated - cpio-2.13-150400.1.98 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libmount1-2.37.2-150400.8.14.1 updated - krb5-1.19.2-150400.3.3.1 updated - login_defs-4.8.1-150400.10.3.1 updated - coreutils-8.32-150400.7.5 updated - libssh4-0.9.6-150400.1.5 updated - sles-release-15.4-150400.55.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - grep-3.1-150000.4.6.1 updated - libcurl4-7.79.1-150400.5.12.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - permissions-20201225-150400.5.16.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - pam-1.3.0-150000.6.61.1 updated - shadow-4.8.1-150400.10.3.1 updated - sysuser-shadow-3.1-150400.1.35 updated - system-group-hardware-20170617-150400.22.33 updated - util-linux-2.37.2-150400.8.14.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - timezone-2022g-150000.75.18.1 added - libX11-data-1.6.5-150000.3.24.1 updated - libexpat1-2.4.4-150400.3.12.1 updated - libjpeg8-8.2.2-150400.15.9 updated - libpcre2-8-0-10.39-150400.4.6.1 updated - libxslt1-1.1.34-150400.1.7 updated - libxcb1-1.13-150000.3.9.1 updated - perl-5.26.1-150300.17.11.1 updated - libtiff5-4.0.9-150000.45.22.1 updated - libfreetype6-2.10.4-150000.4.12.1 updated - libX11-6-1.6.5-150000.3.24.1 updated - fontconfig-2.13.1-150400.1.4 updated - libfontconfig1-2.13.1-150400.1.4 updated - libXpm4-3.5.12-150000.3.7.2 updated - nginx-1.21.5-150400.3.3.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:47:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:47:14 +0100 (CET) Subject: SUSE-CU-2023:321-1: Security update of suse/rmt-mariadb-client Message-ID: <20230209104714.3512AF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:321-1 Container Tags : suse/rmt-mariadb-client:10.6 , suse/rmt-mariadb-client:10.6-14.12 , suse/rmt-mariadb-client:latest Container Release : 14.12 Severity : important Type : security References : 1040589 1047178 1073299 1093392 1104700 1112310 1113554 1120402 1121365 1130557 1137373 1140016 1150451 1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460 1177460 1177460 1178346 1178350 1178353 1179416 1180125 1180995 1181658 1181805 1182983 1183543 1183545 1183659 1185299 1185637 1187670 1188127 1188548 1190651 1190651 1190651 1190653 1190700 1190824 1190888 1191020 1191157 1192951 1193282 1193489 1193659 1193711 1193859 1194038 1194047 1194708 1194968 1195059 1195076 1195157 1195283 1195325 1195334 1195339 1195628 1196016 1196093 1196107 1196275 1196406 1196490 1196647 1196861 1197004 1197024 1197065 1197178 1197459 1197570 1197718 1197771 1197794 1198062 1198165 1198176 1198341 1198446 1198471 1198472 1198603 1198604 1198605 1198606 1198607 1198609 1198610 1198611 1198612 1198613 1198627 1198628 1198629 1198630 1198631 1198632 1198633 1198634 1198635 1198636 1198637 1198638 1198639 1198640 1198720 1198731 1198732 1198751 1198752 1199132 1199140 1199140 1199166 1199232 1199240 1199467 1199492 1199928 1200105 1200170 1200334 1200550 1200723 1200734 1200735 1200736 1200737 1200747 1200800 1200855 1200855 1201099 1201161 1201162 1201163 1201164 1201165 1201166 1201167 1201168 1201169 1201170 1201276 1201293 1201385 1201560 1201640 1201680 1201795 1201942 1201959 1202117 1202148 1202148 1202175 1202310 1202324 1202593 1202750 1202760 1202863 1202870 1203018 1203046 1203069 1203652 1203652 1203911 1204179 1204211 1204366 1204367 1204383 1204386 1204585 1204649 1204944 1204968 1205000 1205000 1205126 1205156 1205502 1205646 1206308 1206309 1207182 1207264 1207533 1207534 1207536 1207538 CVE-2017-6512 CVE-2018-25032 CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 CVE-2021-46657 CVE-2021-46658 CVE-2021-46659 CVE-2021-46661 CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46668 CVE-2021-46669 CVE-2021-46828 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-2068 CVE-2022-2097 CVE-2022-23308 CVE-2022-24048 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052 CVE-2022-27376 CVE-2022-27377 CVE-2022-27378 CVE-2022-27379 CVE-2022-27380 CVE-2022-27381 CVE-2022-27382 CVE-2022-27383 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27444 CVE-2022-27445 CVE-2022-27446 CVE-2022-27447 CVE-2022-27448 CVE-2022-27449 CVE-2022-27451 CVE-2022-27452 CVE-2022-27455 CVE-2022-27456 CVE-2022-27457 CVE-2022-27458 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824 CVE-2022-31252 CVE-2022-32081 CVE-2022-32082 CVE-2022-32083 CVE-2022-32084 CVE-2022-32085 CVE-2022-32086 CVE-2022-32087 CVE-2022-32088 CVE-2022-32089 CVE-2022-32091 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-32221 CVE-2022-35252 CVE-2022-37434 CVE-2022-3821 CVE-2022-38791 CVE-2022-40303 CVE-2022-40304 CVE-2022-42898 CVE-2022-42916 CVE-2022-4304 CVE-2022-43551 CVE-2022-43552 CVE-2022-4415 CVE-2022-4415 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1718-1 Released: Tue May 17 17:44:43 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2561-1 Released: Wed Jul 27 14:18:56 2022 Summary: Security update for mariadb Type: security Severity: important References: 1195076,1195325,1195334,1195339,1196016,1198603,1198604,1198605,1198606,1198607,1198609,1198610,1198611,1198612,1198613,1198628,1198629,1198630,1198631,1198632,1198633,1198634,1198635,1198636,1198637,1198638,1198639,1198640,1199928,CVE-2021-46657,CVE-2021-46658,CVE-2021-46659,CVE-2021-46661,CVE-2021-46663,CVE-2021-46664,CVE-2021-46665,CVE-2021-46668,CVE-2021-46669,CVE-2022-24048,CVE-2022-24050,CVE-2022-24051,CVE-2022-24052,CVE-2022-27376,CVE-2022-27377,CVE-2022-27378,CVE-2022-27379,CVE-2022-27380,CVE-2022-27381,CVE-2022-27382,CVE-2022-27383,CVE-2022-27384,CVE-2022-27386,CVE-2022-27387,CVE-2022-27444,CVE-2022-27445,CVE-2022-27446,CVE-2022-27447,CVE-2022-27448,CVE-2022-27449,CVE-2022-27451,CVE-2022-27452,CVE-2022-27455,CVE-2022-27456,CVE-2022-27457,CVE-2022-27458 This update for mariadb fixes the following issues: - Added mariadb-galera (jsc#SLE-22245) Update to 10.6.8 (bsc#1199928): - CVE-2021-46669 (bsc#1199928) - CVE-2022-27376 (bsc#1198628) - CVE-2022-27377 (bsc#1198603) - CVE-2022-27378 (bsc#1198604) - CVE-2022-27379 (bsc#1198605) - CVE-2022-27380 (bsc#1198606) - CVE-2022-27381 (bsc#1198607) - CVE-2022-27382 (bsc#1198609) - CVE-2022-27383 (bsc#1198610) - CVE-2022-27384 (bsc#1198611) - CVE-2022-27386 (bsc#1198612) - CVE-2022-27387 (bsc#1198613) - CVE-2022-27444 (bsc#1198634) - CVE-2022-27445 (bsc#1198629) - CVE-2022-27446 (bsc#1198630) - CVE-2022-27447 (bsc#1198631) - CVE-2022-27448 (bsc#1198632) - CVE-2022-27449 (bsc#1198633) - CVE-2022-27451 (bsc#1198639) - CVE-2022-27452 (bsc#1198640) - CVE-2022-27455 (bsc#1198638) - CVE-2022-27456 (bsc#1198635) - CVE-2022-27457 (bsc#1198636) - CVE-2022-27458 (bsc#1198637) - The following issue is not affecting this package: CVE-2022-21427 Update to 10.6.7 (bsc#1196016): - CVE-2021-46665, CVE-2021-46664, CVE-2021-46661, CVE-2021-46668, CVE-2021-46663 Update to 10.6.6: - CVE-2022-24052, CVE-2022-24051, CVE-2022-24050, CVE-2022-24048, CVE-2021-46659 (bsc#1195339) The following issues have been fixed already but didn't have CVE references: - CVE-2021-46658 (bsc#1195334) - CVE-2021-46657 (bsc#1195325) Non security fixes: - Skip failing tests for s390x, fixes bsc#1195076 External refernences: - https://mariadb.com/kb/en/library/mariadb-1068-release-notes - https://mariadb.com/kb/en/library/mariadb-1068-changelog - https://mariadb.com/kb/en/library/mariadb-1067-release-notes - https://mariadb.com/kb/en/library/mariadb-1067-changelog - https://mariadb.com/kb/en/library/mariadb-1066-release-notes - https://mariadb.com/kb/en/library/mariadb-1066-changelog ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2977-1 Released: Thu Sep 1 12:30:19 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731 This update for util-linux fixes the following issues: - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3003-1 Released: Fri Sep 2 15:01:44 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3159-1 Released: Wed Sep 7 14:33:42 2022 Summary: Security update for mariadb Type: security Severity: important References: 1200105,1201161,1201162,1201163,1201164,1201165,1201166,1201167,1201168,1201169,1201170,CVE-2022-32081,CVE-2022-32082,CVE-2022-32083,CVE-2022-32084,CVE-2022-32085,CVE-2022-32086,CVE-2022-32087,CVE-2022-32088,CVE-2022-32089,CVE-2022-32091 This update for mariadb fixes the following issues: - Updated to 10.6.9: - CVE-2022-32082: Fixed a reachable assertion that would crash the server (bsc#1201162). - CVE-2022-32089: Fixed a segmentation fault that coudl be triggered via a crafted query (bsc#1201169). - CVE-2022-32081: Fixed a buffer overflow on instant ADD/DROP of generated column (bsc#1201161). - CVE-2022-32091: Fixed a memory corruption issue that could be triggered via a crafted query (bsc#1201170). - CVE-2022-32084: Fixed a segmentation fault on INSERT SELECT queries (bsc#1201164). - Additionaly, the following issues were previously fixed: - CVE-2022-32088: Fixed a server crash when using ORDER BY with window function and UNION(bsc#1201168). - CVE-2022-32087: Fixed a segmentation fault that could be triggered via a crafted query (bsc#1201167). - CVE-2022-32086: Fixed a server crash on INSERT SELECT queries (bsc#1201166). - CVE-2022-32085: Fixed a segmentation fault that could be triggered via a crafted query (bsc#1201165). - CVE-2022-32083: Fixed a segmentation fault that could be triggered via a crafted query (bsc#1201163). Bugfixes: - Update mysql-systemd-helper to be aware of custom group (bsc#1200105). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3353-1 Released: Fri Sep 23 15:23:40 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3437-1 Released: Tue Sep 27 14:57:23 2022 Summary: Recommended update for mariadb-galera Type: recommended Severity: important References: 1202760 This recommended update for mariadb-galera provides: - Deliver missing mariadb-galera to SUSE Linux Enterprise 15 Service Pack 4 PackageHub - There are NO code changes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3855-1 Released: Wed Nov 2 12:39:09 2022 Summary: Recommended update for mariadb Type: recommended Severity: important References: 1202863,CVE-2022-38791 This update for mariadb fixes the following issues: Update version from 10.6.9 to 10.6.10: - Fix regression causing full text index corruption if shutdown before changes are fully flushed - Fix regression causing frequent 'Data structure corruption' in InnoDB after OOM - Fix incorrect recovery or backup of instant ALTER TABLE - Fix issue with InnoDB Temporary Tablespace (ibtmp1) causing it to continuously grow in size until the disk is full - For full list of changes please check https://mariadb.com/kb/en/library/mariadb-10610-release-notes and https://mariadb.com/kb/en/library/mariadb-10610-changelog ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:45-1 Released: Mon Jan 9 10:32:26 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:50-1 Released: Mon Jan 9 10:42:21 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1205502 This update for shadow fixes the following issues: - Fix issue with user id field that cannot be interpreted (bsc#1205502) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - filesystem-15.0-11.8.1 updated - libldap-data-2.4.46-150200.14.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - glibc-2.31-150300.41.1 updated - libcrypt1-4.4.15-150300.4.4.3 updated - perl-base-5.26.1-150300.17.11.1 updated - libssh-config-0.9.6-150400.1.5 updated - libzstd1-1.5.0-150400.1.71 updated - libsepol1-3.1-150400.1.70 updated - liblz4-1-1.9.3-150400.1.7 updated - libgpg-error0-1.42-150400.1.101 updated - libcap2-2.63-150400.1.7 updated - libbz2-1-1.0.8-150400.1.122 updated - libaudit1-3.0.6-150400.2.13 updated - libuuid1-2.37.2-150400.8.14.1 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libcom_err2-1.46.4-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libgcrypt20-1.9.4-150400.6.5.1 updated - libgcrypt20-hmac-1.9.4-150400.6.5.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libz1-1.2.11-150000.3.39.1 updated - libpcre1-8.45-150000.20.13.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libjitterentropy3-3.4.0-150000.1.6.1 added - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - libelf1-0.185-150400.5.3.1 updated - libxml2-2-2.9.14-150400.5.13.1 updated - libsystemd0-249.14-150400.8.19.1 updated - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - libdw1-0.185-150400.5.3.1 updated - libselinux1-3.1-150400.1.69 updated - libreadline7-7.0-150400.25.22 updated - patterns-base-fips-20200124-150400.18.4 updated - libsemanage1-3.1-150400.1.65 updated - bash-4.4-150400.25.22 updated - bash-sh-4.4-150400.25.22 updated - cpio-2.13-150400.1.98 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libmount1-2.37.2-150400.8.14.1 updated - krb5-1.19.2-150400.3.3.1 updated - login_defs-4.8.1-150400.10.3.1 updated - coreutils-8.32-150400.7.5 updated - libssh4-0.9.6-150400.1.5 updated - sles-release-15.4-150400.55.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - grep-3.1-150000.4.6.1 updated - libcurl4-7.79.1-150400.5.12.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - permissions-20201225-150400.5.16.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - pam-1.3.0-150000.6.61.1 updated - shadow-4.8.1-150400.10.3.1 updated - sysuser-shadow-3.1-150400.1.35 updated - system-group-hardware-20170617-150400.22.33 updated - util-linux-2.37.2-150400.8.14.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - timezone-2022g-150000.75.18.1 added - mariadb-errormessages-10.6.10-150400.3.17.1 updated - mariadb-client-10.6.10-150400.3.17.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:47:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:47:17 +0100 (CET) Subject: SUSE-CU-2023:322-1: Security update of suse/rmt-mariadb Message-ID: <20230209104717.F0C6EF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:322-1 Container Tags : suse/rmt-mariadb:10.6 , suse/rmt-mariadb:10.6-14.12 , suse/rmt-mariadb:latest Container Release : 14.12 Severity : important Type : security References : 1040589 1047178 1121365 1137373 1177460 1177460 1177460 1179416 1180125 1180995 1181658 1181805 1182983 1183543 1183545 1183659 1185299 1185637 1186819 1187670 1188548 1188607 1190651 1190651 1190651 1190653 1190700 1190824 1190888 1191020 1191157 1192951 1193282 1193489 1193659 1193711 1193859 1194038 1194047 1194708 1194968 1195059 1195076 1195157 1195283 1195325 1195334 1195339 1195628 1196016 1196025 1196026 1196093 1196107 1196168 1196169 1196171 1196275 1196406 1196490 1196647 1196784 1196861 1197004 1197024 1197065 1197178 1197459 1197570 1197718 1197771 1197794 1198062 1198165 1198176 1198341 1198446 1198471 1198472 1198511 1198603 1198604 1198605 1198606 1198607 1198609 1198610 1198611 1198612 1198613 1198627 1198628 1198629 1198630 1198631 1198632 1198633 1198634 1198635 1198636 1198637 1198638 1198639 1198640 1198720 1198731 1198732 1198751 1198752 1199132 1199140 1199140 1199166 1199232 1199232 1199235 1199240 1199467 1199492 1199928 1199944 1200105 1200170 1200334 1200550 1200723 1200734 1200735 1200736 1200737 1200747 1200800 1200855 1200855 1201099 1201161 1201162 1201163 1201164 1201165 1201166 1201167 1201168 1201169 1201170 1201276 1201293 1201385 1201560 1201640 1201680 1201795 1201942 1201959 1202117 1202148 1202148 1202175 1202310 1202324 1202593 1202624 1202750 1202760 1202863 1202870 1203018 1203046 1203069 1203125 1203438 1203652 1203652 1203911 1204179 1204211 1204366 1204367 1204383 1204386 1204577 1204585 1204649 1204708 1204944 1204968 1205000 1205000 1205126 1205156 1205502 1205646 1206308 1206309 1207182 1207264 1207533 1207534 1207536 1207538 CVE-2015-20107 CVE-2017-6512 CVE-2018-25032 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2021-20266 CVE-2021-20271 CVE-2021-28861 CVE-2021-3421 CVE-2021-3572 CVE-2021-46657 CVE-2021-46658 CVE-2021-46659 CVE-2021-46661 CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46668 CVE-2021-46669 CVE-2021-46828 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-1586 CVE-2022-1587 CVE-2022-1664 CVE-2022-2068 CVE-2022-2097 CVE-2022-23308 CVE-2022-24048 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-27376 CVE-2022-27377 CVE-2022-27378 CVE-2022-27379 CVE-2022-27380 CVE-2022-27381 CVE-2022-27382 CVE-2022-27383 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27444 CVE-2022-27445 CVE-2022-27446 CVE-2022-27447 CVE-2022-27448 CVE-2022-27449 CVE-2022-27451 CVE-2022-27452 CVE-2022-27455 CVE-2022-27456 CVE-2022-27457 CVE-2022-27458 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824 CVE-2022-31252 CVE-2022-32081 CVE-2022-32082 CVE-2022-32083 CVE-2022-32084 CVE-2022-32085 CVE-2022-32086 CVE-2022-32087 CVE-2022-32088 CVE-2022-32089 CVE-2022-32091 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-32221 CVE-2022-35252 CVE-2022-37434 CVE-2022-37454 CVE-2022-3821 CVE-2022-38791 CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 CVE-2022-42898 CVE-2022-42916 CVE-2022-4304 CVE-2022-43551 CVE-2022-43552 CVE-2022-43680 CVE-2022-4415 CVE-2022-4415 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:942-1 Released: Thu Mar 24 10:30:15 2022 Summary: Security update for python3 Type: security Severity: moderate References: 1186819,CVE-2021-3572 This update for python3 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1718-1 Released: Tue May 17 17:44:43 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2357-1 Released: Mon Jul 11 20:34:20 2022 Summary: Security update for python3 Type: security Severity: important References: 1198511,CVE-2015-20107 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2360-1 Released: Tue Jul 12 12:01:39 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2561-1 Released: Wed Jul 27 14:18:56 2022 Summary: Security update for mariadb Type: security Severity: important References: 1195076,1195325,1195334,1195339,1196016,1198603,1198604,1198605,1198606,1198607,1198609,1198610,1198611,1198612,1198613,1198628,1198629,1198630,1198631,1198632,1198633,1198634,1198635,1198636,1198637,1198638,1198639,1198640,1199928,CVE-2021-46657,CVE-2021-46658,CVE-2021-46659,CVE-2021-46661,CVE-2021-46663,CVE-2021-46664,CVE-2021-46665,CVE-2021-46668,CVE-2021-46669,CVE-2022-24048,CVE-2022-24050,CVE-2022-24051,CVE-2022-24052,CVE-2022-27376,CVE-2022-27377,CVE-2022-27378,CVE-2022-27379,CVE-2022-27380,CVE-2022-27381,CVE-2022-27382,CVE-2022-27383,CVE-2022-27384,CVE-2022-27386,CVE-2022-27387,CVE-2022-27444,CVE-2022-27445,CVE-2022-27446,CVE-2022-27447,CVE-2022-27448,CVE-2022-27449,CVE-2022-27451,CVE-2022-27452,CVE-2022-27455,CVE-2022-27456,CVE-2022-27457,CVE-2022-27458 This update for mariadb fixes the following issues: - Added mariadb-galera (jsc#SLE-22245) Update to 10.6.8 (bsc#1199928): - CVE-2021-46669 (bsc#1199928) - CVE-2022-27376 (bsc#1198628) - CVE-2022-27377 (bsc#1198603) - CVE-2022-27378 (bsc#1198604) - CVE-2022-27379 (bsc#1198605) - CVE-2022-27380 (bsc#1198606) - CVE-2022-27381 (bsc#1198607) - CVE-2022-27382 (bsc#1198609) - CVE-2022-27383 (bsc#1198610) - CVE-2022-27384 (bsc#1198611) - CVE-2022-27386 (bsc#1198612) - CVE-2022-27387 (bsc#1198613) - CVE-2022-27444 (bsc#1198634) - CVE-2022-27445 (bsc#1198629) - CVE-2022-27446 (bsc#1198630) - CVE-2022-27447 (bsc#1198631) - CVE-2022-27448 (bsc#1198632) - CVE-2022-27449 (bsc#1198633) - CVE-2022-27451 (bsc#1198639) - CVE-2022-27452 (bsc#1198640) - CVE-2022-27455 (bsc#1198638) - CVE-2022-27456 (bsc#1198635) - CVE-2022-27457 (bsc#1198636) - CVE-2022-27458 (bsc#1198637) - The following issue is not affecting this package: CVE-2022-21427 Update to 10.6.7 (bsc#1196016): - CVE-2021-46665, CVE-2021-46664, CVE-2021-46661, CVE-2021-46668, CVE-2021-46663 Update to 10.6.6: - CVE-2022-24052, CVE-2022-24051, CVE-2022-24050, CVE-2022-24048, CVE-2021-46659 (bsc#1195339) The following issues have been fixed already but didn't have CVE references: - CVE-2021-46658 (bsc#1195334) - CVE-2021-46657 (bsc#1195325) Non security fixes: - Skip failing tests for s390x, fixes bsc#1195076 External refernences: - https://mariadb.com/kb/en/library/mariadb-1068-release-notes - https://mariadb.com/kb/en/library/mariadb-1068-changelog - https://mariadb.com/kb/en/library/mariadb-1067-release-notes - https://mariadb.com/kb/en/library/mariadb-1067-changelog - https://mariadb.com/kb/en/library/mariadb-1066-release-notes - https://mariadb.com/kb/en/library/mariadb-1066-changelog ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2566-1 Released: Wed Jul 27 15:04:49 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199235,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2977-1 Released: Thu Sep 1 12:30:19 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731 This update for util-linux fixes the following issues: - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3003-1 Released: Fri Sep 2 15:01:44 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3159-1 Released: Wed Sep 7 14:33:42 2022 Summary: Security update for mariadb Type: security Severity: important References: 1200105,1201161,1201162,1201163,1201164,1201165,1201166,1201167,1201168,1201169,1201170,CVE-2022-32081,CVE-2022-32082,CVE-2022-32083,CVE-2022-32084,CVE-2022-32085,CVE-2022-32086,CVE-2022-32087,CVE-2022-32088,CVE-2022-32089,CVE-2022-32091 This update for mariadb fixes the following issues: - Updated to 10.6.9: - CVE-2022-32082: Fixed a reachable assertion that would crash the server (bsc#1201162). - CVE-2022-32089: Fixed a segmentation fault that coudl be triggered via a crafted query (bsc#1201169). - CVE-2022-32081: Fixed a buffer overflow on instant ADD/DROP of generated column (bsc#1201161). - CVE-2022-32091: Fixed a memory corruption issue that could be triggered via a crafted query (bsc#1201170). - CVE-2022-32084: Fixed a segmentation fault on INSERT SELECT queries (bsc#1201164). - Additionaly, the following issues were previously fixed: - CVE-2022-32088: Fixed a server crash when using ORDER BY with window function and UNION(bsc#1201168). - CVE-2022-32087: Fixed a segmentation fault that could be triggered via a crafted query (bsc#1201167). - CVE-2022-32086: Fixed a server crash on INSERT SELECT queries (bsc#1201166). - CVE-2022-32085: Fixed a segmentation fault that could be triggered via a crafted query (bsc#1201165). - CVE-2022-32083: Fixed a segmentation fault that could be triggered via a crafted query (bsc#1201163). Bugfixes: - Update mysql-systemd-helper to be aware of custom group (bsc#1200105). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3353-1 Released: Fri Sep 23 15:23:40 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3437-1 Released: Tue Sep 27 14:57:23 2022 Summary: Recommended update for mariadb-galera Type: recommended Severity: important References: 1202760 This recommended update for mariadb-galera provides: - Deliver missing mariadb-galera to SUSE Linux Enterprise 15 Service Pack 4 PackageHub - There are NO code changes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security Severity: important References: 1202624,CVE-2021-28861 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3855-1 Released: Wed Nov 2 12:39:09 2022 Summary: Recommended update for mariadb Type: recommended Severity: important References: 1202863,CVE-2022-38791 This update for mariadb fixes the following issues: Update version from 10.6.9 to 10.6.10: - Fix regression causing full text index corruption if shutdown before changes are fully flushed - Fix regression causing frequent 'Data structure corruption' in InnoDB after OOM - Fix incorrect recovery or backup of instant ALTER TABLE - Fix issue with InnoDB Temporary Tablespace (ibtmp1) causing it to continuously grow in size until the disk is full - For full list of changes please check https://mariadb.com/kb/en/library/mariadb-10610-release-notes and https://mariadb.com/kb/en/library/mariadb-10610-changelog ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:45-1 Released: Mon Jan 9 10:32:26 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:50-1 Released: Mon Jan 9 10:42:21 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1205502 This update for shadow fixes the following issues: - Fix issue with user id field that cannot be interpreted (bsc#1205502) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - filesystem-15.0-11.8.1 updated - libldap-data-2.4.46-150200.14.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - glibc-2.31-150300.41.1 updated - libcrypt1-4.4.15-150300.4.4.3 updated - perl-base-5.26.1-150300.17.11.1 updated - libssh-config-0.9.6-150400.1.5 updated - libzstd1-1.5.0-150400.1.71 updated - libsepol1-3.1-150400.1.70 updated - liblz4-1-1.9.3-150400.1.7 updated - libgpg-error0-1.42-150400.1.101 updated - libcap2-2.63-150400.1.7 updated - libbz2-1-1.0.8-150400.1.122 updated - libaudit1-3.0.6-150400.2.13 updated - libuuid1-2.37.2-150400.8.14.1 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libcom_err2-1.46.4-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libgcrypt20-1.9.4-150400.6.5.1 updated - libgcrypt20-hmac-1.9.4-150400.6.5.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libz1-1.2.11-150000.3.39.1 updated - libpcre1-8.45-150000.20.13.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libjitterentropy3-3.4.0-150000.1.6.1 added - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - libelf1-0.185-150400.5.3.1 updated - libxml2-2-2.9.14-150400.5.13.1 updated - libsystemd0-249.14-150400.8.19.1 updated - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - libdw1-0.185-150400.5.3.1 updated - libselinux1-3.1-150400.1.69 updated - libreadline7-7.0-150400.25.22 updated - patterns-base-fips-20200124-150400.18.4 updated - libsemanage1-3.1-150400.1.65 updated - bash-4.4-150400.25.22 updated - bash-sh-4.4-150400.25.22 updated - cpio-2.13-150400.1.98 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libmount1-2.37.2-150400.8.14.1 updated - krb5-1.19.2-150400.3.3.1 updated - login_defs-4.8.1-150400.10.3.1 updated - coreutils-8.32-150400.7.5 updated - libssh4-0.9.6-150400.1.5 updated - sles-release-15.4-150400.55.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - grep-3.1-150000.4.6.1 updated - libcurl4-7.79.1-150400.5.12.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - permissions-20201225-150400.5.16.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - pam-1.3.0-150000.6.61.1 updated - shadow-4.8.1-150400.10.3.1 updated - sysuser-shadow-3.1-150400.1.35 updated - system-group-hardware-20170617-150400.22.33 updated - util-linux-2.37.2-150400.8.14.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - timezone-2022g-150000.75.18.1 updated - libexpat1-2.4.4-150400.3.12.1 updated - libpcre2-8-0-10.39-150400.4.6.1 updated - mariadb-errormessages-10.6.10-150400.3.17.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - libpython3_6m1_0-3.6.15-150300.10.37.2 updated - python3-base-3.6.15-150300.10.37.2 updated - perl-5.26.1-150300.17.11.1 updated - libodbc2-2.3.9-150400.14.5 updated - mariadb-client-10.6.10-150400.3.17.1 updated - mariadb-10.6.10-150400.3.17.1 updated - mariadb-tools-10.6.10-150400.3.17.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:47:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:47:25 +0100 (CET) Subject: SUSE-CU-2023:324-1: Security update of suse/rmt-server Message-ID: <20230209104725.72DCDF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:324-1 Container Tags : suse/rmt-server:2.10 , suse/rmt-server:2.10-14.12 , suse/rmt-server:latest Container Release : 14.12 Severity : critical Type : security References : 1040589 1047178 1121365 1137373 1177460 1177460 1177460 1179416 1180125 1180995 1181658 1181805 1182983 1183543 1183545 1183659 1185299 1185637 1187670 1188160 1188161 1188548 1188578 1189802 1190375 1190651 1190651 1190651 1190653 1190700 1190824 1190888 1191020 1191157 1191552 1192951 1193035 1193081 1193282 1193489 1193659 1193711 1193859 1194038 1194047 1194708 1194968 1195059 1195157 1195283 1195628 1195773 1196093 1196107 1196125 1196275 1196406 1196490 1196647 1196861 1197004 1197024 1197038 1197065 1197178 1197405 1197459 1197570 1197718 1197771 1197794 1198062 1198165 1198176 1198341 1198441 1198446 1198471 1198472 1198627 1198720 1198721 1198731 1198732 1198751 1198752 1199132 1199140 1199140 1199166 1199232 1199240 1199467 1199492 1199944 1199961 1200170 1200334 1200550 1200723 1200734 1200735 1200736 1200737 1200747 1200800 1200855 1200855 1201099 1201225 1201276 1201293 1201385 1201560 1201590 1201640 1201680 1201783 1201795 1201942 1201959 1202117 1202148 1202148 1202175 1202310 1202324 1202593 1202750 1202870 1203018 1203046 1203069 1203652 1203652 1203911 1204179 1204211 1204285 1204357 1204366 1204367 1204383 1204386 1204585 1204649 1204769 1204944 1204968 1205000 1205000 1205089 1205126 1205156 1205502 1205646 1206308 1206309 1206337 1206579 1207182 1207264 1207533 1207534 1207536 1207538 CVE-2017-6512 CVE-2018-25032 CVE-2021-20266 CVE-2021-20271 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2021-3421 CVE-2021-36690 CVE-2021-41817 CVE-2021-41819 CVE-2021-46828 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-1664 CVE-2022-2068 CVE-2022-2097 CVE-2022-23308 CVE-2022-28739 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824 CVE-2022-31252 CVE-2022-31254 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-32221 CVE-2022-34903 CVE-2022-3515 CVE-2022-35252 CVE-2022-35737 CVE-2022-37434 CVE-2022-3821 CVE-2022-40303 CVE-2022-40304 CVE-2022-42898 CVE-2022-42916 CVE-2022-4304 CVE-2022-43551 CVE-2022-43552 CVE-2022-4415 CVE-2022-4415 CVE-2022-4450 CVE-2022-46908 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1512-1 Released: Tue May 3 16:11:28 2022 Summary: Security update for ruby2.5 Type: security Severity: important References: 1188160,1188161,1190375,1193035,1198441,CVE-2021-31799,CVE-2021-31810,CVE-2021-32066,CVE-2021-41817,CVE-2022-28739 This update for ruby2.5 fixes the following issues: - CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion (bsc#1198441). - CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods (bsc#1193035). - CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). - CVE-2021-31810: Fixed a trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-31799: Fixed a command injection vulnerability in RDoc (bsc#1190375). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1718-1 Released: Tue May 17 17:44:43 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1196125,1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2688-1 Released: Fri Aug 5 13:27:32 2022 Summary: Recommended update for rmt-server Type: recommended Severity: moderate References: 1191552 This update for rmt-server fixes the following issues: Version 2.8.0 - Forwarding information of registered systems to SCC more efficiently in batches - Syncing the systems' most recent last seen timestamps to SCC - Optional '--no-confirmation' switch to skip user confirmation when cleaning repository data - Fix 'rmt-cli systems list --csv -a' for RMTs with millions of systems (bsc#1191552) - Enable users with old versions of RMT to sync systems with SCC by default ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2977-1 Released: Thu Sep 1 12:30:19 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731 This update for util-linux fixes the following issues: - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3003-1 Released: Fri Sep 2 15:01:44 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3292-1 Released: Fri Sep 16 17:06:20 2022 Summary: Security update for ruby2.5 Type: security Severity: moderate References: 1193081,CVE-2021-41819 This update for ruby2.5 fixes the following issues: - CVE-2021-41819: Fixed cookie prefix spoofing in CGI::Cookie.parse (bsc#1193081). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3353-1 Released: Fri Sep 23 15:23:40 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3588-1 Released: Fri Oct 14 10:49:12 2022 Summary: Recommended update for rmt-server Type: recommended Severity: moderate References: 1188578,1197038,1197405,1198721,1199961 This update for rmt-server fixes the following issues: - Implement `System-Token` header handling to improve unique system reporting. - Add --proxy-byos flag to rmt-cli systems command to filter BYOS systems using RMT as a proxy - Retry failed http requests automatically (bsc#1197405, bsc#1188578, bsc#1198721, bsc#1199961) - Improved rmt-client-setup-res script for CentOS8.x and RHEL/RES8.x (bsc#1197038) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4062-1 Released: Fri Nov 18 09:05:07 2022 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1201590 This update for libusb-1_0 fixes the following issues: - Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4618-1 Released: Fri Dec 23 13:02:31 2022 Summary: Recommended update for catatonit Type: recommended Severity: moderate References: This update for catatonit fixes the following issues: Update to catatonit v0.1.7: - This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). Update to catatonit v0.1.6: - which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:19-1 Released: Tue Jan 3 20:16:50 2023 Summary: Security update for rmt-server Type: security Severity: important References: 1204285,1204769,1205089,CVE-2022-31254 This update for rmt-server fixes the following issues: Update to version 2.10: - Add option to turn off system token support (bsc#1205089) - Update the `last_seen_at` column on zypper service refresh - Do not retry to import non-existing files in air-gapped mode (bsc#1204769) - CVE-2022-31254: Fixed a local privilege escalation related to the packaging of rmt-server (bsc#1204285). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:45-1 Released: Mon Jan 9 10:32:26 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:50-1 Released: Mon Jan 9 10:42:21 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1205502 This update for shadow fixes the following issues: - Fix issue with user id field that cannot be interpreted (bsc#1205502) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - filesystem-15.0-11.8.1 updated - libldap-data-2.4.46-150200.14.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - glibc-2.31-150300.41.1 updated - libcrypt1-4.4.15-150300.4.4.3 updated - perl-base-5.26.1-150300.17.11.1 updated - libssh-config-0.9.6-150400.1.5 updated - libzstd1-1.5.0-150400.1.71 updated - libsepol1-3.1-150400.1.70 updated - liblz4-1-1.9.3-150400.1.7 updated - libgpg-error0-1.42-150400.1.101 updated - libcap2-2.63-150400.1.7 updated - libbz2-1-1.0.8-150400.1.122 updated - libaudit1-3.0.6-150400.2.13 updated - libuuid1-2.37.2-150400.8.14.1 updated - libudev1-249.14-150400.8.19.1 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libcom_err2-1.46.4-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libgcrypt20-1.9.4-150400.6.5.1 updated - libgcrypt20-hmac-1.9.4-150400.6.5.1 updated - libusb-1_0-0-1.0.24-150400.3.3.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libz1-1.2.11-150000.3.39.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libpcre1-8.45-150000.20.13.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libjitterentropy3-3.4.0-150000.1.6.1 added - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - libelf1-0.185-150400.5.3.1 updated - libxml2-2-2.9.14-150400.5.13.1 updated - libsystemd0-249.14-150400.8.19.1 updated - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - libdw1-0.185-150400.5.3.1 updated - libselinux1-3.1-150400.1.69 updated - libreadline7-7.0-150400.25.22 updated - patterns-base-fips-20200124-150400.18.4 updated - libsemanage1-3.1-150400.1.65 updated - bash-4.4-150400.25.22 updated - bash-sh-4.4-150400.25.22 updated - cpio-2.13-150400.1.98 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libmount1-2.37.2-150400.8.14.1 updated - krb5-1.19.2-150400.3.3.1 updated - login_defs-4.8.1-150400.10.3.1 updated - coreutils-8.32-150400.7.5 updated - libssh4-0.9.6-150400.1.5 updated - sles-release-15.4-150400.55.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - grep-3.1-150000.4.6.1 updated - libcurl4-7.79.1-150400.5.12.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - permissions-20201225-150400.5.16.1 updated - gpg2-2.2.27-150300.3.5.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - pam-1.3.0-150000.6.61.1 updated - shadow-4.8.1-150400.10.3.1 updated - sysuser-shadow-3.1-150400.1.35 updated - system-group-hardware-20170617-150400.22.33 updated - util-linux-2.37.2-150400.8.14.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - timezone-2022g-150000.75.18.1 updated - catatonit-0.1.7-150300.10.3.1 updated - fdupes-2.1.2-150400.1.86 updated - libruby2_5-2_5-2.5.9-150000.4.26.1 updated - libxslt1-1.1.34-150400.1.7 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - ruby2.5-stdlib-2.5.9-150000.4.26.1 updated - ruby2.5-2.5.9-150000.4.26.1 updated - rmt-server-config-2.10-150400.3.9.1 updated - rmt-server-2.10-150400.3.9.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:47:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:47:50 +0100 (CET) Subject: SUSE-CU-2023:325-1: Security update of bci/ruby Message-ID: <20230209104750.485A1F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:325-1 Container Tags : bci/ruby:2 , bci/ruby:2-33.13 , bci/ruby:2.5 , bci/ruby:2.5-33.13 , bci/ruby:latest Container Release : 33.13 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:47:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:47:59 +0100 (CET) Subject: SUSE-CU-2023:327-1: Security update of bci/rust Message-ID: <20230209104759.7D230F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:327-1 Container Tags : bci/rust:1.66 , bci/rust:1.66-2.13 , bci/rust:latest Container Release : 2.13 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:47:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:47:56 +0100 (CET) Subject: SUSE-CU-2023:326-1: Security update of bci/rust Message-ID: <20230209104756.B9F00F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:326-1 Container Tags : bci/rust:1.65 , bci/rust:1.65-13.13 Container Release : 13.13 Severity : important Type : security References : 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - container:sles15-image-15.0.0-27.14.34 updated From sle-updates at lists.suse.com Thu Feb 9 10:48:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 11:48:18 +0100 (CET) Subject: SUSE-CU-2023:328-1: Security update of suse/sle15 Message-ID: <20230209104818.BBDF2F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:328-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.34 , suse/sle15:15.4 , suse/sle15:15.4.27.14.34 Container Release : 27.14.34 Severity : important Type : security References : 1203652 1204944 1205000 1207264 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4415 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libsystemd0-249.14-150400.8.19.1 updated - libudev1-249.14-150400.8.19.1 updated - libz1-1.2.11-150000.3.39.1 updated - openssl-1_1-1.1.1l-150400.7.22.1 updated From sle-updates at lists.suse.com Thu Feb 9 11:18:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 12:18:58 +0100 (CET) Subject: SUSE-SU-2023:0321-1: important: Security update for apache2 Message-ID: <20230209111858.AF620FCC9@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0321-1 Rating: important References: #1207247 #1207250 #1207251 Cross-References: CVE-2006-20001 CVE-2022-36760 CVE-2022-37436 CVSS scores: CVE-2006-20001 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2006-20001 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-36760 (NVD) : 9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2022-36760 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L CVE-2022-37436 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-37436 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for apache2 fixes the following issues: - CVE-2022-37436: Fixed an issue in mod_proxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body (bsc#1207251). - CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow request smuggling attacks (bsc#1207250). - CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request header could cause memory corruption (bsc#1207247). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-321=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-321=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-321=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-321=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-321=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-321=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-321=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-321=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-321=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-321=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-321=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-321=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-321=1 Package List: - SUSE Manager Server 4.2 (ppc64le s390x x86_64): apache2-2.4.51-150200.3.51.1 apache2-debuginfo-2.4.51-150200.3.51.1 apache2-debugsource-2.4.51-150200.3.51.1 apache2-devel-2.4.51-150200.3.51.1 apache2-prefork-2.4.51-150200.3.51.1 apache2-prefork-debuginfo-2.4.51-150200.3.51.1 apache2-utils-2.4.51-150200.3.51.1 apache2-utils-debuginfo-2.4.51-150200.3.51.1 apache2-worker-2.4.51-150200.3.51.1 apache2-worker-debuginfo-2.4.51-150200.3.51.1 - SUSE Manager Server 4.2 (noarch): apache2-doc-2.4.51-150200.3.51.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): apache2-2.4.51-150200.3.51.1 apache2-debuginfo-2.4.51-150200.3.51.1 apache2-debugsource-2.4.51-150200.3.51.1 apache2-devel-2.4.51-150200.3.51.1 apache2-prefork-2.4.51-150200.3.51.1 apache2-prefork-debuginfo-2.4.51-150200.3.51.1 apache2-utils-2.4.51-150200.3.51.1 apache2-utils-debuginfo-2.4.51-150200.3.51.1 apache2-worker-2.4.51-150200.3.51.1 apache2-worker-debuginfo-2.4.51-150200.3.51.1 - SUSE Manager Retail Branch Server 4.2 (noarch): apache2-doc-2.4.51-150200.3.51.1 - SUSE Manager Proxy 4.2 (x86_64): apache2-2.4.51-150200.3.51.1 apache2-debuginfo-2.4.51-150200.3.51.1 apache2-debugsource-2.4.51-150200.3.51.1 apache2-devel-2.4.51-150200.3.51.1 apache2-prefork-2.4.51-150200.3.51.1 apache2-prefork-debuginfo-2.4.51-150200.3.51.1 apache2-utils-2.4.51-150200.3.51.1 apache2-utils-debuginfo-2.4.51-150200.3.51.1 apache2-worker-2.4.51-150200.3.51.1 apache2-worker-debuginfo-2.4.51-150200.3.51.1 - SUSE Manager Proxy 4.2 (noarch): apache2-doc-2.4.51-150200.3.51.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): apache2-2.4.51-150200.3.51.1 apache2-debuginfo-2.4.51-150200.3.51.1 apache2-debugsource-2.4.51-150200.3.51.1 apache2-devel-2.4.51-150200.3.51.1 apache2-prefork-2.4.51-150200.3.51.1 apache2-prefork-debuginfo-2.4.51-150200.3.51.1 apache2-utils-2.4.51-150200.3.51.1 apache2-utils-debuginfo-2.4.51-150200.3.51.1 apache2-worker-2.4.51-150200.3.51.1 apache2-worker-debuginfo-2.4.51-150200.3.51.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch): apache2-doc-2.4.51-150200.3.51.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): apache2-2.4.51-150200.3.51.1 apache2-debuginfo-2.4.51-150200.3.51.1 apache2-debugsource-2.4.51-150200.3.51.1 apache2-devel-2.4.51-150200.3.51.1 apache2-prefork-2.4.51-150200.3.51.1 apache2-prefork-debuginfo-2.4.51-150200.3.51.1 apache2-utils-2.4.51-150200.3.51.1 apache2-utils-debuginfo-2.4.51-150200.3.51.1 apache2-worker-2.4.51-150200.3.51.1 apache2-worker-debuginfo-2.4.51-150200.3.51.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): apache2-doc-2.4.51-150200.3.51.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): apache2-2.4.51-150200.3.51.1 apache2-debuginfo-2.4.51-150200.3.51.1 apache2-debugsource-2.4.51-150200.3.51.1 apache2-devel-2.4.51-150200.3.51.1 apache2-prefork-2.4.51-150200.3.51.1 apache2-prefork-debuginfo-2.4.51-150200.3.51.1 apache2-utils-2.4.51-150200.3.51.1 apache2-utils-debuginfo-2.4.51-150200.3.51.1 apache2-worker-2.4.51-150200.3.51.1 apache2-worker-debuginfo-2.4.51-150200.3.51.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): apache2-doc-2.4.51-150200.3.51.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): apache2-2.4.51-150200.3.51.1 apache2-debuginfo-2.4.51-150200.3.51.1 apache2-debugsource-2.4.51-150200.3.51.1 apache2-devel-2.4.51-150200.3.51.1 apache2-prefork-2.4.51-150200.3.51.1 apache2-prefork-debuginfo-2.4.51-150200.3.51.1 apache2-utils-2.4.51-150200.3.51.1 apache2-utils-debuginfo-2.4.51-150200.3.51.1 apache2-worker-2.4.51-150200.3.51.1 apache2-worker-debuginfo-2.4.51-150200.3.51.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): apache2-doc-2.4.51-150200.3.51.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): apache2-2.4.51-150200.3.51.1 apache2-debuginfo-2.4.51-150200.3.51.1 apache2-debugsource-2.4.51-150200.3.51.1 apache2-devel-2.4.51-150200.3.51.1 apache2-prefork-2.4.51-150200.3.51.1 apache2-prefork-debuginfo-2.4.51-150200.3.51.1 apache2-utils-2.4.51-150200.3.51.1 apache2-utils-debuginfo-2.4.51-150200.3.51.1 apache2-worker-2.4.51-150200.3.51.1 apache2-worker-debuginfo-2.4.51-150200.3.51.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): apache2-doc-2.4.51-150200.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): apache2-2.4.51-150200.3.51.1 apache2-debuginfo-2.4.51-150200.3.51.1 apache2-debugsource-2.4.51-150200.3.51.1 apache2-devel-2.4.51-150200.3.51.1 apache2-prefork-2.4.51-150200.3.51.1 apache2-prefork-debuginfo-2.4.51-150200.3.51.1 apache2-utils-2.4.51-150200.3.51.1 apache2-utils-debuginfo-2.4.51-150200.3.51.1 apache2-worker-2.4.51-150200.3.51.1 apache2-worker-debuginfo-2.4.51-150200.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): apache2-doc-2.4.51-150200.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): apache2-2.4.51-150200.3.51.1 apache2-debuginfo-2.4.51-150200.3.51.1 apache2-debugsource-2.4.51-150200.3.51.1 apache2-devel-2.4.51-150200.3.51.1 apache2-prefork-2.4.51-150200.3.51.1 apache2-prefork-debuginfo-2.4.51-150200.3.51.1 apache2-utils-2.4.51-150200.3.51.1 apache2-utils-debuginfo-2.4.51-150200.3.51.1 apache2-worker-2.4.51-150200.3.51.1 apache2-worker-debuginfo-2.4.51-150200.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): apache2-doc-2.4.51-150200.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): apache2-2.4.51-150200.3.51.1 apache2-debuginfo-2.4.51-150200.3.51.1 apache2-debugsource-2.4.51-150200.3.51.1 apache2-devel-2.4.51-150200.3.51.1 apache2-prefork-2.4.51-150200.3.51.1 apache2-prefork-debuginfo-2.4.51-150200.3.51.1 apache2-utils-2.4.51-150200.3.51.1 apache2-utils-debuginfo-2.4.51-150200.3.51.1 apache2-worker-2.4.51-150200.3.51.1 apache2-worker-debuginfo-2.4.51-150200.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): apache2-doc-2.4.51-150200.3.51.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): apache2-2.4.51-150200.3.51.1 apache2-debuginfo-2.4.51-150200.3.51.1 apache2-debugsource-2.4.51-150200.3.51.1 apache2-devel-2.4.51-150200.3.51.1 apache2-prefork-2.4.51-150200.3.51.1 apache2-prefork-debuginfo-2.4.51-150200.3.51.1 apache2-utils-2.4.51-150200.3.51.1 apache2-utils-debuginfo-2.4.51-150200.3.51.1 apache2-worker-2.4.51-150200.3.51.1 apache2-worker-debuginfo-2.4.51-150200.3.51.1 - SUSE Enterprise Storage 7.1 (noarch): apache2-doc-2.4.51-150200.3.51.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): apache2-2.4.51-150200.3.51.1 apache2-debuginfo-2.4.51-150200.3.51.1 apache2-debugsource-2.4.51-150200.3.51.1 apache2-devel-2.4.51-150200.3.51.1 apache2-prefork-2.4.51-150200.3.51.1 apache2-prefork-debuginfo-2.4.51-150200.3.51.1 apache2-utils-2.4.51-150200.3.51.1 apache2-utils-debuginfo-2.4.51-150200.3.51.1 apache2-worker-2.4.51-150200.3.51.1 apache2-worker-debuginfo-2.4.51-150200.3.51.1 - SUSE Enterprise Storage 7 (noarch): apache2-doc-2.4.51-150200.3.51.1 References: https://www.suse.com/security/cve/CVE-2006-20001.html https://www.suse.com/security/cve/CVE-2022-36760.html https://www.suse.com/security/cve/CVE-2022-37436.html https://bugzilla.suse.com/1207247 https://bugzilla.suse.com/1207250 https://bugzilla.suse.com/1207251 From sle-updates at lists.suse.com Thu Feb 9 11:20:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 12:20:35 +0100 (CET) Subject: SUSE-SU-2023:0317-1: important: Security update for apache2-mod_security2 Message-ID: <20230209112035.504B3FCC9@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_security2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0317-1 Rating: important References: #1207378 Cross-References: CVE-2022-48279 CVSS scores: CVE-2022-48279 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-48279 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2-mod_security2 fixes the following issues: - CVE-2022-48279: Fixed a potential firewall bypass due to an incorrect parsing of HTTP multipart requests (bsc#1207378). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-317=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-317=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-317=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-317=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-317=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-317=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-317=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-317=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-317=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-317=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-317=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-317=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-317=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-317=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-317=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-317=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-317=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.2 (ppc64le s390x x86_64): apache2-mod_security2-2.9.2-150000.3.6.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.6.1 apache2-mod_security2-debugsource-2.9.2-150000.3.6.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): apache2-mod_security2-2.9.2-150000.3.6.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.6.1 apache2-mod_security2-debugsource-2.9.2-150000.3.6.1 - SUSE Manager Proxy 4.2 (x86_64): apache2-mod_security2-2.9.2-150000.3.6.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.6.1 apache2-mod_security2-debugsource-2.9.2-150000.3.6.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): apache2-mod_security2-2.9.2-150000.3.6.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.6.1 apache2-mod_security2-debugsource-2.9.2-150000.3.6.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): apache2-mod_security2-2.9.2-150000.3.6.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.6.1 apache2-mod_security2-debugsource-2.9.2-150000.3.6.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): apache2-mod_security2-2.9.2-150000.3.6.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.6.1 apache2-mod_security2-debugsource-2.9.2-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): apache2-mod_security2-2.9.2-150000.3.6.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.6.1 apache2-mod_security2-debugsource-2.9.2-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): apache2-mod_security2-2.9.2-150000.3.6.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.6.1 apache2-mod_security2-debugsource-2.9.2-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): apache2-mod_security2-2.9.2-150000.3.6.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.6.1 apache2-mod_security2-debugsource-2.9.2-150000.3.6.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): apache2-mod_security2-2.9.2-150000.3.6.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.6.1 apache2-mod_security2-debugsource-2.9.2-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): apache2-mod_security2-2.9.2-150000.3.6.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.6.1 apache2-mod_security2-debugsource-2.9.2-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): apache2-mod_security2-2.9.2-150000.3.6.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.6.1 apache2-mod_security2-debugsource-2.9.2-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): apache2-mod_security2-2.9.2-150000.3.6.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.6.1 apache2-mod_security2-debugsource-2.9.2-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): apache2-mod_security2-2.9.2-150000.3.6.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.6.1 apache2-mod_security2-debugsource-2.9.2-150000.3.6.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): apache2-mod_security2-2.9.2-150000.3.6.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.6.1 apache2-mod_security2-debugsource-2.9.2-150000.3.6.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): apache2-mod_security2-2.9.2-150000.3.6.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.6.1 apache2-mod_security2-debugsource-2.9.2-150000.3.6.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): apache2-mod_security2-2.9.2-150000.3.6.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.6.1 apache2-mod_security2-debugsource-2.9.2-150000.3.6.1 - SUSE CaaS Platform 4.0 (x86_64): apache2-mod_security2-2.9.2-150000.3.6.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.6.1 apache2-mod_security2-debugsource-2.9.2-150000.3.6.1 References: https://www.suse.com/security/cve/CVE-2022-48279.html https://bugzilla.suse.com/1207378 From sle-updates at lists.suse.com Thu Feb 9 11:21:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 12:21:39 +0100 (CET) Subject: SUSE-SU-2023:0320-1: important: Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP4) Message-ID: <20230209112139.D46E6FCC9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0320-1 Rating: important References: #1206373 Cross-References: CVE-2022-4379 CVSS scores: CVE-2022-4379 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-4379 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 5.14.21-150400_15_5 fixes one issue. The following security issue was fixed: - CVE-2022-4379: Fixed a use-after-free vulnerability in nfs4file.c:__nfs42_ssc_open (bsc#1206209). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-320=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (x86_64): kernel-livepatch-5_14_21-150400_15_5-rt-2-150400.2.1 kernel-livepatch-5_14_21-150400_15_5-rt-debuginfo-2-150400.2.1 kernel-livepatch-SLE15-SP4-RT_Update_1-debugsource-2-150400.2.1 References: https://www.suse.com/security/cve/CVE-2022-4379.html https://bugzilla.suse.com/1206373 From sle-updates at lists.suse.com Thu Feb 9 11:22:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 12:22:15 +0100 (CET) Subject: SUSE-SU-2023:0323-1: important: Security update for python-swift3 Message-ID: <20230209112215.C4C04FCC9@maintenance.suse.de> SUSE Security Update: Security update for python-swift3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0323-1 Rating: important References: #1207035 Cross-References: CVE-2022-47950 CVSS scores: CVE-2022-47950 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-47950 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: HPE Helion Openstack 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-swift3 fixes the following issues: - CVE-2022-47950: Fixed an issue that could allow a remote attacker to disclose local file contents via a crafted XML file (bsc#1207035). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-323=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2023-323=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2023-323=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-swift3-1.7.0.dev372-3.3.1 - SUSE OpenStack Cloud 8 (noarch): python-swift3-1.7.0.dev372-3.3.1 - HPE Helion Openstack 8 (noarch): python-swift3-1.7.0.dev372-3.3.1 References: https://www.suse.com/security/cve/CVE-2022-47950.html https://bugzilla.suse.com/1207035 From sle-updates at lists.suse.com Thu Feb 9 11:22:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 12:22:59 +0100 (CET) Subject: SUSE-SU-2023:0325-1: critical: Security update for apr-util Message-ID: <20230209112259.7BAFEFCC9@maintenance.suse.de> SUSE Security Update: Security update for apr-util ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0325-1 Rating: critical References: #1207866 Cross-References: CVE-2022-25147 CVSS scores: CVE-2022-25147 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-25147 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apr-util fixes the following issues: - CVE-2022-25147: Fixed a buffer overflow possible with specially crafted input during base64 encoding (bsc#1207866) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-325=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-325=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-325=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): apr-util-debuginfo-1.6.1-150000.4.9.1 apr-util-debugsource-1.6.1-150000.4.9.1 apr-util-devel-1.6.1-150000.4.9.1 libapr-util1-1.6.1-150000.4.9.1 libapr-util1-dbd-mysql-1.6.1-150000.4.9.1 libapr-util1-dbd-mysql-debuginfo-1.6.1-150000.4.9.1 libapr-util1-dbd-pgsql-1.6.1-150000.4.9.1 libapr-util1-dbd-pgsql-debuginfo-1.6.1-150000.4.9.1 libapr-util1-dbd-sqlite3-1.6.1-150000.4.9.1 libapr-util1-dbd-sqlite3-debuginfo-1.6.1-150000.4.9.1 libapr-util1-debuginfo-1.6.1-150000.4.9.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): apr-util-debuginfo-1.6.1-150000.4.9.1 apr-util-debugsource-1.6.1-150000.4.9.1 apr-util-devel-1.6.1-150000.4.9.1 libapr-util1-1.6.1-150000.4.9.1 libapr-util1-dbd-mysql-1.6.1-150000.4.9.1 libapr-util1-dbd-mysql-debuginfo-1.6.1-150000.4.9.1 libapr-util1-dbd-pgsql-1.6.1-150000.4.9.1 libapr-util1-dbd-pgsql-debuginfo-1.6.1-150000.4.9.1 libapr-util1-dbd-sqlite3-1.6.1-150000.4.9.1 libapr-util1-dbd-sqlite3-debuginfo-1.6.1-150000.4.9.1 libapr-util1-debuginfo-1.6.1-150000.4.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): apr-util-debuginfo-1.6.1-150000.4.9.1 apr-util-debugsource-1.6.1-150000.4.9.1 apr-util-devel-1.6.1-150000.4.9.1 libapr-util1-1.6.1-150000.4.9.1 libapr-util1-dbd-mysql-1.6.1-150000.4.9.1 libapr-util1-dbd-mysql-debuginfo-1.6.1-150000.4.9.1 libapr-util1-dbd-pgsql-1.6.1-150000.4.9.1 libapr-util1-dbd-pgsql-debuginfo-1.6.1-150000.4.9.1 libapr-util1-dbd-sqlite3-1.6.1-150000.4.9.1 libapr-util1-dbd-sqlite3-debuginfo-1.6.1-150000.4.9.1 libapr-util1-debuginfo-1.6.1-150000.4.9.1 - SUSE CaaS Platform 4.0 (x86_64): apr-util-debuginfo-1.6.1-150000.4.9.1 apr-util-debugsource-1.6.1-150000.4.9.1 apr-util-devel-1.6.1-150000.4.9.1 libapr-util1-1.6.1-150000.4.9.1 libapr-util1-dbd-mysql-1.6.1-150000.4.9.1 libapr-util1-dbd-mysql-debuginfo-1.6.1-150000.4.9.1 libapr-util1-dbd-pgsql-1.6.1-150000.4.9.1 libapr-util1-dbd-pgsql-debuginfo-1.6.1-150000.4.9.1 libapr-util1-dbd-sqlite3-1.6.1-150000.4.9.1 libapr-util1-dbd-sqlite3-debuginfo-1.6.1-150000.4.9.1 libapr-util1-debuginfo-1.6.1-150000.4.9.1 References: https://www.suse.com/security/cve/CVE-2022-25147.html https://bugzilla.suse.com/1207866 From sle-updates at lists.suse.com Thu Feb 9 11:23:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 12:23:44 +0100 (CET) Subject: SUSE-SU-2023:0319-1: important: Security update for syslog-ng Message-ID: <20230209112344.90599FCC9@maintenance.suse.de> SUSE Security Update: Security update for syslog-ng ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0319-1 Rating: important References: #1207460 Cross-References: CVE-2022-38725 CVSS scores: CVE-2022-38725 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-38725 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Server SUSE Linux Enterprise Server for SAP Applications ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for syslog-ng fixes the following issues: - CVE-2022-38725: Fixed an integer overflow in the RFC3164 protocol parser (bsc#1207460). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2023-319=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (aarch64 ppc64le s390x x86_64): syslog-ng-3.6.4-12.11.1 syslog-ng-debuginfo-3.6.4-12.11.1 syslog-ng-debugsource-3.6.4-12.11.1 References: https://www.suse.com/security/cve/CVE-2022-38725.html https://bugzilla.suse.com/1207460 From sle-updates at lists.suse.com Thu Feb 9 11:24:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 12:24:25 +0100 (CET) Subject: SUSE-SU-2023:0316-1: critical: Security update for netatalk Message-ID: <20230209112425.BD394FCC9@maintenance.suse.de> SUSE Security Update: Security update for netatalk ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0316-1 Rating: critical References: #1207974 Cross-References: CVE-2022-43634 CVSS scores: CVE-2022-43634 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for netatalk fixes the following issues: - CVE-2022-43634: Fixed heap-based Buffer Overflow in dsi_writeinit (bsc#1207974). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2023-316=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-316=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libatalk12-3.1.0-3.14.1 libatalk12-debuginfo-3.1.0-3.14.1 netatalk-3.1.0-3.14.1 netatalk-debuginfo-3.1.0-3.14.1 netatalk-debugsource-3.1.0-3.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libatalk12-3.1.0-3.14.1 libatalk12-debuginfo-3.1.0-3.14.1 netatalk-3.1.0-3.14.1 netatalk-debuginfo-3.1.0-3.14.1 netatalk-debugsource-3.1.0-3.14.1 netatalk-devel-3.1.0-3.14.1 References: https://www.suse.com/security/cve/CVE-2022-43634.html https://bugzilla.suse.com/1207974 From sle-updates at lists.suse.com Thu Feb 9 11:25:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 12:25:07 +0100 (CET) Subject: SUSE-SU-2023:0314-1: important: Security update for apache2-mod_security2 Message-ID: <20230209112507.D1620FCC9@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_security2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0314-1 Rating: important References: #1207378 Cross-References: CVE-2022-48279 CVSS scores: CVE-2022-48279 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-48279 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2-mod_security2 fixes the following issues: - CVE-2022-48279: Fixed a potential firewall bypass due to an incorrect parsing of HTTP multipart requests (bsc#1207378). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-314=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-314=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apache2-mod_security2-2.9.4-150400.3.3.1 apache2-mod_security2-debuginfo-2.9.4-150400.3.3.1 apache2-mod_security2-debugsource-2.9.4-150400.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_security2-2.9.4-150400.3.3.1 apache2-mod_security2-debuginfo-2.9.4-150400.3.3.1 apache2-mod_security2-debugsource-2.9.4-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-48279.html https://bugzilla.suse.com/1207378 From sle-updates at lists.suse.com Thu Feb 9 11:25:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 12:25:56 +0100 (CET) Subject: SUSE-SU-2023:0318-1: important: Security update for apache2-mod_security2 Message-ID: <20230209112556.44926FCC9@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_security2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0318-1 Rating: important References: #1207378 Cross-References: CVE-2022-48279 CVSS scores: CVE-2022-48279 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-48279 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2-mod_security2 fixes the following issues: - CVE-2022-48279: Fixed a potential firewall bypass due to an incorrect parsing of HTTP multipart requests (bsc#1207378). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-318=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-318=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-318=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-318=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-318=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-318=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): apache2-mod_security2-2.8.0-7.6.1 apache2-mod_security2-debuginfo-2.8.0-7.6.1 apache2-mod_security2-debugsource-2.8.0-7.6.1 - SUSE OpenStack Cloud 9 (x86_64): apache2-mod_security2-2.8.0-7.6.1 apache2-mod_security2-debuginfo-2.8.0-7.6.1 apache2-mod_security2-debugsource-2.8.0-7.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): apache2-mod_security2-2.8.0-7.6.1 apache2-mod_security2-debuginfo-2.8.0-7.6.1 apache2-mod_security2-debugsource-2.8.0-7.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-mod_security2-2.8.0-7.6.1 apache2-mod_security2-debuginfo-2.8.0-7.6.1 apache2-mod_security2-debugsource-2.8.0-7.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): apache2-mod_security2-2.8.0-7.6.1 apache2-mod_security2-debuginfo-2.8.0-7.6.1 apache2-mod_security2-debugsource-2.8.0-7.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): apache2-mod_security2-2.8.0-7.6.1 apache2-mod_security2-debuginfo-2.8.0-7.6.1 apache2-mod_security2-debugsource-2.8.0-7.6.1 References: https://www.suse.com/security/cve/CVE-2022-48279.html https://bugzilla.suse.com/1207378 From sle-updates at lists.suse.com Thu Feb 9 11:26:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 12:26:54 +0100 (CET) Subject: SUSE-SU-2023:0328-1: moderate: Security update for rubygem-globalid Message-ID: <20230209112654.7EC45FCC9@maintenance.suse.de> SUSE Security Update: Security update for rubygem-globalid ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0328-1 Rating: moderate References: #1207587 Cross-References: CVE-2023-22799 CVSS scores: CVE-2023-22799 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-globalid fixes the following issues: - CVE-2023-22799: Fixed ReDoS vulnerability (bsc#1207587). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-328=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-328=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-328=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-328=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-328=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1 ruby2.5-rubygem-globalid-doc-0.4.1-150000.3.3.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1 References: https://www.suse.com/security/cve/CVE-2023-22799.html https://bugzilla.suse.com/1207587 From sle-updates at lists.suse.com Thu Feb 9 11:28:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 12:28:03 +0100 (CET) Subject: SUSE-SU-2023:0326-1: important: Security update for podman Message-ID: <20230209112803.412B3FCC9@maintenance.suse.de> SUSE Security Update: Security update for podman ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0326-1 Rating: important References: #1181640 #1181961 #1193166 #1193273 #1197672 #1199790 #1202809 PED-2771 Cross-References: CVE-2021-20199 CVE-2021-20206 CVE-2021-4024 CVE-2021-41190 CVE-2022-27649 CVE-2022-2989 CVSS scores: CVE-2021-20199 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-20199 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-20206 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20206 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-4024 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2021-4024 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2021-41190 (NVD) : 3 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N CVE-2021-41190 (SUSE): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N CVE-2022-27649 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27649 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-2989 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2022-2989 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves 6 vulnerabilities, contains one feature and has one errata is now available. Description: This update for podman fixes the following issues: podman was updated to version 4.3.1: 4.3.1: * Bugfixes - Fixed a deadlock between the `podman ps` and `podman container inspect` commands * Misc - Updated the containers/image library to v5.23.1 4.3.0: * Features - A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers. - A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted - A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command). - The `podman kube play` command now supports Kubernetes secrets using Podman's secrets backend. - Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers). - Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers). - The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml` - The `podman kube play` command now supports the `emptyDir` volume type - The `podman kube play` command now supports the `HostUsers` field in the pod spec. - The `podman play kube` command now supports `binaryData` in ConfigMaps. - The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options. - The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user - The `podman volume create` command's `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out. - Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images. - The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge "PATH=$PATH:/my/app" ...`) - The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container). - The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container) - The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file - The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options. - The `podman restart` command now supports the `--cidfile` and `--filter` options. - The `podman rm` command now supports the `--filter` option to select which containers will be removed. - The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images. - The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility. - The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility. - The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility - The `podman manifest create` command now accepts a new option, `--amend`/`-a`. - The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility. - The `podman secret create` command's `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`. - The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets. - The `podman secret ls` command now accepts the `--quiet`/`-q` option. - The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format. - The `podman stats` command now accepts the `--no-trunc` option. - The `podman save` command now accepts the `--signature-policy` option - The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods - A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility. - The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set ### Changes - Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match - The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function. - A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success. - When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored. - The installer for the Windows Podman client has been improved. - The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers) - Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container - Events for containers that are part of a pod now include the ID of the pod in the event. - SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication. - The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this. - The `podman inspect` command on containers now includes the digest of the image used to create the container. - Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled. Update to version 4.2.0: * Features - Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines. - A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod - A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins - A new command has been added, podman machine info, which displays information about the host and the versions of various machine components. - Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube at .service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd. - The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context. - The podman play kube command now supports volumes with the BlockDevice and CharDevice types - The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto - The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation. - Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube - The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work. - The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) - The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609). - The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod. - The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release! - The podman create and podman run commands now include the -c short option for the --cpu-shares option. - The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773). - The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing. - The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context. - The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231). - The podman machine init command on Windows now fetches an image with packages pre-installed (#14698). - Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697). - The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230). - Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427). - The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up). - Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458). - The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583). - When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v. - The remote Podman client's podman push command now supports the --remove-signatures option (#14558). - The remote Podman client now supports the podman image scp command. - The podman image scp command now supports tagging the transferred image with a new name. - The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595). - The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions. - The podman events command now includes the -f short option for the --filter option. - The podman pull command now includes the -a short option for the --all-tags option. - The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP). - The Podman global option --url now has two aliases: -H and --host. - The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API. - Added the ability to create sigstore signatures in podman push and podman manifest push. - Added an option to read image signing passphrase from a file. * Changes - Paused containers can now be killed with the podman kill command. - The podman system prune command now removes unused networks. - The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman. - If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577). - The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148). - All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless. - The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers. - Init containers created with podman play kube now default to the once type (#14877). - Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048). - The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion. - The libpod/common package has been removed as it's not used anywhere. - The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233). * Misc - Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server. - The podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time. - Podman Machine support for QEMU installations at non-default paths has been improved. - The podman machine ssh command no longer prints spurious warnings every time it is run. - When accessing the WSL prompt on Windows, the rootless user will be preferred. - The podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty. - The podman system prune command now no longer prints the Deleted Images header if no images were pruned. - The podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573). - Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338) - Updated the containers/image library to v5.22.0 - Updated the containers/storage library to v1.42.0 (fixes bsc#1196751) - Updated the containers/common library to v0.49.1 - Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884). - Fixed an incorrect release note about regexp. - A new MacOS installer (via pkginstaller) is now supported. Update to version 4.1.1: * The output of the podman load command now mirrors that of docker load. * Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0. * A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so. * Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable. * Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers. * The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries. * The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources. * The podman play kube command will now set default resource limits when the provided YAML does not include them. * The podman play kube command now supports a new option, --annotation, to add annotations to created containers. * The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile. * The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer. * The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them. * The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images. * The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network. * The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information. * The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers. * The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter. * The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format. * The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security. * The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for. * The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create. * The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961). * The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file. * The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}. * The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined. * The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization. * Fix CVE-2022-27191 / bsc#1197284 - Require catatonit >= 0.1.7 for pause functionality needed by pods Update to version 4.0.3: * Security - This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set. * Changes - The podman machine rm --force command will now remove running machines as well (such machines are shut down first, then removed) (#13448). - When a podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510). - Updated the containers/common library to v0.47.5 - This release addresses CVE-2021-4024 / bsc#1193166, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777. - This release addresses CVE-2021-41190 / bsc#1193273, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients. Update to version 3.1.0: (bsc#1181961, CVE-2021-20206) - A fix for CVE-2021-20199 / bsc#1181640 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-326=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-326=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-326=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-326=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-326=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-326=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-326=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-326=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): podman-4.3.1-150300.9.15.1 podman-debuginfo-4.3.1-150300.9.15.1 - openSUSE Leap Micro 5.2 (noarch): podman-cni-config-4.3.1-150300.9.15.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): podman-4.3.1-150300.9.15.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch): podman-cni-config-4.3.1-150300.9.15.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): podman-4.3.1-150300.9.15.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): podman-cni-config-4.3.1-150300.9.15.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): podman-4.3.1-150300.9.15.1 podman-debuginfo-4.3.1-150300.9.15.1 - SUSE Linux Enterprise Micro 5.2 (noarch): podman-cni-config-4.3.1-150300.9.15.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): podman-4.3.1-150300.9.15.1 - SUSE Linux Enterprise Micro 5.1 (noarch): podman-cni-config-4.3.1-150300.9.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): podman-4.3.1-150300.9.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): podman-cni-config-4.3.1-150300.9.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): podman-4.3.1-150300.9.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): podman-cni-config-4.3.1-150300.9.15.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): podman-4.3.1-150300.9.15.1 podman-debuginfo-4.3.1-150300.9.15.1 - SUSE Enterprise Storage 7.1 (noarch): podman-cni-config-4.3.1-150300.9.15.1 References: https://www.suse.com/security/cve/CVE-2021-20199.html https://www.suse.com/security/cve/CVE-2021-20206.html https://www.suse.com/security/cve/CVE-2021-4024.html https://www.suse.com/security/cve/CVE-2021-41190.html https://www.suse.com/security/cve/CVE-2022-27649.html https://www.suse.com/security/cve/CVE-2022-2989.html https://bugzilla.suse.com/1181640 https://bugzilla.suse.com/1181961 https://bugzilla.suse.com/1193166 https://bugzilla.suse.com/1193273 https://bugzilla.suse.com/1197672 https://bugzilla.suse.com/1199790 https://bugzilla.suse.com/1202809 From sle-updates at lists.suse.com Thu Feb 9 11:29:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 12:29:36 +0100 (CET) Subject: SUSE-SU-2023:0324-1: critical: Security update for apr-util Message-ID: <20230209112936.8F07EFCC9@maintenance.suse.de> SUSE Security Update: Security update for apr-util ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0324-1 Rating: critical References: #1207866 Cross-References: CVE-2022-25147 CVSS scores: CVE-2022-25147 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-25147 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apr-util fixes the following issues: - CVE-2022-25147: Fixed a buffer overflow possible with specially crafted input during base64 encoding (bsc#1207866) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-324=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-324=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-324=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-324=1 Package List: - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): apr-util-debuginfo-1.6.1-150200.12.3.1 apr-util-debugsource-1.6.1-150200.12.3.1 apr-util-devel-1.6.1-150200.12.3.1 libapr-util1-1.6.1-150200.12.3.1 libapr-util1-dbd-mysql-1.6.1-150200.12.3.1 libapr-util1-dbd-mysql-debuginfo-1.6.1-150200.12.3.1 libapr-util1-dbd-pgsql-1.6.1-150200.12.3.1 libapr-util1-dbd-pgsql-debuginfo-1.6.1-150200.12.3.1 libapr-util1-dbd-sqlite3-1.6.1-150200.12.3.1 libapr-util1-dbd-sqlite3-debuginfo-1.6.1-150200.12.3.1 libapr-util1-debuginfo-1.6.1-150200.12.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): apr-util-debuginfo-1.6.1-150200.12.3.1 apr-util-debugsource-1.6.1-150200.12.3.1 apr-util-devel-1.6.1-150200.12.3.1 libapr-util1-1.6.1-150200.12.3.1 libapr-util1-dbd-mysql-1.6.1-150200.12.3.1 libapr-util1-dbd-mysql-debuginfo-1.6.1-150200.12.3.1 libapr-util1-dbd-pgsql-1.6.1-150200.12.3.1 libapr-util1-dbd-pgsql-debuginfo-1.6.1-150200.12.3.1 libapr-util1-dbd-sqlite3-1.6.1-150200.12.3.1 libapr-util1-dbd-sqlite3-debuginfo-1.6.1-150200.12.3.1 libapr-util1-debuginfo-1.6.1-150200.12.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): apr-util-debuginfo-1.6.1-150200.12.3.1 apr-util-debugsource-1.6.1-150200.12.3.1 apr-util-devel-1.6.1-150200.12.3.1 libapr-util1-1.6.1-150200.12.3.1 libapr-util1-dbd-mysql-1.6.1-150200.12.3.1 libapr-util1-dbd-mysql-debuginfo-1.6.1-150200.12.3.1 libapr-util1-dbd-pgsql-1.6.1-150200.12.3.1 libapr-util1-dbd-pgsql-debuginfo-1.6.1-150200.12.3.1 libapr-util1-dbd-sqlite3-1.6.1-150200.12.3.1 libapr-util1-dbd-sqlite3-debuginfo-1.6.1-150200.12.3.1 libapr-util1-debuginfo-1.6.1-150200.12.3.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): apr-util-debuginfo-1.6.1-150200.12.3.1 apr-util-debugsource-1.6.1-150200.12.3.1 apr-util-devel-1.6.1-150200.12.3.1 libapr-util1-1.6.1-150200.12.3.1 libapr-util1-dbd-mysql-1.6.1-150200.12.3.1 libapr-util1-dbd-mysql-debuginfo-1.6.1-150200.12.3.1 libapr-util1-dbd-pgsql-1.6.1-150200.12.3.1 libapr-util1-dbd-pgsql-debuginfo-1.6.1-150200.12.3.1 libapr-util1-dbd-sqlite3-1.6.1-150200.12.3.1 libapr-util1-dbd-sqlite3-debuginfo-1.6.1-150200.12.3.1 libapr-util1-debuginfo-1.6.1-150200.12.3.1 References: https://www.suse.com/security/cve/CVE-2022-25147.html https://bugzilla.suse.com/1207866 From sle-updates at lists.suse.com Thu Feb 9 11:30:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 12:30:36 +0100 (CET) Subject: SUSE-SU-2023:0322-1: important: Security update for apache2 Message-ID: <20230209113036.2DF6EFCC9@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0322-1 Rating: important References: #1207247 #1207250 #1207251 Cross-References: CVE-2006-20001 CVE-2022-36760 CVE-2022-37436 CVSS scores: CVE-2006-20001 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2006-20001 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-36760 (NVD) : 9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2022-36760 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L CVE-2022-37436 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-37436 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for apache2 fixes the following issues: - CVE-2022-37436: Fixed an issue in mod_proxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body (bsc#1207251). - CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow request smuggling attacks (bsc#1207250). - CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request header could cause memory corruption (bsc#1207247). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-322=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-322=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-322=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-322=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apache2-2.4.51-150400.6.6.1 apache2-debuginfo-2.4.51-150400.6.6.1 apache2-debugsource-2.4.51-150400.6.6.1 apache2-devel-2.4.51-150400.6.6.1 apache2-event-2.4.51-150400.6.6.1 apache2-event-debuginfo-2.4.51-150400.6.6.1 apache2-example-pages-2.4.51-150400.6.6.1 apache2-prefork-2.4.51-150400.6.6.1 apache2-prefork-debuginfo-2.4.51-150400.6.6.1 apache2-utils-2.4.51-150400.6.6.1 apache2-utils-debuginfo-2.4.51-150400.6.6.1 apache2-worker-2.4.51-150400.6.6.1 apache2-worker-debuginfo-2.4.51-150400.6.6.1 - openSUSE Leap 15.4 (noarch): apache2-doc-2.4.51-150400.6.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.51-150400.6.6.1 apache2-debugsource-2.4.51-150400.6.6.1 apache2-devel-2.4.51-150400.6.6.1 apache2-worker-2.4.51-150400.6.6.1 apache2-worker-debuginfo-2.4.51-150400.6.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): apache2-doc-2.4.51-150400.6.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.51-150400.6.6.1 apache2-debugsource-2.4.51-150400.6.6.1 apache2-event-2.4.51-150400.6.6.1 apache2-event-debuginfo-2.4.51-150400.6.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-2.4.51-150400.6.6.1 apache2-debuginfo-2.4.51-150400.6.6.1 apache2-debugsource-2.4.51-150400.6.6.1 apache2-prefork-2.4.51-150400.6.6.1 apache2-prefork-debuginfo-2.4.51-150400.6.6.1 apache2-utils-2.4.51-150400.6.6.1 apache2-utils-debuginfo-2.4.51-150400.6.6.1 References: https://www.suse.com/security/cve/CVE-2006-20001.html https://www.suse.com/security/cve/CVE-2022-36760.html https://www.suse.com/security/cve/CVE-2022-37436.html https://bugzilla.suse.com/1207247 https://bugzilla.suse.com/1207250 https://bugzilla.suse.com/1207251 From sle-updates at lists.suse.com Thu Feb 9 14:18:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 15:18:53 +0100 (CET) Subject: SUSE-SU-2023:0329-1: important: Security update for MozillaThunderbird Message-ID: <20230209141853.50D8DFCC9@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0329-1 Rating: important References: #1207119 Cross-References: CVE-2022-46871 CVE-2022-46877 CVE-2023-0430 CVE-2023-23598 CVE-2023-23599 CVE-2023-23601 CVE-2023-23602 CVE-2023-23603 CVE-2023-23605 CVSS scores: CVE-2022-46871 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-46877 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2023-0430 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: Updated to version 102.7.1 (bsc#1207119): * CVE-2022-46871: Fixed out of date libusrsctp. * CVE-2023-23598: Fixed arbitrary file read from GTK drag and drop on Linux. * CVE-2023-23599: Fixed issue where malicious command that could be hidden in devtools output on Windows. * CVE-2023-23601: Fixed issue where URL being dragged from cross-origin iframe into same tab triggers navigation. * CVE-2023-23602: Fixed Content Security Policy not being correctly applied to WebSockets in WebWorkers. * CVE-2022-46877: Fixed fullscreen notification bypass. * CVE-2023-23603: Fixed issue where calls to code tag allowed bypassing Content Security Policy via format directive. * CVE-2023-23605: Fixed memory safety bugs. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-329=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-329=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-329=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-102.7.1-150200.8.102.1 MozillaThunderbird-debuginfo-102.7.1-150200.8.102.1 MozillaThunderbird-debugsource-102.7.1-150200.8.102.1 MozillaThunderbird-translations-common-102.7.1-150200.8.102.1 MozillaThunderbird-translations-other-102.7.1-150200.8.102.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): MozillaThunderbird-102.7.1-150200.8.102.1 MozillaThunderbird-debuginfo-102.7.1-150200.8.102.1 MozillaThunderbird-debugsource-102.7.1-150200.8.102.1 MozillaThunderbird-translations-common-102.7.1-150200.8.102.1 MozillaThunderbird-translations-other-102.7.1-150200.8.102.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): MozillaThunderbird-102.7.1-150200.8.102.1 MozillaThunderbird-debuginfo-102.7.1-150200.8.102.1 MozillaThunderbird-debugsource-102.7.1-150200.8.102.1 MozillaThunderbird-translations-common-102.7.1-150200.8.102.1 MozillaThunderbird-translations-other-102.7.1-150200.8.102.1 References: https://www.suse.com/security/cve/CVE-2022-46871.html https://www.suse.com/security/cve/CVE-2022-46877.html https://www.suse.com/security/cve/CVE-2023-0430.html https://www.suse.com/security/cve/CVE-2023-23598.html https://www.suse.com/security/cve/CVE-2023-23599.html https://www.suse.com/security/cve/CVE-2023-23601.html https://www.suse.com/security/cve/CVE-2023-23602.html https://www.suse.com/security/cve/CVE-2023-23603.html https://www.suse.com/security/cve/CVE-2023-23605.html https://bugzilla.suse.com/1207119 From sle-updates at lists.suse.com Thu Feb 9 14:19:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 15:19:37 +0100 (CET) Subject: SUSE-RU-2023:0330-1: important: Recommended update for pesign-obs-integration Message-ID: <20230209141937.DB8A2FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for pesign-obs-integration ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0330-1 Rating: important References: #1195805 #1205917 #1207520 PED-2658 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has three recommended fixes and contains one feature can now be installed. Description: This update for pesign-obs-integration fixes the following issues: - Fix for a filename issue in the scripts of generated ueficert package (bsc#1195805, bsc#1205917) - fixed dependency generators (bsc#1207520)(jsc#PED-2658): - Add support for including macros in pesign-repackage.spec by using pesign-spec-macros - Add support for copying sources to the new build directory by using pesign-copy-sources - Update README for dependency generation, add Dependency Generation section Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-330=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-330=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): pesign-obs-integration-10.2+git20210804.ff18da1-150400.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): pesign-obs-integration-10.2+git20210804.ff18da1-150400.3.5.1 References: https://bugzilla.suse.com/1195805 https://bugzilla.suse.com/1205917 https://bugzilla.suse.com/1207520 From sle-updates at lists.suse.com Thu Feb 9 17:19:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 18:19:45 +0100 (CET) Subject: SUSE-RU-2023:0333-1: moderate: Recommended update for amazon-ecs-init Message-ID: <20230209171945.D7267FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for amazon-ecs-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0333-1 Rating: moderate References: Affected Products: SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for amazon-ecs-init fixes the following issues: - Add aarch64 binaries to the channels. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-333=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-333=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-333=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-333=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-333=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): amazon-ecs-init-1.53.0-150100.4.13.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 x86_64): amazon-ecs-init-1.53.0-150100.4.13.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 x86_64): amazon-ecs-init-1.53.0-150100.4.13.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 x86_64): amazon-ecs-init-1.53.0-150100.4.13.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 x86_64): amazon-ecs-init-1.53.0-150100.4.13.1 References: From sle-updates at lists.suse.com Thu Feb 9 17:20:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 18:20:42 +0100 (CET) Subject: SUSE-RU-2023:0334-1: moderate: Recommended update for google-osconfig-agent Message-ID: <20230209172042.B4E4BFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-osconfig-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0334-1 Rating: moderate References: Affected Products: SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for google-osconfig-agent fixes the following issues: - Provide the latest version for SLE-15-SP4 too. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-334=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-334=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-334=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-334=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-334=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): google-osconfig-agent-20220801.00-150000.1.24.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 ppc64le s390x x86_64): google-osconfig-agent-20220801.00-150000.1.24.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): google-osconfig-agent-20220801.00-150000.1.24.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): google-osconfig-agent-20220801.00-150000.1.24.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): google-osconfig-agent-20220801.00-150000.1.24.1 References: From sle-updates at lists.suse.com Thu Feb 9 17:21:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 18:21:34 +0100 (CET) Subject: SUSE-SU-2023:0331-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4) Message-ID: <20230209172134.5B1F9FCC9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0331-1 Rating: important References: #1204167 #1205186 #1206373 Cross-References: CVE-2022-2602 CVE-2022-3424 CVE-2022-4379 CVSS scores: CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4379 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-4379 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 5.14.21-150400_24_21 fixes several issues. The following security issues were fixed: - CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-331=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1 kernel-livepatch-5_14_21-150400_24_21-default-debuginfo-6-150400.2.1 kernel-livepatch-SLE15-SP4_Update_3-debugsource-6-150400.2.1 References: https://www.suse.com/security/cve/CVE-2022-2602.html https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-4379.html https://bugzilla.suse.com/1204167 https://bugzilla.suse.com/1205186 https://bugzilla.suse.com/1206373 From sle-updates at lists.suse.com Thu Feb 9 17:22:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 18:22:27 +0100 (CET) Subject: SUSE-RU-2023:0332-1: moderate: Recommended update for suse-migration-services Message-ID: <20230209172227.4551FFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-migration-services ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0332-1 Rating: moderate References: #1206194 Affected Products: openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for suse-migration-services fixes the following issues: - Use bind mount to ensure the resolv.conf is not empty. (bsc#1206194) This fix resolves an issue where an empty resolv.conf on the "system-root" path results in a failed migration. - A documentation update was added to address - Fix kernel check when there is no entry for 'multiversion =' Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-332=1 Package List: - openSUSE Leap 15.4 (noarch): suse-migration-pre-checks-2.0.35-150000.1.56.1 suse-migration-services-2.0.35-150000.1.56.1 References: https://bugzilla.suse.com/1206194 From sle-updates at lists.suse.com Thu Feb 9 17:23:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 18:23:13 +0100 (CET) Subject: SUSE-RU-2023:0335-1: moderate: Recommended update for hyper-v Message-ID: <20230209172313.4DA82FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for hyper-v ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0335-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for hyper-v fixes the following issues: - Provide the latest version for SLE-15-SP4 too. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-335=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-335=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-335=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-335=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-335=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-335=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-335=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-335=1 Package List: - openSUSE Leap Micro 5.3 (x86_64): hyper-v-8-150200.14.8.1 hyper-v-debuginfo-8-150200.14.8.1 hyper-v-debugsource-8-150200.14.8.1 - openSUSE Leap Micro 5.2 (x86_64): hyper-v-8-150200.14.8.1 hyper-v-debuginfo-8-150200.14.8.1 hyper-v-debugsource-8-150200.14.8.1 - openSUSE Leap 15.4 (aarch64 x86_64): hyper-v-8-150200.14.8.1 hyper-v-debuginfo-8-150200.14.8.1 hyper-v-debugsource-8-150200.14.8.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): hyper-v-8-150200.14.8.1 hyper-v-debuginfo-8-150200.14.8.1 hyper-v-debugsource-8-150200.14.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 x86_64): hyper-v-8-150200.14.8.1 hyper-v-debuginfo-8-150200.14.8.1 hyper-v-debugsource-8-150200.14.8.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64): hyper-v-8-150200.14.8.1 hyper-v-debuginfo-8-150200.14.8.1 hyper-v-debugsource-8-150200.14.8.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64): hyper-v-8-150200.14.8.1 hyper-v-debuginfo-8-150200.14.8.1 hyper-v-debugsource-8-150200.14.8.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 x86_64): hyper-v-8-150200.14.8.1 hyper-v-debuginfo-8-150200.14.8.1 hyper-v-debugsource-8-150200.14.8.1 References: From sle-updates at lists.suse.com Thu Feb 9 20:18:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 21:18:27 +0100 (CET) Subject: SUSE-SU-2023:0338-1: critical: Security update for libapr-util1 Message-ID: <20230209201827.A1EF1FCC9@maintenance.suse.de> SUSE Security Update: Security update for libapr-util1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0338-1 Rating: critical References: #1207866 Cross-References: CVE-2022-25147 CVSS scores: CVE-2022-25147 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-25147 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libapr-util1 fixes the following issues: - CVE-2022-25147: Fixed a buffer overflow possible with specially crafted input during base64 encoding (bsc#1207866) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-338=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libapr-util1-1.5.3-2.11.1 libapr-util1-dbd-sqlite3-1.5.3-2.11.1 libapr-util1-dbd-sqlite3-debuginfo-1.5.3-2.11.1 libapr-util1-debuginfo-1.5.3-2.11.1 libapr-util1-debugsource-1.5.3-2.11.1 References: https://www.suse.com/security/cve/CVE-2022-25147.html https://bugzilla.suse.com/1207866 From sle-updates at lists.suse.com Thu Feb 9 20:19:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 21:19:31 +0100 (CET) Subject: SUSE-SU-2022:0562-2: moderate: Security update for jasper Message-ID: <20230209201931.1C752FCC9@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0562-2 Rating: moderate References: #1188437 Cross-References: CVE-2021-27845 CVSS scores: CVE-2021-27845 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-27845 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jasper fixes the following issues: - CVE-2021-27845: Fixed divide-by-zery issue in cp_create() (bsc#1188437). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-336=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-336=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-336=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-336=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-336=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-336=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-336=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-336=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-336=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-336=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): jasper-debuginfo-2.0.14-3.22.1 jasper-debugsource-2.0.14-3.22.1 libjasper-devel-2.0.14-3.22.1 libjasper4-2.0.14-3.22.1 libjasper4-debuginfo-2.0.14-3.22.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): jasper-debuginfo-2.0.14-3.22.1 jasper-debugsource-2.0.14-3.22.1 libjasper-devel-2.0.14-3.22.1 libjasper4-2.0.14-3.22.1 libjasper4-debuginfo-2.0.14-3.22.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.22.1 jasper-debugsource-2.0.14-3.22.1 libjasper-devel-2.0.14-3.22.1 libjasper4-2.0.14-3.22.1 libjasper4-debuginfo-2.0.14-3.22.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.22.1 jasper-debugsource-2.0.14-3.22.1 libjasper-devel-2.0.14-3.22.1 libjasper4-2.0.14-3.22.1 libjasper4-debuginfo-2.0.14-3.22.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.22.1 jasper-debugsource-2.0.14-3.22.1 libjasper-devel-2.0.14-3.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.22.1 jasper-debugsource-2.0.14-3.22.1 libjasper4-2.0.14-3.22.1 libjasper4-debuginfo-2.0.14-3.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): jasper-debuginfo-2.0.14-3.22.1 jasper-debugsource-2.0.14-3.22.1 libjasper-devel-2.0.14-3.22.1 libjasper4-2.0.14-3.22.1 libjasper4-debuginfo-2.0.14-3.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): jasper-debuginfo-2.0.14-3.22.1 jasper-debugsource-2.0.14-3.22.1 libjasper-devel-2.0.14-3.22.1 libjasper4-2.0.14-3.22.1 libjasper4-debuginfo-2.0.14-3.22.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): jasper-debuginfo-2.0.14-3.22.1 jasper-debugsource-2.0.14-3.22.1 libjasper-devel-2.0.14-3.22.1 libjasper4-2.0.14-3.22.1 libjasper4-debuginfo-2.0.14-3.22.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): jasper-debuginfo-2.0.14-3.22.1 jasper-debugsource-2.0.14-3.22.1 libjasper-devel-2.0.14-3.22.1 libjasper4-2.0.14-3.22.1 libjasper4-debuginfo-2.0.14-3.22.1 - SUSE CaaS Platform 4.0 (x86_64): jasper-debuginfo-2.0.14-3.22.1 jasper-debugsource-2.0.14-3.22.1 libjasper-devel-2.0.14-3.22.1 libjasper4-2.0.14-3.22.1 libjasper4-debuginfo-2.0.14-3.22.1 References: https://www.suse.com/security/cve/CVE-2021-27845.html https://bugzilla.suse.com/1188437 From sle-updates at lists.suse.com Thu Feb 9 20:20:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2023 21:20:48 +0100 (CET) Subject: SUSE-SU-2023:0337-1: critical: Security update for libapr-util1 Message-ID: <20230209202048.E846DFCC9@maintenance.suse.de> SUSE Security Update: Security update for libapr-util1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0337-1 Rating: critical References: #1207866 Cross-References: CVE-2022-25147 CVSS scores: CVE-2022-25147 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-25147 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libapr-util1 fixes the following issues: - CVE-2022-25147: Fixed a buffer overflow possible with specially crafted input during base64 encoding (bsc#1207866) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-337=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-337=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-337=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-337=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-337=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-337=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libapr-util1-1.5.3-8.7.1 libapr-util1-dbd-sqlite3-1.5.3-8.7.1 libapr-util1-dbd-sqlite3-debuginfo-1.5.3-8.7.1 libapr-util1-debuginfo-1.5.3-8.7.1 libapr-util1-debugsource-1.5.3-8.7.1 - SUSE OpenStack Cloud 9 (x86_64): libapr-util1-1.5.3-8.7.1 libapr-util1-dbd-sqlite3-1.5.3-8.7.1 libapr-util1-dbd-sqlite3-debuginfo-1.5.3-8.7.1 libapr-util1-debuginfo-1.5.3-8.7.1 libapr-util1-debugsource-1.5.3-8.7.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libapr-util1-1.5.3-8.7.1 libapr-util1-debuginfo-1.5.3-8.7.1 libapr-util1-debugsource-1.5.3-8.7.1 libapr-util1-devel-1.5.3-8.7.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libapr-util1-1.5.3-8.7.1 libapr-util1-dbd-sqlite3-1.5.3-8.7.1 libapr-util1-dbd-sqlite3-debuginfo-1.5.3-8.7.1 libapr-util1-debuginfo-1.5.3-8.7.1 libapr-util1-debugsource-1.5.3-8.7.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libapr-util1-1.5.3-8.7.1 libapr-util1-dbd-sqlite3-1.5.3-8.7.1 libapr-util1-dbd-sqlite3-debuginfo-1.5.3-8.7.1 libapr-util1-debuginfo-1.5.3-8.7.1 libapr-util1-debugsource-1.5.3-8.7.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libapr-util1-1.5.3-8.7.1 libapr-util1-dbd-sqlite3-1.5.3-8.7.1 libapr-util1-dbd-sqlite3-debuginfo-1.5.3-8.7.1 libapr-util1-debuginfo-1.5.3-8.7.1 libapr-util1-debugsource-1.5.3-8.7.1 References: https://www.suse.com/security/cve/CVE-2022-25147.html https://bugzilla.suse.com/1207866 From sle-updates at lists.suse.com Thu Feb 9 23:20:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 00:20:08 +0100 (CET) Subject: SUSE-SU-2023:0339-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP3) Message-ID: <20230209232008.B9700FCC9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0339-1 Rating: important References: #1205186 Cross-References: CVE-2022-2602 CVSS scores: CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_101 fixes one issue. The following security issue was fixed: - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-339=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_101-default-3-150300.2.1 References: https://www.suse.com/security/cve/CVE-2022-2602.html https://bugzilla.suse.com/1205186 From sle-updates at lists.suse.com Fri Feb 10 14:22:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 15:22:48 +0100 (CET) Subject: SUSE-SU-2023:0342-1: important: Security update for tiff Message-ID: <20230210142248.9A833FCC9@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0342-1 Rating: important References: #1207413 Cross-References: CVE-2022-48281 CVSS scores: CVE-2022-48281 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-48281 (SUSE): 7.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tiff fixes the following issues: - CVE-2022-48281: Fixed a buffer overflow that could be triggered via a crafted image (bsc#1207413). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-342=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-342=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-342=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-342=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-342=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-342=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-342=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-342=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-342=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-342=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-342=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-342=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-342=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-342=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-342=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-342=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-342=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-342=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-342=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-342=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-342=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-342=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-342=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-342=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): libtiff5-4.0.9-150000.45.25.1 libtiff5-debuginfo-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): libtiff5-4.0.9-150000.45.25.1 libtiff5-debuginfo-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.25.1 libtiff5-4.0.9-150000.45.25.1 libtiff5-debuginfo-4.0.9-150000.45.25.1 tiff-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 - openSUSE Leap 15.4 (x86_64): libtiff-devel-32bit-4.0.9-150000.45.25.1 libtiff5-32bit-4.0.9-150000.45.25.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.25.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.25.1 libtiff5-4.0.9-150000.45.25.1 libtiff5-debuginfo-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): libtiff-devel-4.0.9-150000.45.25.1 libtiff5-4.0.9-150000.45.25.1 libtiff5-debuginfo-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 - SUSE Manager Proxy 4.2 (x86_64): libtiff-devel-4.0.9-150000.45.25.1 libtiff5-4.0.9-150000.45.25.1 libtiff5-debuginfo-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): libtiff-devel-4.0.9-150000.45.25.1 libtiff5-4.0.9-150000.45.25.1 libtiff5-debuginfo-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (x86_64): libtiff5-32bit-4.0.9-150000.45.25.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.25.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libtiff-devel-4.0.9-150000.45.25.1 libtiff5-4.0.9-150000.45.25.1 libtiff5-debuginfo-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libtiff5-32bit-4.0.9-150000.45.25.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.25.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libtiff-devel-4.0.9-150000.45.25.1 libtiff5-4.0.9-150000.45.25.1 libtiff5-debuginfo-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libtiff5-32bit-4.0.9-150000.45.25.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.25.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.25.1 libtiff5-4.0.9-150000.45.25.1 libtiff5-debuginfo-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.25.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.25.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.25.1 libtiff5-4.0.9-150000.45.25.1 libtiff5-debuginfo-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.25.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.25.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.25.1 libtiff5-4.0.9-150000.45.25.1 libtiff5-debuginfo-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.25.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.25.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): libtiff-devel-4.0.9-150000.45.25.1 libtiff5-32bit-4.0.9-150000.45.25.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.25.1 libtiff5-4.0.9-150000.45.25.1 libtiff5-debuginfo-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): tiff-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.25.1 libtiff5-4.0.9-150000.45.25.1 libtiff5-debuginfo-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libtiff5-32bit-4.0.9-150000.45.25.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.25.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libtiff5-4.0.9-150000.45.25.1 libtiff5-debuginfo-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libtiff5-4.0.9-150000.45.25.1 libtiff5-debuginfo-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.25.1 libtiff5-4.0.9-150000.45.25.1 libtiff5-debuginfo-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.25.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.25.1 libtiff5-4.0.9-150000.45.25.1 libtiff5-debuginfo-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (x86_64): libtiff5-32bit-4.0.9-150000.45.25.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.25.1 libtiff5-4.0.9-150000.45.25.1 libtiff5-debuginfo-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.25.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.25.1 libtiff5-4.0.9-150000.45.25.1 libtiff5-debuginfo-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.25.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.25.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.25.1 libtiff5-4.0.9-150000.45.25.1 libtiff5-debuginfo-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 - SUSE Enterprise Storage 7.1 (x86_64): libtiff5-32bit-4.0.9-150000.45.25.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.25.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.25.1 libtiff5-4.0.9-150000.45.25.1 libtiff5-debuginfo-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 - SUSE Enterprise Storage 7 (x86_64): libtiff5-32bit-4.0.9-150000.45.25.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.25.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.25.1 libtiff5-4.0.9-150000.45.25.1 libtiff5-debuginfo-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 - SUSE Enterprise Storage 6 (x86_64): libtiff5-32bit-4.0.9-150000.45.25.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.25.1 - SUSE CaaS Platform 4.0 (x86_64): libtiff-devel-4.0.9-150000.45.25.1 libtiff5-32bit-4.0.9-150000.45.25.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.25.1 libtiff5-4.0.9-150000.45.25.1 libtiff5-debuginfo-4.0.9-150000.45.25.1 tiff-debuginfo-4.0.9-150000.45.25.1 tiff-debugsource-4.0.9-150000.45.25.1 References: https://www.suse.com/security/cve/CVE-2022-48281.html https://bugzilla.suse.com/1207413 From sle-updates at lists.suse.com Fri Feb 10 14:24:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 15:24:29 +0100 (CET) Subject: SUSE-SU-2023:0341-1: important: Security update for bind Message-ID: <20230210142429.8E21FFCC9@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0341-1 Rating: important References: #1207471 #1207473 #1207475 SLE-24600 Cross-References: CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 CVSS scores: CVE-2022-3094 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3094 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3736 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3736 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3924 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3924 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities, contains one feature is now available. Description: This update for bind fixes the following issues: - Updated to version 9.16.37 (jsc#SLE-24600): - CVE-2022-3094: Fixed an issue where a message flood could exhaust all available memory (bsc#1207471). - CVE-2022-3736: Fixed a potential crash upon receiving an RRSIG in configurations with stale cache and stale answers enabled and stale-answer-client-timeout set to a positive value (bsc#1207473). - CVE-2022-3924: Fixed a potential crash upon reaching the recursive-clients soft quota in configurations with stale answers enabled and stale-answer-client-timeout set to a positive value (bsc#1207475). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-341=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-341=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-341=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): bind-9.16.37-150400.5.17.1 bind-debuginfo-9.16.37-150400.5.17.1 bind-debugsource-9.16.37-150400.5.17.1 bind-utils-9.16.37-150400.5.17.1 bind-utils-debuginfo-9.16.37-150400.5.17.1 - openSUSE Leap 15.4 (noarch): bind-doc-9.16.37-150400.5.17.1 python3-bind-9.16.37-150400.5.17.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): bind-9.16.37-150400.5.17.1 bind-debuginfo-9.16.37-150400.5.17.1 bind-debugsource-9.16.37-150400.5.17.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): bind-doc-9.16.37-150400.5.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.16.37-150400.5.17.1 bind-debugsource-9.16.37-150400.5.17.1 bind-utils-9.16.37-150400.5.17.1 bind-utils-debuginfo-9.16.37-150400.5.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-bind-9.16.37-150400.5.17.1 References: https://www.suse.com/security/cve/CVE-2022-3094.html https://www.suse.com/security/cve/CVE-2022-3736.html https://www.suse.com/security/cve/CVE-2022-3924.html https://bugzilla.suse.com/1207471 https://bugzilla.suse.com/1207473 https://bugzilla.suse.com/1207475 From sle-updates at lists.suse.com Fri Feb 10 14:25:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 15:25:32 +0100 (CET) Subject: SUSE-SU-2023:0340-1: important: Security update for xrdp Message-ID: <20230210142532.6AC1FFCC9@maintenance.suse.de> SUSE Security Update: Security update for xrdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0340-1 Rating: important References: #1206300 #1206303 #1206306 #1206307 #1206310 #1206311 #1206312 Cross-References: CVE-2022-23468 CVE-2022-23479 CVE-2022-23480 CVE-2022-23481 CVE-2022-23482 CVE-2022-23483 CVE-2022-23484 CVSS scores: CVE-2022-23468 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23468 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2022-23479 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23479 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23480 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23480 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23481 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-23481 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23482 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-23482 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23483 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-23483 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23484 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23484 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for xrdp fixes the following issues: - CVE-2022-23468: Fixed a buffer overflow in xrdp_login_wnd_create() (bsc#1206300). - CVE-2022-23479: Fixed a buffer overflow in xrdp_mm_chan_data_in() (bsc#1206303). - CVE-2022-23480: Fixed a buffer overflow in devredir_proc_client_devlist_announce_req() (bsc#1206306). - CVE-2022-23481: Fixed an out of bound read in xrdp_caps_process_confirm_active() (bsc#1206307). - CVE-2022-23482: Fixed an out of bound read in xrdp_sec_process_mcs_data_CS_CORE() (bsc#1206310). - CVE-2022-23483: Fixed an out of bound read in libxrdp_send_to_channel() (bsc#1206311). - CVE-2022-23484: Fixed a integer overflow in xrdp_mm_process_rail_update_window_text() (bsc#1206312). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-340=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-340=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-340=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-340=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xrdp-0.9.0~git.1456906198.f422461-21.30.2 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.30.2 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.30.2 - SUSE OpenStack Cloud 9 (x86_64): xrdp-0.9.0~git.1456906198.f422461-21.30.2 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.30.2 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.30.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): xrdp-0.9.0~git.1456906198.f422461-21.30.2 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.30.2 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.30.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): xrdp-0.9.0~git.1456906198.f422461-21.30.2 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.30.2 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.30.2 References: https://www.suse.com/security/cve/CVE-2022-23468.html https://www.suse.com/security/cve/CVE-2022-23479.html https://www.suse.com/security/cve/CVE-2022-23480.html https://www.suse.com/security/cve/CVE-2022-23481.html https://www.suse.com/security/cve/CVE-2022-23482.html https://www.suse.com/security/cve/CVE-2022-23483.html https://www.suse.com/security/cve/CVE-2022-23484.html https://bugzilla.suse.com/1206300 https://bugzilla.suse.com/1206303 https://bugzilla.suse.com/1206306 https://bugzilla.suse.com/1206307 https://bugzilla.suse.com/1206310 https://bugzilla.suse.com/1206311 https://bugzilla.suse.com/1206312 From sle-updates at lists.suse.com Fri Feb 10 17:21:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:21:47 +0100 (CET) Subject: SUSE-RU-2023:0351-1: moderate: Recommended update for salt Message-ID: <20230210172147.BDEF2F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0351-1 Rating: moderate References: #1204939 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for salt fixes the following issues: - Control the collection of lvm grains via config (bsc#1204939) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-351=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-351=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-351=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-351=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): python3-salt-3004-150100.83.1 salt-3004-150100.83.1 salt-api-3004-150100.83.1 salt-cloud-3004-150100.83.1 salt-doc-3004-150100.83.1 salt-master-3004-150100.83.1 salt-minion-3004-150100.83.1 salt-proxy-3004-150100.83.1 salt-ssh-3004-150100.83.1 salt-standalone-formulas-configuration-3004-150100.83.1 salt-syndic-3004-150100.83.1 salt-transactional-update-3004-150100.83.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): salt-bash-completion-3004-150100.83.1 salt-fish-completion-3004-150100.83.1 salt-zsh-completion-3004-150100.83.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): python3-salt-3004-150100.83.1 salt-3004-150100.83.1 salt-api-3004-150100.83.1 salt-cloud-3004-150100.83.1 salt-doc-3004-150100.83.1 salt-master-3004-150100.83.1 salt-minion-3004-150100.83.1 salt-proxy-3004-150100.83.1 salt-ssh-3004-150100.83.1 salt-standalone-formulas-configuration-3004-150100.83.1 salt-syndic-3004-150100.83.1 salt-transactional-update-3004-150100.83.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): salt-bash-completion-3004-150100.83.1 salt-fish-completion-3004-150100.83.1 salt-zsh-completion-3004-150100.83.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): python3-salt-3004-150100.83.1 salt-3004-150100.83.1 salt-api-3004-150100.83.1 salt-cloud-3004-150100.83.1 salt-doc-3004-150100.83.1 salt-master-3004-150100.83.1 salt-minion-3004-150100.83.1 salt-proxy-3004-150100.83.1 salt-ssh-3004-150100.83.1 salt-standalone-formulas-configuration-3004-150100.83.1 salt-syndic-3004-150100.83.1 salt-transactional-update-3004-150100.83.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): salt-bash-completion-3004-150100.83.1 salt-fish-completion-3004-150100.83.1 salt-zsh-completion-3004-150100.83.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): python3-salt-3004-150100.83.1 salt-3004-150100.83.1 salt-api-3004-150100.83.1 salt-cloud-3004-150100.83.1 salt-doc-3004-150100.83.1 salt-master-3004-150100.83.1 salt-minion-3004-150100.83.1 salt-proxy-3004-150100.83.1 salt-ssh-3004-150100.83.1 salt-standalone-formulas-configuration-3004-150100.83.1 salt-syndic-3004-150100.83.1 salt-transactional-update-3004-150100.83.1 - SUSE Enterprise Storage 6 (noarch): salt-bash-completion-3004-150100.83.1 salt-fish-completion-3004-150100.83.1 salt-zsh-completion-3004-150100.83.1 - SUSE CaaS Platform 4.0 (noarch): salt-bash-completion-3004-150100.83.1 salt-fish-completion-3004-150100.83.1 salt-zsh-completion-3004-150100.83.1 - SUSE CaaS Platform 4.0 (x86_64): python3-salt-3004-150100.83.1 salt-3004-150100.83.1 salt-api-3004-150100.83.1 salt-cloud-3004-150100.83.1 salt-doc-3004-150100.83.1 salt-master-3004-150100.83.1 salt-minion-3004-150100.83.1 salt-proxy-3004-150100.83.1 salt-ssh-3004-150100.83.1 salt-standalone-formulas-configuration-3004-150100.83.1 salt-syndic-3004-150100.83.1 salt-transactional-update-3004-150100.83.1 References: https://bugzilla.suse.com/1204939 From sle-updates at lists.suse.com Fri Feb 10 17:22:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:22:30 +0100 (CET) Subject: SUSE-RU-2023:0369-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <20230210172230.98F2CF78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0369-1 Rating: moderate References: #1204939 Affected Products: SUSE Manager Debian 11-CLIENT-TOOLS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Control the collection of lvm grains via config (bsc#1204939) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 11-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-11-CLIENT-TOOLS-x86_64-2023-369=1 Package List: - SUSE Manager Debian 11-CLIENT-TOOLS (amd64): venv-salt-minion-3004-2.20.5 References: https://bugzilla.suse.com/1204939 From sle-updates at lists.suse.com Fri Feb 10 17:23:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:23:14 +0100 (CET) Subject: SUSE-SU-2023:0348-1: moderate: Security update for less Message-ID: <20230210172314.5C068F78A@maintenance.suse.de> SUSE Security Update: Security update for less ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0348-1 Rating: moderate References: #1207815 Cross-References: CVE-2022-46663 CVSS scores: CVE-2022-46663 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for less fixes the following issues: - CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-348=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-348=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-348=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-348=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): less-590-150400.3.3.1 less-debuginfo-590-150400.3.3.1 less-debugsource-590-150400.3.3.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): less-590-150400.3.3.1 less-debuginfo-590-150400.3.3.1 less-debugsource-590-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): less-590-150400.3.3.1 less-debuginfo-590-150400.3.3.1 less-debugsource-590-150400.3.3.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): less-590-150400.3.3.1 less-debuginfo-590-150400.3.3.1 less-debugsource-590-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-46663.html https://bugzilla.suse.com/1207815 From sle-updates at lists.suse.com Fri Feb 10 17:23:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:23:56 +0100 (CET) Subject: SUSE-RU-2023:15150-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20230210172356.F377EF78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:15150-1 Rating: moderate References: #1204126 #1204939 #1205207 ECO-3319 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has three recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Control the collection of lvm grains via config (bsc#1204939) scap-security-guide: - Updated to 0.1.65 (jsc#ECO-3319) - Introduce cui profile for OL9 - Remove Support for OVAL 5.10 - Rename account_passwords_pam_faillock_audit - CI ansible hardening and rename of existing Bash hardening - Update contributors list for v0.1.65 release - various SUSE profile specific fixes - Require sudo, as remediations touch sudo config or use sudo. - Enable ubuntu 2204 build - Updated to 0.1.64 (jsc#ECO-3319) - Introduce ol9 stig profile - Introduce Ol9 anssi profiles - Update RHEL8 STIG to V1R7 - Introduce e8 profile for OL9 - Update RHEL7 STIG to V3R8 - some SUSE profile fixes - Added several RPM requires that are needed by the SUSE remediation scripts. (e.g. awk is not necessary installed) spacecmd: - Version 4.3.18-1 * Add python-dateutil dependency, required to process date values in spacecmd api calls - Version 4.3.17-1 * Remove python3-simplejson dependency * Correctly understand 'ssm' keyword on scap scheduling * Add vendor_advisory information to errata_details call (bsc#1205207) * Added two missing options to schedule product migration: allow-vendor-change and remove-products-without-successor (bsc#1204126) * Changed schedule product migration to use the correct API method * Change default port of "Containerized Proxy configuration" 8022 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS: zypper in -t patch suse-ubu184ct-client-tools-202301-15150=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (all): salt-common-3004+ds-1+131.2 salt-minion-3004+ds-1+131.2 scap-security-guide-ubuntu-0.1.65-28.1 spacecmd-4.3.18-59.1 References: https://bugzilla.suse.com/1204126 https://bugzilla.suse.com/1204939 https://bugzilla.suse.com/1205207 From sle-updates at lists.suse.com Fri Feb 10 17:24:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:24:50 +0100 (CET) Subject: SUSE-RU-2023:0349-1: moderate: Recommended update for hwinfo Message-ID: <20230210172450.4E31CF78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0349-1 Rating: moderate References: #1204294 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hwinfo fixes the following issues: - Create Xen usb controller device if necessary. (bsc#1204294) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-349=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-349=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-349=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-349=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): hwinfo-21.84-150400.3.9.1 hwinfo-debuginfo-21.84-150400.3.9.1 hwinfo-debugsource-21.84-150400.3.9.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): hwinfo-21.84-150400.3.9.1 hwinfo-debuginfo-21.84-150400.3.9.1 hwinfo-debugsource-21.84-150400.3.9.1 hwinfo-devel-21.84-150400.3.9.1 hwinfo-devel-debuginfo-21.84-150400.3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): hwinfo-21.84-150400.3.9.1 hwinfo-debuginfo-21.84-150400.3.9.1 hwinfo-debugsource-21.84-150400.3.9.1 hwinfo-devel-21.84-150400.3.9.1 hwinfo-devel-debuginfo-21.84-150400.3.9.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): hwinfo-21.84-150400.3.9.1 hwinfo-debuginfo-21.84-150400.3.9.1 hwinfo-debugsource-21.84-150400.3.9.1 References: https://bugzilla.suse.com/1204294 From sle-updates at lists.suse.com Fri Feb 10 17:25:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:25:36 +0100 (CET) Subject: SUSE-RU-2023:0372-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <20230210172536.5F6A1F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0372-1 Rating: moderate References: #1204939 Affected Products: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Control the collection of lvm grains via config (bsc#1204939) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS: zypper in -t patch SUSE-EL-9-CLIENT-TOOLS-2023-372=1 Package List: - SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS (aarch64 ppc64le s390x x86_64): venv-salt-minion-3004-1.6.1 References: https://bugzilla.suse.com/1204939 From sle-updates at lists.suse.com Fri Feb 10 17:27:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:27:02 +0100 (CET) Subject: SUSE-SU-2023:0343-1: important: Security update for wireshark Message-ID: <20230210172702.0C08CF78A@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0343-1 Rating: important References: #1206189 #1207447 #1207663 #1207664 #1207665 #1207667 #1207668 #1207669 Cross-References: CVE-2022-4345 CVE-2023-0411 CVE-2023-0412 CVE-2023-0413 CVE-2023-0415 CVE-2023-0416 CVE-2023-0417 CVSS scores: CVE-2022-4345 (NVD) : 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-4345 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2023-0411 (NVD) : 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2023-0411 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2023-0412 (NVD) : 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2023-0412 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2023-0413 (NVD) : 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2023-0413 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2023-0415 (NVD) : 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2023-0415 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2023-0416 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2023-0416 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2023-0417 (NVD) : 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2023-0417 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: This update for wireshark fixes the following issues: - Updated to version 3.6.11 (bsc#1207447): - CVE-2023-0417: Fixed a memory leak in the NFS dissector (bsc#1207669). - CVE-2023-0413: Fixed a crash in the dissection engine (bsc#1207665). - CVE-2023-0416: Fixed a crash in the GNW dissector (bsc#1207668). - CVE-2023-0415: Fixed a crash in the iSCSI dissector (bsc#1207667). - CVE-2023-0411: Fixed several issues where an excessive CPU consumption could be triggered in multiple dissectors (bsc#1207663). - CVE-2023-0412: Fixed a crash in the TIPC dissector (bsc#1207664). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-343=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-343=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-343=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-343=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-343=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-343=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-343=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-343=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-343=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-343=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-343=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-343=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-343=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-343=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-343=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-343=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-343=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-343=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-343=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-343=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libwireshark15-3.6.11-150000.3.83.1 libwireshark15-debuginfo-3.6.11-150000.3.83.1 libwiretap12-3.6.11-150000.3.83.1 libwiretap12-debuginfo-3.6.11-150000.3.83.1 libwsutil13-3.6.11-150000.3.83.1 libwsutil13-debuginfo-3.6.11-150000.3.83.1 wireshark-3.6.11-150000.3.83.1 wireshark-debuginfo-3.6.11-150000.3.83.1 wireshark-debugsource-3.6.11-150000.3.83.1 wireshark-devel-3.6.11-150000.3.83.1 wireshark-ui-qt-3.6.11-150000.3.83.1 wireshark-ui-qt-debuginfo-3.6.11-150000.3.83.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): libwireshark15-3.6.11-150000.3.83.1 libwireshark15-debuginfo-3.6.11-150000.3.83.1 libwiretap12-3.6.11-150000.3.83.1 libwiretap12-debuginfo-3.6.11-150000.3.83.1 libwsutil13-3.6.11-150000.3.83.1 libwsutil13-debuginfo-3.6.11-150000.3.83.1 wireshark-3.6.11-150000.3.83.1 wireshark-debuginfo-3.6.11-150000.3.83.1 wireshark-debugsource-3.6.11-150000.3.83.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): libwireshark15-3.6.11-150000.3.83.1 libwireshark15-debuginfo-3.6.11-150000.3.83.1 libwiretap12-3.6.11-150000.3.83.1 libwiretap12-debuginfo-3.6.11-150000.3.83.1 libwsutil13-3.6.11-150000.3.83.1 libwsutil13-debuginfo-3.6.11-150000.3.83.1 wireshark-3.6.11-150000.3.83.1 wireshark-debuginfo-3.6.11-150000.3.83.1 wireshark-debugsource-3.6.11-150000.3.83.1 - SUSE Manager Proxy 4.2 (x86_64): libwireshark15-3.6.11-150000.3.83.1 libwireshark15-debuginfo-3.6.11-150000.3.83.1 libwiretap12-3.6.11-150000.3.83.1 libwiretap12-debuginfo-3.6.11-150000.3.83.1 libwsutil13-3.6.11-150000.3.83.1 libwsutil13-debuginfo-3.6.11-150000.3.83.1 wireshark-3.6.11-150000.3.83.1 wireshark-debuginfo-3.6.11-150000.3.83.1 wireshark-debugsource-3.6.11-150000.3.83.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): libwireshark15-3.6.11-150000.3.83.1 libwireshark15-debuginfo-3.6.11-150000.3.83.1 libwiretap12-3.6.11-150000.3.83.1 libwiretap12-debuginfo-3.6.11-150000.3.83.1 libwsutil13-3.6.11-150000.3.83.1 libwsutil13-debuginfo-3.6.11-150000.3.83.1 wireshark-3.6.11-150000.3.83.1 wireshark-debuginfo-3.6.11-150000.3.83.1 wireshark-debugsource-3.6.11-150000.3.83.1 wireshark-devel-3.6.11-150000.3.83.1 wireshark-ui-qt-3.6.11-150000.3.83.1 wireshark-ui-qt-debuginfo-3.6.11-150000.3.83.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libwireshark15-3.6.11-150000.3.83.1 libwireshark15-debuginfo-3.6.11-150000.3.83.1 libwiretap12-3.6.11-150000.3.83.1 libwiretap12-debuginfo-3.6.11-150000.3.83.1 libwsutil13-3.6.11-150000.3.83.1 libwsutil13-debuginfo-3.6.11-150000.3.83.1 wireshark-3.6.11-150000.3.83.1 wireshark-debuginfo-3.6.11-150000.3.83.1 wireshark-debugsource-3.6.11-150000.3.83.1 wireshark-devel-3.6.11-150000.3.83.1 wireshark-ui-qt-3.6.11-150000.3.83.1 wireshark-ui-qt-debuginfo-3.6.11-150000.3.83.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libwireshark15-3.6.11-150000.3.83.1 libwireshark15-debuginfo-3.6.11-150000.3.83.1 libwiretap12-3.6.11-150000.3.83.1 libwiretap12-debuginfo-3.6.11-150000.3.83.1 libwsutil13-3.6.11-150000.3.83.1 libwsutil13-debuginfo-3.6.11-150000.3.83.1 wireshark-3.6.11-150000.3.83.1 wireshark-debuginfo-3.6.11-150000.3.83.1 wireshark-debugsource-3.6.11-150000.3.83.1 wireshark-devel-3.6.11-150000.3.83.1 wireshark-ui-qt-3.6.11-150000.3.83.1 wireshark-ui-qt-debuginfo-3.6.11-150000.3.83.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): libwireshark15-3.6.11-150000.3.83.1 libwireshark15-debuginfo-3.6.11-150000.3.83.1 libwiretap12-3.6.11-150000.3.83.1 libwiretap12-debuginfo-3.6.11-150000.3.83.1 libwsutil13-3.6.11-150000.3.83.1 libwsutil13-debuginfo-3.6.11-150000.3.83.1 wireshark-3.6.11-150000.3.83.1 wireshark-debuginfo-3.6.11-150000.3.83.1 wireshark-debugsource-3.6.11-150000.3.83.1 wireshark-devel-3.6.11-150000.3.83.1 wireshark-ui-qt-3.6.11-150000.3.83.1 wireshark-ui-qt-debuginfo-3.6.11-150000.3.83.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libwireshark15-3.6.11-150000.3.83.1 libwireshark15-debuginfo-3.6.11-150000.3.83.1 libwiretap12-3.6.11-150000.3.83.1 libwiretap12-debuginfo-3.6.11-150000.3.83.1 libwsutil13-3.6.11-150000.3.83.1 libwsutil13-debuginfo-3.6.11-150000.3.83.1 wireshark-3.6.11-150000.3.83.1 wireshark-debuginfo-3.6.11-150000.3.83.1 wireshark-debugsource-3.6.11-150000.3.83.1 wireshark-devel-3.6.11-150000.3.83.1 wireshark-ui-qt-3.6.11-150000.3.83.1 wireshark-ui-qt-debuginfo-3.6.11-150000.3.83.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libwireshark15-3.6.11-150000.3.83.1 libwireshark15-debuginfo-3.6.11-150000.3.83.1 libwiretap12-3.6.11-150000.3.83.1 libwiretap12-debuginfo-3.6.11-150000.3.83.1 libwsutil13-3.6.11-150000.3.83.1 libwsutil13-debuginfo-3.6.11-150000.3.83.1 wireshark-3.6.11-150000.3.83.1 wireshark-debuginfo-3.6.11-150000.3.83.1 wireshark-debugsource-3.6.11-150000.3.83.1 wireshark-devel-3.6.11-150000.3.83.1 wireshark-ui-qt-3.6.11-150000.3.83.1 wireshark-ui-qt-debuginfo-3.6.11-150000.3.83.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): libwireshark15-3.6.11-150000.3.83.1 libwireshark15-debuginfo-3.6.11-150000.3.83.1 libwiretap12-3.6.11-150000.3.83.1 libwiretap12-debuginfo-3.6.11-150000.3.83.1 libwsutil13-3.6.11-150000.3.83.1 libwsutil13-debuginfo-3.6.11-150000.3.83.1 wireshark-3.6.11-150000.3.83.1 wireshark-debuginfo-3.6.11-150000.3.83.1 wireshark-debugsource-3.6.11-150000.3.83.1 wireshark-devel-3.6.11-150000.3.83.1 wireshark-ui-qt-3.6.11-150000.3.83.1 wireshark-ui-qt-debuginfo-3.6.11-150000.3.83.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-3.6.11-150000.3.83.1 wireshark-debugsource-3.6.11-150000.3.83.1 wireshark-devel-3.6.11-150000.3.83.1 wireshark-ui-qt-3.6.11-150000.3.83.1 wireshark-ui-qt-debuginfo-3.6.11-150000.3.83.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libwireshark15-3.6.11-150000.3.83.1 libwireshark15-debuginfo-3.6.11-150000.3.83.1 libwiretap12-3.6.11-150000.3.83.1 libwiretap12-debuginfo-3.6.11-150000.3.83.1 libwsutil13-3.6.11-150000.3.83.1 libwsutil13-debuginfo-3.6.11-150000.3.83.1 wireshark-3.6.11-150000.3.83.1 wireshark-debuginfo-3.6.11-150000.3.83.1 wireshark-debugsource-3.6.11-150000.3.83.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): libwireshark15-3.6.11-150000.3.83.1 libwireshark15-debuginfo-3.6.11-150000.3.83.1 libwiretap12-3.6.11-150000.3.83.1 libwiretap12-debuginfo-3.6.11-150000.3.83.1 libwsutil13-3.6.11-150000.3.83.1 libwsutil13-debuginfo-3.6.11-150000.3.83.1 wireshark-3.6.11-150000.3.83.1 wireshark-debuginfo-3.6.11-150000.3.83.1 wireshark-debugsource-3.6.11-150000.3.83.1 wireshark-devel-3.6.11-150000.3.83.1 wireshark-ui-qt-3.6.11-150000.3.83.1 wireshark-ui-qt-debuginfo-3.6.11-150000.3.83.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): libwireshark15-3.6.11-150000.3.83.1 libwireshark15-debuginfo-3.6.11-150000.3.83.1 libwiretap12-3.6.11-150000.3.83.1 libwiretap12-debuginfo-3.6.11-150000.3.83.1 libwsutil13-3.6.11-150000.3.83.1 libwsutil13-debuginfo-3.6.11-150000.3.83.1 wireshark-3.6.11-150000.3.83.1 wireshark-debuginfo-3.6.11-150000.3.83.1 wireshark-debugsource-3.6.11-150000.3.83.1 wireshark-devel-3.6.11-150000.3.83.1 wireshark-ui-qt-3.6.11-150000.3.83.1 wireshark-ui-qt-debuginfo-3.6.11-150000.3.83.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libwireshark15-3.6.11-150000.3.83.1 libwireshark15-debuginfo-3.6.11-150000.3.83.1 libwiretap12-3.6.11-150000.3.83.1 libwiretap12-debuginfo-3.6.11-150000.3.83.1 libwsutil13-3.6.11-150000.3.83.1 libwsutil13-debuginfo-3.6.11-150000.3.83.1 wireshark-3.6.11-150000.3.83.1 wireshark-debuginfo-3.6.11-150000.3.83.1 wireshark-debugsource-3.6.11-150000.3.83.1 wireshark-devel-3.6.11-150000.3.83.1 wireshark-ui-qt-3.6.11-150000.3.83.1 wireshark-ui-qt-debuginfo-3.6.11-150000.3.83.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libwireshark15-3.6.11-150000.3.83.1 libwireshark15-debuginfo-3.6.11-150000.3.83.1 libwiretap12-3.6.11-150000.3.83.1 libwiretap12-debuginfo-3.6.11-150000.3.83.1 libwsutil13-3.6.11-150000.3.83.1 libwsutil13-debuginfo-3.6.11-150000.3.83.1 wireshark-3.6.11-150000.3.83.1 wireshark-debuginfo-3.6.11-150000.3.83.1 wireshark-debugsource-3.6.11-150000.3.83.1 wireshark-devel-3.6.11-150000.3.83.1 wireshark-ui-qt-3.6.11-150000.3.83.1 wireshark-ui-qt-debuginfo-3.6.11-150000.3.83.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): libwireshark15-3.6.11-150000.3.83.1 libwireshark15-debuginfo-3.6.11-150000.3.83.1 libwiretap12-3.6.11-150000.3.83.1 libwiretap12-debuginfo-3.6.11-150000.3.83.1 libwsutil13-3.6.11-150000.3.83.1 libwsutil13-debuginfo-3.6.11-150000.3.83.1 wireshark-3.6.11-150000.3.83.1 wireshark-debuginfo-3.6.11-150000.3.83.1 wireshark-debugsource-3.6.11-150000.3.83.1 wireshark-devel-3.6.11-150000.3.83.1 wireshark-ui-qt-3.6.11-150000.3.83.1 wireshark-ui-qt-debuginfo-3.6.11-150000.3.83.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libwireshark15-3.6.11-150000.3.83.1 libwireshark15-debuginfo-3.6.11-150000.3.83.1 libwiretap12-3.6.11-150000.3.83.1 libwiretap12-debuginfo-3.6.11-150000.3.83.1 libwsutil13-3.6.11-150000.3.83.1 libwsutil13-debuginfo-3.6.11-150000.3.83.1 wireshark-3.6.11-150000.3.83.1 wireshark-debuginfo-3.6.11-150000.3.83.1 wireshark-debugsource-3.6.11-150000.3.83.1 wireshark-devel-3.6.11-150000.3.83.1 wireshark-ui-qt-3.6.11-150000.3.83.1 wireshark-ui-qt-debuginfo-3.6.11-150000.3.83.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libwireshark15-3.6.11-150000.3.83.1 libwireshark15-debuginfo-3.6.11-150000.3.83.1 libwiretap12-3.6.11-150000.3.83.1 libwiretap12-debuginfo-3.6.11-150000.3.83.1 libwsutil13-3.6.11-150000.3.83.1 libwsutil13-debuginfo-3.6.11-150000.3.83.1 wireshark-3.6.11-150000.3.83.1 wireshark-debuginfo-3.6.11-150000.3.83.1 wireshark-debugsource-3.6.11-150000.3.83.1 wireshark-devel-3.6.11-150000.3.83.1 wireshark-ui-qt-3.6.11-150000.3.83.1 wireshark-ui-qt-debuginfo-3.6.11-150000.3.83.1 - SUSE CaaS Platform 4.0 (x86_64): libwireshark15-3.6.11-150000.3.83.1 libwireshark15-debuginfo-3.6.11-150000.3.83.1 libwiretap12-3.6.11-150000.3.83.1 libwiretap12-debuginfo-3.6.11-150000.3.83.1 libwsutil13-3.6.11-150000.3.83.1 libwsutil13-debuginfo-3.6.11-150000.3.83.1 wireshark-3.6.11-150000.3.83.1 wireshark-debuginfo-3.6.11-150000.3.83.1 wireshark-debugsource-3.6.11-150000.3.83.1 wireshark-devel-3.6.11-150000.3.83.1 wireshark-ui-qt-3.6.11-150000.3.83.1 wireshark-ui-qt-debuginfo-3.6.11-150000.3.83.1 References: https://www.suse.com/security/cve/CVE-2022-4345.html https://www.suse.com/security/cve/CVE-2023-0411.html https://www.suse.com/security/cve/CVE-2023-0412.html https://www.suse.com/security/cve/CVE-2023-0413.html https://www.suse.com/security/cve/CVE-2023-0415.html https://www.suse.com/security/cve/CVE-2023-0416.html https://www.suse.com/security/cve/CVE-2023-0417.html https://bugzilla.suse.com/1206189 https://bugzilla.suse.com/1207447 https://bugzilla.suse.com/1207663 https://bugzilla.suse.com/1207664 https://bugzilla.suse.com/1207665 https://bugzilla.suse.com/1207667 https://bugzilla.suse.com/1207668 https://bugzilla.suse.com/1207669 From sle-updates at lists.suse.com Fri Feb 10 17:28:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:28:53 +0100 (CET) Subject: SUSE-RU-2023:15155-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <20230210172853.90BB4F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:15155-1 Rating: moderate References: #1204939 Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Control the collection of lvm grains via config (bsc#1204939) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS: zypper in -t patch suse-ubu204ct-client-tools-202301-15155=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (amd64): venv-salt-minion-3004-2.22.4 References: https://bugzilla.suse.com/1204939 From sle-updates at lists.suse.com Fri Feb 10 17:29:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:29:28 +0100 (CET) Subject: SUSE-RU-2023:0368-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <20230210172928.99C05F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0368-1 Rating: moderate References: #1204939 Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Control the collection of lvm grains via config (bsc#1204939) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2023-368=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS (amd64): venv-salt-minion-3004-2.20.4 References: https://bugzilla.suse.com/1204939 From sle-updates at lists.suse.com Fri Feb 10 17:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:30:03 +0100 (CET) Subject: SUSE-RU-2023:0357-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20230210173003.E942CF78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0357-1 Rating: moderate References: #1204126 #1204939 #1205207 ECO-3319 Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS ______________________________________________________________________________ An update that has three recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Control the collection of lvm grains via config (bsc#1204939) scap-security-guide: - Updated to 0.1.65 (jsc#ECO-3319) - Introduce cui profile for OL9 - Remove Support for OVAL 5.10 - Rename account_passwords_pam_faillock_audit - CI ansible hardening and rename of existing Bash hardening - Update contributors list for v0.1.65 release - various SUSE profile specific fixes - Require sudo, as remediations touch sudo config or use sudo. - Enable ubuntu 2204 build - Updated to 0.1.64 (jsc#ECO-3319) - Introduce ol9 stig profile - Introduce Ol9 anssi profiles - Update RHEL8 STIG to V1R7 - Introduce e8 profile for OL9 - Update RHEL7 STIG to V3R8 - some SUSE profile fixes - Added several RPM requires that are needed by the SUSE remediation scripts. (e.g. awk is not necessary installed) spacecmd: - Version 4.3.18-1 * Add python-dateutil dependency, required to process date values in spacecmd api calls - Version 4.3.17-1 * Remove python3-simplejson dependency * Correctly understand 'ssm' keyword on scap scheduling * Add vendor_advisory information to errata_details call (bsc#1205207) * Added two missing options to schedule product migration: allow-vendor-change and remove-products-without-successor (bsc#1204126) * Changed schedule product migration to use the correct API method * Change default port of "Containerized Proxy configuration" 8022 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2023-357=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS (all): salt-common-3004+ds-1+2.70.2 salt-minion-3004+ds-1+2.70.2 scap-security-guide-debian-0.1.65-2.29.1 spacecmd-4.3.18-2.42.1 References: https://bugzilla.suse.com/1204126 https://bugzilla.suse.com/1204939 https://bugzilla.suse.com/1205207 From sle-updates at lists.suse.com Fri Feb 10 17:30:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:30:57 +0100 (CET) Subject: SUSE-RU-2023:0363-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <20230210173057.BE77CF78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0363-1 Rating: moderate References: #1204939 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Control the collection of lvm grains via config (bsc#1204939) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2023-363=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): venv-salt-minion-3004-3.20.1 References: https://bugzilla.suse.com/1204939 From sle-updates at lists.suse.com Fri Feb 10 17:31:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:31:37 +0100 (CET) Subject: SUSE-RU-2023:0373-1: moderate: Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3 Message-ID: <20230210173137.CCE24F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0373-1 Rating: moderate References: #1203826 #1204032 #1204126 #1205207 #1205523 #1205976 #1206470 #1206799 Affected Products: SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update fixes the following issues: release-notes-susemanager-proxy: - Update to SUSE Manager 4.3.4 * Bugs mentioned bsc#1203826, bsc#1204032, bsc#1204126, bsc#1205207, bsc#1205523 bsc#1205976, bsc#1206470, bsc#1206799 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Retail Branch Server 4.3: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2023-373=1 - SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2023-373=1 Package List: - SUSE Manager Retail Branch Server 4.3 (x86_64): release-notes-susemanager-proxy-4.3.4-150400.3.43.1 - SUSE Manager Proxy 4.3 (x86_64): release-notes-susemanager-proxy-4.3.4-150400.3.43.1 References: https://bugzilla.suse.com/1203826 https://bugzilla.suse.com/1204032 https://bugzilla.suse.com/1204126 https://bugzilla.suse.com/1205207 https://bugzilla.suse.com/1205523 https://bugzilla.suse.com/1205976 https://bugzilla.suse.com/1206470 https://bugzilla.suse.com/1206799 From sle-updates at lists.suse.com Fri Feb 10 17:32:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:32:45 +0100 (CET) Subject: SUSE-RU-2023:15152-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20230210173245.285F8F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:15152-1 Rating: moderate References: #1204126 #1205207 ECO-3319 Affected Products: SUSE Manager Ubuntu 22.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has two recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: scap-security-guide: - Updated to 0.1.65 (jsc#ECO-3319) - Introduce cui profile for OL9 - Remove Support for OVAL 5.10 - Rename account_passwords_pam_faillock_audit - CI ansible hardening and rename of existing Bash hardening - Update contributors list for v0.1.65 release - various SUSE profile specific fixes - Require sudo, as remediations touch sudo config or use sudo. - Enable ubuntu 2204 build - Updated to 0.1.64 (jsc#ECO-3319) - Introduce ol9 stig profile - Introduce Ol9 anssi profiles - Update RHEL8 STIG to V1R7 - Introduce e8 profile for OL9 - Update RHEL7 STIG to V3R8 - some SUSE profile fixes - Added several RPM requires that are needed by the SUSE remediation scripts. (e.g. awk is not necessary installed) spacecmd: - Version 4.3.18-1 * Add python-dateutil dependency, required to process date values in spacecmd api calls - Version 4.3.17-1 * Remove python3-simplejson dependency * Correctly understand 'ssm' keyword on scap scheduling * Add vendor_advisory information to errata_details call (bsc#1205207) * Added two missing options to schedule product migration: allow-vendor-change and remove-products-without-successor (bsc#1204126) * Changed schedule product migration to use the correct API method * Change default port of "Containerized Proxy configuration" 8022 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 22.04-CLIENT-TOOLS: zypper in -t patch suse-ubu224ct-client-tools-202301-15152=1 Package List: - SUSE Manager Ubuntu 22.04-CLIENT-TOOLS (all): scap-security-guide-ubuntu-0.1.65-2.8.1 spacecmd-4.3.18-2.12.1 References: https://bugzilla.suse.com/1204126 https://bugzilla.suse.com/1205207 From sle-updates at lists.suse.com Fri Feb 10 17:33:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:33:25 +0100 (CET) Subject: SUSE-RU-2023:15151-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20230210173325.51933F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:15151-1 Rating: moderate References: #1204126 #1204939 #1205207 ECO-3319 Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has three recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Control the collection of lvm grains via config (bsc#1204939) scap-security-guide: - Updated to 0.1.65 (jsc#ECO-3319) - Introduce cui profile for OL9 - Remove Support for OVAL 5.10 - Rename account_passwords_pam_faillock_audit - CI ansible hardening and rename of existing Bash hardening - Update contributors list for v0.1.65 release - various SUSE profile specific fixes - Require sudo, as remediations touch sudo config or use sudo. - Enable ubuntu 2204 build - Updated to 0.1.64 (jsc#ECO-3319) - Introduce ol9 stig profile - Introduce Ol9 anssi profiles - Update RHEL8 STIG to V1R7 - Introduce e8 profile for OL9 - Update RHEL7 STIG to V3R8 - some SUSE profile fixes - Added several RPM requires that are needed by the SUSE remediation scripts. (e.g. awk is not necessary installed) spacecmd: - Version 4.3.18-1 * Add python-dateutil dependency, required to process date values in spacecmd api calls - Version 4.3.17-1 * Remove python3-simplejson dependency * Correctly understand 'ssm' keyword on scap scheduling * Add vendor_advisory information to errata_details call (bsc#1205207) * Added two missing options to schedule product migration: allow-vendor-change and remove-products-without-successor (bsc#1204126) * Changed schedule product migration to use the correct API method * Change default port of "Containerized Proxy configuration" 8022 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS: zypper in -t patch suse-ubu204ct-client-tools-202301-15151=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (all): salt-common-3004+ds-1+2.91.1 salt-minion-3004+ds-1+2.91.1 scap-security-guide-ubuntu-0.1.65-2.29.1 spacecmd-4.3.18-2.57.1 References: https://bugzilla.suse.com/1204126 https://bugzilla.suse.com/1204939 https://bugzilla.suse.com/1205207 From sle-updates at lists.suse.com Fri Feb 10 17:34:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:34:14 +0100 (CET) Subject: SUSE-SU-2023:0345-1: important: Security update for SUSE Manager Server 4.3 Message-ID: <20230210173414.26208F78A@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 4.3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0345-1 Rating: important References: #1172110 #1195979 #1200801 #1202150 #1203478 #1203532 #1203826 #1204032 #1204126 #1204186 #1204235 #1204270 #1204330 #1204712 #1204715 #1204879 #1204932 #1205012 #1205040 #1205207 #1205255 #1205350 #1205489 #1205523 #1205644 #1205663 #1205749 #1205754 #1205890 #1205919 #1205943 #1206055 #1206160 #1206168 #1206186 #1206249 #1206276 #1206294 #1206336 #1206375 #1206470 #1206613 #1206666 #1206799 #1207136 Cross-References: CVE-2022-1415 CVSS scores: CVE-2022-1415 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Manager Server 4.3 ______________________________________________________________________________ An update that solves one vulnerability and has 44 fixes is now available. Description: This update fixes the following issues: cobbler: - Improve Cobbler performance with item cache and threadpool (bsc#1205489) - Skip collections that are inconsistent instead of crashing (bsc#1205749) - Add new "cobbler-tests-containers" subpackage which contains setup and configuration files to run Cobbler tests in containers. - Add missing code for previous patch file around boot_loaders migration. - Avoid possible override of existing values during migration of collections to 3.0.0 (bsc#1206160) - Fix regression: allow empty string as interface_type value (bsc#1203478) - Fix failing Cobbler tests after upgrading to 3.3.3. drools: - CVE-2022-1415: Deserialization of Untrusted Data: unsafe data deserialization in DroolsStreamUtils.java (bsc#1204879) grafana-formula: - Version 0.8.0 * Set dashboard names depending on project * Update dashboards to use new JSON schema * Fix PostgreSQL dashboard queries * Migrate deprecated panels to their current replacements image-sync-formula: - Update to version 0.1.1673279145.e7616bd * Add form entry for use lates boot image pillar value (bsc#1206055) inter-server-sync: - Version 0.2.6 * Export package extra tags for complete debian repo metatdata (bsc#1206375) * Replace URLs in OS Images pillars when exporting and importing images mgr-osad: - Version 4.3.7-1 * Updated logrotate configuration (bsc#1206470) mgr-push: - Version 4.3.5-1 * Update translation strings rhnlib: - Version 4.3.5-1 * Don't get stuck at the end of SSL transfers (bsc#1204032) saltboot-formula: - Update to version 0.1.1673279145.e7616bd * Add failsafe stop file when salt-minion does not stop (bsc#1172110) * Add use case of saltboot group formula outside containerized env (bsc#1206186) * Add 'kernel_action' to saltboot form (bsc#1206055) spacecmd: - Version 4.3.18-1 * Add python-dateutil dependency, required to process date values in spacecmd api calls - Version 4.3.17-1 * Remove python3-simplejson dependency * Correctly understand 'ssm' keyword on scap scheduling * Add vendor_advisory information to errata_details call (bsc#1205207) * Added two missing options to schedule product migration: allow-vendor-change and remove-products-without-successor (bsc#1204126) * Changed schedule product migration to use the correct API method * Change default port of "Containerized Proxy configuration" 8022 spacewalk-backend: - Version 4.3.18-1 * Add 'octet-stream' to accepted content-types for reposync mirrorlists * Exclude invalid mirror urls for reposync (bsc#1203826) * Compute headers as list of two-tuples to be used by url grabber (bsc#1205523) * Updated logrotate configuration (bsc#1206470) * Add rhel_9 as Salt-enabled kickstart installation * do not fetch mirrorlist when a file url is given spacewalk-certs-tools: - Version 4.3.17-1 * Backport SLE Micro bootstrap fixes spacewalk-client-tools: - Version 4.3.14-1 * Update translation strings spacewalk-java: - Version 4.3.46-1 * action chains: recognize transactional_update.reboot as a reboot action - Version 4.3.45-1 * Improve logs when sls action chain file is missing - Version 4.3.44-1 * Add reboot needed indicator to systems list * Fix transaction commit behavior for Spark routes * Fix modular channel check during system update via XMLRPC (bsc#1206613) * Fix CVE Audit ignoring errata in parent channels if patch in successor product exists (bsc#1206168) * Fix CVE Audit incorrectly displaying predecessor product (bsc#1205663) * Improve automatic dependency selection for vendor clones * Optimize the number of salt calls on minion startup (bsc#1203532) * Fix name for autoinstall snippets after Cobbler 3.3.3 * prevent ISE on activation key page when selected base channel value is null * Trigger a package profile update when a new live-patch is installed (bsc#1206249) * Fix HTTP API login status code when using wrong credentials (bsc#1206666) * Configure the reboot action for transactional systems appropriately * Fix link to documentation in monitoring page * Fix server error in product migration outside maintenance window (bsc#1206276) * Updated logrotate configuration (bsc#1206470) * Only remove product catalog if PAYG ssh credentials are defined (bsc#1205943) * Source Select2 and jQuery UI from susemanager-frontend-libs * Don't use hash in apidoc links * Limit changelog data in generated metadata to 20 entries * Fix internal server error when transferring system between organizations * Fix products controller to keep loading mandatory channels even when there are broken channels (bsc#1204270) * Move web dependencies from susemanager-frontend-libs to spacewalk-web * Fix server error while bootstrapping SSH-managed Red Hat-like minion (bsc#1205890) * send notifications also as email if email notifications are enabled * Add subscription warning notification to overview page * Fix CLM to not remove necessary packages when filtering erratas (bsc#1195979) * Add vendor_advisory to errata.getDetails (bsc#1205207) * Fix ClassCastException * disable cloned vendor channel auto selection by default (bsc#1204186) * Add SUSE Liberty Linux support for RHEL9 based clients * Removed contents of certificates from the web UI logs (bsc#1204715) * Fix kickstart for RHEL 9 to not add install command * Remove RHEL kickstart types below 6 * Don't persist the YAML parser in FormulaFactory (bsc#1205754) * format results for package, errata and image build actions in system history similar to state apply results * check for NULL in DEB package install size value * adapt permissions of temporary ssh key directory * Fixed traditional stack warning message to be displayed only when the system has enterprise entitlement (bsc#1205350) * Remove invalid errata selection after patch installation (bsc#1204235) * Ignore insert conflicts during reporting database update (bsc#1202150) * Allowed cancelling pending actions with a failed prerequisite (bsc#1204712) * Run only minion actions that are in the pending status (bsc#1205012) * Allow usage of one FQDN to deploy containerized proxy in VM (#19586) * Migrate formulas with default values to database (bsc#1204932) spacewalk-search: - Version 4.3.8-1 * Updated logrotate configuration (bsc#1206470) * fix logging configuration of the search daemon (bsc#1206336) spacewalk-utils: - Version 4.3.16-1 * spacewalk-hostname-rename changes also report db host(bsc#1200801) * Add Uyuni SLE-Micro Client Tools repositories spacewalk-web: - Version 4.3.27-1 * Add reboot needed indicator to systems list * Fix salt keys page keeps loading when no key exists (bsc#1206799) * Fix link to documentation in monitoring page * Source Select2 and jQuery UI from susemanager-frontend-libs * fix frontend logging in react pages * Move web dependencies from susemanager-frontend-libs to spacewalk-web supportutils-plugin-susemanager: - Version 4.3.6-1 * update susemanager plugin to export the number of pending salt events susemanager: - Version 4.3.23-1 * fix bootstrap repo definition for SUSE Liberty Linux 9 and RHEL9 (bsc#1207136) - Version 4.3.22-1 * fix tools channel detection on Uyuni susemanager-build-keys: - Version 15.4.7: * add SUSE Liberty v2 key susemanager-docs_en: - Removed SUSE Linux Enterprise MicroOS technical preview admonitions from the Client Configuration Guide - Action chains now supported for SUSE Linux Enterprise MicroOS Product Migration listed as unsupported for now for SUSE Linux Enterprise MicroOS - Remove SUSE Linux Enterprise Micro requirement to preinstall salt-transactional package - Organized navigation bar in the Installation and Upgrade Guide - Fixed SUSE Linux Enterprise Micro channel names in the Client Configuration Guide - Added SUSE Liberty Linux 9 clients as supported and now use the SUSE Liberty Linux name more consistently - Containerized proxy now allows usage of single FQDN. Documented in the Installation and Upgrade Guide - Added information about GPG key usuage in the Debian section of the Client Configuration Guide - Clarified monitoring components support matrix in the Client Configuration Guide - Added information on using Hub when managing greater than 10K clients to the Hardware Requirements in the Installation and Upgrade Guide - Improved Grafana configuration instructions in the Administration Guide - Limit the changelog data in generated metadata in Administration Guide. The default number of entries is now 20 and it is consistent with the number of entries from SUSE Linux Enterprise - Warning to emphasize about storage requirements before migration in the Installation and Upgrade Guide susemanager-schema: - Version 4.3.16-1 * Remove legacy cluster_admin user group * add subscription warning info pane * Remove data related to RHEL below 6 * Increase cron_expr varchar length to 120 in suseRecurringAction table (bsc#1205040) susemanager-sls: - Version 4.3.29-1 * Improve _mgractionchains.conf logs * Prevent possible errors from "mgractionschains" module when there is no action chain to resume - Version 4.3.28-1 * Move transactional_update.conf to correct location - Version 4.3.27-1 * Do not include pillar_only formulas in highstate * Optimize the number of salt calls on minion startup (bsc#1203532) * install SUSE Liberty v2 GPG key * Bootstrap state now writes salt config in correct overlay on SLE Micro (bsc#1206294) * Fix reboot info beacon installation * Add state to properly configure the reboot action for transactional systems * Updated logrotate configuration (bsc#1206470) * Fix server error while bootstrapping SSH-managed Red Hat-like minion (bsc#1205890) * Avoid installing recommended packages from assigned products (bsc#1204330) with suma_minion salt pillar extension module (bsc#1205255) susemanager-sync-data: - Version 4.3.12-1 * change OES 2023 URL to https and make the tools channels mandatory (bsc#1205644) * remove version from product names as they are held separate susemanager-tftpsync: - Version 4.3.3-1 * Introduce threadpool for tftpsync to increase performance while syncing files to proxies (bsc#1205489) uyuni-common-libs: - Version 4.3.7-1 * unify user notification code on java side uyuni-setup-reportdb: - Version 4.3.6-1 * Fix password generation in uyuni-setup-reportdb (bsc#1205919) virtual-host-gatherer: - Version 1.0.24-1 * Report total memory of a libvirt hypervisor * Improve interoperability with other Python projects How to apply this update: 1. Log in as root user to the SUSE Manager Server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-345=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (ppc64le s390x x86_64): inter-server-sync-0.2.6-150400.3.12.3 inter-server-sync-debuginfo-0.2.6-150400.3.12.3 python3-uyuni-common-libs-4.3.7-150400.3.9.4 susemanager-4.3.23-150400.3.16.3 susemanager-tftpsync-4.3.3-150400.3.6.5 susemanager-tools-4.3.23-150400.3.16.3 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): cobbler-3.3.3-150400.5.17.3 drools-7.17.0-150400.3.9.3 grafana-formula-0.8.0-150400.3.6.3 image-sync-formula-0.1.1673279145.e7616bd-150400.3.9.3 mgr-osa-dispatcher-4.3.7-150400.3.3.4 mgr-push-4.3.5-150400.3.3.5 python3-mgr-osa-common-4.3.7-150400.3.3.4 python3-mgr-osa-dispatcher-4.3.7-150400.3.3.4 python3-mgr-push-4.3.5-150400.3.3.5 python3-rhnlib-4.3.5-150400.3.3.3 python3-spacewalk-certs-tools-4.3.17-150400.3.12.4 python3-spacewalk-client-tools-4.3.14-150400.3.12.5 saltboot-formula-0.1.1673279145.e7616bd-150400.3.6.3 spacecmd-4.3.18-150400.3.12.3 spacewalk-backend-4.3.18-150400.3.12.5 spacewalk-backend-app-4.3.18-150400.3.12.5 spacewalk-backend-applet-4.3.18-150400.3.12.5 spacewalk-backend-config-files-4.3.18-150400.3.12.5 spacewalk-backend-config-files-common-4.3.18-150400.3.12.5 spacewalk-backend-config-files-tool-4.3.18-150400.3.12.5 spacewalk-backend-iss-4.3.18-150400.3.12.5 spacewalk-backend-iss-export-4.3.18-150400.3.12.5 spacewalk-backend-package-push-server-4.3.18-150400.3.12.5 spacewalk-backend-server-4.3.18-150400.3.12.5 spacewalk-backend-sql-4.3.18-150400.3.12.5 spacewalk-backend-sql-postgresql-4.3.18-150400.3.12.5 spacewalk-backend-tools-4.3.18-150400.3.12.5 spacewalk-backend-xml-export-libs-4.3.18-150400.3.12.5 spacewalk-backend-xmlrpc-4.3.18-150400.3.12.5 spacewalk-base-4.3.27-150400.3.12.5 spacewalk-base-minimal-4.3.27-150400.3.12.5 spacewalk-base-minimal-config-4.3.27-150400.3.12.5 spacewalk-certs-tools-4.3.17-150400.3.12.4 spacewalk-client-tools-4.3.14-150400.3.12.5 spacewalk-html-4.3.27-150400.3.12.5 spacewalk-java-4.3.46-150400.3.28.1 spacewalk-java-config-4.3.46-150400.3.28.1 spacewalk-java-lib-4.3.46-150400.3.28.1 spacewalk-java-postgresql-4.3.46-150400.3.28.1 spacewalk-search-4.3.8-150400.3.9.3 spacewalk-taskomatic-4.3.46-150400.3.28.1 spacewalk-utils-4.3.16-150400.3.12.3 spacewalk-utils-extras-4.3.16-150400.3.12.3 supportutils-plugin-susemanager-4.3.6-150400.3.6.3 susemanager-build-keys-15.4.7-150400.3.12.3 susemanager-build-keys-web-15.4.7-150400.3.12.3 susemanager-docs_en-4.3-150400.9.19.1 susemanager-docs_en-pdf-4.3-150400.9.19.1 susemanager-schema-4.3.16-150400.3.12.4 susemanager-schema-utility-4.3.16-150400.3.12.4 susemanager-sls-4.3.29-150400.3.16.1 susemanager-sync-data-4.3.12-150400.3.11.3 uyuni-config-modules-4.3.29-150400.3.16.1 uyuni-setup-reportdb-4.3.6-150400.3.3.4 virtual-host-gatherer-1.0.24-150400.3.6.3 virtual-host-gatherer-Kubernetes-1.0.24-150400.3.6.3 virtual-host-gatherer-Nutanix-1.0.24-150400.3.6.3 virtual-host-gatherer-VMware-1.0.24-150400.3.6.3 virtual-host-gatherer-libcloud-1.0.24-150400.3.6.3 References: https://www.suse.com/security/cve/CVE-2022-1415.html https://bugzilla.suse.com/1172110 https://bugzilla.suse.com/1195979 https://bugzilla.suse.com/1200801 https://bugzilla.suse.com/1202150 https://bugzilla.suse.com/1203478 https://bugzilla.suse.com/1203532 https://bugzilla.suse.com/1203826 https://bugzilla.suse.com/1204032 https://bugzilla.suse.com/1204126 https://bugzilla.suse.com/1204186 https://bugzilla.suse.com/1204235 https://bugzilla.suse.com/1204270 https://bugzilla.suse.com/1204330 https://bugzilla.suse.com/1204712 https://bugzilla.suse.com/1204715 https://bugzilla.suse.com/1204879 https://bugzilla.suse.com/1204932 https://bugzilla.suse.com/1205012 https://bugzilla.suse.com/1205040 https://bugzilla.suse.com/1205207 https://bugzilla.suse.com/1205255 https://bugzilla.suse.com/1205350 https://bugzilla.suse.com/1205489 https://bugzilla.suse.com/1205523 https://bugzilla.suse.com/1205644 https://bugzilla.suse.com/1205663 https://bugzilla.suse.com/1205749 https://bugzilla.suse.com/1205754 https://bugzilla.suse.com/1205890 https://bugzilla.suse.com/1205919 https://bugzilla.suse.com/1205943 https://bugzilla.suse.com/1206055 https://bugzilla.suse.com/1206160 https://bugzilla.suse.com/1206168 https://bugzilla.suse.com/1206186 https://bugzilla.suse.com/1206249 https://bugzilla.suse.com/1206276 https://bugzilla.suse.com/1206294 https://bugzilla.suse.com/1206336 https://bugzilla.suse.com/1206375 https://bugzilla.suse.com/1206470 https://bugzilla.suse.com/1206613 https://bugzilla.suse.com/1206666 https://bugzilla.suse.com/1206799 https://bugzilla.suse.com/1207136 From sle-updates at lists.suse.com Fri Feb 10 17:38:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:38:23 +0100 (CET) Subject: SUSE-RU-2023:0346-1: moderate: Recommended update for salt Message-ID: <20230210173823.DBB29FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0346-1 Rating: moderate References: #1204939 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Module for Transactional Server 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for salt fixes the following issues: - Control the collection of lvm grains via config (bsc#1204939) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-346=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-346=1 - SUSE Linux Enterprise Module for Transactional Server 15-SP4: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP4-2023-346=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-346=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-346=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-346=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): python3-salt-3004-150400.8.20.1 salt-3004-150400.8.20.1 salt-minion-3004-150400.8.20.1 salt-transactional-update-3004-150400.8.20.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python3-salt-3004-150400.8.20.1 salt-3004-150400.8.20.1 salt-api-3004-150400.8.20.1 salt-cloud-3004-150400.8.20.1 salt-doc-3004-150400.8.20.1 salt-master-3004-150400.8.20.1 salt-minion-3004-150400.8.20.1 salt-proxy-3004-150400.8.20.1 salt-ssh-3004-150400.8.20.1 salt-standalone-formulas-configuration-3004-150400.8.20.1 salt-syndic-3004-150400.8.20.1 salt-transactional-update-3004-150400.8.20.1 - openSUSE Leap 15.4 (noarch): salt-bash-completion-3004-150400.8.20.1 salt-fish-completion-3004-150400.8.20.1 salt-zsh-completion-3004-150400.8.20.1 - SUSE Linux Enterprise Module for Transactional Server 15-SP4 (aarch64 ppc64le s390x x86_64): salt-transactional-update-3004-150400.8.20.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): salt-api-3004-150400.8.20.1 salt-cloud-3004-150400.8.20.1 salt-master-3004-150400.8.20.1 salt-proxy-3004-150400.8.20.1 salt-ssh-3004-150400.8.20.1 salt-standalone-formulas-configuration-3004-150400.8.20.1 salt-syndic-3004-150400.8.20.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): salt-fish-completion-3004-150400.8.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): python3-salt-3004-150400.8.20.1 salt-3004-150400.8.20.1 salt-doc-3004-150400.8.20.1 salt-minion-3004-150400.8.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): salt-bash-completion-3004-150400.8.20.1 salt-zsh-completion-3004-150400.8.20.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): python3-salt-3004-150400.8.20.1 salt-3004-150400.8.20.1 salt-minion-3004-150400.8.20.1 salt-transactional-update-3004-150400.8.20.1 References: https://bugzilla.suse.com/1204939 From sle-updates at lists.suse.com Fri Feb 10 17:39:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:39:18 +0100 (CET) Subject: SUSE-RU-2023:0361-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20230210173918.763DEFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0361-1 Rating: moderate References: #1204126 #1205207 ECO-3319 Affected Products: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS ______________________________________________________________________________ An update that has two recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: scap-security-guide: - Updated to 0.1.65 (jsc#ECO-3319) - Introduce cui profile for OL9 - Remove Support for OVAL 5.10 - Rename account_passwords_pam_faillock_audit - CI ansible hardening and rename of existing Bash hardening - Update contributors list for v0.1.65 release - various SUSE profile specific fixes - Require sudo, as remediations touch sudo config or use sudo. spacecmd: - Version 4.3.18-1 * Add python-dateutil dependency, required to process date values in spacecmd api calls - Version 4.3.17-1 * Remove python3-simplejson dependency * Correctly understand 'ssm' keyword on scap scheduling * Add vendor_advisory information to errata_details call (bsc#1205207) * Added two missing options to schedule product migration: allow-vendor-change and remove-products-without-successor (bsc#1204126) * Changed schedule product migration to use the correct API method * Change default port of "Containerized Proxy configuration" 8022 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS: zypper in -t patch SUSE-EL-9-CLIENT-TOOLS-2023-361=1 Package List: - SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS (noarch): scap-security-guide-redhat-0.1.65-1.6.1 spacecmd-4.3.18-1.6.1 References: https://bugzilla.suse.com/1204126 https://bugzilla.suse.com/1205207 From sle-updates at lists.suse.com Fri Feb 10 17:40:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:40:02 +0100 (CET) Subject: SUSE-RU-2023:0358-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20230210174002.8A785FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0358-1 Rating: moderate References: #1204126 #1205207 Affected Products: SUSE Manager Debian 11-CLIENT-TOOLS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: spacecmd: - Version 4.3.18-1 * Add python-dateutil dependency, required to process date values in spacecmd api calls - Version 4.3.17-1 * Remove python3-simplejson dependency * Correctly understand 'ssm' keyword on scap scheduling * Add vendor_advisory information to errata_details call (bsc#1205207) * Added two missing options to schedule product migration: allow-vendor-change and remove-products-without-successor (bsc#1204126) * Changed schedule product migration to use the correct API method * Change default port of "Containerized Proxy configuration" 8022 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 11-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-11-CLIENT-TOOLS-x86_64-2023-358=1 Package List: - SUSE Manager Debian 11-CLIENT-TOOLS (all): spacecmd-4.3.18-2.15.2 References: https://bugzilla.suse.com/1204126 https://bugzilla.suse.com/1205207 From sle-updates at lists.suse.com Fri Feb 10 17:41:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:41:07 +0100 (CET) Subject: SUSE-RU-2023:0347-1: moderate: Recommended update for salt Message-ID: <20230210174107.A8D34FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0347-1 Rating: moderate References: #1204939 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for salt fixes the following issues: - Control the collection of lvm grains via config (bsc#1204939) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-347=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-347=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-347=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-347=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-347=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-347=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-347=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-347=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-347=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-347=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-347=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-347=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): python3-salt-3004-150300.53.36.1 salt-3004-150300.53.36.1 salt-minion-3004-150300.53.36.1 salt-transactional-update-3004-150300.53.36.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): python3-salt-3004-150300.53.36.1 salt-3004-150300.53.36.1 salt-api-3004-150300.53.36.1 salt-cloud-3004-150300.53.36.1 salt-doc-3004-150300.53.36.1 salt-master-3004-150300.53.36.1 salt-minion-3004-150300.53.36.1 salt-proxy-3004-150300.53.36.1 salt-ssh-3004-150300.53.36.1 salt-standalone-formulas-configuration-3004-150300.53.36.1 salt-syndic-3004-150300.53.36.1 - SUSE Manager Server 4.2 (noarch): salt-bash-completion-3004-150300.53.36.1 salt-fish-completion-3004-150300.53.36.1 salt-zsh-completion-3004-150300.53.36.1 - SUSE Manager Retail Branch Server 4.2 (noarch): salt-bash-completion-3004-150300.53.36.1 salt-fish-completion-3004-150300.53.36.1 salt-zsh-completion-3004-150300.53.36.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): python3-salt-3004-150300.53.36.1 salt-3004-150300.53.36.1 salt-api-3004-150300.53.36.1 salt-cloud-3004-150300.53.36.1 salt-doc-3004-150300.53.36.1 salt-master-3004-150300.53.36.1 salt-minion-3004-150300.53.36.1 salt-proxy-3004-150300.53.36.1 salt-ssh-3004-150300.53.36.1 salt-standalone-formulas-configuration-3004-150300.53.36.1 salt-syndic-3004-150300.53.36.1 - SUSE Manager Proxy 4.2 (x86_64): python3-salt-3004-150300.53.36.1 salt-3004-150300.53.36.1 salt-api-3004-150300.53.36.1 salt-cloud-3004-150300.53.36.1 salt-doc-3004-150300.53.36.1 salt-master-3004-150300.53.36.1 salt-minion-3004-150300.53.36.1 salt-proxy-3004-150300.53.36.1 salt-ssh-3004-150300.53.36.1 salt-standalone-formulas-configuration-3004-150300.53.36.1 salt-syndic-3004-150300.53.36.1 - SUSE Manager Proxy 4.2 (noarch): salt-bash-completion-3004-150300.53.36.1 salt-fish-completion-3004-150300.53.36.1 salt-zsh-completion-3004-150300.53.36.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): python3-salt-3004-150300.53.36.1 salt-3004-150300.53.36.1 salt-api-3004-150300.53.36.1 salt-cloud-3004-150300.53.36.1 salt-doc-3004-150300.53.36.1 salt-master-3004-150300.53.36.1 salt-minion-3004-150300.53.36.1 salt-proxy-3004-150300.53.36.1 salt-ssh-3004-150300.53.36.1 salt-standalone-formulas-configuration-3004-150300.53.36.1 salt-syndic-3004-150300.53.36.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch): salt-bash-completion-3004-150300.53.36.1 salt-fish-completion-3004-150300.53.36.1 salt-zsh-completion-3004-150300.53.36.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): python3-salt-3004-150300.53.36.1 salt-3004-150300.53.36.1 salt-api-3004-150300.53.36.1 salt-cloud-3004-150300.53.36.1 salt-doc-3004-150300.53.36.1 salt-master-3004-150300.53.36.1 salt-minion-3004-150300.53.36.1 salt-proxy-3004-150300.53.36.1 salt-ssh-3004-150300.53.36.1 salt-standalone-formulas-configuration-3004-150300.53.36.1 salt-syndic-3004-150300.53.36.1 salt-transactional-update-3004-150300.53.36.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): salt-bash-completion-3004-150300.53.36.1 salt-fish-completion-3004-150300.53.36.1 salt-zsh-completion-3004-150300.53.36.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): salt-bash-completion-3004-150300.53.36.1 salt-fish-completion-3004-150300.53.36.1 salt-zsh-completion-3004-150300.53.36.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): python3-salt-3004-150300.53.36.1 salt-3004-150300.53.36.1 salt-api-3004-150300.53.36.1 salt-cloud-3004-150300.53.36.1 salt-doc-3004-150300.53.36.1 salt-master-3004-150300.53.36.1 salt-minion-3004-150300.53.36.1 salt-proxy-3004-150300.53.36.1 salt-ssh-3004-150300.53.36.1 salt-standalone-formulas-configuration-3004-150300.53.36.1 salt-syndic-3004-150300.53.36.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): python3-salt-3004-150300.53.36.1 salt-3004-150300.53.36.1 salt-minion-3004-150300.53.36.1 salt-transactional-update-3004-150300.53.36.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): python3-salt-3004-150300.53.36.1 salt-3004-150300.53.36.1 salt-minion-3004-150300.53.36.1 salt-transactional-update-3004-150300.53.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): python3-salt-3004-150300.53.36.1 salt-3004-150300.53.36.1 salt-api-3004-150300.53.36.1 salt-cloud-3004-150300.53.36.1 salt-doc-3004-150300.53.36.1 salt-master-3004-150300.53.36.1 salt-minion-3004-150300.53.36.1 salt-proxy-3004-150300.53.36.1 salt-ssh-3004-150300.53.36.1 salt-standalone-formulas-configuration-3004-150300.53.36.1 salt-syndic-3004-150300.53.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): salt-bash-completion-3004-150300.53.36.1 salt-fish-completion-3004-150300.53.36.1 salt-zsh-completion-3004-150300.53.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): python3-salt-3004-150300.53.36.1 salt-3004-150300.53.36.1 salt-api-3004-150300.53.36.1 salt-cloud-3004-150300.53.36.1 salt-doc-3004-150300.53.36.1 salt-master-3004-150300.53.36.1 salt-minion-3004-150300.53.36.1 salt-proxy-3004-150300.53.36.1 salt-ssh-3004-150300.53.36.1 salt-standalone-formulas-configuration-3004-150300.53.36.1 salt-syndic-3004-150300.53.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): salt-bash-completion-3004-150300.53.36.1 salt-fish-completion-3004-150300.53.36.1 salt-zsh-completion-3004-150300.53.36.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): python3-salt-3004-150300.53.36.1 salt-3004-150300.53.36.1 salt-api-3004-150300.53.36.1 salt-cloud-3004-150300.53.36.1 salt-doc-3004-150300.53.36.1 salt-master-3004-150300.53.36.1 salt-minion-3004-150300.53.36.1 salt-proxy-3004-150300.53.36.1 salt-ssh-3004-150300.53.36.1 salt-standalone-formulas-configuration-3004-150300.53.36.1 salt-syndic-3004-150300.53.36.1 salt-transactional-update-3004-150300.53.36.1 - SUSE Enterprise Storage 7.1 (noarch): salt-bash-completion-3004-150300.53.36.1 salt-fish-completion-3004-150300.53.36.1 salt-zsh-completion-3004-150300.53.36.1 References: https://bugzilla.suse.com/1204939 From sle-updates at lists.suse.com Fri Feb 10 17:42:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:42:20 +0100 (CET) Subject: SUSE-SU-2023:0353-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <20230210174220.1F514FCC9@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0353-1 Rating: moderate References: #1172110 #1204032 #1204126 #1204302 #1204303 #1204304 #1204305 #1205207 #1205225 #1205227 #1205599 #1206470 PED-2617 Cross-References: CVE-2022-31123 CVE-2022-31130 CVE-2022-39201 CVE-2022-39229 CVE-2022-39306 CVE-2022-39307 CVSS scores: CVE-2022-31123 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31123 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L CVE-2022-31130 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-31130 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-39201 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-39201 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-39229 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-39229 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-39306 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-39306 (SUSE): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N CVE-2022-39307 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-39307 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Manager Tools 15 SUSE Manager Tools for SLE Micro 5 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 6 vulnerabilities, contains one feature and has 6 fixes is now available. Description: This update fixes the following issues: dracut-saltboot: - Update to version 0.1.1673279145.e7616bd * Add failsafe stop file when salt-minion does not stop (bsc#1172110) * Copy existing wicked config instead of generating new (bsc#1205599) grafana: - Update to version 8.5.15 (jsc#PED-2617): * CVE-2022-39306: Fix for privilege escalation (bsc#1205225) * CVE-2022-39307: Omit error from http response when user does not exists (bsc#1205227) - Update to version 8.5.14: * CVE-2022-39201: Fix do not forward login cookie in outgoing requests (bsc#1204303) * CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers (bsc#1204305) * CVE-2022-31123: Fix plugin signature bypass (bsc#1204302) * CVE-2022-39229: Fix blocknig other users from signing in (bsc#1204304) mgr-osad: - Version 4.3.7-1 * Updated logrotate configuration (bsc#1206470) mgr-push: - Version 4.3.5-1 * Update translation strings rhnlib: - Version 4.3.5-1 * Don't get stuck at the end of SSL transfers (bsc#1204032) spacecmd: - Version 4.3.18-1 * Add python-dateutil dependency, required to process date values in spacecmd api calls - Version 4.3.17-1 * Remove python3-simplejson dependency * Correctly understand 'ssm' keyword on scap scheduling * Add vendor_advisory information to errata_details call (bsc#1205207) * Added two missing options to schedule product migration: allow-vendor-change and remove-products-without-successor (bsc#1204126) * Changed schedule product migration to use the correct API method * Change default port of "Containerized Proxy configuration" 8022 spacewalk-client-tools: - Version 4.3.14-1 * Update translation strings uyuni-common-libs: - Version 4.3.7-1 * unify user notification code on java side Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-353=1 - SUSE Manager Tools for SLE Micro 5: zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2023-353=1 - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2023-353=1 Package List: - openSUSE Leap 15.4 (noarch): dracut-saltboot-0.1.1673279145.e7616bd-150000.1.44.1 spacecmd-4.3.18-150000.3.92.1 - SUSE Manager Tools for SLE Micro 5 (noarch): dracut-saltboot-0.1.1673279145.e7616bd-150000.1.44.1 - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): grafana-8.5.15-150000.1.39.1 grafana-debuginfo-8.5.15-150000.1.39.1 python3-uyuni-common-libs-4.3.7-150000.1.30.1 - SUSE Manager Tools 15 (noarch): dracut-saltboot-0.1.1673279145.e7616bd-150000.1.44.1 mgr-osad-4.3.7-150000.1.42.1 mgr-push-4.3.5-150000.1.24.2 python3-mgr-osa-common-4.3.7-150000.1.42.1 python3-mgr-osad-4.3.7-150000.1.42.1 python3-mgr-push-4.3.5-150000.1.24.2 python3-rhnlib-4.3.5-150000.3.40.1 python3-spacewalk-check-4.3.14-150000.3.74.1 python3-spacewalk-client-setup-4.3.14-150000.3.74.1 python3-spacewalk-client-tools-4.3.14-150000.3.74.1 spacecmd-4.3.18-150000.3.92.1 spacewalk-check-4.3.14-150000.3.74.1 spacewalk-client-setup-4.3.14-150000.3.74.1 spacewalk-client-tools-4.3.14-150000.3.74.1 References: https://www.suse.com/security/cve/CVE-2022-31123.html https://www.suse.com/security/cve/CVE-2022-31130.html https://www.suse.com/security/cve/CVE-2022-39201.html https://www.suse.com/security/cve/CVE-2022-39229.html https://www.suse.com/security/cve/CVE-2022-39306.html https://www.suse.com/security/cve/CVE-2022-39307.html https://bugzilla.suse.com/1172110 https://bugzilla.suse.com/1204032 https://bugzilla.suse.com/1204126 https://bugzilla.suse.com/1204302 https://bugzilla.suse.com/1204303 https://bugzilla.suse.com/1204304 https://bugzilla.suse.com/1204305 https://bugzilla.suse.com/1205207 https://bugzilla.suse.com/1205225 https://bugzilla.suse.com/1205227 https://bugzilla.suse.com/1205599 https://bugzilla.suse.com/1206470 From sle-updates at lists.suse.com Fri Feb 10 17:44:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:44:02 +0100 (CET) Subject: SUSE-RU-2023:0350-1: moderate: Recommended update for salt Message-ID: <20230210174402.064D1FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0350-1 Rating: moderate References: #1204939 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for salt fixes the following issues: - Control the collection of lvm grains via config (bsc#1204939) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-350=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-350=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-350=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-350=1 Package List: - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): python3-salt-3004-150200.84.1 salt-3004-150200.84.1 salt-api-3004-150200.84.1 salt-cloud-3004-150200.84.1 salt-doc-3004-150200.84.1 salt-master-3004-150200.84.1 salt-minion-3004-150200.84.1 salt-proxy-3004-150200.84.1 salt-ssh-3004-150200.84.1 salt-standalone-formulas-configuration-3004-150200.84.1 salt-syndic-3004-150200.84.1 salt-transactional-update-3004-150200.84.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): salt-bash-completion-3004-150200.84.1 salt-fish-completion-3004-150200.84.1 salt-zsh-completion-3004-150200.84.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): python3-salt-3004-150200.84.1 salt-3004-150200.84.1 salt-api-3004-150200.84.1 salt-cloud-3004-150200.84.1 salt-doc-3004-150200.84.1 salt-master-3004-150200.84.1 salt-minion-3004-150200.84.1 salt-proxy-3004-150200.84.1 salt-ssh-3004-150200.84.1 salt-standalone-formulas-configuration-3004-150200.84.1 salt-syndic-3004-150200.84.1 salt-transactional-update-3004-150200.84.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): salt-bash-completion-3004-150200.84.1 salt-fish-completion-3004-150200.84.1 salt-zsh-completion-3004-150200.84.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): python3-salt-3004-150200.84.1 salt-3004-150200.84.1 salt-api-3004-150200.84.1 salt-cloud-3004-150200.84.1 salt-doc-3004-150200.84.1 salt-master-3004-150200.84.1 salt-minion-3004-150200.84.1 salt-proxy-3004-150200.84.1 salt-ssh-3004-150200.84.1 salt-standalone-formulas-configuration-3004-150200.84.1 salt-syndic-3004-150200.84.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): salt-bash-completion-3004-150200.84.1 salt-fish-completion-3004-150200.84.1 salt-zsh-completion-3004-150200.84.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): python3-salt-3004-150200.84.1 salt-3004-150200.84.1 salt-api-3004-150200.84.1 salt-cloud-3004-150200.84.1 salt-doc-3004-150200.84.1 salt-master-3004-150200.84.1 salt-minion-3004-150200.84.1 salt-proxy-3004-150200.84.1 salt-ssh-3004-150200.84.1 salt-standalone-formulas-configuration-3004-150200.84.1 salt-syndic-3004-150200.84.1 salt-transactional-update-3004-150200.84.1 - SUSE Enterprise Storage 7 (noarch): salt-bash-completion-3004-150200.84.1 salt-fish-completion-3004-150200.84.1 salt-zsh-completion-3004-150200.84.1 References: https://bugzilla.suse.com/1204939 From sle-updates at lists.suse.com Fri Feb 10 17:44:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:44:53 +0100 (CET) Subject: SUSE-SU-2023:0362-1: moderate: Security update for grafana Message-ID: <20230210174453.6E03DFCC9@maintenance.suse.de> SUSE Security Update: Security update for grafana ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0362-1 Rating: moderate References: #1204302 #1204303 #1204304 #1204305 #1205225 #1205227 Cross-References: CVE-2022-31123 CVE-2022-31130 CVE-2022-39201 CVE-2022-39229 CVE-2022-39306 CVE-2022-39307 CVSS scores: CVE-2022-31123 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31123 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L CVE-2022-31130 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-31130 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-39201 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-39201 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-39229 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-39229 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-39306 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-39306 (SUSE): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N CVE-2022-39307 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-39307 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for grafana fixes the following issues: - Version update from 8.5.13 to 8.5.15 (jsc#PED-2617): * CVE-2022-39306: Security fix for privilege escalation (bsc#1205225) * CVE-2022-39307: Omit error from http response when user does not exists (bsc#1205227) * CVE-2022-39201: Do not forward login cookie in outgoing requests (bsc#1204303) * CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers (bsc#1204305) * CVE-2022-31123: Fix plugin signature bypass (bsc#1204302) * CVE-2022-39229: Fix blocking other users from signing in (bsc#1204304) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-362=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-362=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): grafana-8.5.15-150200.3.32.1 grafana-debuginfo-8.5.15-150200.3.32.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): grafana-8.5.15-150200.3.32.1 grafana-debuginfo-8.5.15-150200.3.32.1 References: https://www.suse.com/security/cve/CVE-2022-31123.html https://www.suse.com/security/cve/CVE-2022-31130.html https://www.suse.com/security/cve/CVE-2022-39201.html https://www.suse.com/security/cve/CVE-2022-39229.html https://www.suse.com/security/cve/CVE-2022-39306.html https://www.suse.com/security/cve/CVE-2022-39307.html https://bugzilla.suse.com/1204302 https://bugzilla.suse.com/1204303 https://bugzilla.suse.com/1204304 https://bugzilla.suse.com/1204305 https://bugzilla.suse.com/1205225 https://bugzilla.suse.com/1205227 From sle-updates at lists.suse.com Fri Feb 10 17:45:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:45:58 +0100 (CET) Subject: SUSE-RU-2023:15156-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <20230210174558.C9C5CFCFA@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:15156-1 Rating: moderate References: #1204939 Affected Products: SUSE Manager Ubuntu 22.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Control the collection of lvm grains via config (bsc#1204939) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 22.04-CLIENT-TOOLS: zypper in -t patch suse-ubu224ct-client-tools-202301-15156=1 Package List: - SUSE Manager Ubuntu 22.04-CLIENT-TOOLS (amd64): venv-salt-minion-3004-2.11.5 References: https://bugzilla.suse.com/1204939 From sle-updates at lists.suse.com Fri Feb 10 17:46:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:46:44 +0100 (CET) Subject: SUSE-SU-2023:0031-2: important: Security update for libksba Message-ID: <20230210174644.E7D52FCC9@maintenance.suse.de> SUSE Security Update: Security update for libksba ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0031-2 Rating: important References: #1206579 Cross-References: CVE-2022-47629 CVSS scores: CVE-2022-47629 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-47629 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-31=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-31=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-31=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-31=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-31=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libksba-debugsource-1.3.0-24.6.1 libksba8-1.3.0-24.6.1 libksba8-debuginfo-1.3.0-24.6.1 - SUSE OpenStack Cloud 9 (x86_64): libksba-debugsource-1.3.0-24.6.1 libksba8-1.3.0-24.6.1 libksba8-debuginfo-1.3.0-24.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libksba-debugsource-1.3.0-24.6.1 libksba8-1.3.0-24.6.1 libksba8-debuginfo-1.3.0-24.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libksba-debugsource-1.3.0-24.6.1 libksba8-1.3.0-24.6.1 libksba8-debuginfo-1.3.0-24.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libksba-debugsource-1.3.0-24.6.1 libksba8-1.3.0-24.6.1 libksba8-debuginfo-1.3.0-24.6.1 References: https://www.suse.com/security/cve/CVE-2022-47629.html https://bugzilla.suse.com/1206579 From sle-updates at lists.suse.com Fri Feb 10 17:47:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:47:42 +0100 (CET) Subject: SUSE-RU-2023:0364-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <20230210174742.547DDFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0364-1 Rating: moderate References: #1204939 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Manager Proxy 4.3 SUSE Manager Server 4.3 SUSE Manager Tools 15 SUSE Manager Tools for SLE Micro 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Control the collection of lvm grains via config (bsc#1204939) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools for SLE Micro 5: zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2023-364=1 - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2023-364=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-364=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-364=1 Package List: - SUSE Manager Tools for SLE Micro 5 (aarch64 s390x x86_64): venv-salt-minion-3004-150000.3.20.1 - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): venv-salt-minion-3004-150000.3.20.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le s390x x86_64): venv-salt-minion-3004-150000.3.20.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64): venv-salt-minion-3004-150000.3.20.1 References: https://bugzilla.suse.com/1204939 From sle-updates at lists.suse.com Fri Feb 10 17:48:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:48:32 +0100 (CET) Subject: SUSE-RU-2023:15154-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <20230210174832.E3622FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:15154-1 Rating: moderate References: #1204939 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Control the collection of lvm grains via config (bsc#1204939) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS: zypper in -t patch suse-ubu184ct-client-tools-202301-15154=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (amd64): venv-salt-minion-3004-2.20.4 References: https://bugzilla.suse.com/1204939 From sle-updates at lists.suse.com Fri Feb 10 17:49:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:49:09 +0100 (CET) Subject: SUSE-RU-2023:0345-1: important: Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3 Message-ID: <20230210174909.CDF38FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0345-1 Rating: important References: #1203826 #1204032 #1204126 #1205207 #1205523 #1205976 #1206470 #1206799 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Manager Proxy 4.3 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update fixes the following issues: mgr-osad: - Version 4.3.7-1 * Updated logrotate configuration (bsc#1206470) mgr-push: - Version 4.3.5-1 * Update translation strings rhnlib: - Version 4.3.5-1 * Don't get stuck at the end of SSL transfers (bsc#1204032) spacecmd: - Version 4.3.18-1 * Add python-dateutil dependency, required to process date values in spacecmd api calls - Version 4.3.17-1 * Remove python3-simplejson dependency * Correctly understand 'ssm' keyword on scap scheduling * Add vendor_advisory information to errata_details call (bsc#1205207) * Added two missing options to schedule product migration: allow-vendor-change and remove-products-without-successor (bsc#1204126) * Changed schedule product migration to use the correct API method * Change default port of "Containerized Proxy configuration" 8022 spacewalk-backend: - Version 4.3.18-1 * Add 'octet-stream' to accepted content-types for reposync mirrorlists * Exclude invalid mirror urls for reposync (bsc#1203826) * Compute headers as list of two-tuples to be used by url grabber (bsc#1205523) * Updated logrotate configuration (bsc#1206470) * Add rhel_9 as Salt-enabled kickstart installation * do not fetch mirrorlist when a file url is given spacewalk-certs-tools: - Version 4.3.17-1 * Backport SLE Micro bootstrap fixes spacewalk-client-tools: - Version 4.3.14-1 * Update translation strings spacewalk-proxy: - Version 4.3.14-1 * Updated logrotate configuration (bsc#1206470) * Handle tftp in rhn-proxy (bsc#1205976) spacewalk-web: - Version 4.3.27-1 * Add reboot needed indicator to systems list * Fix salt keys page keeps loading when no key exists (bsc#1206799) * Fix link to documentation in monitoring page * Source Select2 and jQuery UI from susemanager-frontend-libs * fix frontend logging in react pages * Move web dependencies from susemanager-frontend-libs to spacewalk-web susemanager-build-keys: - Version 15.4.7: * add SUSE Liberty v2 key susemanager-tftpsync-recv: - Version 4.3.8-1 * Update translation strings uyuni-common-libs: - Version 4.3.7-1 * unify user notification code on java side How to apply this update: 1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server. 2. Stop the proxy service: `spacewalk-proxy stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-proxy start` Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-345=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (x86_64): python3-uyuni-common-libs-4.3.7-150400.3.9.4 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (noarch): mgr-osad-4.3.7-150400.3.3.4 mgr-push-4.3.5-150400.3.3.5 python3-mgr-osa-common-4.3.7-150400.3.3.4 python3-mgr-osad-4.3.7-150400.3.3.4 python3-mgr-push-4.3.5-150400.3.3.5 python3-rhnlib-4.3.5-150400.3.3.3 python3-spacewalk-certs-tools-4.3.17-150400.3.12.4 python3-spacewalk-check-4.3.14-150400.3.12.5 python3-spacewalk-client-setup-4.3.14-150400.3.12.5 python3-spacewalk-client-tools-4.3.14-150400.3.12.5 spacecmd-4.3.18-150400.3.12.3 spacewalk-backend-4.3.18-150400.3.12.5 spacewalk-base-minimal-4.3.27-150400.3.12.5 spacewalk-base-minimal-config-4.3.27-150400.3.12.5 spacewalk-certs-tools-4.3.17-150400.3.12.4 spacewalk-check-4.3.14-150400.3.12.5 spacewalk-client-setup-4.3.14-150400.3.12.5 spacewalk-client-tools-4.3.14-150400.3.12.5 spacewalk-proxy-broker-4.3.14-150400.3.11.4 spacewalk-proxy-common-4.3.14-150400.3.11.4 spacewalk-proxy-management-4.3.14-150400.3.11.4 spacewalk-proxy-package-manager-4.3.14-150400.3.11.4 spacewalk-proxy-redirect-4.3.14-150400.3.11.4 spacewalk-proxy-salt-4.3.14-150400.3.11.4 susemanager-build-keys-15.4.7-150400.3.12.3 susemanager-build-keys-web-15.4.7-150400.3.12.3 susemanager-tftpsync-recv-4.3.8-150400.3.6.4 References: https://bugzilla.suse.com/1203826 https://bugzilla.suse.com/1204032 https://bugzilla.suse.com/1204126 https://bugzilla.suse.com/1205207 https://bugzilla.suse.com/1205523 https://bugzilla.suse.com/1205976 https://bugzilla.suse.com/1206470 https://bugzilla.suse.com/1206799 From sle-updates at lists.suse.com Fri Feb 10 17:50:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:50:22 +0100 (CET) Subject: SUSE-SU-2023:0373-1: moderate: Security update for SUSE Manager Server 4.3 Message-ID: <20230210175022.040CCFCC9@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 4.3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0373-1 Rating: moderate References: #1172110 #1195979 #1200801 #1202150 #1203478 #1203532 #1203826 #1204032 #1204126 #1204186 #1204235 #1204270 #1204330 #1204712 #1204715 #1204879 #1204932 #1205012 #1205040 #1205207 #1205255 #1205350 #1205489 #1205523 #1205644 #1205663 #1205749 #1205754 #1205890 #1205919 #1205943 #1206055 #1206160 #1206168 #1206186 #1206249 #1206276 #1206294 #1206336 #1206375 #1206470 #1206613 #1206666 #1206799 #1207136 Cross-References: CVE-2022-1415 CVSS scores: CVE-2022-1415 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Manager Server 4.3 ______________________________________________________________________________ An update that solves one vulnerability and has 44 fixes is now available. Description: This update fixes the following issues: release-notes-susemanager: - Update to SUSE Manager 4.3.4 * SUSE Liberty Linux 9 support as client * SUSE Linux Enterprise Micro support as client * Indications for systems requiring reboot or with a scheduled reboot * Notification messages via email * Grafana update to 8.5.15 * Subscription warning notification * Changelogs at repositories metadata has been limited the last 20 entries * Drop legacy way to prevent disabling local repositories * CVEs fixed CVE-2022-1415 * Bugs mentioned bsc#1172110, bsc#1195979, bsc#1200801, bsc#1202150, bsc#1203478 bsc#1203532, bsc#1203826, bsc#1204032, bsc#1204126, bsc#1204186 bsc#1204235, bsc#1204270, bsc#1204330, bsc#1204712, bsc#1204715 bsc#1204879, bsc#1204932, bsc#1205012, bsc#1205040, bsc#1205207 bsc#1205255, bsc#1205350, bsc#1205489, bsc#1205523, bsc#1205644 bsc#1205663, bsc#1205749, bsc#1205754, bsc#1205890, bsc#1205919 bsc#1205943, bsc#1206055, bsc#1206160, bsc#1206168, bsc#1206186 bsc#1206249, bsc#1206276, bsc#1206294, bsc#1206336, bsc#1206375 bsc#1206470, bsc#1206613, bsc#1206666, bsc#1206799, bsc#1207136 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2023-373=1 Package List: - SUSE Manager Server 4.3 (ppc64le s390x x86_64): release-notes-susemanager-4.3.4-150400.3.43.1 References: https://www.suse.com/security/cve/CVE-2022-1415.html https://bugzilla.suse.com/1172110 https://bugzilla.suse.com/1195979 https://bugzilla.suse.com/1200801 https://bugzilla.suse.com/1202150 https://bugzilla.suse.com/1203478 https://bugzilla.suse.com/1203532 https://bugzilla.suse.com/1203826 https://bugzilla.suse.com/1204032 https://bugzilla.suse.com/1204126 https://bugzilla.suse.com/1204186 https://bugzilla.suse.com/1204235 https://bugzilla.suse.com/1204270 https://bugzilla.suse.com/1204330 https://bugzilla.suse.com/1204712 https://bugzilla.suse.com/1204715 https://bugzilla.suse.com/1204879 https://bugzilla.suse.com/1204932 https://bugzilla.suse.com/1205012 https://bugzilla.suse.com/1205040 https://bugzilla.suse.com/1205207 https://bugzilla.suse.com/1205255 https://bugzilla.suse.com/1205350 https://bugzilla.suse.com/1205489 https://bugzilla.suse.com/1205523 https://bugzilla.suse.com/1205644 https://bugzilla.suse.com/1205663 https://bugzilla.suse.com/1205749 https://bugzilla.suse.com/1205754 https://bugzilla.suse.com/1205890 https://bugzilla.suse.com/1205919 https://bugzilla.suse.com/1205943 https://bugzilla.suse.com/1206055 https://bugzilla.suse.com/1206160 https://bugzilla.suse.com/1206168 https://bugzilla.suse.com/1206186 https://bugzilla.suse.com/1206249 https://bugzilla.suse.com/1206276 https://bugzilla.suse.com/1206294 https://bugzilla.suse.com/1206336 https://bugzilla.suse.com/1206375 https://bugzilla.suse.com/1206470 https://bugzilla.suse.com/1206613 https://bugzilla.suse.com/1206666 https://bugzilla.suse.com/1206799 https://bugzilla.suse.com/1207136 From sle-updates at lists.suse.com Fri Feb 10 17:54:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 18:54:18 +0100 (CET) Subject: SUSE-SU-2023:0352-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <20230210175418.91B9DFCC9@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0352-1 Rating: moderate References: #1172110 #1204032 #1204126 #1204302 #1204303 #1204304 #1204305 #1205207 #1205225 #1205227 #1206470 PED-2617 Cross-References: CVE-2022-31123 CVE-2022-31130 CVE-2022-39201 CVE-2022-39229 CVE-2022-39306 CVE-2022-39307 CVSS scores: CVE-2022-31123 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31123 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L CVE-2022-31130 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-31130 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-39201 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-39201 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-39229 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-39229 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-39306 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-39306 (SUSE): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N CVE-2022-39307 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-39307 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that solves 6 vulnerabilities, contains one feature and has 5 fixes is now available. Description: This update fixes the following issues: grafana: - Update to version 8.5.15 (jsc#PED-2617): * CVE-2022-39306: Fix for privilege escalation (bsc#1205225) * CVE-2022-39307: Omit error from http response when user does not exists (bsc#1205227) - Update to version 8.5.14: * CVE-2022-39201: Fix do not forward login cookie in outgoing requests (bsc#1204303) * CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers (bsc#1204305) * CVE-2022-31123: Fix plugin signature bypass (bsc#1204302) * CVE-2022-39229: Fix blocknig other users from signing in (bsc#1204304) kiwi-desc-saltboot: - Update to version 0.1.1673279145.e7616bd * Add failsafe stop file when salt-minion does not stop (bsc#1172110) mgr-osad: - Version 4.3.7-1 * Updated logrotate configuration (bsc#1206470) mgr-push: - Version 4.3.5-1 * Update translation strings rhnlib: - Version 4.3.5-1 * Don't get stuck at the end of SSL transfers (bsc#1204032) spacecmd: - Version 4.3.18-1 * Add python-dateutil dependency, required to process date values in spacecmd api calls - Version 4.3.17-1 * Remove python3-simplejson dependency * Correctly understand 'ssm' keyword on scap scheduling * Add vendor_advisory information to errata_details call (bsc#1205207) * Added two missing options to schedule product migration: allow-vendor-change and remove-products-without-successor (bsc#1204126) * Changed schedule product migration to use the correct API method * Change default port of "Containerized Proxy configuration" 8022 spacewalk-client-tools: - Version 4.3.14-1 * Update translation strings uyuni-common-libs: - Version 4.3.7-1 * unify user notification code on java side Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2023-352=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): grafana-8.5.15-1.39.1 python2-uyuni-common-libs-4.3.7-1.30.1 - SUSE Manager Tools 12 (noarch): kiwi-desc-saltboot-0.1.1673279145.e7616bd-1.32.1 mgr-osad-4.3.7-1.42.1 mgr-push-4.3.5-1.24.1 python2-mgr-osa-common-4.3.7-1.42.1 python2-mgr-osad-4.3.7-1.42.1 python2-mgr-push-4.3.5-1.24.1 python2-rhnlib-4.3.5-21.46.1 python2-spacewalk-check-4.3.14-52.83.1 python2-spacewalk-client-setup-4.3.14-52.83.1 python2-spacewalk-client-tools-4.3.14-52.83.1 spacecmd-4.3.18-38.115.1 spacewalk-check-4.3.14-52.83.1 spacewalk-client-setup-4.3.14-52.83.1 spacewalk-client-tools-4.3.14-52.83.1 References: https://www.suse.com/security/cve/CVE-2022-31123.html https://www.suse.com/security/cve/CVE-2022-31130.html https://www.suse.com/security/cve/CVE-2022-39201.html https://www.suse.com/security/cve/CVE-2022-39229.html https://www.suse.com/security/cve/CVE-2022-39306.html https://www.suse.com/security/cve/CVE-2022-39307.html https://bugzilla.suse.com/1172110 https://bugzilla.suse.com/1204032 https://bugzilla.suse.com/1204126 https://bugzilla.suse.com/1204302 https://bugzilla.suse.com/1204303 https://bugzilla.suse.com/1204304 https://bugzilla.suse.com/1204305 https://bugzilla.suse.com/1205207 https://bugzilla.suse.com/1205225 https://bugzilla.suse.com/1205227 https://bugzilla.suse.com/1206470 From sle-updates at lists.suse.com Fri Feb 10 20:18:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 21:18:46 +0100 (CET) Subject: SUSE-SU-2023:0374-1: important: Security update for xrdp Message-ID: <20230210201846.A49BDF78A@maintenance.suse.de> SUSE Security Update: Security update for xrdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0374-1 Rating: important References: #1206300 #1206302 #1206303 #1206306 #1206307 #1206310 #1206311 #1206312 #1206313 #1206621 Cross-References: CVE-2022-23468 CVE-2022-23478 CVE-2022-23479 CVE-2022-23480 CVE-2022-23481 CVE-2022-23482 CVE-2022-23483 CVE-2022-23484 CVE-2022-23493 CVSS scores: CVE-2022-23468 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23468 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2022-23478 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23478 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23479 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23479 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23480 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23480 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23481 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-23481 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23482 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-23482 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23483 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-23483 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23484 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23484 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23493 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-23493 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has one errata is now available. Description: This update for xrdp fixes the following issues: - CVE-2022-23468: Fixed a buffer overflow in xrdp_login_wnd_create() (bsc#1206300). - CVE-2022-23478: Fixed an out of bound write in xrdp_mm_trans_process_drdynvc_chan() (bsc#1206302). - CVE-2022-23479: Fixed a buffer overflow in xrdp_mm_chan_data_in() (bsc#1206303). - CVE-2022-23480: Fixed a buffer overflow in devredir_proc_client_devlist_announce_req() (bsc#1206306). - CVE-2022-23481: Fixed an out of bound read in xrdp_caps_process_confirm_active() (bsc#1206307). - CVE-2022-23482: Fixed an out of bound read in xrdp_sec_process_mcs_data_CS_CORE() (bsc#1206310, bsc#1206621). - CVE-2022-23483: Fixed an out of bound read in libxrdp_send_to_channel() (bsc#1206311). - CVE-2022-23484: Fixed a integer overflow in xrdp_mm_process_rail_update_window_text() (bsc#1206312). - CVE-2022-23493: Fixed an out of bound read in xrdp_mm_trans_process_drdynvc_channel_close() (bsc#1206313). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-374=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): xrdp-0.9.10-3.8.1 xrdp-debuginfo-0.9.10-3.8.1 xrdp-debugsource-0.9.10-3.8.1 References: https://www.suse.com/security/cve/CVE-2022-23468.html https://www.suse.com/security/cve/CVE-2022-23478.html https://www.suse.com/security/cve/CVE-2022-23479.html https://www.suse.com/security/cve/CVE-2022-23480.html https://www.suse.com/security/cve/CVE-2022-23481.html https://www.suse.com/security/cve/CVE-2022-23482.html https://www.suse.com/security/cve/CVE-2022-23483.html https://www.suse.com/security/cve/CVE-2022-23484.html https://www.suse.com/security/cve/CVE-2022-23493.html https://bugzilla.suse.com/1206300 https://bugzilla.suse.com/1206302 https://bugzilla.suse.com/1206303 https://bugzilla.suse.com/1206306 https://bugzilla.suse.com/1206307 https://bugzilla.suse.com/1206310 https://bugzilla.suse.com/1206311 https://bugzilla.suse.com/1206312 https://bugzilla.suse.com/1206313 https://bugzilla.suse.com/1206621 From sle-updates at lists.suse.com Fri Feb 10 20:20:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2023 21:20:27 +0100 (CET) Subject: SUSE-SU-2023:0375-1: moderate: Security update for java-1_8_0-ibm Message-ID: <20230210202027.EFFF4F78A@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0375-1 Rating: moderate References: #1204703 #1205302 Cross-References: CVE-2022-3676 CVSS scores: CVE-2022-3676 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-3676 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for java-1_8_0-ibm fixes the following issues: IBM Security Update November 2022: (bsc#1205302, bsc#1204703) - CVE-2022-3676: A security vulnerability was fixed in version 8.0.7.20, adding the reference here. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-375=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-375=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-375=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-375=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-375=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-375=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-375=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-375=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-375=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-375=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-375=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-375=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-375=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-demo-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-src-1.8.0_sr7.20-150000.3.68.1 - openSUSE Leap 15.4 (x86_64): java-1_8_0-ibm-32bit-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-devel-32bit-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.68.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.68.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.68.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.68.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.68.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.68.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.68.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.68.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.68.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.68.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.68.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.68.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.68.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.68.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.68.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.68.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.68.1 - SUSE Enterprise Storage 7.1 (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.68.1 - SUSE Enterprise Storage 7 (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.68.1 - SUSE Enterprise Storage 6 (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.68.1 - SUSE CaaS Platform 4.0 (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.68.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.68.1 References: https://www.suse.com/security/cve/CVE-2022-3676.html https://bugzilla.suse.com/1204703 https://bugzilla.suse.com/1205302 From sle-updates at lists.suse.com Sat Feb 11 08:03:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 11 Feb 2023 09:03:19 +0100 (CET) Subject: SUSE-CU-2023:330-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20230211080319.59DE1F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:330-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.4 , suse/manager/4.3/proxy-httpd:4.3.4.9.25.2 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.25.2 Severity : important Type : security References : 1172110 1172179 1175622 1177460 1179584 1179962 1186011 1187028 1188882 1191857 1191925 1194038 1194394 1195455 1195624 1195979 1196205 1196729 1197027 1198168 1198356 1198358 1198903 1198944 1199147 1199157 1199467 1199523 1199629 1199646 1199656 1199659 1199662 1199663 1199679 1199714 1199726 1199727 1199779 1199817 1199874 1199950 1199984 1199998 1200169 1200276 1200296 1200347 1200480 1200532 1200573 1200581 1200591 1200606 1200629 1200707 1200723 1200801 1201003 1201142 1201189 1201210 1201220 1201224 1201260 1201411 1201476 1201498 1201589 1201606 1201607 1201626 1201753 1201782 1201788 1201788 1201842 1201893 1201913 1201918 1202093 1202150 1202217 1202271 1202272 1202367 1202455 1202464 1202602 1202728 1202729 1202785 1202805 1202899 1203026 1203049 1203056 1203169 1203274 1203283 1203287 1203288 1203385 1203406 1203422 1203449 1203451 1203478 1203478 1203484 1203532 1203532 1203564 1203580 1203585 1203588 1203599 1203611 1203611 1203633 1203652 1203685 1203698 1203826 1203884 1204029 1204032 1204061 1204126 1204186 1204195 1204235 1204270 1204330 1204437 1204444 1204517 1204519 1204541 1204585 1204651 1204699 1204712 1204715 1204867 1204879 1204932 1204944 1205000 1205000 1205012 1205040 1205207 1205212 1205255 1205339 1205350 1205470 1205489 1205502 1205523 1205644 1205646 1205663 1205749 1205754 1205890 1205919 1205943 1205976 1206055 1206160 1206168 1206186 1206249 1206276 1206294 1206308 1206309 1206336 1206337 1206375 1206412 1206470 1206579 1206613 1206666 1206667 1206799 1207136 1207182 1207247 1207250 1207251 1207264 1207533 1207534 1207536 1207538 944832 CVE-2006-20001 CVE-2021-41411 CVE-2021-42740 CVE-2021-43138 CVE-2022-0860 CVE-2022-1415 CVE-2022-31129 CVE-2022-36760 CVE-2022-37436 CVE-2022-40897 CVE-2022-4304 CVE-2022-43551 CVE-2022-43552 CVE-2022-4415 CVE-2022-4415 CVE-2022-4450 CVE-2022-46908 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2136-1 Released: Mon Jun 20 13:45:31 2022 Summary: Recommended update for SUSE Manager 4.3 Release Notes Type: recommended Severity: low References: This update for SUSE Manager 4.3 Release Notes provides the following additions: Release notes for SUSE Manager: - Update to SUSE Manager 4.3.0.1 * Workarounds for some known issues. Release notes for SUSE Manager proxy: - Update to SUSE Manager 4.3.0.1 * Workaround for an upgrade issue of SUSE Manager Proxy 4.2 based on JeOS image to 4.3. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3182-1 Released: Thu Sep 8 09:40:09 2022 Summary: Recommended update for SUSE Manager 4.3.1 Release Notes Type: recommended Severity: moderate References: 1172179,1179962,1186011,1187028,1191925,1194394,1195455,1198356,1198358,1198944,1199147,1199157,1199523,1199629,1199646,1199656,1199659,1199662,1199663,1199679,1199714,1199727,1199779,1199817,1199874,1199950,1199984,1199998,1200276,1200347,1200532,1200591,1200606,1200707,1201003,1201142,1201189,1201224,1201411,1201498,1201782,1201842 This update for SUSE Manager 4.3.1 Release Notes fixes the following issues: Release notes for SUSE Manager: - Update to SUSE Manager 4.3.1 * GPG key handling in SUSE Manager * Disabling locally defined repositories * Bugs mentioned bsc#1172179, bsc#1179962, bsc#1186011, bsc#1187028, bsc#1191925, bsc#1194394, bsc#1195455, bsc#1198356, bsc#1198358, bsc#1198944, bsc#1199147, bsc#1199157, bsc#1199523, bsc#1199629, bsc#1199646, bsc#1199656, bsc#1199659, bsc#1199662, bsc#1199663, bsc#1199679, bsc#1199714, bsc#1199727, bsc#1199779, bsc#1199817, bsc#1199874, bsc#1199950, bsc#1199984, bsc#1199998, bsc#1200276, bsc#1200347, bsc#1200532, bsc#1200591, bsc#1200606, bsc#1200707, bsc#1201003, bsc#1201142, bsc#1201189, bsc#1201224, bsc#1201411, bsc#1201498, bsc#1201782, bsc#1201842 Release notes for SUSE Manager Proxy: - Update to SUSE Manager 4.3.1 * Bugs mentioned bsc#1199659, bsc#1199679, bsc#1200591, bsc#1201003, bsc#1201142 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3761-1 Released: Wed Oct 26 10:58:50 2022 Summary: Security update for release-notes-susemanager, release-notes-susemanager-proxy Type: security Severity: moderate References: 1191857,1195624,1196729,1197027,1198168,1198903,1199726,1200480,1200573,1200629,1201210,1201220,1201260,1201589,1201626,1201753,1201788,1201913,1201918,1202271,1202272,1202367,1202455,1202464,1202602,1202728,1202729,1202805,1202899,1203026,1203049,1203056,1203169,1203287,1203288,1203385,1203406,1203422,1203449,1203478,1203484,1203564,1203585,1203611,CVE-2021-41411,CVE-2021-42740,CVE-2021-43138,CVE-2022-0860,CVE-2022-31129 This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues: Release notes for SUSE Manager: - Update to SUSE Manager 4.3.2 * Containerized proxy and RBS are now fully supported * HTTP API is now fully supported * Ubuntu 22.04 is now supported as a client * Cobbler has been upgraded to version 3.3.3 which also includes building ISOs with UEFI support * pip support has been added for the Salt Bundle * Prometheus exporter for Apache has been upgraded to 0.10.0 * CVEs fixed: CVE-2021-41411, CVE-2021-42740, CVE-2021-43138, CVE-2022-0860, CVE-2022-31129 * Bugs mentioned: bsc#1191857, bsc#1195624, bsc#1196729, bsc#1197027, bsc#1198168 bsc#1198903, bsc#1199726, bsc#1200480, bsc#1200573, bsc#1200629 bsc#1201210, bsc#1201220, bsc#1201260, bsc#1201626, bsc#1201753 bsc#1201788, bsc#1201913, bsc#1201918, bsc#1202271, bsc#1202272 bsc#1202367, bsc#1202455, bsc#1202464, bsc#1202602, bsc#1202728 bsc#1202729, bsc#1202805, bsc#1202899, bsc#1203026, bsc#1203049 bsc#1203056, bsc#1203169, bsc#1203287, bsc#1203288, bsc#1203385 bsc#1203406, bsc#1203422, bsc#1203449, bsc#1203478, bsc#1203484 bsc#1203564, bsc#1203585, bsc#1203611 Release notes for SUSE Manager Proxy: - Update to SUSE Manager 4.3.2 * Containerized proxy and RBS are now fully supported * CVEs fixed: CVE-2021-42740, CVE-2021-43138, CVE-2022-31129 * Bugs mentioned: bsc#1198168, bsc#1198903, bsc#1200480, bsc#1201589, bsc#1201788 bsc#1203287, bsc#1203288, bsc#1203585 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4422-1 Released: Tue Dec 13 08:26:22 2022 Summary: Recommended update for SUSE Manager 4.3.3 Release Notes Type: recommended Severity: moderate References: 1200169,1200296,1201476,1201606,1201607,1201788,1201893,1202093,1202217,1202785,1203283,1203451,1203532,1203580,1203588,1203599,1203611,1203633,1203685,1203698,1203884,1204029,1204061,1204195,1204437,1204444,1204517,1204519,1204541,1204651,1204699,1205212,1205339,1205470 This update for SUSE Manager 4.3.3 Release Notes provides the following additions: Release Notes for SUSE Manager: - Revision 4.3.3 - Bugs mentioned: bsc#1200169, bsc#1200296, bsc#1201476, bsc#1201606, bsc#1201607 bsc#1201788, bsc#1201893, bsc#1202093, bsc#1202217, bsc#1202785 bsc#1203283, bsc#1203451, bsc#1203532, bsc#1203580, bsc#1203588 bsc#1203599, bsc#1203611, bsc#1203633, bsc#1203685, bsc#1203698 bsc#1203884, bsc#1204029, bsc#1204061, bsc#1204195, bsc#1204437 bsc#1204444, bsc#1204517, bsc#1204519, bsc#1204541, bsc#1204651 bsc#1204699, bsc#1205212, bsc#1205339, bsc#1205470 Release Notes for SUSE Manager Proxy: - Revision 4.3.3 - Bugs mentioned: bsc#1201893, bsc#1203283, bsc#1204517, bsc#1205212, bsc#1205339 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4601-1 Released: Wed Dec 21 12:23:59 2022 Summary: Feature update for GNOME 41 Type: feature Severity: moderate References: 1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832 This update for GNOME 41 fixes the following issues: atkmm1_6: - Version update from 2.28.1 to 2.28.3 (jsc#PED-2235): * Meson build: Avoid unnecessary configuration warnings * Meson build: Perl is not required by new versions of mm-common * Meson build: Require meson >= 0.55.0 * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson. * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build * Support building with Visual Studio 2022 eog: - Version update from 41.1 to 41.2 (jsc#PED-2235): * eog-window: use correct type for display_profile * Fix discovery of Evince for multi-page images evince: - Version update 41.3 to 41.4 (jsc#PED-2235): * shell: Fix failures when thumbnail extraction takes too long * Fix build with meson 0.60.0 and newer evolution: - Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235) evolution-data-center: - Version update from 3.42.4 to 3.42.5 (jsc#PED-2235): * Google OAuth out-of-band (oob) flow will be deprecated folks: - Version update 0.15.3 to 0.15.5 (jsc#PED-2235): * vapi: Add missing generic type argument * Fix docs build against newer eds version * Fix build against newer eds version * Remove volatile keyword from tests gcr: - Version update 3.41.0 to 3.41.1 (jsc#PED-2235): * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands * Add gi-docgen dependency which is needed by the docs * Fix build with meson 0.60.0 and newer * Fix build without systemd * Several CI fixes geocode-glib: - Version update from 3.26.2 to 3.26.4 (jsc#PED-2235): * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port * Add support for libsoup 3.x gjs: - Version update from 1.70.1 to 1.70.2 (jsc#PED-2235): * Build and compatibility fixes backported from the development branch * Reverse order of running-from-source checks - Require xorg-x11-Xvfb for proper package build (bsc#1203274) glib2: - Version update from 2.70.4 to 2.70.5 (jsc#PED-2235): * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555 * Split gtk-docs from -devel package, these are not needed during building projects using glib2 gnome-control-center: - Fix the size of logo icon in About system (bsc#1200581) - Version update from 41.4 to 41.7 (jsc#PED-2235): * Cellular: Remove duplicate line from .desktop * Info: Allow changing 'Device Name' by pressing 'Enter' * Info: Remove trailing space after CPU name * Keyboard: Fix crash resetting all keyboard shortcuts * Keyboard: Fix leaks * Network: Fix saving passwords for non-wifi connections * Network: Fix critical when opening VPN details page * Wacom: Fix leaks gnome-desktop: - Version update from 41.2 to 41.8 (jsc#PED-2235): * Version increase but no actual changes gnome-music: - Version update from 41.0 to 41.1 (jsc#PED-2235): * Ensure the correct album is played * Fix build with meson 0.61.0 and newer * Fix crash on empty selection * Fix incorrect playlist import * Fix time displayed in RTL languages * Improve async queue work * Make random shuffle actually random * Make shuffle random * Speed increase on first startup on larger collections * Time is reversed in RTL gnome-remote-desktop: - Version update from 41.2 to 41.3 (jsc#PED-2235): * Add Icelandic translation gnome-session: - Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867) - Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882) gnome-shell: - Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.9 (jsc#PED-2235): * Allow extension updates with only Extension Manager installed * Allow more intermediate icon sizes in app grid * Disable workspace switching while in search. * Do not create systemd scope for D-Bus activated apps * Fix calendar to correctly align world clocks header in RTL * Fix drag placeholder position in dash in RTL locales * Fix edge case where windows stay dimmed after a modal is closed * Fix feedback when turning on a11y features by keyboard * Fix focus tracking in magnifier on wayland * Fix fractional timezone offsets in world clock * Fix glitches in overview transition * Fix logging in with realmd * Fix memory leak * Fix opening device settings for enterprise WPA networks * Fix programatically set scrollview fade * Fix regression in ibus support * Fix unresponsive top bar in overview when in fullscreen * Handle monitor changes during startup animation * Hide overview after 'Show Details' from app context menu * Improve Belgian on-screen keyboard layout * Improve CSS shadow appearance * Make sure startup animation completes * Misc. bug fixes and cleanups * Only close messages via delete key if they can be closed * Respect IM hint for candidates list in on-screen keyboard gnome-software: - Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.5 (jsc#PED-2235): * Added several appstream-related fixed * Disable scroll-by-mouse-wheel on featured carousel * Ensure details page shows app provided on command line gnome-terminal: - Version update from 3.42.2 to 3.42.3 (jsc#PED-2235): * Fix build with meson 0.61.0 and newer * window: Use a normal menu for the popup menu gnome-user-docs: - Version update from 41.1 to 41.5 (jsc#PED-2235): * Added missing icon for network-wired-symbolic gspell: - Version update from 1.8.4 to 1.10.0 (jsc#PED-2235): * Build: distribute more files in tarballs * Documentation improvements gtkmm3: - Version update from 3.24.5 to 3.24.6 (jsc#PED-2235): * Build with Meson: MSVC build: Support Visual Studio 2022 * Check if Perl is required for building documentation * Don't use deprecated python3.path() and execute (..., gui_app...) * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler * Object::_release_c_instance(): Unref orphan managed widgets * SizeGroup demo: Set active items in the combo boxs, so something is shown * Specify 'check' option in run_command() gtk-vnc: - Version update from 1.3.0 to 1.3.1 (jsc#PED-2235): * Add 'check' arg to meson run_command() * Fix invalid use of subprojects with meson * Support ZRLE encoding for zero size alpha cursors gupnp-av: - Version update from 0.12.11 to 0.14.1 (jsc#PED-2235): * Add utility function to format GDateTime to the iso variant DIDL expects * Allow to be used as a subproject * Drop autotools * Fix stripping @refID * Fix unsetting subtitleFileType * Make Feature derivable again * Obsolete code removal. * Port to modern GObject * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead. * Switch to meson build system, following upstream - Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library - Conflict with the wrongly provided libgupnp-av-1_0-2 gvfs: - Version update from 1.48.1 to 1.48.2 (jsc#PED-2235): * sftp: Adapt on new OpenSSH password prompts * smb: Rework anonymous handling to avoid EINVAL * smb: Ignore EINVAL for kerberos/ccache login libgsf: - Version update from 1.14.48 to 1.14.50 (jsc#PED-2235): * Fix error handling problem when writing ole files * Fix problems with non-western text in OLE properties * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available libmediaart: - Version update from 1.9.5 to 1.9.6 (jsc#PED-2235): * build: Add introspection/vapi/tests options * build: Use library() to optionally build a static library libnma: - Version update from 1.8.32 to 1.8.40 (jsc#PED-2235): * Ad-Hoc networks now default to using WPA2 instead of WEP * Add possibility of building libnma-gtk4 library with Gtk4 support * Do not allow setting empty 802.1x domain for EAP TLS * Fixed keyboard accelerator for certificate chooser * Fixed libnma-gtk4 version of mobile-wizard * Include OWE wireless security option * The GtkBuilder files for Gtk4 are now included in the release tarball * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status - New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel - Split out documentation files in own docs sub-package libnotify: - Version update from 0.7.10 to 0.7.12 (jsc#PED-2235): * Delete unused notifynotification.xml * Fix potential build errors with old glib version we require * docs/notify-send: Add --transient option to manpage * notification: Bookend calling NotifyActionCallback with temporary reference * notification: Include sender-pid hint by default if not provided * notify-send: Add debug message about server not supporting persistence * notify-send: Add explicit option to create transient notifications * notify-send: Add support for boolean hints * notify-send: Move server capabilities check to a separate function * notify-send: Support passing any hint value, by parsing variant strings libpeas: - Version update from 1.30.0 to 1.32.0 (jsc#PED-2235): * Icon licenses have been corrected * Parallel build system operation fixes * Use gi-docgen for documentation * Various build warnings squashed * Various GIR data that should not have been exported was removed - Stop packaging the demo files/sub-package librsvg: - Version update from 2.52.6 to 2.52.9 (jsc#PED-2235): * Catch circular references when rendering patterns * Fix regressions when computing element geometries * Fix regression outputting all text as paths libsecret: - Version update from 0.20.4 to 0.20.5 (jsc#PED-2235): * Add bash-completion for secret-tool * Add locking capabilities to secret tool * Add support for TPM2 based secret storage * Create default collection after DBus.Error.UnknownObject * Detect local storage in snaps in the same way as flatpaks * Drop autotools-based build * GI annotation and documentation fixes * Port documentation to gi-docgen * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask * secret-file-backend: Avoid closing the same file descriptor twice mutter: - Version update from 41.5 to 41.9 (jsc#PED-2235): * Fix '--replace option' * Fix missing root window properties after XWayland start * Fix night light without GAMMA_LUT property * KMS: Survive missing GAMMA_LUT property * wayland: Fix rotation transform * Misc. bug fixes nautilus: - Version update from 41.2 to 41.5(jsc#PED-2235): * Drag-and-drop bugfixes * HighContrast style fixes orca: - Version update from 41.1 to 41.3 (jsc#PED-2235): * Add more event-flood detection and handling for improved performance * Fix bug causing accessing preferences to fail for Esperanto * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant) * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x python-cairo: - Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo python-gobject: - Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584) - Version update from 3.42.0 to 3.42.2 (jsc#PED-2235): * Add a workaround for a PyPy 3.9+ bug when threads are used * Do not error out for unknown scopes * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases * Fix a crash/refcounting error in case marshaling a hash table fails * Fix crashes when marshaling zero terminated arrays for certain item types * Implement DynamicImporter.find_spec() to silence deprecation warning * Make the test suite pass again with PyPy * Some test/CI fixes * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4 * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4 * interface: Fix leak when overriding GInterfaceInfo * setup.py: look up pycairo headers without importing the module trackers-python: - Allow system calls used by gstreamer (bsc#1196205) - Version update from 3.2.2 to 3.2.1 (jsc#PED-2235): * Backport seccomp rules for rseq and mbind syscalls vala: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Add missing TraverseVisitor.visit_data_type() * Add support for 'copy_/free_function' metadata for compact classes * Catch and throw possible inner error of lock statements * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore * Don't count instance-parameter when checking for backwards closure reference * Fix a few binding errors * Free empty stack list for code contexts * Handle duplicated and unnamed symbols. * Improve UI parsing and handling of nested objects and properties * Make sure to drop our 'trap' jump target in case of an error * Move dynamic property errors to semantic analyzer pass * Require lvalue access of delegate target/destroy 'fields' * Show source location when reporting deprecations * Transform assignment of an array element as needed * manual: Update from wiki.gnome.org * parser: Improve handling of nullable VarType in with-statement * parser: Reduce the source reference of main block method to its beginning xdg-desktop-portal-gnome: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Properly bind property in Lockdown portal ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:45-1 Released: Mon Jan 9 10:32:26 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:46-1 Released: Mon Jan 9 10:35:21 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:50-1 Released: Mon Jan 9 10:42:21 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1205502 This update for shadow fixes the following issues: - Fix issue with user id field that cannot be interpreted (bsc#1205502) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:159-1 Released: Thu Jan 26 18:21:56 2023 Summary: Security update for python-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:322-1 Released: Wed Feb 8 16:19:37 2023 Summary: Security update for apache2 Type: security Severity: important References: 1207247,1207250,1207251,CVE-2006-20001,CVE-2022-36760,CVE-2022-37436 This update for apache2 fixes the following issues: - CVE-2022-37436: Fixed an issue in mod_proxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body (bsc#1207251). - CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow request smuggling attacks (bsc#1207250). - CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request header could cause memory corruption (bsc#1207247). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:345-1 Released: Fri Feb 10 15:06:27 2023 Summary: Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Type: security Severity: important References: 1172110,1195979,1200801,1202150,1203478,1203532,1203826,1204032,1204126,1204186,1204235,1204270,1204330,1204712,1204715,1204879,1204932,1205012,1205040,1205207,1205255,1205350,1205489,1205523,1205644,1205663,1205749,1205754,1205890,1205919,1205943,1205976,1206055,1206160,1206168,1206186,1206249,1206276,1206294,1206336,1206375,1206470,1206613,1206666,1206799,1207136,CVE-2022-1415 Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server This is a codestream only update The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libuuid1-2.37.2-150400.8.14.1 updated - libudev1-249.14-150400.8.19.1 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libz1-1.2.11-150000.3.39.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libglib-2_0-0-2.70.5-150400.3.3.1 updated - libxml2-2-2.9.14-150400.5.13.1 updated - libsystemd0-249.14-150400.8.19.1 updated - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - procps-3.3.15-150000.7.28.1 updated - libmount1-2.37.2-150400.8.14.1 updated - login_defs-4.8.1-150400.10.3.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libcurl4-7.79.1-150400.5.12.1 updated - shadow-4.8.1-150400.10.3.1 updated - util-linux-2.37.2-150400.8.14.1 updated - timezone-2022g-150000.75.18.1 updated - curl-7.79.1-150400.5.12.1 updated - libgmodule-2_0-0-2.70.5-150400.3.3.1 updated - libgobject-2_0-0-2.70.5-150400.3.3.1 updated - release-notes-susemanager-proxy-4.3.3-150400.3.12.3 added - python3-uyuni-common-libs-4.3.7-150400.3.9.4 updated - hwdata-0.365-150000.3.54.1 updated - apache2-utils-2.4.51-150400.6.6.1 updated - systemd-249.14-150400.8.19.1 updated - gio-branding-SLE-15-150400.27.2.1 updated - libgio-2_0-0-2.70.5-150400.3.3.1 updated - glib2-tools-2.70.5-150400.3.3.1 updated - python3-setuptools-44.1.1-150400.3.3.1 updated - apache2-2.4.51-150400.6.6.1 updated - apache2-prefork-2.4.51-150400.6.6.1 updated - python3-gobject-3.42.2-150400.3.3.2 updated - python3-rhnlib-4.3.5-150400.3.3.3 updated - spacewalk-backend-4.3.18-150400.3.12.5 updated - python3-libxml2-2.9.14-150400.5.13.1 updated - python3-spacewalk-client-tools-4.3.14-150400.3.12.5 updated - spacewalk-client-tools-4.3.14-150400.3.12.5 updated - mgr-push-4.3.5-150400.3.3.5 updated - python3-mgr-push-4.3.5-150400.3.3.5 updated - spacewalk-proxy-package-manager-4.3.14-150400.3.11.4 updated - spacewalk-proxy-common-4.3.14-150400.3.11.4 updated - spacewalk-proxy-broker-4.3.14-150400.3.11.4 updated - susemanager-tftpsync-recv-4.3.8-150400.3.6.4 updated - spacewalk-proxy-redirect-4.3.14-150400.3.11.4 updated From sle-updates at lists.suse.com Sat Feb 11 08:03:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 11 Feb 2023 09:03:20 +0100 (CET) Subject: SUSE-CU-2023:331-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20230211080320.8A05DF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:331-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.4 , suse/manager/4.3/proxy-httpd:4.3.4.9.25.3 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.25.3 Severity : important Type : security References : 1172110 1195979 1200801 1202150 1203478 1203532 1203826 1204032 1204126 1204186 1204235 1204270 1204330 1204712 1204715 1204879 1204932 1205012 1205040 1205207 1205255 1205350 1205489 1205523 1205644 1205663 1205749 1205754 1205890 1205919 1205943 1205976 1206055 1206160 1206168 1206186 1206249 1206276 1206294 1206336 1206375 1206470 1206613 1206666 1206799 1207136 CVE-2022-1415 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:373-1 Released: Fri Feb 10 15:19:25 2023 Summary: Maintenance update for SUSE Manager 4.3.4 Release Notes Type: security Severity: important References: 1172110,1195979,1200801,1202150,1203478,1203532,1203826,1204032,1204126,1204186,1204235,1204270,1204330,1204712,1204715,1204879,1204932,1205012,1205040,1205207,1205255,1205350,1205489,1205523,1205644,1205663,1205749,1205754,1205890,1205919,1205943,1205976,1206055,1206160,1206168,1206186,1206249,1206276,1206294,1206336,1206375,1206470,1206613,1206666,1206799,1207136,CVE-2022-1415 Maintenance update for SUSE Manager 4.3.4 Release Notes: This is a codestream only update The following package changes have been done: - release-notes-susemanager-proxy-4.3.4-150400.3.43.1 updated From sle-updates at lists.suse.com Sat Feb 11 08:03:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 11 Feb 2023 09:03:25 +0100 (CET) Subject: SUSE-CU-2023:332-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20230211080325.8271FF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:332-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.4 , suse/manager/4.3/proxy-salt-broker:4.3.4.9.15.1 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.15.1 Severity : important Type : security References : 1111657 1144506 1148184 1175622 1177460 1179584 1186870 1188882 1194038 1196205 1199282 1199467 1200581 1200723 1203274 1203652 1204585 1204867 1204944 1205000 1205000 1205502 1205646 1206212 1206308 1206309 1206337 1206412 1206579 1206622 1207182 1207264 1207533 1207534 1207536 1207538 944832 CVE-2022-4304 CVE-2022-43551 CVE-2022-43552 CVE-2022-4415 CVE-2022-4415 CVE-2022-4450 CVE-2022-46908 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4491-1 Released: Wed Dec 14 13:31:51 2022 Summary: Recommended update for libsodium, python-Django, python-PyNaCl, python-cffi, python-hypothesis, python-packaging, python-readthedocs-sphinx-ext, python-semver, python-sphinx_rtd_theme Type: recommended Severity: important References: 1111657,1144506,1148184,1186870,1199282 This update for libsodium, python-Django, python-PyNaCl, python-cffi, python-hypothesis, python-packaging, python-readthedocs-sphinx-ext, python-semver, python-sphinx_rtd_theme fixes the following issues: libsodium: - Version update from 1.0.16 to 1.0.18 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Enterprise versions of Visual Studio are now supported * Visual Studio 2019 is now supported * 32-bit binaries for Visual Studio 2010 are now provided * Emscripten: print and printErr functions are overridden to send errors to the console, if there is one * Emscripten: UTF8ToString() is now exported since Pointer_stringify() has been deprecated * Libsodium version detection has been fixed in the CMake recipe * Generic hashing got a 10% speedup on AVX2. * New target: WebAssembly/WASI (compile with dist-builds/wasm32-wasi.sh) * New functions to map a hash to an edwards25519 point or get a random point: core_ed25519_from_hash() and core_ed25519_random() * crypto_core_ed25519_scalar_mul() has been implemented for scalar*scalar (mod L) multiplication * Support for the Ristretto group has been implemented for interoperability with wasm-crypto * Improvements have been made to the test suite * Portability improvements have been made * 'randombytes_salsa20' has been 'renamed to randombytes_internal' * Support for NativeClient has been removed * Most ((nonnull)) attributes have been relaxed to allow 0-length inputs to be NULL. * The -ftree-vectorize and -ftree-slp-vectorize compiler switches are now used, if available, for optimized builds * For the full list of changes please consult the packaged ChangeLog - Disable LTO to bypass build failures on Power PC architecture (bsc#1148184) python-cffi: - Version update from 1.11.2 to 1.15.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Fixed MANIFEST.in to include missing file for Windows arm64 support * Fixed Linux wheel build to use gcc default ISA for libffi * Updated setup.py Python trove specifiers to currently-tested Python versions * CPython 3.10 support (including wheels) * MacOS arm64 support (including wheels) * Initial Windows arm64 support * Misc. doc and test updates - Fix for using to proper void returning function not to corrupt memory in tests. (bsc#1111657) python-Django: - New package at version 2.0.7 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-hypothesis: - Version update from 3.40.1 to 3.76.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * This release deprecates using floats for min_size and max_size * The type hint for average_size arguments has been changed from Optional[int] to None, because non-None values are always ignored and deprecated. * Fix a broken link in a docstring * Deprecate the use of 'min_size=None', setting the mdefault min_size to 0 * Strategies are now fully constructed and validated before the timer is started * Fix some broken formatting and links in the documentation * Check that the value of the print_blob setting is a PrintSettings instance * Being able to specify a boolean value was not intended, and is now deprecated. In addition, specifying True will now cause the blob to always be printed, instead of causing it to be suppressed. * Specifying any value that is not a PrintSettings or a boolean is now an error * Changes the documentation for hypothesis.strategies.datetimes, hypothesis.strategies.dates, hypothesis.strategies.times to use the new parameter names min_value and max_value instead of the deprecated names * Ensure that Hypothesis deprecation warnings display the code that emitted them when you???re not running in -Werror mode * For the full list of changes please consult the changelog at https://hypothesis.readthedocs.io/en/latest/changes.html#v3-76-0 python-packaging: - Version update from 16.8 to 21.3 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Fix testsuite on big-endian targets * Ignore python3.6.2 since the test doesn't support it * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake * Work around dependency generator issues (bsc#1186870) * Remove dependency on attrs (bsc#1144506) * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5. * Replace distutils usage with sysconfig * Add support for zip files in `parse_sdist_filename` * Use cached `_hash` attribute to short-circuit tag equality comparisons * Specify the default value for the `specifier` argument to `SpecifierSet` * Proper keyword-only 'warn' argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for `Version.post`` and `Version.dev` * Use typing alias `UnparsedVersion`` * Improve type inference for `packaging.specifiers.filter()` * Tighten the return type of `canonicalize_version()` * For the full list of changes please consult the packaged CHANGELOG file python-PyNaCl: - Version update from 1.2.1 to 1.4.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Add dependency requirement to python-six, needed by the testsuite * Update `libsodium` to 1.0.18. * **BACKWARDS INCOMPATIBLE:** We no longer distribute 32-bit `manylinux1` wheels. Continuing to produce them was a maintenance burden. * Added support for Python 3.8, and removed support for Python 3.4. * Add low level bindings for extracting the seed and the public key from crypto_sign_ed25519 secret key * Add low level bindings for deterministic random generation. * Add `wheel` and `setuptools` setup_requirements in `setup.py` * Fix checks on very slow builders (#481, #495) * Add low-level bindings to ed25519 arithmetic functions * Update low-level blake2b state implementation * Fix wrong short-input behavior of SealedBox.decrypt() * Raise CryptPrefixError exception instead of InvalidkeyError when trying to check a password against a verifier stored in a unknown format * Add support for minimal builds of libsodium. Trying to call functions not available in a minimal build will raise an UnavailableError exception. To compile a minimal build of the bundled libsodium, set the SODIUM_INSTALL_MINIMAL environment variable to any non-empty string (e.g. `SODIUM_INSTALL_MINIMAL=1`) for setup. python-semver: - New package at version 2.13.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-sphinx_rtd_theme: - Version update from 0.2.4 to 0.5.1 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Add github, gitlab, bitbucket page arguments option * Add html language attribute * Add language to the JS output variable * Add open list spacing * Add option to style external links * Add pygments support * Add setuptools entry point allowing to use sphinx_rtd_theme as Sphinx html_theme directly. * Add Sphinx as a dependency * Allow setting 'rel' and 'title' attributes for stylesheets * Changed code and literals to use a native font stack * Color accessibility improvements on the left navigation * Compress our Javascript files * Do not rely on readthedocs.org for CSS/JS * Fix line height adjustments for Liberation Mono * Fix line number spacing to align with the code lines * Fix many sidebar glitches * Fix many styling issues * Fix mkdocs version selector * Fix small styling issues * Fix some HTML warnings and errors * Fix table centering * Hide Edit links on auto created pages * Include missing font files with the theme * Updated dependencies * Write theme version and build date at top of JavaScript and CSS ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4601-1 Released: Wed Dec 21 12:23:59 2022 Summary: Feature update for GNOME 41 Type: feature Severity: moderate References: 1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832 This update for GNOME 41 fixes the following issues: atkmm1_6: - Version update from 2.28.1 to 2.28.3 (jsc#PED-2235): * Meson build: Avoid unnecessary configuration warnings * Meson build: Perl is not required by new versions of mm-common * Meson build: Require meson >= 0.55.0 * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson. * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build * Support building with Visual Studio 2022 eog: - Version update from 41.1 to 41.2 (jsc#PED-2235): * eog-window: use correct type for display_profile * Fix discovery of Evince for multi-page images evince: - Version update 41.3 to 41.4 (jsc#PED-2235): * shell: Fix failures when thumbnail extraction takes too long * Fix build with meson 0.60.0 and newer evolution: - Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235) evolution-data-center: - Version update from 3.42.4 to 3.42.5 (jsc#PED-2235): * Google OAuth out-of-band (oob) flow will be deprecated folks: - Version update 0.15.3 to 0.15.5 (jsc#PED-2235): * vapi: Add missing generic type argument * Fix docs build against newer eds version * Fix build against newer eds version * Remove volatile keyword from tests gcr: - Version update 3.41.0 to 3.41.1 (jsc#PED-2235): * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands * Add gi-docgen dependency which is needed by the docs * Fix build with meson 0.60.0 and newer * Fix build without systemd * Several CI fixes geocode-glib: - Version update from 3.26.2 to 3.26.4 (jsc#PED-2235): * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port * Add support for libsoup 3.x gjs: - Version update from 1.70.1 to 1.70.2 (jsc#PED-2235): * Build and compatibility fixes backported from the development branch * Reverse order of running-from-source checks - Require xorg-x11-Xvfb for proper package build (bsc#1203274) glib2: - Version update from 2.70.4 to 2.70.5 (jsc#PED-2235): * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555 * Split gtk-docs from -devel package, these are not needed during building projects using glib2 gnome-control-center: - Fix the size of logo icon in About system (bsc#1200581) - Version update from 41.4 to 41.7 (jsc#PED-2235): * Cellular: Remove duplicate line from .desktop * Info: Allow changing 'Device Name' by pressing 'Enter' * Info: Remove trailing space after CPU name * Keyboard: Fix crash resetting all keyboard shortcuts * Keyboard: Fix leaks * Network: Fix saving passwords for non-wifi connections * Network: Fix critical when opening VPN details page * Wacom: Fix leaks gnome-desktop: - Version update from 41.2 to 41.8 (jsc#PED-2235): * Version increase but no actual changes gnome-music: - Version update from 41.0 to 41.1 (jsc#PED-2235): * Ensure the correct album is played * Fix build with meson 0.61.0 and newer * Fix crash on empty selection * Fix incorrect playlist import * Fix time displayed in RTL languages * Improve async queue work * Make random shuffle actually random * Make shuffle random * Speed increase on first startup on larger collections * Time is reversed in RTL gnome-remote-desktop: - Version update from 41.2 to 41.3 (jsc#PED-2235): * Add Icelandic translation gnome-session: - Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867) - Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882) gnome-shell: - Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.9 (jsc#PED-2235): * Allow extension updates with only Extension Manager installed * Allow more intermediate icon sizes in app grid * Disable workspace switching while in search. * Do not create systemd scope for D-Bus activated apps * Fix calendar to correctly align world clocks header in RTL * Fix drag placeholder position in dash in RTL locales * Fix edge case where windows stay dimmed after a modal is closed * Fix feedback when turning on a11y features by keyboard * Fix focus tracking in magnifier on wayland * Fix fractional timezone offsets in world clock * Fix glitches in overview transition * Fix logging in with realmd * Fix memory leak * Fix opening device settings for enterprise WPA networks * Fix programatically set scrollview fade * Fix regression in ibus support * Fix unresponsive top bar in overview when in fullscreen * Handle monitor changes during startup animation * Hide overview after 'Show Details' from app context menu * Improve Belgian on-screen keyboard layout * Improve CSS shadow appearance * Make sure startup animation completes * Misc. bug fixes and cleanups * Only close messages via delete key if they can be closed * Respect IM hint for candidates list in on-screen keyboard gnome-software: - Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.5 (jsc#PED-2235): * Added several appstream-related fixed * Disable scroll-by-mouse-wheel on featured carousel * Ensure details page shows app provided on command line gnome-terminal: - Version update from 3.42.2 to 3.42.3 (jsc#PED-2235): * Fix build with meson 0.61.0 and newer * window: Use a normal menu for the popup menu gnome-user-docs: - Version update from 41.1 to 41.5 (jsc#PED-2235): * Added missing icon for network-wired-symbolic gspell: - Version update from 1.8.4 to 1.10.0 (jsc#PED-2235): * Build: distribute more files in tarballs * Documentation improvements gtkmm3: - Version update from 3.24.5 to 3.24.6 (jsc#PED-2235): * Build with Meson: MSVC build: Support Visual Studio 2022 * Check if Perl is required for building documentation * Don't use deprecated python3.path() and execute (..., gui_app...) * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler * Object::_release_c_instance(): Unref orphan managed widgets * SizeGroup demo: Set active items in the combo boxs, so something is shown * Specify 'check' option in run_command() gtk-vnc: - Version update from 1.3.0 to 1.3.1 (jsc#PED-2235): * Add 'check' arg to meson run_command() * Fix invalid use of subprojects with meson * Support ZRLE encoding for zero size alpha cursors gupnp-av: - Version update from 0.12.11 to 0.14.1 (jsc#PED-2235): * Add utility function to format GDateTime to the iso variant DIDL expects * Allow to be used as a subproject * Drop autotools * Fix stripping @refID * Fix unsetting subtitleFileType * Make Feature derivable again * Obsolete code removal. * Port to modern GObject * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead. * Switch to meson build system, following upstream - Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library - Conflict with the wrongly provided libgupnp-av-1_0-2 gvfs: - Version update from 1.48.1 to 1.48.2 (jsc#PED-2235): * sftp: Adapt on new OpenSSH password prompts * smb: Rework anonymous handling to avoid EINVAL * smb: Ignore EINVAL for kerberos/ccache login libgsf: - Version update from 1.14.48 to 1.14.50 (jsc#PED-2235): * Fix error handling problem when writing ole files * Fix problems with non-western text in OLE properties * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available libmediaart: - Version update from 1.9.5 to 1.9.6 (jsc#PED-2235): * build: Add introspection/vapi/tests options * build: Use library() to optionally build a static library libnma: - Version update from 1.8.32 to 1.8.40 (jsc#PED-2235): * Ad-Hoc networks now default to using WPA2 instead of WEP * Add possibility of building libnma-gtk4 library with Gtk4 support * Do not allow setting empty 802.1x domain for EAP TLS * Fixed keyboard accelerator for certificate chooser * Fixed libnma-gtk4 version of mobile-wizard * Include OWE wireless security option * The GtkBuilder files for Gtk4 are now included in the release tarball * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status - New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel - Split out documentation files in own docs sub-package libnotify: - Version update from 0.7.10 to 0.7.12 (jsc#PED-2235): * Delete unused notifynotification.xml * Fix potential build errors with old glib version we require * docs/notify-send: Add --transient option to manpage * notification: Bookend calling NotifyActionCallback with temporary reference * notification: Include sender-pid hint by default if not provided * notify-send: Add debug message about server not supporting persistence * notify-send: Add explicit option to create transient notifications * notify-send: Add support for boolean hints * notify-send: Move server capabilities check to a separate function * notify-send: Support passing any hint value, by parsing variant strings libpeas: - Version update from 1.30.0 to 1.32.0 (jsc#PED-2235): * Icon licenses have been corrected * Parallel build system operation fixes * Use gi-docgen for documentation * Various build warnings squashed * Various GIR data that should not have been exported was removed - Stop packaging the demo files/sub-package librsvg: - Version update from 2.52.6 to 2.52.9 (jsc#PED-2235): * Catch circular references when rendering patterns * Fix regressions when computing element geometries * Fix regression outputting all text as paths libsecret: - Version update from 0.20.4 to 0.20.5 (jsc#PED-2235): * Add bash-completion for secret-tool * Add locking capabilities to secret tool * Add support for TPM2 based secret storage * Create default collection after DBus.Error.UnknownObject * Detect local storage in snaps in the same way as flatpaks * Drop autotools-based build * GI annotation and documentation fixes * Port documentation to gi-docgen * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask * secret-file-backend: Avoid closing the same file descriptor twice mutter: - Version update from 41.5 to 41.9 (jsc#PED-2235): * Fix '--replace option' * Fix missing root window properties after XWayland start * Fix night light without GAMMA_LUT property * KMS: Survive missing GAMMA_LUT property * wayland: Fix rotation transform * Misc. bug fixes nautilus: - Version update from 41.2 to 41.5(jsc#PED-2235): * Drag-and-drop bugfixes * HighContrast style fixes orca: - Version update from 41.1 to 41.3 (jsc#PED-2235): * Add more event-flood detection and handling for improved performance * Fix bug causing accessing preferences to fail for Esperanto * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant) * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x python-cairo: - Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo python-gobject: - Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584) - Version update from 3.42.0 to 3.42.2 (jsc#PED-2235): * Add a workaround for a PyPy 3.9+ bug when threads are used * Do not error out for unknown scopes * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases * Fix a crash/refcounting error in case marshaling a hash table fails * Fix crashes when marshaling zero terminated arrays for certain item types * Implement DynamicImporter.find_spec() to silence deprecation warning * Make the test suite pass again with PyPy * Some test/CI fixes * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4 * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4 * interface: Fix leak when overriding GInterfaceInfo * setup.py: look up pycairo headers without importing the module trackers-python: - Allow system calls used by gstreamer (bsc#1196205) - Version update from 3.2.2 to 3.2.1 (jsc#PED-2235): * Backport seccomp rules for rseq and mbind syscalls vala: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Add missing TraverseVisitor.visit_data_type() * Add support for 'copy_/free_function' metadata for compact classes * Catch and throw possible inner error of lock statements * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore * Don't count instance-parameter when checking for backwards closure reference * Fix a few binding errors * Free empty stack list for code contexts * Handle duplicated and unnamed symbols. * Improve UI parsing and handling of nested objects and properties * Make sure to drop our 'trap' jump target in case of an error * Move dynamic property errors to semantic analyzer pass * Require lvalue access of delegate target/destroy 'fields' * Show source location when reporting deprecations * Transform assignment of an array element as needed * manual: Update from wiki.gnome.org * parser: Improve handling of nullable VarType in with-statement * parser: Reduce the source reference of main block method to its beginning xdg-desktop-portal-gnome: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Properly bind property in Lockdown portal ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:45-1 Released: Mon Jan 9 10:32:26 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:50-1 Released: Mon Jan 9 10:42:21 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1205502 This update for shadow fixes the following issues: - Fix issue with user id field that cannot be interpreted (bsc#1205502) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libuuid1-2.37.2-150400.8.14.1 updated - libudev1-249.14-150400.8.19.1 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libz1-1.2.11-150000.3.39.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libglib-2_0-0-2.70.5-150400.3.3.1 updated - libxml2-2-2.9.14-150400.5.13.1 updated - libsystemd0-249.14-150400.8.19.1 updated - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - procps-3.3.15-150000.7.28.1 updated - libmount1-2.37.2-150400.8.14.1 updated - login_defs-4.8.1-150400.10.3.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libcurl4-7.79.1-150400.5.12.1 updated - shadow-4.8.1-150400.10.3.1 updated - util-linux-2.37.2-150400.8.14.1 updated - timezone-2022g-150000.75.18.1 updated - curl-7.79.1-150400.5.12.1 updated - openssl-1_1-1.1.1l-150400.7.22.1 updated - ca-certificates-mozilla-2.60-150200.27.1 updated - libsodium23-1.0.18-150000.4.6.1 updated From sle-updates at lists.suse.com Sat Feb 11 08:03:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 11 Feb 2023 09:03:33 +0100 (CET) Subject: SUSE-CU-2023:334-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20230211080333.92572F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:334-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.4 , suse/manager/4.3/proxy-squid:4.3.4.9.22.1 , suse/manager/4.3/proxy-squid:latest Container Release : 9.22.1 Severity : important Type : security References : 1177460 1194038 1199467 1200723 1203652 1204585 1204944 1205000 1205000 1205502 1205646 1206308 1206309 1206337 1207182 1207264 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-43551 CVE-2022-43552 CVE-2022-4415 CVE-2022-4415 CVE-2022-4450 CVE-2022-46908 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:45-1 Released: Mon Jan 9 10:32:26 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:50-1 Released: Mon Jan 9 10:42:21 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1205502 This update for shadow fixes the following issues: - Fix issue with user id field that cannot be interpreted (bsc#1205502) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libuuid1-2.37.2-150400.8.14.1 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libz1-1.2.11-150000.3.39.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libxml2-2-2.9.14-150400.5.13.1 updated - libsystemd0-249.14-150400.8.19.1 updated - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - libmount1-2.37.2-150400.8.14.1 updated - login_defs-4.8.1-150400.10.3.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libcurl4-7.79.1-150400.5.12.1 updated - shadow-4.8.1-150400.10.3.1 updated - util-linux-2.37.2-150400.8.14.1 updated - timezone-2022g-150000.75.18.1 updated From sle-updates at lists.suse.com Sat Feb 11 08:03:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 11 Feb 2023 09:03:39 +0100 (CET) Subject: SUSE-CU-2023:336-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20230211080339.3D9FCF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:336-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.4 , suse/manager/4.3/proxy-ssh:4.3.4.9.15.1 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.15.1 Severity : important Type : security References : 1177460 1179465 1194038 1199467 1200723 1203652 1204585 1204944 1205000 1205000 1205502 1205646 1206308 1206309 1206337 1207182 1207264 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-43551 CVE-2022-43552 CVE-2022-4415 CVE-2022-4415 CVE-2022-4450 CVE-2022-46908 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:45-1 Released: Mon Jan 9 10:32:26 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:50-1 Released: Mon Jan 9 10:42:21 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1205502 This update for shadow fixes the following issues: - Fix issue with user id field that cannot be interpreted (bsc#1205502) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libuuid1-2.37.2-150400.8.14.1 updated - libudev1-249.14-150400.8.19.1 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libz1-1.2.11-150000.3.39.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libxml2-2-2.9.14-150400.5.13.1 updated - libsystemd0-249.14-150400.8.19.1 updated - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - libmount1-2.37.2-150400.8.14.1 updated - login_defs-4.8.1-150400.10.3.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libcurl4-7.79.1-150400.5.12.1 updated - shadow-4.8.1-150400.10.3.1 updated - util-linux-2.37.2-150400.8.14.1 updated - timezone-2022g-150000.75.18.1 updated - openssh-common-8.4p1-150300.3.15.4 updated - openssh-fips-8.4p1-150300.3.15.4 updated - openssh-server-8.4p1-150300.3.15.4 updated - openssh-clients-8.4p1-150300.3.15.4 updated - openssh-8.4p1-150300.3.15.4 updated From sle-updates at lists.suse.com Sat Feb 11 08:03:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 11 Feb 2023 09:03:45 +0100 (CET) Subject: SUSE-CU-2023:338-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20230211080345.288CCF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:338-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.4 , suse/manager/4.3/proxy-tftpd:4.3.4.9.15.1 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.15.1 Severity : important Type : security References : 1177460 1194038 1199467 1200723 1203652 1204364 1204585 1204944 1205000 1205000 1205502 1205646 1206212 1206212 1206308 1206309 1206337 1206622 1206667 1207182 1207264 1207533 1207534 1207536 1207538 CVE-2022-23491 CVE-2022-40897 CVE-2022-42969 CVE-2022-4304 CVE-2022-43551 CVE-2022-43552 CVE-2022-4415 CVE-2022-4415 CVE-2022-4450 CVE-2022-46908 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:45-1 Released: Mon Jan 9 10:32:26 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:50-1 Released: Mon Jan 9 10:42:21 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1205502 This update for shadow fixes the following issues: - Fix issue with user id field that cannot be interpreted (bsc#1205502) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:139-1 Released: Wed Jan 25 14:41:55 2023 Summary: Security update for python-certifi Type: security Severity: important References: 1206212,CVE-2022-23491 This update for python-certifi fixes the following issues: - remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle certs (bsc#1206212 CVE-2022-23491) - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 - Add removeTrustCor.patch ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:159-1 Released: Thu Jan 26 18:21:56 2023 Summary: Security update for python-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:161-1 Released: Thu Jan 26 18:23:16 2023 Summary: Security update for python-py Type: security Severity: moderate References: 1204364,CVE-2022-42969 This update for python-py fixes the following issues: - CVE-2022-42969: Fixed an excessive resource consumption that could be triggered when interacting with a Subversion repository containing crated data (bsc#1204364). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libuuid1-2.37.2-150400.8.14.1 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libz1-1.2.11-150000.3.39.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libxml2-2-2.9.14-150400.5.13.1 updated - libsystemd0-249.14-150400.8.19.1 updated - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - libmount1-2.37.2-150400.8.14.1 updated - login_defs-4.8.1-150400.10.3.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libcurl4-7.79.1-150400.5.12.1 updated - shadow-4.8.1-150400.10.3.1 updated - util-linux-2.37.2-150400.8.14.1 updated - timezone-2022g-150000.75.18.1 updated - openssl-1_1-1.1.1l-150400.7.22.1 updated - ca-certificates-mozilla-2.60-150200.27.1 updated - python3-certifi-2018.1.18-150000.3.3.1 updated - python3-py-1.10.0-150100.5.12.1 updated - python3-setuptools-44.1.1-150400.3.3.1 updated From sle-updates at lists.suse.com Sun Feb 12 08:04:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 12 Feb 2023 09:04:04 +0100 (CET) Subject: SUSE-CU-2023:341-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20230212080404.25EA7F78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:341-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.77 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.77 Severity : moderate Type : security References : 1207815 CVE-2022-46663 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:348-1 Released: Fri Feb 10 15:08:41 2023 Summary: Security update for less Type: security Severity: moderate References: 1207815,CVE-2022-46663 This update for less fixes the following issues: - CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815). The following package changes have been done: - less-590-150400.3.3.1 updated From sle-updates at lists.suse.com Sun Feb 12 08:04:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 12 Feb 2023 09:04:18 +0100 (CET) Subject: SUSE-CU-2023:342-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230212080418.44C3CF78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:342-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-3.2.51 , suse/sle-micro/5.4/toolbox:latest Container Release : 3.2.51 Severity : moderate Type : security References : 1207815 CVE-2022-46663 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:348-1 Released: Fri Feb 10 15:08:41 2023 Summary: Security update for less Type: security Severity: moderate References: 1207815,CVE-2022-46663 This update for less fixes the following issues: - CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815). The following package changes have been done: - less-590-150400.3.3.1 updated From sle-updates at lists.suse.com Mon Feb 13 05:19:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2023 06:19:33 +0100 (CET) Subject: SUSE-RU-2023:0378-1: important: Recommended update for pacemaker Message-ID: <20230213051933.B5350F46D@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0378-1 Rating: important References: #1205861 #1206263 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - Fix issues with SAPHanaController instances in SAPHanaSR ScaleOut cluster (bsc#1206263) - Fix issues with OCF1.1 return codes (bsc#1205861) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-378=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.0.4+20200616.2deceaa3a-150200.3.24.2 libpacemaker3-2.0.4+20200616.2deceaa3a-150200.3.24.2 libpacemaker3-debuginfo-2.0.4+20200616.2deceaa3a-150200.3.24.2 pacemaker-2.0.4+20200616.2deceaa3a-150200.3.24.2 pacemaker-cli-2.0.4+20200616.2deceaa3a-150200.3.24.2 pacemaker-cli-debuginfo-2.0.4+20200616.2deceaa3a-150200.3.24.2 pacemaker-debuginfo-2.0.4+20200616.2deceaa3a-150200.3.24.2 pacemaker-debugsource-2.0.4+20200616.2deceaa3a-150200.3.24.2 pacemaker-remote-2.0.4+20200616.2deceaa3a-150200.3.24.2 pacemaker-remote-debuginfo-2.0.4+20200616.2deceaa3a-150200.3.24.2 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): pacemaker-cts-2.0.4+20200616.2deceaa3a-150200.3.24.2 References: https://bugzilla.suse.com/1205861 https://bugzilla.suse.com/1206263 From sle-updates at lists.suse.com Mon Feb 13 05:20:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2023 06:20:44 +0100 (CET) Subject: SUSE-RU-2023:0385-1: important: Recommended update for irqbalance Message-ID: <20230213052044.3C45FF46D@maintenance.suse.de> SUSE Recommended Update: Recommended update for irqbalance ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0385-1 Rating: important References: #1204961 #1206668 Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for irqbalance fixes the following issues: - Fix memory access violation caused since the previous update (bsc#1206668) - Fix `--banmod` option not working as expected (bsc#1204961) - Fix version to 1.4.0 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-385=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-385=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-385=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-385=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-385=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-385=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-385=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-385=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-385=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-385=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-385=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-385=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-385=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-385=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-385=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-385=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): irqbalance-1.4.0-150200.12.11.1 irqbalance-debuginfo-1.4.0-150200.12.11.1 irqbalance-debugsource-1.4.0-150200.12.11.1 - SUSE Manager Server 4.2 (ppc64le x86_64): irqbalance-1.4.0-150200.12.11.1 irqbalance-debuginfo-1.4.0-150200.12.11.1 irqbalance-debugsource-1.4.0-150200.12.11.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): irqbalance-1.4.0-150200.12.11.1 irqbalance-debuginfo-1.4.0-150200.12.11.1 irqbalance-debugsource-1.4.0-150200.12.11.1 - SUSE Manager Proxy 4.2 (x86_64): irqbalance-1.4.0-150200.12.11.1 irqbalance-debuginfo-1.4.0-150200.12.11.1 irqbalance-debugsource-1.4.0-150200.12.11.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): irqbalance-1.4.0-150200.12.11.1 irqbalance-debuginfo-1.4.0-150200.12.11.1 irqbalance-debugsource-1.4.0-150200.12.11.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): irqbalance-1.4.0-150200.12.11.1 irqbalance-debuginfo-1.4.0-150200.12.11.1 irqbalance-debugsource-1.4.0-150200.12.11.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le x86_64): irqbalance-1.4.0-150200.12.11.1 irqbalance-debuginfo-1.4.0-150200.12.11.1 irqbalance-debugsource-1.4.0-150200.12.11.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le x86_64): irqbalance-1.4.0-150200.12.11.1 irqbalance-debuginfo-1.4.0-150200.12.11.1 irqbalance-debugsource-1.4.0-150200.12.11.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): irqbalance-1.4.0-150200.12.11.1 irqbalance-debuginfo-1.4.0-150200.12.11.1 irqbalance-debugsource-1.4.0-150200.12.11.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64): irqbalance-1.4.0-150200.12.11.1 irqbalance-debuginfo-1.4.0-150200.12.11.1 irqbalance-debugsource-1.4.0-150200.12.11.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 x86_64): irqbalance-1.4.0-150200.12.11.1 irqbalance-debuginfo-1.4.0-150200.12.11.1 irqbalance-debugsource-1.4.0-150200.12.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): irqbalance-1.4.0-150200.12.11.1 irqbalance-debuginfo-1.4.0-150200.12.11.1 irqbalance-debugsource-1.4.0-150200.12.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): irqbalance-1.4.0-150200.12.11.1 irqbalance-debuginfo-1.4.0-150200.12.11.1 irqbalance-debugsource-1.4.0-150200.12.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): irqbalance-1.4.0-150200.12.11.1 irqbalance-debuginfo-1.4.0-150200.12.11.1 irqbalance-debugsource-1.4.0-150200.12.11.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): irqbalance-1.4.0-150200.12.11.1 irqbalance-debuginfo-1.4.0-150200.12.11.1 irqbalance-debugsource-1.4.0-150200.12.11.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): irqbalance-1.4.0-150200.12.11.1 irqbalance-debuginfo-1.4.0-150200.12.11.1 irqbalance-debugsource-1.4.0-150200.12.11.1 References: https://bugzilla.suse.com/1204961 https://bugzilla.suse.com/1206668 From sle-updates at lists.suse.com Mon Feb 13 05:21:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2023 06:21:57 +0100 (CET) Subject: SUSE-RU-2023:0377-1: important: Recommended update for pacemaker Message-ID: <20230213052157.42637F46D@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0377-1 Rating: important References: #1206263 #1206761 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - Fix issues with SAPHanaController instances in SAPHanaSR ScaleOut cluster (bsc#1206263) - Fix a memory access violation in error handling in crm_resource (bsc#1206761) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-377=1 Package List: - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.0.5+20201202.ba59be712-150300.4.30.3 libpacemaker3-2.0.5+20201202.ba59be712-150300.4.30.3 libpacemaker3-debuginfo-2.0.5+20201202.ba59be712-150300.4.30.3 pacemaker-2.0.5+20201202.ba59be712-150300.4.30.3 pacemaker-cli-2.0.5+20201202.ba59be712-150300.4.30.3 pacemaker-cli-debuginfo-2.0.5+20201202.ba59be712-150300.4.30.3 pacemaker-debuginfo-2.0.5+20201202.ba59be712-150300.4.30.3 pacemaker-debugsource-2.0.5+20201202.ba59be712-150300.4.30.3 pacemaker-remote-2.0.5+20201202.ba59be712-150300.4.30.3 pacemaker-remote-debuginfo-2.0.5+20201202.ba59be712-150300.4.30.3 - SUSE Linux Enterprise High Availability 15-SP3 (noarch): pacemaker-cts-2.0.5+20201202.ba59be712-150300.4.30.3 References: https://bugzilla.suse.com/1206263 https://bugzilla.suse.com/1206761 From sle-updates at lists.suse.com Mon Feb 13 05:22:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2023 06:22:46 +0100 (CET) Subject: SUSE-RU-2023:0376-1: important: Recommended update for pacemaker Message-ID: <20230213052246.739E3F46D@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0376-1 Rating: important References: #1206263 #1206761 Affected Products: SUSE Linux Enterprise High Availability 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - Fix issues with SAPHanaController instances in SAPHanaSR ScaleOut cluster (bsc#1206263) - Fix a memory access violation in error handling in crm_resource (bsc#1206761) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-376=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-376=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.1.2+20211124.ada5c3b36-150400.4.9.2 libpacemaker3-2.1.2+20211124.ada5c3b36-150400.4.9.2 libpacemaker3-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.9.2 pacemaker-2.1.2+20211124.ada5c3b36-150400.4.9.2 pacemaker-cli-2.1.2+20211124.ada5c3b36-150400.4.9.2 pacemaker-cli-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.9.2 pacemaker-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.9.2 pacemaker-debugsource-2.1.2+20211124.ada5c3b36-150400.4.9.2 pacemaker-remote-2.1.2+20211124.ada5c3b36-150400.4.9.2 pacemaker-remote-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.9.2 - openSUSE Leap 15.4 (noarch): pacemaker-cts-2.1.2+20211124.ada5c3b36-150400.4.9.2 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.1.2+20211124.ada5c3b36-150400.4.9.2 libpacemaker3-2.1.2+20211124.ada5c3b36-150400.4.9.2 libpacemaker3-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.9.2 pacemaker-2.1.2+20211124.ada5c3b36-150400.4.9.2 pacemaker-cli-2.1.2+20211124.ada5c3b36-150400.4.9.2 pacemaker-cli-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.9.2 pacemaker-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.9.2 pacemaker-debugsource-2.1.2+20211124.ada5c3b36-150400.4.9.2 pacemaker-remote-2.1.2+20211124.ada5c3b36-150400.4.9.2 pacemaker-remote-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.9.2 - SUSE Linux Enterprise High Availability 15-SP4 (noarch): pacemaker-cts-2.1.2+20211124.ada5c3b36-150400.4.9.2 References: https://bugzilla.suse.com/1206263 https://bugzilla.suse.com/1206761 From sle-updates at lists.suse.com Mon Feb 13 05:23:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2023 06:23:35 +0100 (CET) Subject: SUSE-RU-2023:0386-1: important: Recommended update for NetworkManager-applet Message-ID: <20230213052335.87649F46D@maintenance.suse.de> SUSE Recommended Update: Recommended update for NetworkManager-applet ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0386-1 Rating: important References: Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for NetworkManager-applet fixes the following issues: - Fix build issues related to meson Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-386=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-386=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): NetworkManager-applet-1.24.0-150400.4.3.1 NetworkManager-applet-debuginfo-1.24.0-150400.4.3.1 NetworkManager-applet-debugsource-1.24.0-150400.4.3.1 NetworkManager-connection-editor-1.24.0-150400.4.3.1 NetworkManager-connection-editor-debuginfo-1.24.0-150400.4.3.1 - openSUSE Leap 15.4 (noarch): NetworkManager-applet-lang-1.24.0-150400.4.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): NetworkManager-applet-1.24.0-150400.4.3.1 NetworkManager-applet-debuginfo-1.24.0-150400.4.3.1 NetworkManager-applet-debugsource-1.24.0-150400.4.3.1 NetworkManager-connection-editor-1.24.0-150400.4.3.1 NetworkManager-connection-editor-debuginfo-1.24.0-150400.4.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (noarch): NetworkManager-applet-lang-1.24.0-150400.4.3.1 References: From sle-updates at lists.suse.com Mon Feb 13 05:24:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2023 06:24:17 +0100 (CET) Subject: SUSE-RU-2023:0384-1: important: Recommended update for irqbalance Message-ID: <20230213052417.D21D9F46D@maintenance.suse.de> SUSE Recommended Update: Recommended update for irqbalance ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0384-1 Rating: important References: #1204962 #1206661 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for irqbalance fixes the following issues: - Fix `--banmod` option not working as expected (bsc#1206661, bsc#1204962) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-384=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-384=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-384=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-384=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): irqbalance-1.8.0.18.git+2435e8d-150400.3.5.1 irqbalance-debuginfo-1.8.0.18.git+2435e8d-150400.3.5.1 irqbalance-debugsource-1.8.0.18.git+2435e8d-150400.3.5.1 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): irqbalance-1.8.0.18.git+2435e8d-150400.3.5.1 irqbalance-debuginfo-1.8.0.18.git+2435e8d-150400.3.5.1 irqbalance-debugsource-1.8.0.18.git+2435e8d-150400.3.5.1 irqbalance-ui-1.8.0.18.git+2435e8d-150400.3.5.1 irqbalance-ui-debuginfo-1.8.0.18.git+2435e8d-150400.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le x86_64): irqbalance-1.8.0.18.git+2435e8d-150400.3.5.1 irqbalance-debuginfo-1.8.0.18.git+2435e8d-150400.3.5.1 irqbalance-debugsource-1.8.0.18.git+2435e8d-150400.3.5.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64): irqbalance-1.8.0.18.git+2435e8d-150400.3.5.1 irqbalance-debuginfo-1.8.0.18.git+2435e8d-150400.3.5.1 irqbalance-debugsource-1.8.0.18.git+2435e8d-150400.3.5.1 References: https://bugzilla.suse.com/1204962 https://bugzilla.suse.com/1206661 From sle-updates at lists.suse.com Mon Feb 13 05:25:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2023 06:25:10 +0100 (CET) Subject: SUSE-RU-2023:0383-1: important: Recommended update for crmsh Message-ID: <20230213052510.59465F46D@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0383-1 Rating: important References: #1202006 #1204565 #1205727 #1206606 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fix crm report to catch read exception and give a error message (bsc#1206606) - Fix sbd not starting up if qdevice configuration is enabled (bsc#1205727) - Fix a memory access violation error when using `crm configure` commands (bsc#1204565) - Fix issue prompting warning about known_hosts when running `crm cluster join` commands (bsc#1202006) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-383=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-383=1 Package List: - SUSE Linux Enterprise High Availability 15-SP3 (noarch): crmsh-4.3.1+20221230.4c344416-150200.5.86.1 crmsh-scripts-4.3.1+20221230.4c344416-150200.5.86.1 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): crmsh-4.3.1+20221230.4c344416-150200.5.86.1 crmsh-scripts-4.3.1+20221230.4c344416-150200.5.86.1 References: https://bugzilla.suse.com/1202006 https://bugzilla.suse.com/1204565 https://bugzilla.suse.com/1205727 https://bugzilla.suse.com/1206606 From sle-updates at lists.suse.com Mon Feb 13 05:26:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2023 06:26:12 +0100 (CET) Subject: SUSE-RU-2023:0381-1: important: Recommended update for pacemaker Message-ID: <20230213052612.9E6A0F46D@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0381-1 Rating: important References: #1205861 #1206263 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - Fix issues with SAPHanaController instances in SAPHanaSR ScaleOut cluster (bsc#1206263) - Fix issues with OCF1.1 return codes (bsc#1205861) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-381=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2023-381=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.24+20210811.f5abda0ee-3.30.3 libpacemaker3-1.1.24+20210811.f5abda0ee-3.30.3 pacemaker-cts-1.1.24+20210811.f5abda0ee-3.30.3 pacemaker-cts-debuginfo-1.1.24+20210811.f5abda0ee-3.30.3 pacemaker-debuginfo-1.1.24+20210811.f5abda0ee-3.30.3 pacemaker-debugsource-1.1.24+20210811.f5abda0ee-3.30.3 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): libpacemaker3-1.1.24+20210811.f5abda0ee-3.30.3 libpacemaker3-debuginfo-1.1.24+20210811.f5abda0ee-3.30.3 pacemaker-1.1.24+20210811.f5abda0ee-3.30.3 pacemaker-cli-1.1.24+20210811.f5abda0ee-3.30.3 pacemaker-cli-debuginfo-1.1.24+20210811.f5abda0ee-3.30.3 pacemaker-cts-1.1.24+20210811.f5abda0ee-3.30.3 pacemaker-cts-debuginfo-1.1.24+20210811.f5abda0ee-3.30.3 pacemaker-debuginfo-1.1.24+20210811.f5abda0ee-3.30.3 pacemaker-debugsource-1.1.24+20210811.f5abda0ee-3.30.3 pacemaker-remote-1.1.24+20210811.f5abda0ee-3.30.3 pacemaker-remote-debuginfo-1.1.24+20210811.f5abda0ee-3.30.3 References: https://bugzilla.suse.com/1205861 https://bugzilla.suse.com/1206263 From sle-updates at lists.suse.com Mon Feb 13 05:27:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2023 06:27:04 +0100 (CET) Subject: SUSE-RU-2023:0382-1: important: Recommended update for crmsh Message-ID: <20230213052704.3BBB3F46D@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0382-1 Rating: important References: #1206606 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crmsh fixes the following issues: - Fix crm report to catch read exception and give a error message (bsc#1206606) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2023-382=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2023-382=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (noarch): crmsh-4.1.1+git.1672364762.c6594863-2.77.1 crmsh-scripts-4.1.1+git.1672364762.c6594863-2.77.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): crmsh-4.1.1+git.1672364762.c6594863-2.77.1 crmsh-scripts-4.1.1+git.1672364762.c6594863-2.77.1 References: https://bugzilla.suse.com/1206606 From sle-updates at lists.suse.com Mon Feb 13 05:27:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2023 06:27:48 +0100 (CET) Subject: SUSE-RU-2023:0379-1: important: Recommended update for pacemaker Message-ID: <20230213052748.0BF1EF46D@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0379-1 Rating: important References: #1205861 #1206263 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - Fix issues with SAPHanaController instances in SAPHanaSR ScaleOut cluster (bsc#1206263) - Fix issues with OCF1.1 return codes (bsc#1205861) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-379=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.0.1+20190417.13d370ca9-150100.3.33.1 libpacemaker3-2.0.1+20190417.13d370ca9-150100.3.33.1 libpacemaker3-debuginfo-2.0.1+20190417.13d370ca9-150100.3.33.1 pacemaker-2.0.1+20190417.13d370ca9-150100.3.33.1 pacemaker-cli-2.0.1+20190417.13d370ca9-150100.3.33.1 pacemaker-cli-debuginfo-2.0.1+20190417.13d370ca9-150100.3.33.1 pacemaker-debuginfo-2.0.1+20190417.13d370ca9-150100.3.33.1 pacemaker-debugsource-2.0.1+20190417.13d370ca9-150100.3.33.1 pacemaker-remote-2.0.1+20190417.13d370ca9-150100.3.33.1 pacemaker-remote-debuginfo-2.0.1+20190417.13d370ca9-150100.3.33.1 - SUSE Linux Enterprise High Availability 15-SP1 (noarch): pacemaker-cts-2.0.1+20190417.13d370ca9-150100.3.33.1 References: https://bugzilla.suse.com/1205861 https://bugzilla.suse.com/1206263 From sle-updates at lists.suse.com Mon Feb 13 05:28:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2023 06:28:34 +0100 (CET) Subject: SUSE-RU-2023:0380-1: important: Recommended update for pacemaker Message-ID: <20230213052834.C82C2F46D@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0380-1 Rating: important References: #1205861 #1206263 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - Fix issues with SAPHanaController instances in SAPHanaSR ScaleOut cluster (bsc#1206263) - Fix issues with OCF1.1 return codes (bsc#1205861) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2023-380=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): libpacemaker3-1.1.19+20181105.ccd6b5b10-3.40.1 libpacemaker3-debuginfo-1.1.19+20181105.ccd6b5b10-3.40.1 pacemaker-1.1.19+20181105.ccd6b5b10-3.40.1 pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.40.1 pacemaker-cli-debuginfo-1.1.19+20181105.ccd6b5b10-3.40.1 pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.40.1 pacemaker-cts-debuginfo-1.1.19+20181105.ccd6b5b10-3.40.1 pacemaker-debuginfo-1.1.19+20181105.ccd6b5b10-3.40.1 pacemaker-debugsource-1.1.19+20181105.ccd6b5b10-3.40.1 pacemaker-remote-1.1.19+20181105.ccd6b5b10-3.40.1 pacemaker-remote-debuginfo-1.1.19+20181105.ccd6b5b10-3.40.1 References: https://bugzilla.suse.com/1205861 https://bugzilla.suse.com/1206263 From sle-updates at lists.suse.com Mon Feb 13 08:02:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2023 09:02:21 +0100 (CET) Subject: SUSE-IU-2023:139-1: Security update of sles-15-sp4-chost-byos-v20230210-arm64 Message-ID: <20230213080221.6FA7FF46D@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20230210-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:139-1 Image Tags : sles-15-sp4-chost-byos-v20230210-arm64:20230210 Image Release : Severity : important Type : security References : 1027519 1065729 1187428 1188605 1190969 1191259 1193629 1194038 1199294 1200102 1201068 1201490 1201492 1201493 1201495 1201496 1201689 1202436 1203219 1203652 1203740 1203829 1204254 1204294 1204614 1204652 1204760 1204911 1204944 1204989 1205000 1205126 1205209 1205257 1205263 1205385 1205386 1205485 1205496 1205601 1205646 1205695 1206073 1206098 1206101 1206188 1206209 1206273 1206344 1206389 1206390 1206391 1206393 1206394 1206395 1206396 1206397 1206398 1206399 1206412 1206456 1206468 1206504 1206515 1206536 1206546 1206554 1206602 1206619 1206664 1206667 1206703 1206794 1206866 1206867 1206868 1206896 1206912 1207016 1207082 1207162 1207182 1207183 1207264 1207346 1207396 1207471 1207473 1207475 1207533 1207534 1207536 1207538 1207815 CVE-2021-20251 CVE-2022-2031 CVE-2022-23824 CVE-2022-3094 CVE-2022-3104 CVE-2022-3105 CVE-2022-3106 CVE-2022-3107 CVE-2022-3108 CVE-2022-3111 CVE-2022-3112 CVE-2022-3113 CVE-2022-3114 CVE-2022-3115 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVE-2022-3344 CVE-2022-3437 CVE-2022-3564 CVE-2022-3736 CVE-2022-37966 CVE-2022-37967 CVE-2022-38023 CVE-2022-3924 CVE-2022-40897 CVE-2022-42898 CVE-2022-4304 CVE-2022-4379 CVE-2022-4415 CVE-2022-4450 CVE-2022-4662 CVE-2022-46663 CVE-2022-47520 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0215 CVE-2023-0286 CVE-2023-0288 CVE-2023-0433 CVE-2023-22809 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20230210-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:114-1 Released: Fri Jan 20 10:22:57 2023 Summary: Security update for sudo Type: security Severity: important References: 1207082,CVE-2023-22809 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:142-1 Released: Thu Jan 26 06:40:15 2023 Summary: Feature update for bind Type: feature Severity: moderate References: This update for bind fixes the following issues: Version update from 9.16.33 to 9.16.35 (jsc#SLE-24801, jsc#SLE-24600) - New Features: * Support for parsing and validating the dohpath service parameter in SVCB records was added. * named now logs the supported cryptographic algorithms during startup and in the output of named -V - Bug Fixes: * A crash was fixed that happened when a dnssec-policy zone that used NSEC3 was reconfigured to enable inline-signing. * In certain resolution scenarios, quotas could be erroneously reached for servers, including any configured forwarders, resulting in SERVFAIL answers being sent to clients. * rpz-ip rules in response-policy zones could be ineffective in some cases if a query had the CD (Checking Disabled) bit set to 1. * Previously, if Internet connectivity issues were experienced during the initial startup of named, a BIND resolver with dnssec-validation set to auto could enter into a state where it would not recover without stopping named, manually deleting the managed-keys.bind and managed-keys.bind.jnl files, and starting named again. * The statistics counter representing the current number of clients awaiting recursive resolution results (RecursClients) could overflow in certain resolution scenarios. * Previously, BIND failed to start on Solaris-based systems with hundreds of CPUs. * When a DNS resource records TTL value was equal to the resolver configured prefetch eligibility value, the record was erroneously not treated as eligible for prefetching. * Changing just the TSIG key names for primaries in catalog zones member zones was not effective. This has been fixed. - Known Issues: * Upgrading from BIND 9.16.32 or any older version may require a manual configuration change. The following configurations are affected: + type primary zones configured with dnssec-policy but without either allow-update or update-policy + type secondary zones configured with dnssec-policy In these cases please add inline-signing yes; to the individual zone configuration(s). Without applying this change, named will fail to start. For more details, see https://kb.isc.org/docs/dnssec-policy-requires-dynamic-dns-or-inline-signing ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:149-1 Released: Thu Jan 26 10:18:30 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1187428,1188605,1190969,1191259,1193629,1199294,1201068,1203219,1203740,1203829,1204614,1204652,1204760,1204911,1204989,1205257,1205263,1205485,1205496,1205601,1205695,1206073,1206098,1206101,1206188,1206209,1206273,1206344,1206389,1206390,1206391,1206393,1206394,1206395,1206396,1206397,1206398,1206399,1206456,1206468,1206515,1206536,1206554,1206602,1206619,1206664,1206703,1206794,1206896,1206912,1207016,CVE-2022-3104,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3112,CVE-2022-3113,CVE-2022-3114,CVE-2022-3115,CVE-2022-3344,CVE-2022-3564,CVE-2022-4379,CVE-2022-4662,CVE-2022-47520 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3344: Fixed a bug where nested shutdown interception could lead to host crash (bsc#1204652) - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393) - CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515) - CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399) - CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073) - CVE-2022-4379: Fixed a use-after-free vulnerability in nfs4file.c:__nfs42_ssc_open. (bsc#1206209) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2022-3104: Fixed a null pointer dereference caused by caused by a missing check of the return value of kzalloc() in bugs.c:lkdtm_ARRAY_BOUNDS. (bsc#1206396) - CVE-2022-3113: Fixed a null pointer dereference caused by a missing check of the return value of devm_kzalloc. (bsc#1206390) - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2022-3114: Fixed a null pointer dereference caused by a missing check of the return value of kcalloc. (bsc#1206391) - CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394) - CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398) - CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397) The following non-security bugs were fixed: - acct: fix potential integer overflow in encode_comp_t() (git-fixes). - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (git-fixes). - ACPICA: Fix error code path in acpi_ds_call_control_method() (git-fixes). - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (git-fixes). - ALSA: asihpi: fix missing pci_disable_device() (git-fixes). - ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB (git-fixes). - ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops (git-fixes). - ALSA: line6: correct midi status byte when receiving data from podxt (git-fixes). - ALSA: line6: fix stack overflow in line6_midi_transmit (git-fixes). - ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt (git-fixes). - ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (git-fixes). - ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT (git-fixes). - ALSA: pcm: Set missing stop_operating flag at undoing trigger start (git-fixes). - ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event (git-fixes). - ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT (git-fixes). - ALSA: usb-audio: add the quirk for KT0206 device (git-fixes). - amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table() (git-fixes). - apparmor: fix a memleak in multi_transaction_new() (git-fixes). - apparmor: Fix abi check to include v8 abi (git-fixes). - apparmor: fix lockdep warning when removing a namespace (git-fixes). - apparmor: Fix memleak in alloc_ns() (git-fixes). - apparmor: Use pointer to struct aa_label for lbs_cred (git-fixes). - ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels (git-fixes). - ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (git-fixes). - ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-39x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: nuvoton: Remove bogus unit addresses from fixed-partition nodes (git-fixes). - ARM: dts: qcom: apq8064: fix coresight compatible (git-fixes). - ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 (git-fixes). - ARM: dts: rockchip: fix ir-receiver node names (git-fixes). - ARM: dts: rockchip: fix node name for hym8563 rtc (git-fixes). - ARM: dts: rockchip: remove clock-frequency from rtc (git-fixes). - ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name (git-fixes). - ARM: dts: spear600: Fix clcd interrupt (git-fixes). - ARM: dts: stm32: Drop stm32mp15xc.dtsi from Avenger96 (git-fixes). - ARM: dts: stm32: Fix AV96 WLAN regulator gpio property (git-fixes). - ARM: dts: turris-omnia: Add ethernet aliases (git-fixes). - ARM: dts: turris-omnia: Add switch port 6 node (git-fixes). - ARM: mmp: fix timer_read delay (git-fixes). - ARM: ux500: do not directly dereference __iomem (git-fixes). - arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path (performance bsc#1203219). - arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC (git-fixes). - arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name (git-fixes). - arm64: dts: mediatek: pumpkin-common: Fix devicetree warnings (git-fixes). - arm64: dts: mt2712-evb: Fix usb vbus regulators unit names (git-fixes). - arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names (git-fixes). - arm64: dts: mt2712e: Fix unit address for pinctrl node (git-fixes). - arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators (git-fixes). - arm64: dts: mt6779: Fix devicetree build warnings (git-fixes). - arm64: dts: mt7622: drop r_smpl property from mmc node (git-fixes). - arm64: dts: mt8183: drop drv-type from mmc-node (git-fixes). - arm64: dts: mt8183: Fix Mali GPU clock (git-fixes). - arm64: dts: qcom: ipq6018-cp01-c1: use BLSPI1 pins (git-fixes). - arm64: dts: qcom: msm8916: Drop MSS fallback compatible (git-fixes). - arm64: dts: qcom: msm8996: Add MSM8996 Pro support (git-fixes). - arm64: dts: qcom: msm8996: fix GPU OPP table (git-fixes). - arm64: dts: qcom: msm8996: fix supported-hw in cpufreq OPP tables (git-fixes). - arm64: dts: qcom: sdm630: fix UART1 pin bias (git-fixes). - arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias (git-fixes). - arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength (git-fixes). - arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength (git-fixes). - arm64: dts: qcom: sm8250-sony-xperia-edo: fix touchscreen bias-disable (git-fixes). - arm64: dts: qcom: sm8250: correct LPASS pin pull down (git-fixes). - arm64: dts: qcom: sm8250: drop bogus DP PHY clock (git-fixes). - arm64: dts: qcom: sm8250: fix USB-DP PHY registers (git-fixes). - arm64: dts: rockchip: fix ir-receiver node names (git-fixes). - arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series (git-fixes). - arm64: dts: ti: k3-am65-main: Drop dma-coherent in crypto node (git-fixes). - arm64: dts: ti: k3-j721e-main: Drop dma-coherent in crypto node (git-fixes). - ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() (git-fixes). - ASoC: codecs: rt298: Add quirk for KBL-R RVP platform (git-fixes). - ASoC: cs42l51: Correct PGA Volume minimum value (git-fixes). - ASoC: dt-bindings: wcd9335: fix reset line polarity in example (git-fixes). - ASoC: fsl_micfil: explicitly clear CHnF flags (git-fixes). - ASoC: fsl_micfil: explicitly clear software reset bit (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet (git-fixes). - ASoC: jz4740-i2s: Handle independent FIFO flush bits (git-fixes). - ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() (git-fixes). - ASoC: mediatek: mt8173: Enable IRQ when pdata is ready (git-fixes). - ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() (git-fixes). - ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd (git-fixes). - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Correct bounds check for second channel on SX controls (git-fixes). - ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe (git-fixes). - ASoC: pxa: fix null-pointer dereference in filter() (git-fixes). - ASoC: qcom: Add checks for devm_kcalloc (git-fixes). - ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() (git-fixes). - ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() (git-fixes). - ASoC: rt5670: Remove unbalanced pm_runtime_put() (git-fixes). - ASoC: rt711-sdca: fix the latency time of clock stop prepare state machine transitions (git-fixes). - ASoC: soc-pcm: Add NULL check in BE reparenting (git-fixes). - ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register (git-fixes). - ASoC: wm8994: Fix potential deadlock (git-fixes). - ata: ahci: Fix PCS quirk application for suspend (git-fixes). - binfmt_elf: fix documented return value for load_elf_phdrs() (git-fixes). - binfmt_misc: fix shift-out-of-bounds in check_special_flags (git-fixes). - binfmt: Fix error return code in load_elf_fdpic_binary() (git-fixes). - block: Do not reread partition table on exclusively open device (bsc#1190969). - Bluetooth: btintel: Fix missing free skb in btintel_setup_combined() (git-fixes). - Bluetooth: btusb: Add debug message for CSR controllers (git-fixes). - Bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_bcsp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_core: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_h5: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_ll: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_qca: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: MGMT: Fix error report for ADD_EXT_ADV_PARAMS (git-fixes). - Bluetooth: RFCOMM: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - brcmfmac: return error when getting invalid max_flowrings from dongle (git-fixes). - caif: fix memory leak in cfctrl_linkup_request() (git-fixes). - can: do not increase rx statistics when generating a CAN rx error message frame (git-fixes). - can: do not increase rx_bytes statistics for RTR frames (git-fixes). - can: kvaser_usb_leaf: Fix bogus restart events (git-fixes). - can: kvaser_usb_leaf: Fix wrong CAN state after stopping (git-fixes). - can: kvaser_usb_leaf: Set Warning state even without bus errors (git-fixes). - can: kvaser_usb: do not increase tx statistics when sending error message frames (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (git-fixes). - can: kvaser_usb: make use of units.h in assignment of frequency (git-fixes). - can: m_can: fix typo prescalar -> prescaler (git-fixes). - can: m_can: is_lec_err(): clean up LEC error handling (git-fixes). - can: mcba_usb: Fix termination command argument (git-fixes). - can: sja1000: fix size of OCR_MODE_MASK define (git-fixes). - can: tcan4x5x: Remove invalid write in clear_interrupts (git-fixes). - chardev: fix error handling in cdev_device_add() (git-fixes). - cifs: Add 'extbuf' and 'extbuflen' args to smb2_compound_op() (bsc#1193629). - cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1193629). - cifs: do not leak -ENOMEM in smb2_open_file() (bsc#1193629). - cifs: do not refresh cached referrals from unactive mounts (bsc#1193629). - cifs: fix confusing debug message (bsc#1193629). - cifs: Fix kmap_local_page() unmapping (git-fixes). - cifs: fix missing display of three mount options (bsc#1193629). - cifs: fix oops during encryption (bsc#1199294). - cifs: fix refresh of cached referrals (bsc#1193629). - cifs: fix source pathname comparison of dfs supers (bsc#1193629). - cifs: fix various whitespace errors in headers (bsc#1193629). - cifs: get rid of mount options string parsing (bsc#1193629). - cifs: minor cleanup of some headers (bsc#1193629). - cifs: optimize reconnect of nested links (bsc#1193629). - cifs: Parse owner/group for stat in smb311 posix extensions (bsc#1193629). - cifs: print warning when conflicting soft vs. hard mount options specified (bsc#1193629). - cifs: reduce roundtrips on create/qinfo requests (bsc#1193629). - cifs: refresh root referrals (bsc#1193629). - cifs: Remove duplicated include in cifsglob.h (bsc#1193629). - cifs: remove unused smb3_fs_context::mount_options (bsc#1193629). - cifs: set correct ipc status after initial tree connect (bsc#1193629). - cifs: set correct status of tcon ipc when reconnecting (bsc#1193629). - cifs: set correct tcon status after initial tree connect (bsc#1193629). - cifs: set resolved ip in sockaddr (bsc#1193629). - cifs: share dfs connections and supers (bsc#1193629). - cifs: skip alloc when request has no pages (bsc#1193629). - cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use fs_context for automounts (bsc#1193629). - cifs: use origin fullpath for automounts (bsc#1193629). - class: fix possible memory leak in __class_register() (git-fixes). - clk: Fix pointer casting to prevent oops in devm_clk_release() (git-fixes). - clk: generalize devm_clk_get() a bit (git-fixes). - clk: imx: imx8mp: add shared clk gate for usb suspend clk (git-fixes). - clk: imx: replace osc_hdmi with dummy (git-fixes). - clk: nomadik: correct struct name kernel-doc warning (git-fixes). - clk: Provide new devm_clk helpers for prepared and enabled clocks (git-fixes). - clk: qcom: clk-krait: fix wrong div2 functions (git-fixes). - clk: qcom: gcc-sm8250: Use retention mode for USB GDSCs (git-fixes). - clk: qcom: lpass-sc7180: Fix pm_runtime usage (git-fixes). - clk: renesas: r9a06g032: Repair grave increment error (git-fixes). - clk: rockchip: Fix memory leak in rockchip_clk_register_pll() (git-fixes). - clk: samsung: Fix memory leak in _samsung_clk_register_pll() (git-fixes). - clk: socfpga: Fix memory leak in socfpga_gate_init() (git-fixes). - clk: st: Fix memory leak in st_of_quadfs_setup() (git-fixes). - clk: sunxi-ng: v3s: Correct the header guard of ccu-sun8i-v3s.h (git-fixes). - clocksource/drivers/sh_cmt: Access registers according to spec (git-fixes). - clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock() (git-fixes). - cpufreq: ACPI: Defer setting boost MSRs (bsc#1205485). - cpufreq: ACPI: Only set boost MSRs on supported CPUs (bsc#1205485). - cpufreq: ACPI: Remove unused variables 'acpi_cpufreq_online' and 'ret' (bsc#1205485). - cpufreq: intel_pstate: Add Sapphire Rapids support in no-HWP mode (bsc#1201068). - crypto: ccree - Make cc_debugfs_global_fini() available for module init function (git-fixes). - crypto: ccree - Remove debugfs when platform_driver_register failed (git-fixes). - crypto: cryptd - Use request context instead of stack for sub-request (git-fixes). - crypto: hisilicon/qm - fix missing destroy qp_idr (git-fixes). - crypto: img-hash - Fix variable dereferenced before check 'hdev->req' (git-fixes). - crypto: n2 - add missing hash statesize (git-fixes). - crypto: nitrox - avoid double free on error path in nitrox_sriov_init() (git-fixes). - crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe() (git-fixes). - crypto: rockchip - add fallback for ahash (git-fixes). - crypto: rockchip - add fallback for cipher (git-fixes). - crypto: rockchip - better handle cipher key (git-fixes). - crypto: rockchip - do not do custom power management (git-fixes). - crypto: rockchip - do not store mode globally (git-fixes). - crypto: rockchip - remove non-aligned handling (git-fixes). - crypto: rockchip - rework by using crypto_engine (git-fixes). - crypto: sun8i-ss - use dma_addr instead u32 (git-fixes). - crypto: tcrypt - Fix multibuffer skcipher speed test mem leak (git-fixes). - device property: Fix documentation for fwnode_get_next_parent() (git-fixes). - dmaengine: idxd: Fix crc_val field for completion record (git-fixes). - docs/zh_CN: Fix '.. only::' directive's expression (git-fixes). - Documentation: devres: add missing devm_acpi_dma_controller_free() helper (git-fixes). - Documentation: devres: add missing MEM helper (git-fixes). - Documentation: devres: add missing PHY helpers (git-fixes). - Documentation: devres: add missing PWM helper (git-fixes). - drbd: destroy workqueue when drbd device was freed (git-fixes). - drbd: remove call to memset before free device/resource/connection (git-fixes). - drbd: remove usage of list iterator variable after loop (git-fixes). - drbd: set QUEUE_FLAG_STABLE_WRITES (git-fixes). - drbd: use after free in drbd_create_device() (git-fixes). - driver core: Fix bus_type.match() error handling in __driver_attach() (git-fixes). - drivers: dio: fix possible memory leak in dio_init() (git-fixes). - drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static (git-fixes). - drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420 (git-fixes). - drm/amd/display: fix array index out of bound error in bios parser (git-fixes). - drm/amd/display: Manually adjust strobe for DCN303 (git-fixes). - drm/amd/display: prevent memory leak (git-fixes). - drm/amd/display: Use the largest vready_offset in pipe group (git-fixes). - drm/amd/pm/smu11: BACO is supported when it's in BACO state (git-fixes). - drm/amdgpu: fix pci device refcount leak (git-fixes). - drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() (git-fixes). - drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback (git-fixes). - drm/amdgpu: Fix type of second parameter in trans_msg() callback (git-fixes). - drm/amdgpu: handle polaris10/11 overlap asics (v2) (git-fixes). - drm/amdgpu: make display pinning more flexible (v2) (git-fixes). - drm/amdgpu/powerplay/psm: Fix memory leak in power state init (git-fixes). - drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle suspend (git-fixes). - drm/amdkfd: Fix memory leakage (git-fixes). - drm/bridge: adv7533: remove dynamic lane switching from adv7533 bridge (git-fixes). - drm/bridge: anx7625: Fix edid_read break case in sp_tx_edid_read() (git-fixes). - drm/bridge: ti-sn65dsi86: Fix output polarity setting bug (git-fixes). - drm/connector: send hotplug uevent on connector cleanup (git-fixes). - drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink (git-fixes). - drm/etnaviv: add missing quirks for GC300 (git-fixes). - drm/etnaviv: do not truncate physical page address (git-fixes). - drm/fourcc: Add packed 10bit YUV 4:2:0 format (git-fixes). - drm/fourcc: Fix vsub/hsub for Q410 and Q401 (git-fixes). - drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() (git-fixes). - drm/i915: Fix documentation for intel_uncore_forcewake_put__locked (git-fixes). - drm/i915: remove circ_buf.h includes (git-fixes). - drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() (git-fixes). - drm/i915/display: Do not disable DDI/Transcoder when setting phy test pattern (git-fixes). - drm/i915/dsi: fix VBT send packet port selection for dual link DSI (git-fixes). - drm/i915/gvt: fix gvt debugfs destroy (git-fixes). - drm/i915/gvt: fix vgpu debugfs clean in remove (git-fixes). - drm/i915/migrate: do not check the scratch page (git-fixes). - drm/i915/migrate: fix length calculation (git-fixes). - drm/i915/migrate: fix offset calculation (git-fixes). - drm/i915/ttm: never purge busy objects (git-fixes). - drm/imx: ipuv3-plane: Fix overlay plane width (git-fixes). - drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() (git-fixes). - drm/mediatek: Fix return type of mtk_hdmi_bridge_mode_valid() (git-fixes). - drm/mediatek: Modify dpi power on/off sequence (git-fixes). - drm/meson: Reduce the FIFO lines held when AFBC is not used (git-fixes). - drm/msm: Use drm_mode_copy() (git-fixes). - drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure (git-fixes). - drm/panfrost: Fix GEM handle creation ref-counting (git-fixes). - drm/radeon: Add the missed acpi_put_table() to fix memory leak (git-fixes). - drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() (git-fixes). - drm/rockchip: lvds: fix PM usage counter unbalance in poweron (git-fixes). - drm/rockchip: Use drm_mode_copy() (git-fixes). - drm/shmem-helper: Avoid vm_open error paths (git-fixes). - drm/shmem-helper: Remove errant put in error path (git-fixes). - drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() (git-fixes). - drm/sti: Use drm_mode_copy() (git-fixes). - drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() (git-fixes). - drm/vmwgfx: Do not use screen objects when SEV is active (git-fixes). - drm/vmwgfx: Fix a sparse warning in kernel docs (git-fixes). - drm/vmwgfx: Validate the box size for the snooped cursor (git-fixes). - Drop FIPS mode DRBG->getrandom(2) wire-up (bsc#1191259) - dt-bindings: clock: qcom,aoncc-sm8250: fix compatible (git-fixes). - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - dt-bindings: display: sun6i-dsi: Fix clock conditional (git-fixes). - dt-bindings: gpio: gpio-davinci: Increase maxItems in gpio-line-names (git-fixes). - dt-bindings: net: sun8i-emac: Add phy-supply property (git-fixes). - EDAC/mc_sysfs: Increase legacy channel support to 12 (bsc#1205263). - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - extcon: usbc-tusb320: Add support for mode setting and reset (git-fixes). - extcon: usbc-tusb320: Add support for TUSB320L (git-fixes). - extcon: usbc-tusb320: Factor out extcon into dedicated functions (git-fixes). - fbcon: Use kzalloc() in fbcon_prepare_logo() (git-fixes). - fbdev: fbcon: release buffer when fbcon_do_set_font() failed (git-fixes). - fbdev: geode: do not build on UML (git-fixes). - fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB (git-fixes). - fbdev: pm2fb: fix missing pci_disable_device() (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - fbdev: ssd1307fb: Drop optional dependency (git-fixes). - fbdev: uvesafb: do not build on UML (git-fixes). - fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (git-fixes). - fbdev: vermilion: decrease reference count in error path (git-fixes). - fbdev: via: Fix error in via_core_init() (git-fixes). - firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes). - floppy: Fix memory leak in do_floppy_init() (git-fixes). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206273). - gpio: sifive: Fix refcount leak in sifive_gpio_probe (git-fixes). - gpiolib: cdev: fix NULL-pointer dereferences (git-fixes). - gpiolib: check the 'ngpios' property in core gpiolib code (git-fixes). - gpiolib: fix memory leak in gpiochip_setup_dev() (git-fixes). - gpiolib: Get rid of redundant 'else' (git-fixes). - gpiolib: improve coding style for local variables (git-fixes). - gpiolib: make struct comments into real kernel docs (git-fixes). - hamradio: baycom_epp: Fix return type of baycom_send_packet() (git-fixes). - hamradio: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - HID: hid-sensor-custom: set fixed size for custom attributes (git-fixes). - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10 (git-fixes). - HID: mcp2221: do not connect hidraw (git-fixes). - HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint (git-fixes). - HID: plantronics: Additional PIDs for double volume key presses quirk (git-fixes). - HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk (git-fixes). - HID: usbhid: Add ALWAYS_POLL quirk for some mice (git-fixes). - HID: wacom: Ensure bootloader PID is usable in hidraw mode (git-fixes). - HSI: omap_ssi_core: Fix error handling in ssi_init() (git-fixes). - HSI: omap_ssi_core: fix possible memory leak in ssi_probe() (git-fixes). - HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() (git-fixes). - hwmon: (jc42) Convert register access and caching to regmap/regcache (git-fixes). - hwmon: (jc42) Fix missing unlock on error in jc42_write() (git-fixes). - hwmon: (jc42) Restore the min/max/critical temperatures on resume (git-fixes). - hwrng: amd - Fix PCI device refcount leak (git-fixes). - i2c: ismt: Fix an out-of-bounds bug in ismt_access() (git-fixes). - i2c: mux: reg: check return value after calling platform_get_resource() (git-fixes). - i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe (git-fixes). - IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (git-fixes) - ibmveth: Always stop tx queues during close (bsc#1065729). - iio: adc: ad_sigma_delta: do not use internal iio_dev lock (git-fixes). - iio: adc128s052: add proper .data members in adc128_of_match table (git-fixes). - iio: fix memory leak in iio_device_register_eventset() (git-fixes). - iio: temperature: ltc2983: make bulk write buffer DMA-safe (git-fixes). - ima: Fix a potential NULL pointer access in ima_restore_measurement_list (git-fixes). - Input: elants_i2c - properly handle the reset GPIO when power is off (git-fixes). - Input: joystick - fix Kconfig warning for JOYSTICK_ADC (git-fixes). - Input: wistron_btns - disable on UML (git-fixes). - integrity: Fix memory leakage in keyring allocation error path (git-fixes). - ipmi: fix long wait in unload when IPMI disconnect (git-fixes). - ipmi: fix memleak when unload ipmi driver (git-fixes). - ipmi: fix use after free in _ipmi_destroy_user() (git-fixes). - ipmi: kcs: Poll OBF briefly to reduce OBE latency (git-fixes). - ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() (git-fixes). - kABI: reintroduce a non-inline usleep_range (git-fixes). - lib/debugobjects: fix stat count and optimize debug_objects_mem_init (git-fixes). - lib/fonts: fix undefined behavior in bit shift for get_default_font (git-fixes). - mailbox: arm_mhuv2: Fix return value check in mhuv2_probe() (git-fixes). - mailbox: mpfs: read the system controller's status (git-fixes). - mailbox: zynq-ipi: fix error handling while device_register() fails (git-fixes). - media: adv748x: afe: Select input port when initializing AFE (git-fixes). - media: camss: Clean up received buffers on failed start of streaming (git-fixes). - media: dvb-core: Fix double free in dvb_register_device() (git-fixes). - media: dvb-core: Fix ignored return value in dvb_register_frontend() (git-fixes). - media: dvb-frontends: fix leak of memory fw (git-fixes). - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init() (git-fixes). - media: i2c: ad5820: Fix error path (git-fixes). - media: imon: fix a race condition in send_packet() (git-fixes). - media: saa7164: fix missing pci_disable_device() (git-fixes). - media: si470x: Fix use-after-free in si470x_int_in_callback() (git-fixes). - media: solo6x10: fix possible memory leak in solo_sysfs_init() (git-fixes). - media: stv0288: use explicitly signed char (git-fixes). - media: v4l2-ctrls: Fix off-by-one error in integer menu control check (git-fixes). - media: v4l2-dv-timings.c: fix too strict blanking sanity checks (git-fixes). - media: videobuf-dma-contig: use dma_mmap_coherent (git-fixes). - media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init() (git-fixes). - media: vimc: Fix wrong function called when vimc_init() fails (git-fixes). - media: vivid: fix compose size exceed boundary (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mfd: bd957x: Fix Kconfig dependency on REGMAP_IRQ (git-fixes). - mfd: mt6360: Add bounds checking in Regmap read/write call-backs (git-fixes). - mfd: pm8008: Fix return value check in pm8008_probe() (git-fixes). - mfd: pm8008: Remove driver data structure pm8008_data (git-fixes). - mfd: qcom_rpm: Fix an error handling path in qcom_rpm_probe() (git-fixes). - mfd: qcom_rpm: Use devm_of_platform_populate() to simplify code (git-fixes). - misc: ocxl: fix possible name leak in ocxl_file_register_afu() (git-fixes). - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (git-fixes). - mISDN: hfcmulti: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcpci: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcsusb: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). - mm/mempolicy: fix memory leak in set_mempolicy_home_node system call (bsc#1206468). - mmc: alcor: fix return value check of mmc_add_host() (git-fixes). - mmc: atmel-mci: fix return value check of mmc_add_host() (git-fixes). - mmc: core: Normalize the error handling branch in sd_read_ext_regs() (git-fixes). - mmc: f-sdh30: Add quirks for broken timeout clock capability (git-fixes). - mmc: meson-gx: fix return value check of mmc_add_host() (git-fixes). - mmc: mmci: fix return value check of mmc_add_host() (git-fixes). - mmc: moxart: fix return value check of mmc_add_host() (git-fixes). - mmc: mtk-sd: Fix missing clk_disable_unprepare in msdc_of_clock_parse() (git-fixes). - mmc: mxcmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: omap_hsmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: pxamci: fix return value check of mmc_add_host() (git-fixes). - mmc: renesas_sdhi: alway populate SCC pointer (git-fixes). - mmc: renesas_sdhi: better reset from HS400 mode (git-fixes). - mmc: rtsx_pci: fix return value check of mmc_add_host() (git-fixes). - mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K (git-fixes). - mmc: toshsd: fix return value check of mmc_add_host() (git-fixes). - mmc: via-sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (git-fixes). - mmc: wbsd: fix return value check of mmc_add_host() (git-fixes). - mmc: wmt-sdmmc: fix return value check of mmc_add_host() (git-fixes). - module: change to print useful messages from elf_validity_check() (git-fixes). - module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes). - mt76: stop the radar detector after leaving dfs channel (git-fixes). - mtd: Fix device name leak when register device failed in add_mtd_device() (git-fixes). - mtd: lpddr2_nvm: Fix possible null-ptr-deref (git-fixes). - mtd: maps: pxa2xx-flash: fix memory leak in probe (git-fixes). - mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() (git-fixes). - mtd: spi-nor: Fix the number of bytes for the dummy cycles (git-fixes). - mtd: spi-nor: hide jedec_id sysfs attribute if not present (git-fixes). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428 bsc#1206619). - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - net: usb: smsc95xx: fix external PHY reset (git-fixes). - net/mlx5: Fix mlx5_get_next_dev() peer device matching (bsc#1206536). - net/mlx5: Lag, filter non compatible devices (bsc#1206536). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - nfc: Fix potential resource leaks (git-fixes). - nfc: pn533: Clear nfc_target before being used (git-fixes). - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (git-fixes). - NFS: Handle missing attributes in OPEN reply (bsc#1203740). - nilfs2: fix shift-out-of-bounds due to too large exponent of block size (git-fixes). - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() (git-fixes). - octeontx2-af: Add PTP PPS Errata workaround on CN10K silicon (jsc#SLE-24682). - octeontx2-af: Allow mkex profile without DMAC and add L2M/L2B header extraction support (jsc#SLE-24682). - octeontx2-af: Do not reset previous pfc config (jsc#SLE-24682). - octeontx2-af: fix operand size in bitwise operation (jsc#SLE-24682). - octeontx2-af: Initialize PTP_SEC_ROLLOVER register properly (jsc#SLE-24682). - octeontx2-af: Limit link bringup time at firmware (jsc#SLE-24682). - octeontx2-af: return correct ptp timestamp for CN10K silicon (jsc#SLE-24682). - octeontx2-af: Set NIX link credits based on max LMAC (jsc#SLE-24682). - octeontx2-af: Skip CGX/RPM probe incase of zero lmac count (jsc#SLE-24682). - octeontx2-pf: Add egress PFC support (jsc#SLE-24682). - octeontx2-pf: Add support for ptp 1-step mode on CN10K silicon (jsc#SLE-24682). - octeontx2-pf: Fix lmtst ID used in aura free (jsc#SLE-24682). - octeontx2-pf: Fix pfc_alloc_status array overflow (jsc#SLE-24682). - octeontx2-pf: Fix SQE threshold checking (jsc#SLE-24682). - octeontx2-pf: Fix unused variable build error (jsc#SLE-24682). - octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (jsc#SLE-24682). - octeontx2-pf: Reduce minimum mtu size to 60 (jsc#SLE-24682). - octeontx2: Modify mbox request and response structures (jsc#SLE-24682). - padata: Fix list iterator in padata_do_serial() (git-fixes). - PCI: Check for alloc failure in pci_request_irq() (git-fixes). - PCI: dwc: Fix n_fts[] array overrun (git-fixes). - PCI: Fix pci_device_is_present() for VFs by checking PF (git-fixes). - PCI: pci-epf-test: Register notifier if only core_init_notifier is enabled (git-fixes). - PCI: vmd: Disable MSI remapping after suspend (git-fixes). - PCI/sysfs: Fix double free in error path (git-fixes). - phy: usb: s2 WoL wakeup_count not incremented for USB->Eth devices (git-fixes). - pinctrl: k210: call of_node_put() (git-fixes). - pinctrl: meditatek: Startup with the IRQs disabled (git-fixes). - pinctrl: pinconf-generic: add missing of_node_put() (git-fixes). - platform/chrome: cros_ec_typec: Cleanup switch handle return paths (git-fixes). - platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() (git-fixes). - platform/mellanox: mlxbf-pmc: Fix event typo (git-fixes). - platform/x86: huawei-wmi: fix return value calculation (git-fixes). - platform/x86: intel_scu_ipc: fix possible name leak in __intel_scu_ipc_register() (git-fixes). - platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() (git-fixes). - PM: hibernate: Fix mistake in kerneldoc comment (git-fixes). - PM: runtime: Do not call __rpm_callback() from rpm_idle() (git-fixes). - PNP: fix name memory leak in pnp_alloc_dev() (git-fixes). - power: supply: ab8500: Fix error handling in ab8500_charger_init() (git-fixes). - power: supply: fix null pointer dereferencing in power_supply_get_battery_info (git-fixes). - power: supply: fix residue sysfs file in error handle route of __power_supply_register() (git-fixes). - power: supply: z2_battery: Fix possible memleak in z2_batt_probe() (git-fixes). - powerpc: export the CPU node count (bsc#1207016 ltc#201108). - powerpc: Take in account addition CPU node when building kexec FDT (bsc#1207016 ltc#201108). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - proc: fixup uptime selftest (git-fixes). - pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes). - pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES (git-fixes). - pstore: Properly assign mem_type property (git-fixes). - pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion (git-fixes). - pstore/ram: Fix error return code in ramoops_probe() (git-fixes). - pstore/zone: Use GFP_ATOMIC to allocate zone buffer (git-fixes). - pwm: lpc18xx-sct: Fix a comment to match code (git-fixes). - pwm: mediatek: always use bus clock for PWM on MT7622 (git-fixes). - pwm: sifive: Call pwm_sifive_update_clock() while mutex is held (git-fixes). - pwm: tegra: Improve required rate calculation (git-fixes). - r6040: Fix kmemleak in probe and remove (git-fixes). - random: allow partial reads if later user copies fail (bsc#1204911). - random: check for signals every PAGE_SIZE chunk of /dev/random (bsc#1204911). - random: convert to using fops->read_iter() (bsc#1204911). - random: convert to using fops->write_iter() (bsc#1204911). - random: remove outdated INT_MAX >> 6 check in urandom_read() (bsc#1204911). - random: zero buffer after reading entropy from userspace (bsc#1204911). - RDMA: Disable IB HW for UML (git-fixes) - RDMA/core: Fix order of nldev_exit call (git-fixes) - RDMA/core: Make sure 'ib_port' is valid when access sysfs node (git-fixes) - RDMA/efa: Add EFA 0xefa2 PCI ID (git-fixes) - RDMA/hfi: Decrease PCI device reference count in error path (git-fixes) - RDMA/hfi1: Fix error return code in parse_platform_config() (git-fixes) - RDMA/hns: Fix AH attr queried by query_qp (git-fixes) - RDMA/hns: Fix error code of CMD (git-fixes) - RDMA/hns: Fix ext_sge num error when post send (git-fixes) - RDMA/hns: fix memory leak in hns_roce_alloc_mr() (git-fixes) - RDMA/hns: Fix page size cap from firmware (git-fixes) - RDMA/hns: Fix PBL page MTR find (git-fixes) - RDMA/hns: Fix XRC caps on HIP08 (git-fixes) - RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data() (git-fixes) - RDMA/irdma: Do not request 2-level PBLEs for CQ alloc (git-fixes) - RDMA/irdma: Initialize net_type before checking it (git-fixes) - RDMA/irdma: Report the correct link speed (git-fixes) - RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() (git-fixes) - RDMA/nldev: Fix failure to send large messages (git-fixes) - RDMA/nldev: Return '-EAGAIN' if the cm_id isn't from expected port (git-fixes) - RDMA/restrack: Release MR restrack when delete (git-fixes) - RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (git-fixes) - RDMA/siw: Fix immediate work request flush to completion queue (git-fixes) - RDMA/siw: Fix pointer cast warning (git-fixes) - RDMA/siw: Set defined status for work completion with undefined status (git-fixes) - RDMA/srp: Fix error return code in srp_parse_options() (git-fixes) - regulator: bd718x7: Drop unnecessary info print (git-fixes). - regulator: core: fix deadlock on regulator enable (git-fixes). - regulator: core: fix module refcount leak in set_supply() (git-fixes). - regulator: core: fix resource leak in regulator_register() (git-fixes). - regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() (git-fixes). - regulator: core: fix use_count leakage when handling boot-on (git-fixes). - regulator: core: use kfree_const() to free space conditionally (git-fixes). - regulator: qcom-labibb: Fix missing of_node_put() in qcom_labibb_regulator_probe() (git-fixes). - regulator: qcom-rpmh: Fix PMR735a S3 regulator spec (git-fixes). - regulator: slg51000: Wait after asserting CS pin (git-fixes). - regulator: twl6030: fix get status of twl6032 regulators (git-fixes). - remoteproc: core: Do pm_relax when in RPROC_OFFLINE state (git-fixes). - remoteproc: qcom_q6v5_pas: detach power domains on remove (git-fixes). - remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or remove (git-fixes). - remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() (git-fixes). - remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare() in q6v5_wcss_qcs404_power_on() (git-fixes). - remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() (git-fixes). - remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() (git-fixes). - rtc: cmos: fix build on non-ACPI platforms (git-fixes). - rtc: cmos: Fix event handler registration ordering issue (git-fixes). - rtc: cmos: Fix wake alarm breakage (git-fixes). - rtc: ds1347: fix value written to century register (git-fixes). - rtc: mxc_v2: Add missing clk_disable_unprepare() (git-fixes). - rtc: pcf85063: fix pcf85063_clkout_control (gut-fixes). - rtc: pcf85063: Fix reading alarm (git-fixes). - rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe() (git-fixes). - rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 (git-fixes). - rtc: snvs: Allow a time difference on clock register read (git-fixes). - rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() (git-fixes). - rtmutex: Add acquire semantics for rtmutex lock acquisition slow path (bnc#1203829). - s390/boot: add secure boot trailer (bsc#1205257 LTC#200451). - sbitmap: fix lockup while swapping (bsc#1206602). - sched/core: Fix comparison in sched_group_cookie_match() (git-fixes) - sched/core: Fix the bug that task won't enqueue into core (git-fixes) - sched/topology: Remove redundant variable and fix incorrect (git-fixes) - sched/uclamp: Fix relationship between uclamp and migration (git-fixes) - sched/uclamp: Make task_fits_capacity() use util_fits_cpu() (git-fixes) - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map() (git-fixes). - scsi: core: Fix scsi_mode_sense() buffer length handling (git-fixes). - scsi: core: Reallocate device's budget map on queue depth change (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: hisi_sas: Free irq vectors in order for v3 HW (git-fixes). - scsi: hisi_sas: Limit max hw sectors for v3 HW (git-fixes). - scsi: hisi_sas: Use managed PCI functions (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: iscsi: Add recv workqueue helpers (git-fixes). - scsi: iscsi: Fix harmless double shift bug (git-fixes). - scsi: iscsi: Fix possible memory leak when device_register() failed (git-fixes). - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (git-fixes). - scsi: iscsi: kabi: add iscsi_conn_queue_work back (git-fixes). - scsi: iscsi: kabi: fix libiscsi new field (git-fixes). - scsi: iscsi: Merge suspend fields (git-fixes). - scsi: iscsi: Rename iscsi_conn_queue_work() (git-fixes). - scsi: iscsi: Run recv path from workqueue (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). - scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). - scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). - scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). - scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). - scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). - scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). - scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: mpi3mr: Fix memory leaks (git-fixes). - scsi: mpi3mr: Fix reporting of actual data transfer size (git-fixes). - scsi: mpi3mr: Fixes around reply request queues (git-fixes). - scsi: mpt3sas: Do not change DMA mask while reallocating pools (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Fail reset operation if config request timed out (git-fixes). - scsi: mpt3sas: Fix out-of-bounds compiler warning (git-fixes). - scsi: mpt3sas: re-do lost mpt3sas DMA mask fix (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Remove usage of dma_get_required_mask() API (bsc#1206912,bsc#1206098). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: ncr53c8xx: Remove unused retrieve_from_waiting_list() function (git-fixes). - scsi: pm8001: Fix bogus FW crash for maxcpus=1 (git-fixes). - scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm8001: Fix pm80xx_pci_mem_copy() interface (git-fixes). - scsi: pm8001: Fix tag leaks on error (git-fixes). - scsi: pm8001: Fix task leak in pm8001_send_abort_all() (git-fixes). - scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (git-fixes). - scsi: pm8001: Fix use-after-free for aborted TMF sas_task (git-fixes). - scsi: pm80xx: Fix double completion for SATA devices (git-fixes). - scsi: pm80xx: Fix memory leak during rmmod (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Add stag_work to all the vports (git-fixes). - scsi: qedf: Change context reset messages to ratelimited (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() (git-fixes). - scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC (git-fixes). - scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (git-fixes). - scsi: smartpqi: Fix kdump issue when controller is locked up (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: ufs: core: Fix ufshcd_probe_hba() prototype to match the definition (git-fixes). - scsi: ufs: Fix a kernel crash during shutdown (git-fixes). - scsi: ufs: Treat link loss as fatal error (git-fixes). - scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup() (git-fixes). - scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode() (git-fixes). - scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - sctp: sysctl: make extra pointers netns aware (bsc#1204760). - selftests: devlink: fix the fd redirect in dummy_reporter_test (git-fixes). - selftests: set the BUILD variable to absolute path (git-fixes). - selftests: Use optional USERCFLAGS and USERLDFLAGS (git-fixes). - selftests/efivarfs: Add checking of the test return value (git-fixes). - selftests/ftrace: event_triggers: wait longer for test_event_enable (git-fixes). - selftests/powerpc: Fix resource leaks (git-fixes). - serial: 8250_bcm7271: Fix error handling in brcmuart_init() (git-fixes). - serial: amba-pl011: avoid SBSA UART accessing DMACR register (git-fixes). - serial: pch: Fix PCI device refcount leak in pch_request_dma() (git-fixes). - serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle (git-fixes). - serial: stm32: move dma_request_chan() before clk_prepare_enable() (git-fixes). - serial: sunsab: Fix error handling in sunsab_init() (git-fixes). - serial: tegra: Read DMA status before terminating (git-fixes). - soc: mediatek: pm-domains: Fix the power glitch issue (git-fixes). - soc: qcom: llcc: make irq truly optional (git-fixes). - soc: qcom: Select REMAP_MMIO for LLCC driver (git-fixes). - soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe (git-fixes). - soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe (git-fixes). - soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 (git-fixes). - spi: spi-gpio: Do not set MOSI as an input if not 3WIRE mode (git-fixes). - spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE (git-fixes). - spi: Update reference to struct spi_controller (git-fixes). - staging: media: tegra-video: fix chan->mipi value on error (git-fixes). - staging: media: tegra-video: fix device_node use after free (git-fixes). - staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() (git-fixes). - staging: rtl8192u: Fix use after free in ieee80211_rx() (git-fixes). - string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). - test_firmware: fix memory leak in test_firmware_init() (git-fixes). - thermal: core: fix some possible name leaks in error paths (git-fixes). - thermal: int340x: Add missing attribute for data rate base (git-fixes). - thermal/drivers/imx8mm_thermal: Validate temperature range (git-fixes). - thermal/drivers/qcom/temp-alarm: Fix inaccurate warning for gen2 (git-fixes). - timers: implement usleep_idle_range() (git-fixes). - tpm: acpi: Call acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (git-fixes). - tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init() (git-fixes). - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - tracing: Free buffers when a used dynamic event is removed (git-fixes). - tracing/doc: Fix typos on the timerlat tracer documentation (git-fixes). - tracing/osnoise: Fix duration type (git-fixes). - tty: serial: altera_uart_{r,t}x_chars() need only uart_port (git-fixes). - tty: serial: clean up stop-tx part in altera_uart_tx_chars() (git-fixes). - uio: uio_dmem_genirq: Fix deadlock between irq config and handling (git-fixes). - uio: uio_dmem_genirq: Fix missing unlock in irq configuration (git-fixes). - units: Add SI metric prefix definitions (git-fixes). - units: add the HZ macros (git-fixes). - usb: cdnsp: fix lack of ZLP for ep0 (git-fixes). - usb: dwc3: core: defer probe on ulpi_read_id timeout (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes). - usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer (git-fixes). - usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system for Raptor Lake (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup (git-fixes). - usb: gadget: uvc: Prevent buffer overflow in setup handler (git-fixes). - usb: gadget: uvc: Rename bmInterfaceFlags -> bmInterlaceFlags (git-fixes). - usb: rndis_host: Secure rndis_query check against int overflow (git-fixes). - usb: roles: fix of node refcount leak in usb_role_switch_is_parent() (git-fixes). - usb: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes). - usb: serial: f81232: fix division by zero on line-speed change (git-fixes). - usb: serial: f81534: fix division by zero on line-speed change (git-fixes). - usb: serial: option: add Quectel EM05-G modem (git-fixes). - usb: storage: Add check for kcalloc (git-fixes). - usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (git-fixes). - usb: typec: Factor out non-PD fwnode properties (git-fixes). - usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() (git-fixes). - usb: typec: tipd: Cleanup resources if devm_tps6598_psy_register fails (git-fixes). - usb: typec: tipd: Fix spurious fwnode_handle_put in error path (git-fixes). - usb: ulpi: defer ulpi_register on ulpi_read_id timeout (git-fixes). - usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq (git-fixes). - vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() (git-fixes). - vdpa_sim: fix vringh initialization in vdpasim_queue_ready() (git-fixes). - vfio: platform: Do not pass return buffer to ACPI _RST method (git-fixes). - vhost: fix range used in translate_desc() (git-fixes). - vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes). - vmxnet3: correctly report csum_level for encapsulated packet (git-fixes). - vringh: fix range used in iotlb_translate() (git-fixes). - vsock: Enable y2038 safe timeval for timeout (bsc#1206101). - vsock: Refactor vsock_*_getsockopt to resemble sock_getsockopt (bsc#1206101). - wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (git-fixes). - wifi: ath10k: Fix return value in ath10k_pci_init() (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() (git-fixes). - wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() (git-fixes). - wifi: ath9k: verify the expected usb_endpoints are present (git-fixes). - wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() (git-fixes). - wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (git-fixes). - wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails (git-fixes). - wifi: iwlwifi: mvm: fix double free on tx path (git-fixes). - wifi: mac80211: fix memory leak in ieee80211_if_add() (git-fixes). - wifi: mt76: do not run mt76u_status_worker if the device is not running (git-fixes). - wifi: mt76: fix coverity overrun-call in mt76_get_txpower() (git-fixes). - wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port (git-fixes). - wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h (git-fixes). - wifi: rtl8xxxu: Fix the channel width reporting (git-fixes). - wifi: rtl8xxxu: gen2: Turn on the rate control (git-fixes). - wifi: rtw89: fix physts IE page check (git-fixes). - wifi: rtw89: Fix some error handling path in rtw89_core_sta_assoc() (git-fixes). - wifi: rtw89: use u32_encode_bits() to fill MAC quota value (git-fixes). - wifi: wilc1000: sdio: fix module autoloading (git-fixes). - xfrm: Fix oops in __xfrm_state_delete() (bsc#1206794). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:159-1 Released: Thu Jan 26 18:21:56 2023 Summary: Security update for python-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:160-1 Released: Thu Jan 26 18:22:30 2023 Summary: Security update for samba Type: security Severity: important References: 1200102,1201490,1201492,1201493,1201495,1201496,1201689,1204254,1205126,1205385,1205386,1206504,1206546,CVE-2021-20251,CVE-2022-2031,CVE-2022-32742,CVE-2022-32744,CVE-2022-32745,CVE-2022-32746,CVE-2022-3437,CVE-2022-37966,CVE-2022-37967,CVE-2022-38023,CVE-2022-42898 This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). - Updated to version 4.15.13: - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation (bsc#1205385). - CVE-2022-37967: Fixed a potential privilege escalation issue via constrained delegation due to weak a cryptographic algorithm being selected (bsc#1205386). - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel (bsc#1206504). - Updated to version 4.15.12: - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on 32-bit systems (bsc#1205126). - Updated to version 4.15.11: - CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3() (bsc#1204254). - Updated to version 4.15.10: - Fixed a potential crash due to a concurrency issue (bsc#1200102). - Updated to version 4.15.9: - CVE-2022-32742: Fixed an information leak that could be triggered via SMB1 (bsc#1201496). - CVE-2022-32746: Fixed a memory corruption issue in database audit logging (bsc#1201490). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32745: Fixed a remote server crash that could be triggered with certain LDAP requests (bsc#1201492). - CVE-2022-32744: Fixed an issue where AD users could have forged password change requests on behalf of other users (bsc#1201493). Other fixes: - Fixed a problem when using bind as samba-ad-dc backend related to the named service (bsc#1201689). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:169-1 Released: Thu Jan 26 18:29:53 2023 Summary: Security update for xen Type: security Severity: important References: 1027519,1205209,CVE-2022-23824 This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative execution issues (bnc#1205209). Non-security fixes: - Updated to version 4.16.3 (bsc#1027519). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:175-1 Released: Thu Jan 26 20:53:51 2023 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1207183,1207346 This update for gnutls fixes the following issues: - FIPS: Added GnuTLS DH/ECDH pairwise consistency check for public key regeneration [bsc#1207183] - FIPS: Change all the 140-2 references to FIPS 140-3 in order to account for the new FIPS certification [bsc#1207346] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:179-1 Released: Thu Jan 26 21:54:30 2023 Summary: Recommended update for tar Type: recommended Severity: low References: 1202436 This update for tar fixes the following issue: - Fix hang when unpacking test tarball (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:211-1 Released: Mon Jan 30 17:26:10 2023 Summary: Security update for vim Type: security Severity: moderate References: 1206866,1206867,1206868,1207162,1207396,CVE-2023-0049,CVE-2023-0051,CVE-2023-0054,CVE-2023-0288,CVE-2023-0433 This update for vim fixes the following issues: - Updated to version 9.0.1234: - CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash (bsc#1207396). - CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash (bsc#1207162). - CVE-2023-0054: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1206868). - CVE-2023-0051: Fixed an out of bounds memory access that could cause a crash (bsc#1206867). - CVE-2023-0049: Fixed an out of bounds memory access that could cause a crash (bsc#1206866). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:334-1 Released: Thu Feb 9 13:49:43 2023 Summary: Recommended update for google-osconfig-agent Type: recommended Severity: moderate References: This update for google-osconfig-agent fixes the following issues: - Provide the latest version for SLE-15-SP4 too. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:341-1 Released: Fri Feb 10 10:04:35 2023 Summary: Security update for bind Type: security Severity: important References: 1207471,1207473,1207475,CVE-2022-3094,CVE-2022-3736,CVE-2022-3924 This update for bind fixes the following issues: - Updated to version 9.16.37 (jsc#SLE-24600): - CVE-2022-3094: Fixed an issue where a message flood could exhaust all available memory (bsc#1207471). - CVE-2022-3736: Fixed a potential crash upon receiving an RRSIG in configurations with stale cache and stale answers enabled and stale-answer-client-timeout set to a positive value (bsc#1207473). - CVE-2022-3924: Fixed a potential crash upon reaching the recursive-clients soft quota in configurations with stale answers enabled and stale-answer-client-timeout set to a positive value (bsc#1207475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:348-1 Released: Fri Feb 10 15:08:41 2023 Summary: Security update for less Type: security Severity: moderate References: 1207815,CVE-2022-46663 This update for less fixes the following issues: - CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:349-1 Released: Fri Feb 10 15:09:03 2023 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1204294 This update for hwinfo fixes the following issues: - Create Xen usb controller device if necessary. (bsc#1204294) The following package changes have been done: - bind-utils-9.16.37-150400.5.17.1 updated - google-osconfig-agent-20220801.00-150000.1.24.1 updated - hwinfo-21.84-150400.3.9.1 updated - kernel-default-5.14.21-150400.24.41.1 updated - less-590-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libgnutls30-3.7.3-150400.4.24.1 updated - libmount1-2.37.2-150400.8.14.1 updated - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libsystemd0-249.14-150400.8.19.1 updated - libudev1-249.14-150400.8.19.1 updated - libuuid1-2.37.2-150400.8.14.1 updated - libz1-1.2.11-150000.3.39.1 updated - openssl-1_1-1.1.1l-150400.7.22.1 updated - procps-3.3.15-150000.7.28.1 updated - python3-bind-9.16.37-150400.5.17.1 updated - python3-setuptools-44.1.1-150400.3.3.1 updated - samba-client-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 updated - samba-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 added - sudo-1.9.9-150400.4.12.1 updated - systemd-sysvinit-249.14-150400.8.19.1 updated - systemd-249.14-150400.8.19.1 updated - tar-1.34-150000.3.26.1 updated - udev-249.14-150400.8.19.1 updated - util-linux-systemd-2.37.2-150400.8.14.1 updated - util-linux-2.37.2-150400.8.14.1 updated - vim-data-common-9.0.1234-150000.5.34.1 updated - vim-9.0.1234-150000.5.34.1 updated - xen-libs-4.16.3_02-150400.4.19.1 updated From sle-updates at lists.suse.com Mon Feb 13 11:20:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2023 12:20:16 +0100 (CET) Subject: SUSE-SU-2023:0387-1: important: Security update for xrdp Message-ID: <20230213112016.695D2FCC9@maintenance.suse.de> SUSE Security Update: Security update for xrdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0387-1 Rating: important References: #1206300 #1206303 #1206306 #1206307 #1206310 #1206311 #1206312 Cross-References: CVE-2022-23468 CVE-2022-23479 CVE-2022-23480 CVE-2022-23481 CVE-2022-23482 CVE-2022-23483 CVE-2022-23484 CVSS scores: CVE-2022-23468 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23468 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2022-23479 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23479 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23480 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23480 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23481 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-23481 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23482 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-23482 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23483 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-23483 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23484 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23484 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for xrdp fixes the following issues: - CVE-2022-23468: Fixed a buffer overflow in xrdp_login_wnd_create() (bsc#1206300). - CVE-2022-23479: Fixed a buffer overflow in xrdp_mm_chan_data_in() (bsc#1206303). - CVE-2022-23480: Fixed a buffer overflow in devredir_proc_client_devlist_announce_req() (bsc#1206306). - CVE-2022-23481: Fixed an out of bound read in xrdp_caps_process_confirm_active() (bsc#1206307). - CVE-2022-23482: Fixed an out of bound read in xrdp_sec_process_mcs_data_CS_CORE() (bsc#1206310). - CVE-2022-23483: Fixed an out of bound read in libxrdp_send_to_channel() (bsc#1206311). - CVE-2022-23484: Fixed a integer overflow in xrdp_mm_process_rail_update_window_text() (bsc#1206312). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-387=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xrdp-0.9.0~git.1456906198.f422461-16.23.2 xrdp-debuginfo-0.9.0~git.1456906198.f422461-16.23.2 xrdp-debugsource-0.9.0~git.1456906198.f422461-16.23.2 References: https://www.suse.com/security/cve/CVE-2022-23468.html https://www.suse.com/security/cve/CVE-2022-23479.html https://www.suse.com/security/cve/CVE-2022-23480.html https://www.suse.com/security/cve/CVE-2022-23481.html https://www.suse.com/security/cve/CVE-2022-23482.html https://www.suse.com/security/cve/CVE-2022-23483.html https://www.suse.com/security/cve/CVE-2022-23484.html https://bugzilla.suse.com/1206300 https://bugzilla.suse.com/1206303 https://bugzilla.suse.com/1206306 https://bugzilla.suse.com/1206307 https://bugzilla.suse.com/1206310 https://bugzilla.suse.com/1206311 https://bugzilla.suse.com/1206312 From sle-updates at lists.suse.com Mon Feb 13 14:19:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2023 15:19:11 +0100 (CET) Subject: SUSE-SU-2023:0391-1: important: Security update for postgresql13 Message-ID: <20230213141911.438D3F46D@maintenance.suse.de> SUSE Security Update: Security update for postgresql13 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0391-1 Rating: important References: #1208102 Cross-References: CVE-2022-41862 CVSS scores: CVE-2022-41862 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql13 fixes the following issues: Update to 13.10: - CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-391=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-391=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql13-debugsource-13.10-3.30.1 postgresql13-devel-13.10-3.30.1 postgresql13-devel-debuginfo-13.10-3.30.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): postgresql13-server-devel-13.10-3.30.1 postgresql13-server-devel-debuginfo-13.10-3.30.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql13-13.10-3.30.1 postgresql13-contrib-13.10-3.30.1 postgresql13-contrib-debuginfo-13.10-3.30.1 postgresql13-debuginfo-13.10-3.30.1 postgresql13-debugsource-13.10-3.30.1 postgresql13-plperl-13.10-3.30.1 postgresql13-plperl-debuginfo-13.10-3.30.1 postgresql13-plpython-13.10-3.30.1 postgresql13-plpython-debuginfo-13.10-3.30.1 postgresql13-pltcl-13.10-3.30.1 postgresql13-pltcl-debuginfo-13.10-3.30.1 postgresql13-server-13.10-3.30.1 postgresql13-server-debuginfo-13.10-3.30.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql13-docs-13.10-3.30.1 References: https://www.suse.com/security/cve/CVE-2022-41862.html https://bugzilla.suse.com/1208102 From sle-updates at lists.suse.com Mon Feb 13 14:19:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2023 15:19:56 +0100 (CET) Subject: SUSE-SU-2023:0394-1: important: Security update for the Linux Kernel Message-ID: <20230213141956.7F300F46D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0394-1 Rating: important References: #1185861 #1185863 #1186449 #1191256 #1192868 #1193629 #1194869 #1195175 #1195655 #1196058 #1199701 #1204063 #1204356 #1204662 #1205495 #1206006 #1206036 #1206056 #1206057 #1206258 #1206363 #1206459 #1206616 #1206677 #1206784 #1207010 #1207034 #1207134 #1207149 #1207158 #1207184 #1207186 #1207190 #1207237 #1207263 #1207269 #1207497 #1207500 #1207501 #1207506 #1207507 #1207734 #1207769 #1207842 #1207878 #1207933 SLE-21132 SLE-24682 Cross-References: CVE-2020-24588 CVE-2022-4382 CVE-2022-47929 CVE-2023-0179 CVE-2023-0266 CVSS scores: CVE-2020-24588 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2020-24588 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-4382 (NVD) : 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4382 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-47929 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-47929 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2023-0179 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-0266 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-0266 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 5 vulnerabilities, contains two features and has 41 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 AZURE kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). - CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237). - CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race condition among the superblock operations inside the gadgetfs code (bsc#1206258). - CVE-2020-24588: Fixed injection of arbitrary network packets against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n) (bsc#1199701). The following non-security bugs were fixed: - ACPI: EC: Fix EC address space handler unregistration (bsc#1207149). - ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149). - ACPI: PRM: Check whether EFI runtime is available (git-fixes). - ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149). - ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149). - ALSA: control-led: use strscpy in set_led_id() (git-fixes). - ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (git-fixes). - ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (git-fixes). - ALSA: hda/realtek - Turn on power early (git-fixes). - ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes). - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes). - ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle (git-fixes). - ALSA: hda: cs35l41: Do not return -EINVAL from system suspend/resume (git-fixes). - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (git-fixes). - ALSA: usb-audio: Make sure to stop endpoints before closing EPs (git-fixes). - ALSA: usb-audio: Relax hw constraints for implicit fb sync (git-fixes). - ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (git-fixes). - ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (git-fixes). - ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes). - ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes). - ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes). - ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes). - ARM: imx: add missing of_node_put() (git-fixes). - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes). - ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes). - ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes). - ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes). - ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes). - ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (git-fixes). - ASoC: wm8904: fix wrong outputs volume after power reactivation (git-fixes). - Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (git-fixes). - Bluetooth: hci_qca: Fix driver shutdown on closed serdev (git-fixes). - Documentation: Remove bogus claim about del_timer_sync() (git-fixes). - HID: betop: check shape of output reports (git-fixes). - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: check empty report_list in bigben_probe() (git-fixes). - HID: check empty report_list in hid_validate_values() (git-fixes). - HID: drop assumptions on non-empty lists (git-fixes, bsc#1206784). - HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes). - HID: playstation: sanity check DualSense calibration data (git-fixes). - HID: revert CHERRY_MOUSE_000C quirk (git-fixes). - IB/hfi1: Fix expected receive setup error exit issues (git-fixes) - IB/hfi1: Immediately remove invalid memory from hardware (git-fixes) - IB/hfi1: Reject a zero-length user expected buffer (git-fixes) - IB/hfi1: Remove user expected buffer invalidate race (git-fixes) - IB/hfi1: Reserve user expected TIDs (git-fixes) - IB/mad: Do not call to function that might sleep while in atomic context (git-fixes). - KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init() (bsc#1206616). - PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP (bsc#1207269). - PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (git-fixes). - RDMA/core: Fix ib block iterator counter overflow (bsc#1207878). - RDMA/core: Fix ib block iterator counter overflow (git-fixes) - RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes) - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes) - RDMA/rxe: Prevent faulty rkey generation (git-fixes) - RDMA/srp: Move large values to a new enum for gcc13 (git-fixes) - Revert "ARM: dts: armada-38x: Fix compatible string for gpios" (git-fixes). - Revert "ARM: dts: armada-39x: Fix compatible string for gpios" (git-fixes). - Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode" (git-fixes). - Revert "Revert "block, bfq: honor already-setup queue merges"" (git-fixes). - Revert "arm64: dts: meson-sm1-odroid-hc4: disable unused USB PHY0" (git-fixes). - Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" (git-fixes). - SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes). - USB: gadget: Fix use-after-free during usb config switch (git-fixes). - USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes). - USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes). - USB: serial: option: add Quectel EC200U modem (git-fixes). - USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes). - USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes). - USB: serial: option: add Quectel EM05CN modem (git-fixes). - VMCI: Use threaded irqs instead of tasklets (git-fixes). - arm64: atomics: format whitespace consistently (git-fixes). - arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes). - arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (git-fixes). - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes). - arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes). - arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes). - arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes). - arm64: dts: qcom: msm8992: Do not use sfpb mutex (git-fixes). - arm64: efi: Execute runtime services from a dedicated stack (git-fixes). - ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes). - ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - bfq: fix use-after-free in bfq_dispatch_request (git-fixes). - bfq: fix waker_bfqq inconsistency crash (git-fixes). - blk-throttle: prevent overflow while calculating wait time (git-fixes). - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - block, bfq: do not move oom_bfqq (git-fixes). - block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes). - block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes). - block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes). - block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes). - block/bfq_wf2q: correct weight to ioprio (git-fixes). - block/bio: remove duplicate append pages code (git-fixes). - block: check minor range in device_add_disk() (git-fixes). - block: ensure iov_iter advances for added pages (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes). - block: use bdev_get_queue() in bio.c (git-fixes). - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (git-fixes). - bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes). - bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes). - bnxt_en: add dynamic debug support for HWRM messages (git-fixes). - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git-fixes). - bnxt_en: fix the handling of PCIE-AER (git-fixes). - bnxt_en: refactor bnxt_cancel_reservations() (git-fixes). - btrfs: add helper to delete a dir entry from a log tree (bsc#1207263). - btrfs: avoid inode logging during rename and link when possible (bsc#1207263). - btrfs: avoid logging all directory changes during renames (bsc#1207263). - btrfs: backport recent fixes for send/receive into SLE15 SP4/SP5 (bsc#1206036 bsc#1207500 ltc#201363). - btrfs: do not log unnecessary boundary keys when logging directory (bsc#1207263). - btrfs: fix assertion failure when logging directory key range item (bsc#1207263). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056 bsc#1207507 ltc#201367). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057 bsc#1207506 ltc#201368). - btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158). - btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158). - btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes). - btrfs: join running log transaction when logging new name (bsc#1207263). - btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158). - btrfs: pass the dentry to btrfs_log_new_name() instead of the inode (bsc#1207263). - btrfs: prepare extents to be logged before locking a log tree path (bsc#1207263). - btrfs: put initial index value of a directory in a constant (bsc#1207263). - btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158). - btrfs: qgroup: remove outdated TODO comments (bsc#1207158). - btrfs: remove unnecessary NULL check for the new inode during rename exchange (bsc#1207263). - btrfs: remove useless path release in the fast fsync path (bsc#1207263). - btrfs: remove write and wait of struct walk_control (bsc#1207263). - btrfs: stop copying old dir items when logging a directory (bsc#1207263). - btrfs: stop doing unnecessary log updates during a rename (bsc#1207263). - btrfs: stop trying to log subdirectories created in past transactions (bsc#1207263). - btrfs: use single variable to track return value at btrfs_log_inode() (bsc#1207263). - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes). - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes). - cifs: Fix uninitialized memory read for smb311 posix symlink create (git-fixes). - cifs: do not query ifaces on smb1 mounts (git-fixes). - cifs: fix double free on failed kerberos auth (git-fixes). - cifs: fix file info setting in cifs_open_file() (git-fixes). - cifs: fix file info setting in cifs_query_path_info() (git-fixes). - cifs: fix potential memory leaks in session setup (bsc#1193629). - cifs: fix race in assemble_neg_contexts() (bsc#1193629). - cifs: ignore ipc reconnect failures during dfs failover (bsc#1193629). - cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1193629). - cifs: remove redundant assignment to the variable match (bsc#1193629). - comedi: adv_pci1760: Fix PWM instruction handling (git-fixes). - config: arm64: Fix Freescale LPUART dependency (boo#1204063). - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes). - cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes). - crypto: fixed DH and ECDH implemention for FIPS PCT (jsc#SLE-21132,bsc#1191256,bsc#1207184). - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: clear the journal on suspend (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix alloc_dax error handling in alloc_dev (git-fixes). - dm: requeue IO if mapping table not yet available (git-fixes). - dmaengine: Fix double increment of client_count in dma_chan_get() (git-fixes). - dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable (git-fixes). - dmaengine: idxd: Let probe fail when workqueue cannot be enabled (git-fixes). - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-fixes). - dmaengine: lgm: Move DT parsing after initialization (git-fixes). - dmaengine: tegra210-adma: fix global intr clear (git-fixes). - dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG (git-fixes). - dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (git-fixes). - docs: Fix the docs build with Sphinx 6.0 (git-fixes). - driver core: Fix test_async_probe_init saves device in wrong array (git-fixes). - drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - drm/amd/display: Calculate output_color_space after pixel encoding adjustment (git-fixes). - drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (git-fixes). - drm/amd/display: Fix set scaling doesn's work (git-fixes). - drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734). - drm/amd/display: fix issues with driver unload (git-fixes). - drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes). - drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes). - drm/amdgpu: drop experimental flag on aldebaran (git-fixes). - drm/hyperv: Add error message for fb size greater than allocated (git-fixes). - drm/i915/adlp: Fix typo for reference clock (git-fixes). - drm/i915/display: Check source height is > 0 (git-fixes). - drm/i915/gt: Reset twice (git-fixes). - drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-fixes). - drm/i915: Fix potential bit_17 double-free (git-fixes). - drm/i915: re-disable RC6p on Sandy Bridge (git-fixes). - drm/msm/adreno: Make adreno quirks not overwrite each other (git-fixes). - drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer (git-fixes). - drm/msm: another fix for the headless Adreno GPU (git-fixes). - drm/panfrost: fix GENERIC_ATOMIC64 dependency (git-fixes). - drm/vc4: hdmi: make CEC adapter name unique (git-fixes). - drm/virtio: Fix GEM handle creation UAF (git-fixes). - drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes). - dt-bindings: msm/dsi: Do not require vcca-supply on 14nm PHY (git-fixes). - dt-bindings: msm/dsi: Do not require vdds-supply on 10nm PHY (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix description of core clock (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (git-fixes). - dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (git-fixes). - efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes). - efi: fix userspace infinite retry read efivars after EFI runtime services page fault (git-fixes). - efi: rt-wrapper: Add missing include (git-fixes). - efi: tpm: Avoid READ_ONCE() for accessing the event log (git-fixes). - ext4: Fixup pages without buffers (bsc#1205495). - extcon: usbc-tusb320: fix kernel-doc warning (git-fixes). - fbcon: Check font dimension limits (git-fixes). - fbdev: omapfb: avoid stack overflow warning (git-fixes). - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_notification (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_response (git-fixes). - fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-fixes). - fs: remove __sync_filesystem (git-fixes). - ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes). - ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes). - git_sort: add usb-linus branch for gregkh/usb - gsmi: fix null-deref in gsmi_get_variable (git-fixes). - hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes). - i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes). - i2c: mv64xxx: Remove shutdown method from driver (git-fixes). - i40e: Disallow ip4 and ip6 l4_4_bytes (git-fixes). - i40e: Fix error handling in i40e_init_module() (git-fixes). - i40e: Fix not setting default xps_cpus after reset (git-fixes). - igb: Allocate MSI-X vector when testing (git-fixes). - iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes). - iio: adc: stm32-dfsdm: fill module aliases (git-fixes). - iio: hid: fix the retval in accel_3d_capture_sample (git-fixes). - iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes). - iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes). - iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes). - iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes). - iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes). - iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes). - iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes). - iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes). - iio:adc:twl6030: Enable measurement of VAC (git-fixes). - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes). - ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459). - ipmi:ssif: Increase the message retry time (bsc#1206459). - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (git-fixes). - ixgbevf: Fix resource leak in ixgbevf_init_module() (git-fixes). - jbd2: use the correct print format (git-fixes). - kABI workaround for struct acpi_ec (bsc#1207149). - kABI: Preserve TRACE_EVENT_FL values (git-fixes). - kabi/severities: add mlx5 internal symbols - l2tp: Do not sleep and disable BH under writer-side sk_callback_lock (git-fixes). - loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - mei: me: add meteor lake point M DID (git-fixes). - memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (git-fixes). - memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (git-fixes). - memory: tegra: Remove clients SID override programming (git-fixes). - misc: fastrpc: Do not remove map on creater_process and device_release (git-fixes). - misc: fastrpc: Fix use-after-free race condition for maps (git-fixes). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - mm: compaction: kABI: avoid pglist_data kABI breakage (bsc#1207010). - mm: compaction: support triggering of proactive compaction by user (bsc#1207010). - mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (git-fixes). - mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (git-fixes). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes). - mt76: mt7921: avoid unnecessary spin_lock/spin_unlock in mt7921_mcu_tx_done_event (git-fixes). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - net/mlx4: Check retval of mlx4_bitmap_init (git-fixes). - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842). - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (git-fixes). - net: ena: Fix error handling in ena_init() (git-fixes). - net: liquidio: release resources when liquidio driver open failed (git-fixes). - net: liquidio: simplify if expression (git-fixes). - net: macvlan: Use built-in RCU list checking (git-fixes). - net: macvlan: fix memory leaks of macvlan_common_newlink (git-fixes). - net: mdio: validate parameter addr in mdiobus_get_phy() (git-fixes). - net: nfc: Fix use-after-free in local_cleanup() (git-fixes). - net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes). - net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes). - net: tun: Fix memory leaks of napi_get_frags (git-fixes). - net: tun: Fix use-after-free in tun_detach() (git-fixes). - net: tun: call napi_schedule_prep() to ensure we own a napi (git-fixes). - net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes). - net: usb: sr9700: Handle negative len (git-fixes). - net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (git-fixes). - netrom: Fix use-after-free caused by accept on already connected socket (git-fixes). - netrom: Fix use-after-free of a listening socket (git-fixes). - nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - octeontx2-af: Fix reference count issue in rvu_sdp_init() (jsc#SLE-24682). - octeontx2-af: debugsfs: fix pci device refcount leak (git-fixes). - octeontx2-pf: Add check for devm_kcalloc (git-fixes). - octeontx2-pf: Fix potential memory leak in otx2_init_tc() (jsc#SLE-24682). - phy: Revert "phy: qualcomm: usb28nm: Add MDM9607 init sequence" (git-fixes). - phy: phy-can-transceiver: Skip warning if no "max-bitrate" (git-fixes). - phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (git-fixes). - phy: ti: fix Kconfig warning and operator precedence (git-fixes). - pinctrl: amd: Add dynamic debugging for active GPIOs (git-fixes). - pinctrl: rockchip: fix mux route data for rk3568 (git-fixes). - platform/surface: aggregator: Add missing call to ssam_request_sync_free() (git-fixes). - platform/surface: aggregator: Ignore command messages not intended for us (git-fixes). - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes). - platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting (git-fixes). - platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present (git-fixes). - platform/x86: sony-laptop: Do not turn off 0x153 keyboard backlight during probe (git-fixes). - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes). - powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869). - powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869). - powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes). - powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869). - powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869). - powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869). - powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869). - powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869). - qlcnic: fix sleep-in-atomic-context bugs caused by msleep (git-fixes). - r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes). - r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes). - regulator: da9211: Use irq handler when ready (git-fixes). - s390/qeth: fix various format strings (git-fixes). - sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes) - sched/core: Introduce sched_asym_cpucap_active() (git-fixes) - sched/cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes) - sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes) - sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes) - sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes) - sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes) - scsi: Revert "scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT" (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - scsi: efct: Fix possible memleak in efct_device_init() (git-fixes). - scsi: elx: libefc: Fix second parameter type in state callbacks (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes). - scsi: scsi_debug: Fix a warning in resp_report_zones() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_verify() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes). - scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (bsc#1206006). - scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes). - scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes). - scsi: ufs: core: Enable link lost interrupt (git-fixes). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests: Provide local define of __cpuid_count() (git-fixes). - serial: 8250_dma: Fix DMA Rx rearm race (git-fixes). - serial: atmel: fix incorrect baudrate setup (git-fixes). - serial: pch_uart: Pass correct sg to dma_unmap_sg() (git-fixes). - sfc: fix potential memleak in __ef100_hard_start_xmit() (git-fixes). - soc: imx8m: Fix incorrect check for of_clk_get_by_name() (git-fixes). - spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes). - staging: mt7621-dts: change some node hex addresses to lower case (git-fixes). - staging: vchiq_arm: fix enum vchiq_status return types (git-fixes). - swim3: add missing major.h include (git-fixes). - tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (git-fixes). - thermal/core: Remove duplicate information when an error occurs (git-fixes). - thunderbolt: Do not call PM runtime functions in tb_retimer_scan() (git-fixes). - thunderbolt: Do not report errors if on-board retimers are found (git-fixes). - thunderbolt: Use correct function to calculate maximum USB3 link rate (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation. - tick/sched: Fix non-kernel-doc comment (git-fixes). - tomoyo: fix broken dependency on *.conf.default (git-fixes). - tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes). - tracing/hist: Fix issue of losting command info in error_log (git-fixes). - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-fixes). - tracing/hist: Fix wrong return value in parse_action_params() (git-fixes). - tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes). - tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing/probes: Handle system names with hyphens (git-fixes). - tracing: Add '__rel_loc' using trace event macros (git-fixes). - tracing: Add DYNAMIC flag for dynamic events (git-fixes). - tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes). - tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing: Do not use out-of-sync va_list in event printing (git-fixes). - tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes). - tracing: Fix a kmemleak false positive in tracing_map (git-fixes). - tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes). - tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes). - tracing: Fix issue of missing one synthetic field (git-fixes). - tracing: Fix mismatched comment in __string_len (git-fixes). - tracing: Fix possible memory leak in __create_synth_event() error path (git-fixes). - tracing: Fix race where histograms can be called before the event (git-fixes). - tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes). - tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes). - tracing: Fix warning on variable 'struct trace_array' (git-fixes). - tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-fixes). - tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes). - tracing: Have type enum modifications copy the strings (git-fixes). - tracing: Make tp_printk work on syscall tracepoints (git-fixes). - tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes). - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes). - tty: fix possible null-ptr-defer in spk_ttyio_release (git-fixes). - tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer (git-fixes). - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (git-fixes). - usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes). - usb: cdns3: remove fetched trb from cache before dequeuing (git-fixes). - usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes). - usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes). - usb: fotg210-udc: Fix ages old endianness issues (git-fixes). - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (git-fixes). - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-fixes). - usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes). - usb: gadget: g_webcam: Send color matching descriptor per frame (git-fixes). - usb: gadget: udc: core: Print error code in usb_gadget_probe_driver() (git-fixes). - usb: gadget: udc: core: Revise comments for USB ep enable/disable (git-fixes). - usb: gadget: udc: core: Use pr_fmt() to prefix messages (git-fixes). - usb: gadget: udc: core: remove usage of list iterator past the loop body (git-fixes). - usb: host: ehci-fsl: Fix module alias (git-fixes). - usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes). - usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes). - usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git-fixes). - usb: xhci: Check endpoint is valid before dereferencing it (git-fixes). - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes). - vfs: make sync_filesystem return errors from ->sync_fs (git-fixes). - virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes). - virtio-net: correctly enable callback during start_xmit (git-fixes). - virtio_pci: modify ENOENT to EINVAL (git-fixes). - w1: fix WARNING after calling w1_process() (git-fixes). - w1: fix deadloop in __w1_remove_master_device() (git-fixes). - wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes) - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). - wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (git-fixes). - wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes). - wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (git-fixes). - wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (git-fixes). - wifi: mt76: sdio: poll sta stat when device transmits data (git-fixes). - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (git-fixes). - x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes). - x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes). - xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes). - xfs: fix incorrect error-out in xfs_remove (git-fixes). - xfs: fix incorrect i_nlink caused by inode racing (git-fixes). - xfs: fix maxlevels comparisons in the btree staging code (git-fixes). - xfs: fix memory leak in xfs_errortag_init (git-fixes). - xfs: get rid of assert from xfs_btree_islastblock (git-fixes). - xfs: get root inode correctly at bulkstat (git-fixes). - xfs: initialize the check_owner object fully (git-fixes). - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes). - xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes). - xfs: return errors in xfs_fs_sync_fs (git-fixes). - xfs: xfstest fails with error missing kernel patch (git-fixes bsc#1207501 ltc#201370). - xhci-pci: set the dma max_seg_size (git-fixes). - xhci: Fix null pointer dereference when host dies (git-fixes). - zram: Delete patch for regression addressed (bsc#1207933). - zram: do not lookup algorithm in backends table (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-394=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-394=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): cluster-md-kmp-azure-5.14.21-150400.14.34.1 cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.34.1 dlm-kmp-azure-5.14.21-150400.14.34.1 dlm-kmp-azure-debuginfo-5.14.21-150400.14.34.1 gfs2-kmp-azure-5.14.21-150400.14.34.1 gfs2-kmp-azure-debuginfo-5.14.21-150400.14.34.1 kernel-azure-5.14.21-150400.14.34.1 kernel-azure-debuginfo-5.14.21-150400.14.34.1 kernel-azure-debugsource-5.14.21-150400.14.34.1 kernel-azure-devel-5.14.21-150400.14.34.1 kernel-azure-devel-debuginfo-5.14.21-150400.14.34.1 kernel-azure-extra-5.14.21-150400.14.34.1 kernel-azure-extra-debuginfo-5.14.21-150400.14.34.1 kernel-azure-livepatch-devel-5.14.21-150400.14.34.1 kernel-azure-optional-5.14.21-150400.14.34.1 kernel-azure-optional-debuginfo-5.14.21-150400.14.34.1 kernel-syms-azure-5.14.21-150400.14.34.1 kselftests-kmp-azure-5.14.21-150400.14.34.1 kselftests-kmp-azure-debuginfo-5.14.21-150400.14.34.1 ocfs2-kmp-azure-5.14.21-150400.14.34.1 ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.34.1 reiserfs-kmp-azure-5.14.21-150400.14.34.1 reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.34.1 - openSUSE Leap 15.4 (noarch): kernel-devel-azure-5.14.21-150400.14.34.1 kernel-source-azure-5.14.21-150400.14.34.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 x86_64): kernel-azure-5.14.21-150400.14.34.1 kernel-azure-debuginfo-5.14.21-150400.14.34.1 kernel-azure-debugsource-5.14.21-150400.14.34.1 kernel-azure-devel-5.14.21-150400.14.34.1 kernel-azure-devel-debuginfo-5.14.21-150400.14.34.1 kernel-syms-azure-5.14.21-150400.14.34.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): kernel-devel-azure-5.14.21-150400.14.34.1 kernel-source-azure-5.14.21-150400.14.34.1 References: https://www.suse.com/security/cve/CVE-2020-24588.html https://www.suse.com/security/cve/CVE-2022-4382.html https://www.suse.com/security/cve/CVE-2022-47929.html https://www.suse.com/security/cve/CVE-2023-0179.html https://www.suse.com/security/cve/CVE-2023-0266.html https://bugzilla.suse.com/1185861 https://bugzilla.suse.com/1185863 https://bugzilla.suse.com/1186449 https://bugzilla.suse.com/1191256 https://bugzilla.suse.com/1192868 https://bugzilla.suse.com/1193629 https://bugzilla.suse.com/1194869 https://bugzilla.suse.com/1195175 https://bugzilla.suse.com/1195655 https://bugzilla.suse.com/1196058 https://bugzilla.suse.com/1199701 https://bugzilla.suse.com/1204063 https://bugzilla.suse.com/1204356 https://bugzilla.suse.com/1204662 https://bugzilla.suse.com/1205495 https://bugzilla.suse.com/1206006 https://bugzilla.suse.com/1206036 https://bugzilla.suse.com/1206056 https://bugzilla.suse.com/1206057 https://bugzilla.suse.com/1206258 https://bugzilla.suse.com/1206363 https://bugzilla.suse.com/1206459 https://bugzilla.suse.com/1206616 https://bugzilla.suse.com/1206677 https://bugzilla.suse.com/1206784 https://bugzilla.suse.com/1207010 https://bugzilla.suse.com/1207034 https://bugzilla.suse.com/1207134 https://bugzilla.suse.com/1207149 https://bugzilla.suse.com/1207158 https://bugzilla.suse.com/1207184 https://bugzilla.suse.com/1207186 https://bugzilla.suse.com/1207190 https://bugzilla.suse.com/1207237 https://bugzilla.suse.com/1207263 https://bugzilla.suse.com/1207269 https://bugzilla.suse.com/1207497 https://bugzilla.suse.com/1207500 https://bugzilla.suse.com/1207501 https://bugzilla.suse.com/1207506 https://bugzilla.suse.com/1207507 https://bugzilla.suse.com/1207734 https://bugzilla.suse.com/1207769 https://bugzilla.suse.com/1207842 https://bugzilla.suse.com/1207878 https://bugzilla.suse.com/1207933 From sle-updates at lists.suse.com Mon Feb 13 14:24:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2023 15:24:13 +0100 (CET) Subject: SUSE-RU-2023:0388-1: moderate: Recommended update for crmsh Message-ID: <20230213142413.AA0C1F46D@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0388-1 Rating: moderate References: #1201785 #1205522 #1205615 #1205727 #1205735 Affected Products: SUSE Linux Enterprise High Availability 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Add a mechanism for updating cluster configuration after version update (bsc#1201785) - cibconfig: Set 'promotable=true' and 'interlave=true' if resource instances need to be Promoted/Unpromoted with the resource agent (bsc#1205522) - Fix help text for consistency in both `help` subcommand and `--help` argument (bsc#1205735) - Fix passwordless ssh authentication for hacluster automatically when a new node is joining the cluster (bsc#1201785) - Fix sbd not starting up if qdevice configuration is enabled (bsc#1205727) - Show corosync ring status if it has faults (bsc#1205615) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-388=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-388=1 Package List: - openSUSE Leap 15.4 (noarch): crmsh-4.4.0+20221209.64abfaca-150400.3.12.1 crmsh-scripts-4.4.0+20221209.64abfaca-150400.3.12.1 crmsh-test-4.4.0+20221209.64abfaca-150400.3.12.1 - SUSE Linux Enterprise High Availability 15-SP4 (noarch): crmsh-4.4.0+20221209.64abfaca-150400.3.12.1 crmsh-scripts-4.4.0+20221209.64abfaca-150400.3.12.1 References: https://bugzilla.suse.com/1201785 https://bugzilla.suse.com/1205522 https://bugzilla.suse.com/1205615 https://bugzilla.suse.com/1205727 https://bugzilla.suse.com/1205735 From sle-updates at lists.suse.com Mon Feb 13 14:25:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2023 15:25:33 +0100 (CET) Subject: SUSE-SU-2023:0389-1: critical: Security update for apr-util Message-ID: <20230213142533.B835CF46D@maintenance.suse.de> SUSE Security Update: Security update for apr-util ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0389-1 Rating: critical References: #1207866 Cross-References: CVE-2022-25147 CVSS scores: CVE-2022-25147 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-25147 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apr-util fixes the following issues: - CVE-2022-25147: Fixed a buffer overflow possible with specially crafted input during base64 encoding (bsc#1207866) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-389=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-389=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-389=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-389=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-389=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-389=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-389=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-389=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-389=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-389=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-389=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-389=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apr-util-debuginfo-1.6.1-150300.18.5.1 apr-util-debugsource-1.6.1-150300.18.5.1 apr-util-devel-1.6.1-150300.18.5.1 libapr-util1-1.6.1-150300.18.5.1 libapr-util1-dbd-mysql-1.6.1-150300.18.5.1 libapr-util1-dbd-mysql-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbd-pgsql-1.6.1-150300.18.5.1 libapr-util1-dbd-pgsql-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbd-sqlite3-1.6.1-150300.18.5.1 libapr-util1-dbd-sqlite3-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbm-db-1.6.1-150300.18.5.1 libapr-util1-dbm-db-debuginfo-1.6.1-150300.18.5.1 libapr-util1-debuginfo-1.6.1-150300.18.5.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): apr-util-debuginfo-1.6.1-150300.18.5.1 apr-util-debugsource-1.6.1-150300.18.5.1 apr-util-devel-1.6.1-150300.18.5.1 libapr-util1-1.6.1-150300.18.5.1 libapr-util1-dbd-mysql-1.6.1-150300.18.5.1 libapr-util1-dbd-mysql-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbd-pgsql-1.6.1-150300.18.5.1 libapr-util1-dbd-pgsql-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbd-sqlite3-1.6.1-150300.18.5.1 libapr-util1-dbd-sqlite3-debuginfo-1.6.1-150300.18.5.1 libapr-util1-debuginfo-1.6.1-150300.18.5.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): apr-util-debuginfo-1.6.1-150300.18.5.1 apr-util-debugsource-1.6.1-150300.18.5.1 apr-util-devel-1.6.1-150300.18.5.1 libapr-util1-1.6.1-150300.18.5.1 libapr-util1-dbd-mysql-1.6.1-150300.18.5.1 libapr-util1-dbd-mysql-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbd-pgsql-1.6.1-150300.18.5.1 libapr-util1-dbd-pgsql-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbd-sqlite3-1.6.1-150300.18.5.1 libapr-util1-dbd-sqlite3-debuginfo-1.6.1-150300.18.5.1 libapr-util1-debuginfo-1.6.1-150300.18.5.1 - SUSE Manager Proxy 4.2 (x86_64): apr-util-debuginfo-1.6.1-150300.18.5.1 apr-util-debugsource-1.6.1-150300.18.5.1 apr-util-devel-1.6.1-150300.18.5.1 libapr-util1-1.6.1-150300.18.5.1 libapr-util1-dbd-mysql-1.6.1-150300.18.5.1 libapr-util1-dbd-mysql-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbd-pgsql-1.6.1-150300.18.5.1 libapr-util1-dbd-pgsql-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbd-sqlite3-1.6.1-150300.18.5.1 libapr-util1-dbd-sqlite3-debuginfo-1.6.1-150300.18.5.1 libapr-util1-debuginfo-1.6.1-150300.18.5.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): apr-util-debuginfo-1.6.1-150300.18.5.1 apr-util-debugsource-1.6.1-150300.18.5.1 apr-util-devel-1.6.1-150300.18.5.1 libapr-util1-1.6.1-150300.18.5.1 libapr-util1-dbd-mysql-1.6.1-150300.18.5.1 libapr-util1-dbd-mysql-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbd-pgsql-1.6.1-150300.18.5.1 libapr-util1-dbd-pgsql-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbd-sqlite3-1.6.1-150300.18.5.1 libapr-util1-dbd-sqlite3-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbm-db-1.6.1-150300.18.5.1 libapr-util1-dbm-db-debuginfo-1.6.1-150300.18.5.1 libapr-util1-debuginfo-1.6.1-150300.18.5.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): apr-util-debuginfo-1.6.1-150300.18.5.1 apr-util-debugsource-1.6.1-150300.18.5.1 apr-util-devel-1.6.1-150300.18.5.1 libapr-util1-1.6.1-150300.18.5.1 libapr-util1-dbd-mysql-1.6.1-150300.18.5.1 libapr-util1-dbd-mysql-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbd-pgsql-1.6.1-150300.18.5.1 libapr-util1-dbd-pgsql-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbd-sqlite3-1.6.1-150300.18.5.1 libapr-util1-dbd-sqlite3-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbm-db-1.6.1-150300.18.5.1 libapr-util1-dbm-db-debuginfo-1.6.1-150300.18.5.1 libapr-util1-debuginfo-1.6.1-150300.18.5.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): apr-util-debuginfo-1.6.1-150300.18.5.1 apr-util-debugsource-1.6.1-150300.18.5.1 apr-util-devel-1.6.1-150300.18.5.1 libapr-util1-1.6.1-150300.18.5.1 libapr-util1-dbd-mysql-1.6.1-150300.18.5.1 libapr-util1-dbd-mysql-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbd-pgsql-1.6.1-150300.18.5.1 libapr-util1-dbd-pgsql-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbd-sqlite3-1.6.1-150300.18.5.1 libapr-util1-dbd-sqlite3-debuginfo-1.6.1-150300.18.5.1 libapr-util1-debuginfo-1.6.1-150300.18.5.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): apr-util-debuginfo-1.6.1-150300.18.5.1 apr-util-debugsource-1.6.1-150300.18.5.1 libapr-util1-dbd-mysql-1.6.1-150300.18.5.1 libapr-util1-dbd-mysql-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbd-pgsql-1.6.1-150300.18.5.1 libapr-util1-dbd-pgsql-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbd-sqlite3-1.6.1-150300.18.5.1 libapr-util1-dbd-sqlite3-debuginfo-1.6.1-150300.18.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): apr-util-debuginfo-1.6.1-150300.18.5.1 apr-util-debugsource-1.6.1-150300.18.5.1 apr-util-devel-1.6.1-150300.18.5.1 libapr-util1-1.6.1-150300.18.5.1 libapr-util1-debuginfo-1.6.1-150300.18.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): apr-util-debuginfo-1.6.1-150300.18.5.1 apr-util-debugsource-1.6.1-150300.18.5.1 apr-util-devel-1.6.1-150300.18.5.1 libapr-util1-1.6.1-150300.18.5.1 libapr-util1-dbd-mysql-1.6.1-150300.18.5.1 libapr-util1-dbd-mysql-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbd-pgsql-1.6.1-150300.18.5.1 libapr-util1-dbd-pgsql-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbd-sqlite3-1.6.1-150300.18.5.1 libapr-util1-dbd-sqlite3-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbm-db-1.6.1-150300.18.5.1 libapr-util1-dbm-db-debuginfo-1.6.1-150300.18.5.1 libapr-util1-debuginfo-1.6.1-150300.18.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): apr-util-debuginfo-1.6.1-150300.18.5.1 apr-util-debugsource-1.6.1-150300.18.5.1 apr-util-devel-1.6.1-150300.18.5.1 libapr-util1-1.6.1-150300.18.5.1 libapr-util1-dbd-mysql-1.6.1-150300.18.5.1 libapr-util1-dbd-mysql-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbd-pgsql-1.6.1-150300.18.5.1 libapr-util1-dbd-pgsql-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbd-sqlite3-1.6.1-150300.18.5.1 libapr-util1-dbd-sqlite3-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbm-db-1.6.1-150300.18.5.1 libapr-util1-dbm-db-debuginfo-1.6.1-150300.18.5.1 libapr-util1-debuginfo-1.6.1-150300.18.5.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): apr-util-debuginfo-1.6.1-150300.18.5.1 apr-util-debugsource-1.6.1-150300.18.5.1 apr-util-devel-1.6.1-150300.18.5.1 libapr-util1-1.6.1-150300.18.5.1 libapr-util1-dbd-mysql-1.6.1-150300.18.5.1 libapr-util1-dbd-mysql-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbd-pgsql-1.6.1-150300.18.5.1 libapr-util1-dbd-pgsql-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbd-sqlite3-1.6.1-150300.18.5.1 libapr-util1-dbd-sqlite3-debuginfo-1.6.1-150300.18.5.1 libapr-util1-dbm-db-1.6.1-150300.18.5.1 libapr-util1-dbm-db-debuginfo-1.6.1-150300.18.5.1 libapr-util1-debuginfo-1.6.1-150300.18.5.1 References: https://www.suse.com/security/cve/CVE-2022-25147.html https://bugzilla.suse.com/1207866 From sle-updates at lists.suse.com Mon Feb 13 14:26:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2023 15:26:42 +0100 (CET) Subject: SUSE-SU-2023:0397-1: important: Security update for webkit2gtk3 Message-ID: <20230213142642.12B98F46D@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0397-1 Rating: important References: #1207997 Cross-References: CVE-2023-23517 CVE-2023-23518 CVE-2023-42826 CVSS scores: CVE-2023-23517 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-23518 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.38.4 (boo#1207997): - CVE-2023-23517: Fixed web content processing that could have led to arbitrary code execution. - CVE-2023-23518: Fixed web content processing that could have led to arbitrary code execution. - CVE-2023-42826: Fixed a use-after-free issue that was caused by improper memory management. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-397=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-397=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.38.4-2.126.1 webkit2gtk3-debugsource-2.38.4-2.126.1 webkit2gtk3-devel-2.38.4-2.126.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.38.4-2.126.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.4-2.126.1 libwebkit2gtk-4_0-37-2.38.4-2.126.1 libwebkit2gtk-4_0-37-debuginfo-2.38.4-2.126.1 typelib-1_0-JavaScriptCore-4_0-2.38.4-2.126.1 typelib-1_0-WebKit2-4_0-2.38.4-2.126.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.4-2.126.1 webkit2gtk-4_0-injected-bundles-2.38.4-2.126.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.4-2.126.1 webkit2gtk3-debugsource-2.38.4-2.126.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libwebkit2gtk3-lang-2.38.4-2.126.1 References: https://www.suse.com/security/cve/CVE-2023-23517.html https://www.suse.com/security/cve/CVE-2023-23518.html https://www.suse.com/security/cve/CVE-2023-42826.html https://bugzilla.suse.com/1207997 From sle-updates at lists.suse.com Mon Feb 13 14:27:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2023 15:27:44 +0100 (CET) Subject: SUSE-SU-2023:0393-1: important: Security update for postgresql15 Message-ID: <20230213142744.A4FE9F46D@maintenance.suse.de> SUSE Security Update: Security update for postgresql15 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0393-1 Rating: important References: #1208102 Cross-References: CVE-2022-41862 CVSS scores: CVE-2022-41862 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql15 fixes the following issues: Update to 15.2: - CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-393=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-393=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-393=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-393=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-393=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-393=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-393=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libecpg6-15.2-3.6.1 libecpg6-debuginfo-15.2-3.6.1 libpq5-15.2-3.6.1 libpq5-32bit-15.2-3.6.1 libpq5-debuginfo-15.2-3.6.1 libpq5-debuginfo-32bit-15.2-3.6.1 - SUSE OpenStack Cloud 9 (x86_64): libecpg6-15.2-3.6.1 libecpg6-debuginfo-15.2-3.6.1 libpq5-15.2-3.6.1 libpq5-32bit-15.2-3.6.1 libpq5-debuginfo-15.2-3.6.1 libpq5-debuginfo-32bit-15.2-3.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql15-devel-15.2-3.6.1 postgresql15-devel-debuginfo-15.2-3.6.1 postgresql15-server-devel-15.2-3.6.1 postgresql15-server-devel-debuginfo-15.2-3.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libecpg6-15.2-3.6.1 libecpg6-debuginfo-15.2-3.6.1 libpq5-15.2-3.6.1 libpq5-debuginfo-15.2-3.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libpq5-32bit-15.2-3.6.1 libpq5-debuginfo-32bit-15.2-3.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libecpg6-15.2-3.6.1 libecpg6-debuginfo-15.2-3.6.1 libpq5-15.2-3.6.1 libpq5-debuginfo-15.2-3.6.1 postgresql15-15.2-3.6.1 postgresql15-contrib-15.2-3.6.1 postgresql15-contrib-debuginfo-15.2-3.6.1 postgresql15-debuginfo-15.2-3.6.1 postgresql15-debugsource-15.2-3.6.1 postgresql15-plperl-15.2-3.6.1 postgresql15-plperl-debuginfo-15.2-3.6.1 postgresql15-plpython-15.2-3.6.1 postgresql15-plpython-debuginfo-15.2-3.6.1 postgresql15-pltcl-15.2-3.6.1 postgresql15-pltcl-debuginfo-15.2-3.6.1 postgresql15-server-15.2-3.6.1 postgresql15-server-debuginfo-15.2-3.6.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libecpg6-32bit-15.2-3.6.1 libecpg6-debuginfo-32bit-15.2-3.6.1 libpq5-32bit-15.2-3.6.1 libpq5-debuginfo-32bit-15.2-3.6.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql15-docs-15.2-3.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libecpg6-15.2-3.6.1 libecpg6-debuginfo-15.2-3.6.1 libpq5-15.2-3.6.1 libpq5-debuginfo-15.2-3.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libpq5-32bit-15.2-3.6.1 libpq5-debuginfo-32bit-15.2-3.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libecpg6-15.2-3.6.1 libecpg6-debuginfo-15.2-3.6.1 libpq5-15.2-3.6.1 libpq5-32bit-15.2-3.6.1 libpq5-debuginfo-15.2-3.6.1 libpq5-debuginfo-32bit-15.2-3.6.1 References: https://www.suse.com/security/cve/CVE-2022-41862.html https://bugzilla.suse.com/1208102 From sle-updates at lists.suse.com Mon Feb 13 14:28:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2023 15:28:44 +0100 (CET) Subject: SUSE-SU-2023:0395-1: moderate: Security update for python-py Message-ID: <20230213142844.65D9CF46D@maintenance.suse.de> SUSE Security Update: Security update for python-py ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0395-1 Rating: moderate References: #1204364 Cross-References: CVE-2022-42969 CVSS scores: CVE-2022-42969 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-42969 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-py fixes the following issues: - CVE-2022-42969: Fixed an excessive resource consumption that could be triggered when interacting with a Subversion repository containing crated data (bsc#1204364). This also updates python3-py to version 1.8.1 for SUSE Linux Enterprise Server. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-395=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-395=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-395=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): python3-py-1.8.1-11.15.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): python-py-1.8.1-11.15.2 python3-py-1.8.1-11.15.2 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-py-1.8.1-11.15.2 python3-py-1.8.1-11.15.2 References: https://www.suse.com/security/cve/CVE-2022-42969.html https://bugzilla.suse.com/1204364 From sle-updates at lists.suse.com Mon Feb 13 14:29:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2023 15:29:37 +0100 (CET) Subject: SUSE-SU-2023:0392-1: important: Security update for postgresql14 Message-ID: <20230213142937.9B3C7F46D@maintenance.suse.de> SUSE Security Update: Security update for postgresql14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0392-1 Rating: important References: #1208102 Cross-References: CVE-2022-41862 CVSS scores: CVE-2022-41862 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql14 fixes the following issues: Update to 14.7: - CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-392=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-392=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql14-debugsource-14.7-3.20.1 postgresql14-devel-14.7-3.20.1 postgresql14-devel-debuginfo-14.7-3.20.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): postgresql14-server-devel-14.7-3.20.1 postgresql14-server-devel-debuginfo-14.7-3.20.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql14-14.7-3.20.1 postgresql14-contrib-14.7-3.20.1 postgresql14-contrib-debuginfo-14.7-3.20.1 postgresql14-debuginfo-14.7-3.20.1 postgresql14-debugsource-14.7-3.20.1 postgresql14-plperl-14.7-3.20.1 postgresql14-plperl-debuginfo-14.7-3.20.1 postgresql14-plpython-14.7-3.20.1 postgresql14-plpython-debuginfo-14.7-3.20.1 postgresql14-pltcl-14.7-3.20.1 postgresql14-pltcl-debuginfo-14.7-3.20.1 postgresql14-server-14.7-3.20.1 postgresql14-server-debuginfo-14.7-3.20.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql14-docs-14.7-3.20.1 References: https://www.suse.com/security/cve/CVE-2022-41862.html https://bugzilla.suse.com/1208102 From sle-updates at lists.suse.com Mon Feb 13 14:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2023 15:30:25 +0100 (CET) Subject: SUSE-SU-2023:0390-1: important: Security update for postgresql12 Message-ID: <20230213143025.D35ACF46D@maintenance.suse.de> SUSE Security Update: Security update for postgresql12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0390-1 Rating: important References: #1208102 Cross-References: CVE-2022-41862 CVSS scores: CVE-2022-41862 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql12 fixes the following issues: Update to 12.14: - CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-390=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-390=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql12-debugsource-12.14-3.36.1 postgresql12-devel-12.14-3.36.1 postgresql12-devel-debuginfo-12.14-3.36.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): postgresql12-server-devel-12.14-3.36.1 postgresql12-server-devel-debuginfo-12.14-3.36.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql12-12.14-3.36.1 postgresql12-contrib-12.14-3.36.1 postgresql12-contrib-debuginfo-12.14-3.36.1 postgresql12-debuginfo-12.14-3.36.1 postgresql12-debugsource-12.14-3.36.1 postgresql12-plperl-12.14-3.36.1 postgresql12-plperl-debuginfo-12.14-3.36.1 postgresql12-plpython-12.14-3.36.1 postgresql12-plpython-debuginfo-12.14-3.36.1 postgresql12-pltcl-12.14-3.36.1 postgresql12-pltcl-debuginfo-12.14-3.36.1 postgresql12-server-12.14-3.36.1 postgresql12-server-debuginfo-12.14-3.36.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql12-docs-12.14-3.36.1 References: https://www.suse.com/security/cve/CVE-2022-41862.html https://bugzilla.suse.com/1208102 From sle-updates at lists.suse.com Mon Feb 13 20:18:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2023 21:18:25 +0100 (CET) Subject: SUSE-SU-2023:0400-1: moderate: Security update for freerdp Message-ID: <20230213201825.E7C3AF46D@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0400-1 Rating: moderate References: #1205512 Cross-References: CVE-2022-39316 CVE-2022-39317 CVE-2022-39320 CVE-2022-39347 CVE-2022-41877 CVSS scores: CVE-2022-39316 (NVD) : 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2022-39316 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2022-39317 (NVD) : 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L CVE-2022-39317 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L CVE-2022-39320 (NVD) : 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L CVE-2022-39320 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L CVE-2022-39347 (NVD) : 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVE-2022-39347 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N CVE-2022-41877 (NVD) : 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L CVE-2022-41877 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for freerdp fixes the following issues: - CVE-2022-39316: Fixed out of bound read in zgfx decoder (bsc#1205512). - CVE-2022-39317: Fixed undefined behaviour in zgfx decoder (bsc#1205512). - CVE-2022-39320: Fixed heap buffer overflow in urbdrc channel (bsc#1205512). - CVE-2022-39347: Fixed missing path sanitation with drive channel (bsc#1205512). - CVE-2022-41877: Fixed missing input length validation in drive channel (bsc#1205512). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2023-400=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-400=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): freerdp-2.1.2-12.35.1 freerdp-debuginfo-2.1.2-12.35.1 freerdp-debugsource-2.1.2-12.35.1 freerdp-proxy-2.1.2-12.35.1 freerdp-server-2.1.2-12.35.1 libfreerdp2-2.1.2-12.35.1 libfreerdp2-debuginfo-2.1.2-12.35.1 libwinpr2-2.1.2-12.35.1 libwinpr2-debuginfo-2.1.2-12.35.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): freerdp-debuginfo-2.1.2-12.35.1 freerdp-debugsource-2.1.2-12.35.1 freerdp-devel-2.1.2-12.35.1 libfreerdp2-2.1.2-12.35.1 libfreerdp2-debuginfo-2.1.2-12.35.1 libwinpr2-2.1.2-12.35.1 libwinpr2-debuginfo-2.1.2-12.35.1 winpr2-devel-2.1.2-12.35.1 References: https://www.suse.com/security/cve/CVE-2022-39316.html https://www.suse.com/security/cve/CVE-2022-39317.html https://www.suse.com/security/cve/CVE-2022-39320.html https://www.suse.com/security/cve/CVE-2022-39347.html https://www.suse.com/security/cve/CVE-2022-41877.html https://bugzilla.suse.com/1205512 From sle-updates at lists.suse.com Mon Feb 13 20:19:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2023 21:19:12 +0100 (CET) Subject: SUSE-SU-2023:0399-1: moderate: Security update for freerdp Message-ID: <20230213201912.08630F46D@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0399-1 Rating: moderate References: #1205512 Cross-References: CVE-2022-39316 CVE-2022-39317 CVE-2022-39320 CVE-2022-39347 CVE-2022-41877 CVSS scores: CVE-2022-39316 (NVD) : 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2022-39316 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2022-39317 (NVD) : 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L CVE-2022-39317 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L CVE-2022-39320 (NVD) : 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L CVE-2022-39320 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L CVE-2022-39347 (NVD) : 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVE-2022-39347 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N CVE-2022-41877 (NVD) : 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L CVE-2022-41877 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for freerdp fixes the following issues: - CVE-2022-39316: Fixed out of bound read in zgfx decoder (bsc#1205512). - CVE-2022-39317: Fixed undefined behaviour in zgfx decoder (bsc#1205512). - CVE-2022-39320: Fixed heap buffer overflow in urbdrc channel (bsc#1205512). - CVE-2022-39347: Fixed missing path sanitation with drive channel (bsc#1205512). - CVE-2022-41877: Fixed missing input length validation in drive channel (bsc#1205512). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-399=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-399=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-399=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): freerdp-2.4.0-150400.3.18.1 freerdp-debuginfo-2.4.0-150400.3.18.1 freerdp-debugsource-2.4.0-150400.3.18.1 freerdp-devel-2.4.0-150400.3.18.1 freerdp-proxy-2.4.0-150400.3.18.1 freerdp-proxy-debuginfo-2.4.0-150400.3.18.1 freerdp-server-2.4.0-150400.3.18.1 freerdp-server-debuginfo-2.4.0-150400.3.18.1 freerdp-wayland-2.4.0-150400.3.18.1 freerdp-wayland-debuginfo-2.4.0-150400.3.18.1 libfreerdp2-2.4.0-150400.3.18.1 libfreerdp2-debuginfo-2.4.0-150400.3.18.1 libuwac0-0-2.4.0-150400.3.18.1 libuwac0-0-debuginfo-2.4.0-150400.3.18.1 libwinpr2-2.4.0-150400.3.18.1 libwinpr2-debuginfo-2.4.0-150400.3.18.1 uwac0-0-devel-2.4.0-150400.3.18.1 winpr2-devel-2.4.0-150400.3.18.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): freerdp-2.4.0-150400.3.18.1 freerdp-debuginfo-2.4.0-150400.3.18.1 freerdp-debugsource-2.4.0-150400.3.18.1 freerdp-devel-2.4.0-150400.3.18.1 freerdp-proxy-2.4.0-150400.3.18.1 freerdp-proxy-debuginfo-2.4.0-150400.3.18.1 libfreerdp2-2.4.0-150400.3.18.1 libfreerdp2-debuginfo-2.4.0-150400.3.18.1 libwinpr2-2.4.0-150400.3.18.1 libwinpr2-debuginfo-2.4.0-150400.3.18.1 winpr2-devel-2.4.0-150400.3.18.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): freerdp-2.4.0-150400.3.18.1 freerdp-debuginfo-2.4.0-150400.3.18.1 freerdp-debugsource-2.4.0-150400.3.18.1 freerdp-devel-2.4.0-150400.3.18.1 freerdp-proxy-2.4.0-150400.3.18.1 freerdp-proxy-debuginfo-2.4.0-150400.3.18.1 libfreerdp2-2.4.0-150400.3.18.1 libfreerdp2-debuginfo-2.4.0-150400.3.18.1 libwinpr2-2.4.0-150400.3.18.1 libwinpr2-debuginfo-2.4.0-150400.3.18.1 winpr2-devel-2.4.0-150400.3.18.1 References: https://www.suse.com/security/cve/CVE-2022-39316.html https://www.suse.com/security/cve/CVE-2022-39317.html https://www.suse.com/security/cve/CVE-2022-39320.html https://www.suse.com/security/cve/CVE-2022-39347.html https://www.suse.com/security/cve/CVE-2022-41877.html https://bugzilla.suse.com/1205512 From sle-updates at lists.suse.com Tue Feb 14 08:02:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Feb 2023 09:02:05 +0100 (CET) Subject: SUSE-IU-2023:141-1: Security update of suse-sles-15-sp4-chost-byos-v20230210-x86_64-gen2 Message-ID: <20230214080205.DE8FDF46D@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230210-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:141-1 Image Tags : suse-sles-15-sp4-chost-byos-v20230210-x86_64-gen2:20230210 Image Release : Severity : important Type : security References : 1027519 1065729 1187428 1188605 1190969 1191259 1193629 1194038 1199294 1200102 1201068 1201490 1201492 1201493 1201495 1201496 1201689 1202436 1203219 1203652 1203740 1203829 1204254 1204294 1204364 1204614 1204652 1204760 1204911 1204944 1204989 1205000 1205126 1205209 1205257 1205263 1205385 1205386 1205485 1205496 1205601 1205646 1205695 1206073 1206098 1206101 1206188 1206209 1206212 1206273 1206344 1206389 1206390 1206391 1206393 1206394 1206395 1206396 1206397 1206398 1206399 1206412 1206456 1206468 1206504 1206515 1206536 1206546 1206554 1206602 1206619 1206664 1206667 1206703 1206794 1206866 1206867 1206868 1206896 1206912 1207016 1207082 1207162 1207182 1207183 1207264 1207346 1207396 1207471 1207473 1207475 1207533 1207534 1207536 1207538 1207815 CVE-2021-20251 CVE-2022-2031 CVE-2022-23491 CVE-2022-23824 CVE-2022-3094 CVE-2022-3104 CVE-2022-3105 CVE-2022-3106 CVE-2022-3107 CVE-2022-3108 CVE-2022-3111 CVE-2022-3112 CVE-2022-3113 CVE-2022-3114 CVE-2022-3115 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVE-2022-3344 CVE-2022-3437 CVE-2022-3564 CVE-2022-3736 CVE-2022-37966 CVE-2022-37967 CVE-2022-38023 CVE-2022-3924 CVE-2022-40897 CVE-2022-42898 CVE-2022-42969 CVE-2022-4304 CVE-2022-4379 CVE-2022-4415 CVE-2022-4450 CVE-2022-4662 CVE-2022-46663 CVE-2022-47520 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0215 CVE-2023-0286 CVE-2023-0288 CVE-2023-0433 CVE-2023-22809 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20230210-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:114-1 Released: Fri Jan 20 10:22:57 2023 Summary: Security update for sudo Type: security Severity: important References: 1207082,CVE-2023-22809 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:139-1 Released: Wed Jan 25 14:41:55 2023 Summary: Security update for python-certifi Type: security Severity: important References: 1206212,CVE-2022-23491 This update for python-certifi fixes the following issues: - remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle certs (bsc#1206212 CVE-2022-23491) - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 - Add removeTrustCor.patch ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:142-1 Released: Thu Jan 26 06:40:15 2023 Summary: Feature update for bind Type: feature Severity: moderate References: This update for bind fixes the following issues: Version update from 9.16.33 to 9.16.35 (jsc#SLE-24801, jsc#SLE-24600) - New Features: * Support for parsing and validating the dohpath service parameter in SVCB records was added. * named now logs the supported cryptographic algorithms during startup and in the output of named -V - Bug Fixes: * A crash was fixed that happened when a dnssec-policy zone that used NSEC3 was reconfigured to enable inline-signing. * In certain resolution scenarios, quotas could be erroneously reached for servers, including any configured forwarders, resulting in SERVFAIL answers being sent to clients. * rpz-ip rules in response-policy zones could be ineffective in some cases if a query had the CD (Checking Disabled) bit set to 1. * Previously, if Internet connectivity issues were experienced during the initial startup of named, a BIND resolver with dnssec-validation set to auto could enter into a state where it would not recover without stopping named, manually deleting the managed-keys.bind and managed-keys.bind.jnl files, and starting named again. * The statistics counter representing the current number of clients awaiting recursive resolution results (RecursClients) could overflow in certain resolution scenarios. * Previously, BIND failed to start on Solaris-based systems with hundreds of CPUs. * When a DNS resource records TTL value was equal to the resolver configured prefetch eligibility value, the record was erroneously not treated as eligible for prefetching. * Changing just the TSIG key names for primaries in catalog zones member zones was not effective. This has been fixed. - Known Issues: * Upgrading from BIND 9.16.32 or any older version may require a manual configuration change. The following configurations are affected: + type primary zones configured with dnssec-policy but without either allow-update or update-policy + type secondary zones configured with dnssec-policy In these cases please add inline-signing yes; to the individual zone configuration(s). Without applying this change, named will fail to start. For more details, see https://kb.isc.org/docs/dnssec-policy-requires-dynamic-dns-or-inline-signing ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:149-1 Released: Thu Jan 26 10:18:30 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1187428,1188605,1190969,1191259,1193629,1199294,1201068,1203219,1203740,1203829,1204614,1204652,1204760,1204911,1204989,1205257,1205263,1205485,1205496,1205601,1205695,1206073,1206098,1206101,1206188,1206209,1206273,1206344,1206389,1206390,1206391,1206393,1206394,1206395,1206396,1206397,1206398,1206399,1206456,1206468,1206515,1206536,1206554,1206602,1206619,1206664,1206703,1206794,1206896,1206912,1207016,CVE-2022-3104,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3112,CVE-2022-3113,CVE-2022-3114,CVE-2022-3115,CVE-2022-3344,CVE-2022-3564,CVE-2022-4379,CVE-2022-4662,CVE-2022-47520 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3344: Fixed a bug where nested shutdown interception could lead to host crash (bsc#1204652) - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393) - CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515) - CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399) - CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073) - CVE-2022-4379: Fixed a use-after-free vulnerability in nfs4file.c:__nfs42_ssc_open. (bsc#1206209) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2022-3104: Fixed a null pointer dereference caused by caused by a missing check of the return value of kzalloc() in bugs.c:lkdtm_ARRAY_BOUNDS. (bsc#1206396) - CVE-2022-3113: Fixed a null pointer dereference caused by a missing check of the return value of devm_kzalloc. (bsc#1206390) - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2022-3114: Fixed a null pointer dereference caused by a missing check of the return value of kcalloc. (bsc#1206391) - CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394) - CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398) - CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397) The following non-security bugs were fixed: - acct: fix potential integer overflow in encode_comp_t() (git-fixes). - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (git-fixes). - ACPICA: Fix error code path in acpi_ds_call_control_method() (git-fixes). - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (git-fixes). - ALSA: asihpi: fix missing pci_disable_device() (git-fixes). - ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB (git-fixes). - ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops (git-fixes). - ALSA: line6: correct midi status byte when receiving data from podxt (git-fixes). - ALSA: line6: fix stack overflow in line6_midi_transmit (git-fixes). - ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt (git-fixes). - ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (git-fixes). - ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT (git-fixes). - ALSA: pcm: Set missing stop_operating flag at undoing trigger start (git-fixes). - ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event (git-fixes). - ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT (git-fixes). - ALSA: usb-audio: add the quirk for KT0206 device (git-fixes). - amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table() (git-fixes). - apparmor: fix a memleak in multi_transaction_new() (git-fixes). - apparmor: Fix abi check to include v8 abi (git-fixes). - apparmor: fix lockdep warning when removing a namespace (git-fixes). - apparmor: Fix memleak in alloc_ns() (git-fixes). - apparmor: Use pointer to struct aa_label for lbs_cred (git-fixes). - ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels (git-fixes). - ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (git-fixes). - ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-39x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: nuvoton: Remove bogus unit addresses from fixed-partition nodes (git-fixes). - ARM: dts: qcom: apq8064: fix coresight compatible (git-fixes). - ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 (git-fixes). - ARM: dts: rockchip: fix ir-receiver node names (git-fixes). - ARM: dts: rockchip: fix node name for hym8563 rtc (git-fixes). - ARM: dts: rockchip: remove clock-frequency from rtc (git-fixes). - ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name (git-fixes). - ARM: dts: spear600: Fix clcd interrupt (git-fixes). - ARM: dts: stm32: Drop stm32mp15xc.dtsi from Avenger96 (git-fixes). - ARM: dts: stm32: Fix AV96 WLAN regulator gpio property (git-fixes). - ARM: dts: turris-omnia: Add ethernet aliases (git-fixes). - ARM: dts: turris-omnia: Add switch port 6 node (git-fixes). - ARM: mmp: fix timer_read delay (git-fixes). - ARM: ux500: do not directly dereference __iomem (git-fixes). - arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path (performance bsc#1203219). - arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC (git-fixes). - arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name (git-fixes). - arm64: dts: mediatek: pumpkin-common: Fix devicetree warnings (git-fixes). - arm64: dts: mt2712-evb: Fix usb vbus regulators unit names (git-fixes). - arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names (git-fixes). - arm64: dts: mt2712e: Fix unit address for pinctrl node (git-fixes). - arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators (git-fixes). - arm64: dts: mt6779: Fix devicetree build warnings (git-fixes). - arm64: dts: mt7622: drop r_smpl property from mmc node (git-fixes). - arm64: dts: mt8183: drop drv-type from mmc-node (git-fixes). - arm64: dts: mt8183: Fix Mali GPU clock (git-fixes). - arm64: dts: qcom: ipq6018-cp01-c1: use BLSPI1 pins (git-fixes). - arm64: dts: qcom: msm8916: Drop MSS fallback compatible (git-fixes). - arm64: dts: qcom: msm8996: Add MSM8996 Pro support (git-fixes). - arm64: dts: qcom: msm8996: fix GPU OPP table (git-fixes). - arm64: dts: qcom: msm8996: fix supported-hw in cpufreq OPP tables (git-fixes). - arm64: dts: qcom: sdm630: fix UART1 pin bias (git-fixes). - arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias (git-fixes). - arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength (git-fixes). - arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength (git-fixes). - arm64: dts: qcom: sm8250-sony-xperia-edo: fix touchscreen bias-disable (git-fixes). - arm64: dts: qcom: sm8250: correct LPASS pin pull down (git-fixes). - arm64: dts: qcom: sm8250: drop bogus DP PHY clock (git-fixes). - arm64: dts: qcom: sm8250: fix USB-DP PHY registers (git-fixes). - arm64: dts: rockchip: fix ir-receiver node names (git-fixes). - arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series (git-fixes). - arm64: dts: ti: k3-am65-main: Drop dma-coherent in crypto node (git-fixes). - arm64: dts: ti: k3-j721e-main: Drop dma-coherent in crypto node (git-fixes). - ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() (git-fixes). - ASoC: codecs: rt298: Add quirk for KBL-R RVP platform (git-fixes). - ASoC: cs42l51: Correct PGA Volume minimum value (git-fixes). - ASoC: dt-bindings: wcd9335: fix reset line polarity in example (git-fixes). - ASoC: fsl_micfil: explicitly clear CHnF flags (git-fixes). - ASoC: fsl_micfil: explicitly clear software reset bit (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet (git-fixes). - ASoC: jz4740-i2s: Handle independent FIFO flush bits (git-fixes). - ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() (git-fixes). - ASoC: mediatek: mt8173: Enable IRQ when pdata is ready (git-fixes). - ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() (git-fixes). - ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd (git-fixes). - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Correct bounds check for second channel on SX controls (git-fixes). - ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe (git-fixes). - ASoC: pxa: fix null-pointer dereference in filter() (git-fixes). - ASoC: qcom: Add checks for devm_kcalloc (git-fixes). - ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() (git-fixes). - ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() (git-fixes). - ASoC: rt5670: Remove unbalanced pm_runtime_put() (git-fixes). - ASoC: rt711-sdca: fix the latency time of clock stop prepare state machine transitions (git-fixes). - ASoC: soc-pcm: Add NULL check in BE reparenting (git-fixes). - ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register (git-fixes). - ASoC: wm8994: Fix potential deadlock (git-fixes). - ata: ahci: Fix PCS quirk application for suspend (git-fixes). - binfmt_elf: fix documented return value for load_elf_phdrs() (git-fixes). - binfmt_misc: fix shift-out-of-bounds in check_special_flags (git-fixes). - binfmt: Fix error return code in load_elf_fdpic_binary() (git-fixes). - block: Do not reread partition table on exclusively open device (bsc#1190969). - Bluetooth: btintel: Fix missing free skb in btintel_setup_combined() (git-fixes). - Bluetooth: btusb: Add debug message for CSR controllers (git-fixes). - Bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_bcsp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_core: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_h5: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_ll: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_qca: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: MGMT: Fix error report for ADD_EXT_ADV_PARAMS (git-fixes). - Bluetooth: RFCOMM: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - brcmfmac: return error when getting invalid max_flowrings from dongle (git-fixes). - caif: fix memory leak in cfctrl_linkup_request() (git-fixes). - can: do not increase rx statistics when generating a CAN rx error message frame (git-fixes). - can: do not increase rx_bytes statistics for RTR frames (git-fixes). - can: kvaser_usb_leaf: Fix bogus restart events (git-fixes). - can: kvaser_usb_leaf: Fix wrong CAN state after stopping (git-fixes). - can: kvaser_usb_leaf: Set Warning state even without bus errors (git-fixes). - can: kvaser_usb: do not increase tx statistics when sending error message frames (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (git-fixes). - can: kvaser_usb: make use of units.h in assignment of frequency (git-fixes). - can: m_can: fix typo prescalar -> prescaler (git-fixes). - can: m_can: is_lec_err(): clean up LEC error handling (git-fixes). - can: mcba_usb: Fix termination command argument (git-fixes). - can: sja1000: fix size of OCR_MODE_MASK define (git-fixes). - can: tcan4x5x: Remove invalid write in clear_interrupts (git-fixes). - chardev: fix error handling in cdev_device_add() (git-fixes). - cifs: Add 'extbuf' and 'extbuflen' args to smb2_compound_op() (bsc#1193629). - cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1193629). - cifs: do not leak -ENOMEM in smb2_open_file() (bsc#1193629). - cifs: do not refresh cached referrals from unactive mounts (bsc#1193629). - cifs: fix confusing debug message (bsc#1193629). - cifs: Fix kmap_local_page() unmapping (git-fixes). - cifs: fix missing display of three mount options (bsc#1193629). - cifs: fix oops during encryption (bsc#1199294). - cifs: fix refresh of cached referrals (bsc#1193629). - cifs: fix source pathname comparison of dfs supers (bsc#1193629). - cifs: fix various whitespace errors in headers (bsc#1193629). - cifs: get rid of mount options string parsing (bsc#1193629). - cifs: minor cleanup of some headers (bsc#1193629). - cifs: optimize reconnect of nested links (bsc#1193629). - cifs: Parse owner/group for stat in smb311 posix extensions (bsc#1193629). - cifs: print warning when conflicting soft vs. hard mount options specified (bsc#1193629). - cifs: reduce roundtrips on create/qinfo requests (bsc#1193629). - cifs: refresh root referrals (bsc#1193629). - cifs: Remove duplicated include in cifsglob.h (bsc#1193629). - cifs: remove unused smb3_fs_context::mount_options (bsc#1193629). - cifs: set correct ipc status after initial tree connect (bsc#1193629). - cifs: set correct status of tcon ipc when reconnecting (bsc#1193629). - cifs: set correct tcon status after initial tree connect (bsc#1193629). - cifs: set resolved ip in sockaddr (bsc#1193629). - cifs: share dfs connections and supers (bsc#1193629). - cifs: skip alloc when request has no pages (bsc#1193629). - cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use fs_context for automounts (bsc#1193629). - cifs: use origin fullpath for automounts (bsc#1193629). - class: fix possible memory leak in __class_register() (git-fixes). - clk: Fix pointer casting to prevent oops in devm_clk_release() (git-fixes). - clk: generalize devm_clk_get() a bit (git-fixes). - clk: imx: imx8mp: add shared clk gate for usb suspend clk (git-fixes). - clk: imx: replace osc_hdmi with dummy (git-fixes). - clk: nomadik: correct struct name kernel-doc warning (git-fixes). - clk: Provide new devm_clk helpers for prepared and enabled clocks (git-fixes). - clk: qcom: clk-krait: fix wrong div2 functions (git-fixes). - clk: qcom: gcc-sm8250: Use retention mode for USB GDSCs (git-fixes). - clk: qcom: lpass-sc7180: Fix pm_runtime usage (git-fixes). - clk: renesas: r9a06g032: Repair grave increment error (git-fixes). - clk: rockchip: Fix memory leak in rockchip_clk_register_pll() (git-fixes). - clk: samsung: Fix memory leak in _samsung_clk_register_pll() (git-fixes). - clk: socfpga: Fix memory leak in socfpga_gate_init() (git-fixes). - clk: st: Fix memory leak in st_of_quadfs_setup() (git-fixes). - clk: sunxi-ng: v3s: Correct the header guard of ccu-sun8i-v3s.h (git-fixes). - clocksource/drivers/sh_cmt: Access registers according to spec (git-fixes). - clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock() (git-fixes). - cpufreq: ACPI: Defer setting boost MSRs (bsc#1205485). - cpufreq: ACPI: Only set boost MSRs on supported CPUs (bsc#1205485). - cpufreq: ACPI: Remove unused variables 'acpi_cpufreq_online' and 'ret' (bsc#1205485). - cpufreq: intel_pstate: Add Sapphire Rapids support in no-HWP mode (bsc#1201068). - crypto: ccree - Make cc_debugfs_global_fini() available for module init function (git-fixes). - crypto: ccree - Remove debugfs when platform_driver_register failed (git-fixes). - crypto: cryptd - Use request context instead of stack for sub-request (git-fixes). - crypto: hisilicon/qm - fix missing destroy qp_idr (git-fixes). - crypto: img-hash - Fix variable dereferenced before check 'hdev->req' (git-fixes). - crypto: n2 - add missing hash statesize (git-fixes). - crypto: nitrox - avoid double free on error path in nitrox_sriov_init() (git-fixes). - crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe() (git-fixes). - crypto: rockchip - add fallback for ahash (git-fixes). - crypto: rockchip - add fallback for cipher (git-fixes). - crypto: rockchip - better handle cipher key (git-fixes). - crypto: rockchip - do not do custom power management (git-fixes). - crypto: rockchip - do not store mode globally (git-fixes). - crypto: rockchip - remove non-aligned handling (git-fixes). - crypto: rockchip - rework by using crypto_engine (git-fixes). - crypto: sun8i-ss - use dma_addr instead u32 (git-fixes). - crypto: tcrypt - Fix multibuffer skcipher speed test mem leak (git-fixes). - device property: Fix documentation for fwnode_get_next_parent() (git-fixes). - dmaengine: idxd: Fix crc_val field for completion record (git-fixes). - docs/zh_CN: Fix '.. only::' directive's expression (git-fixes). - Documentation: devres: add missing devm_acpi_dma_controller_free() helper (git-fixes). - Documentation: devres: add missing MEM helper (git-fixes). - Documentation: devres: add missing PHY helpers (git-fixes). - Documentation: devres: add missing PWM helper (git-fixes). - drbd: destroy workqueue when drbd device was freed (git-fixes). - drbd: remove call to memset before free device/resource/connection (git-fixes). - drbd: remove usage of list iterator variable after loop (git-fixes). - drbd: set QUEUE_FLAG_STABLE_WRITES (git-fixes). - drbd: use after free in drbd_create_device() (git-fixes). - driver core: Fix bus_type.match() error handling in __driver_attach() (git-fixes). - drivers: dio: fix possible memory leak in dio_init() (git-fixes). - drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static (git-fixes). - drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420 (git-fixes). - drm/amd/display: fix array index out of bound error in bios parser (git-fixes). - drm/amd/display: Manually adjust strobe for DCN303 (git-fixes). - drm/amd/display: prevent memory leak (git-fixes). - drm/amd/display: Use the largest vready_offset in pipe group (git-fixes). - drm/amd/pm/smu11: BACO is supported when it's in BACO state (git-fixes). - drm/amdgpu: fix pci device refcount leak (git-fixes). - drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() (git-fixes). - drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback (git-fixes). - drm/amdgpu: Fix type of second parameter in trans_msg() callback (git-fixes). - drm/amdgpu: handle polaris10/11 overlap asics (v2) (git-fixes). - drm/amdgpu: make display pinning more flexible (v2) (git-fixes). - drm/amdgpu/powerplay/psm: Fix memory leak in power state init (git-fixes). - drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle suspend (git-fixes). - drm/amdkfd: Fix memory leakage (git-fixes). - drm/bridge: adv7533: remove dynamic lane switching from adv7533 bridge (git-fixes). - drm/bridge: anx7625: Fix edid_read break case in sp_tx_edid_read() (git-fixes). - drm/bridge: ti-sn65dsi86: Fix output polarity setting bug (git-fixes). - drm/connector: send hotplug uevent on connector cleanup (git-fixes). - drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink (git-fixes). - drm/etnaviv: add missing quirks for GC300 (git-fixes). - drm/etnaviv: do not truncate physical page address (git-fixes). - drm/fourcc: Add packed 10bit YUV 4:2:0 format (git-fixes). - drm/fourcc: Fix vsub/hsub for Q410 and Q401 (git-fixes). - drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() (git-fixes). - drm/i915: Fix documentation for intel_uncore_forcewake_put__locked (git-fixes). - drm/i915: remove circ_buf.h includes (git-fixes). - drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() (git-fixes). - drm/i915/display: Do not disable DDI/Transcoder when setting phy test pattern (git-fixes). - drm/i915/dsi: fix VBT send packet port selection for dual link DSI (git-fixes). - drm/i915/gvt: fix gvt debugfs destroy (git-fixes). - drm/i915/gvt: fix vgpu debugfs clean in remove (git-fixes). - drm/i915/migrate: do not check the scratch page (git-fixes). - drm/i915/migrate: fix length calculation (git-fixes). - drm/i915/migrate: fix offset calculation (git-fixes). - drm/i915/ttm: never purge busy objects (git-fixes). - drm/imx: ipuv3-plane: Fix overlay plane width (git-fixes). - drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() (git-fixes). - drm/mediatek: Fix return type of mtk_hdmi_bridge_mode_valid() (git-fixes). - drm/mediatek: Modify dpi power on/off sequence (git-fixes). - drm/meson: Reduce the FIFO lines held when AFBC is not used (git-fixes). - drm/msm: Use drm_mode_copy() (git-fixes). - drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure (git-fixes). - drm/panfrost: Fix GEM handle creation ref-counting (git-fixes). - drm/radeon: Add the missed acpi_put_table() to fix memory leak (git-fixes). - drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() (git-fixes). - drm/rockchip: lvds: fix PM usage counter unbalance in poweron (git-fixes). - drm/rockchip: Use drm_mode_copy() (git-fixes). - drm/shmem-helper: Avoid vm_open error paths (git-fixes). - drm/shmem-helper: Remove errant put in error path (git-fixes). - drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() (git-fixes). - drm/sti: Use drm_mode_copy() (git-fixes). - drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() (git-fixes). - drm/vmwgfx: Do not use screen objects when SEV is active (git-fixes). - drm/vmwgfx: Fix a sparse warning in kernel docs (git-fixes). - drm/vmwgfx: Validate the box size for the snooped cursor (git-fixes). - Drop FIPS mode DRBG->getrandom(2) wire-up (bsc#1191259) - dt-bindings: clock: qcom,aoncc-sm8250: fix compatible (git-fixes). - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - dt-bindings: display: sun6i-dsi: Fix clock conditional (git-fixes). - dt-bindings: gpio: gpio-davinci: Increase maxItems in gpio-line-names (git-fixes). - dt-bindings: net: sun8i-emac: Add phy-supply property (git-fixes). - EDAC/mc_sysfs: Increase legacy channel support to 12 (bsc#1205263). - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - extcon: usbc-tusb320: Add support for mode setting and reset (git-fixes). - extcon: usbc-tusb320: Add support for TUSB320L (git-fixes). - extcon: usbc-tusb320: Factor out extcon into dedicated functions (git-fixes). - fbcon: Use kzalloc() in fbcon_prepare_logo() (git-fixes). - fbdev: fbcon: release buffer when fbcon_do_set_font() failed (git-fixes). - fbdev: geode: do not build on UML (git-fixes). - fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB (git-fixes). - fbdev: pm2fb: fix missing pci_disable_device() (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - fbdev: ssd1307fb: Drop optional dependency (git-fixes). - fbdev: uvesafb: do not build on UML (git-fixes). - fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (git-fixes). - fbdev: vermilion: decrease reference count in error path (git-fixes). - fbdev: via: Fix error in via_core_init() (git-fixes). - firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes). - floppy: Fix memory leak in do_floppy_init() (git-fixes). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206273). - gpio: sifive: Fix refcount leak in sifive_gpio_probe (git-fixes). - gpiolib: cdev: fix NULL-pointer dereferences (git-fixes). - gpiolib: check the 'ngpios' property in core gpiolib code (git-fixes). - gpiolib: fix memory leak in gpiochip_setup_dev() (git-fixes). - gpiolib: Get rid of redundant 'else' (git-fixes). - gpiolib: improve coding style for local variables (git-fixes). - gpiolib: make struct comments into real kernel docs (git-fixes). - hamradio: baycom_epp: Fix return type of baycom_send_packet() (git-fixes). - hamradio: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - HID: hid-sensor-custom: set fixed size for custom attributes (git-fixes). - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10 (git-fixes). - HID: mcp2221: do not connect hidraw (git-fixes). - HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint (git-fixes). - HID: plantronics: Additional PIDs for double volume key presses quirk (git-fixes). - HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk (git-fixes). - HID: usbhid: Add ALWAYS_POLL quirk for some mice (git-fixes). - HID: wacom: Ensure bootloader PID is usable in hidraw mode (git-fixes). - HSI: omap_ssi_core: Fix error handling in ssi_init() (git-fixes). - HSI: omap_ssi_core: fix possible memory leak in ssi_probe() (git-fixes). - HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() (git-fixes). - hwmon: (jc42) Convert register access and caching to regmap/regcache (git-fixes). - hwmon: (jc42) Fix missing unlock on error in jc42_write() (git-fixes). - hwmon: (jc42) Restore the min/max/critical temperatures on resume (git-fixes). - hwrng: amd - Fix PCI device refcount leak (git-fixes). - i2c: ismt: Fix an out-of-bounds bug in ismt_access() (git-fixes). - i2c: mux: reg: check return value after calling platform_get_resource() (git-fixes). - i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe (git-fixes). - IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (git-fixes) - ibmveth: Always stop tx queues during close (bsc#1065729). - iio: adc: ad_sigma_delta: do not use internal iio_dev lock (git-fixes). - iio: adc128s052: add proper .data members in adc128_of_match table (git-fixes). - iio: fix memory leak in iio_device_register_eventset() (git-fixes). - iio: temperature: ltc2983: make bulk write buffer DMA-safe (git-fixes). - ima: Fix a potential NULL pointer access in ima_restore_measurement_list (git-fixes). - Input: elants_i2c - properly handle the reset GPIO when power is off (git-fixes). - Input: joystick - fix Kconfig warning for JOYSTICK_ADC (git-fixes). - Input: wistron_btns - disable on UML (git-fixes). - integrity: Fix memory leakage in keyring allocation error path (git-fixes). - ipmi: fix long wait in unload when IPMI disconnect (git-fixes). - ipmi: fix memleak when unload ipmi driver (git-fixes). - ipmi: fix use after free in _ipmi_destroy_user() (git-fixes). - ipmi: kcs: Poll OBF briefly to reduce OBE latency (git-fixes). - ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() (git-fixes). - kABI: reintroduce a non-inline usleep_range (git-fixes). - lib/debugobjects: fix stat count and optimize debug_objects_mem_init (git-fixes). - lib/fonts: fix undefined behavior in bit shift for get_default_font (git-fixes). - mailbox: arm_mhuv2: Fix return value check in mhuv2_probe() (git-fixes). - mailbox: mpfs: read the system controller's status (git-fixes). - mailbox: zynq-ipi: fix error handling while device_register() fails (git-fixes). - media: adv748x: afe: Select input port when initializing AFE (git-fixes). - media: camss: Clean up received buffers on failed start of streaming (git-fixes). - media: dvb-core: Fix double free in dvb_register_device() (git-fixes). - media: dvb-core: Fix ignored return value in dvb_register_frontend() (git-fixes). - media: dvb-frontends: fix leak of memory fw (git-fixes). - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init() (git-fixes). - media: i2c: ad5820: Fix error path (git-fixes). - media: imon: fix a race condition in send_packet() (git-fixes). - media: saa7164: fix missing pci_disable_device() (git-fixes). - media: si470x: Fix use-after-free in si470x_int_in_callback() (git-fixes). - media: solo6x10: fix possible memory leak in solo_sysfs_init() (git-fixes). - media: stv0288: use explicitly signed char (git-fixes). - media: v4l2-ctrls: Fix off-by-one error in integer menu control check (git-fixes). - media: v4l2-dv-timings.c: fix too strict blanking sanity checks (git-fixes). - media: videobuf-dma-contig: use dma_mmap_coherent (git-fixes). - media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init() (git-fixes). - media: vimc: Fix wrong function called when vimc_init() fails (git-fixes). - media: vivid: fix compose size exceed boundary (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mfd: bd957x: Fix Kconfig dependency on REGMAP_IRQ (git-fixes). - mfd: mt6360: Add bounds checking in Regmap read/write call-backs (git-fixes). - mfd: pm8008: Fix return value check in pm8008_probe() (git-fixes). - mfd: pm8008: Remove driver data structure pm8008_data (git-fixes). - mfd: qcom_rpm: Fix an error handling path in qcom_rpm_probe() (git-fixes). - mfd: qcom_rpm: Use devm_of_platform_populate() to simplify code (git-fixes). - misc: ocxl: fix possible name leak in ocxl_file_register_afu() (git-fixes). - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (git-fixes). - mISDN: hfcmulti: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcpci: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcsusb: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). - mm/mempolicy: fix memory leak in set_mempolicy_home_node system call (bsc#1206468). - mmc: alcor: fix return value check of mmc_add_host() (git-fixes). - mmc: atmel-mci: fix return value check of mmc_add_host() (git-fixes). - mmc: core: Normalize the error handling branch in sd_read_ext_regs() (git-fixes). - mmc: f-sdh30: Add quirks for broken timeout clock capability (git-fixes). - mmc: meson-gx: fix return value check of mmc_add_host() (git-fixes). - mmc: mmci: fix return value check of mmc_add_host() (git-fixes). - mmc: moxart: fix return value check of mmc_add_host() (git-fixes). - mmc: mtk-sd: Fix missing clk_disable_unprepare in msdc_of_clock_parse() (git-fixes). - mmc: mxcmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: omap_hsmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: pxamci: fix return value check of mmc_add_host() (git-fixes). - mmc: renesas_sdhi: alway populate SCC pointer (git-fixes). - mmc: renesas_sdhi: better reset from HS400 mode (git-fixes). - mmc: rtsx_pci: fix return value check of mmc_add_host() (git-fixes). - mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K (git-fixes). - mmc: toshsd: fix return value check of mmc_add_host() (git-fixes). - mmc: via-sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (git-fixes). - mmc: wbsd: fix return value check of mmc_add_host() (git-fixes). - mmc: wmt-sdmmc: fix return value check of mmc_add_host() (git-fixes). - module: change to print useful messages from elf_validity_check() (git-fixes). - module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes). - mt76: stop the radar detector after leaving dfs channel (git-fixes). - mtd: Fix device name leak when register device failed in add_mtd_device() (git-fixes). - mtd: lpddr2_nvm: Fix possible null-ptr-deref (git-fixes). - mtd: maps: pxa2xx-flash: fix memory leak in probe (git-fixes). - mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() (git-fixes). - mtd: spi-nor: Fix the number of bytes for the dummy cycles (git-fixes). - mtd: spi-nor: hide jedec_id sysfs attribute if not present (git-fixes). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428 bsc#1206619). - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - net: usb: smsc95xx: fix external PHY reset (git-fixes). - net/mlx5: Fix mlx5_get_next_dev() peer device matching (bsc#1206536). - net/mlx5: Lag, filter non compatible devices (bsc#1206536). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - nfc: Fix potential resource leaks (git-fixes). - nfc: pn533: Clear nfc_target before being used (git-fixes). - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (git-fixes). - NFS: Handle missing attributes in OPEN reply (bsc#1203740). - nilfs2: fix shift-out-of-bounds due to too large exponent of block size (git-fixes). - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() (git-fixes). - octeontx2-af: Add PTP PPS Errata workaround on CN10K silicon (jsc#SLE-24682). - octeontx2-af: Allow mkex profile without DMAC and add L2M/L2B header extraction support (jsc#SLE-24682). - octeontx2-af: Do not reset previous pfc config (jsc#SLE-24682). - octeontx2-af: fix operand size in bitwise operation (jsc#SLE-24682). - octeontx2-af: Initialize PTP_SEC_ROLLOVER register properly (jsc#SLE-24682). - octeontx2-af: Limit link bringup time at firmware (jsc#SLE-24682). - octeontx2-af: return correct ptp timestamp for CN10K silicon (jsc#SLE-24682). - octeontx2-af: Set NIX link credits based on max LMAC (jsc#SLE-24682). - octeontx2-af: Skip CGX/RPM probe incase of zero lmac count (jsc#SLE-24682). - octeontx2-pf: Add egress PFC support (jsc#SLE-24682). - octeontx2-pf: Add support for ptp 1-step mode on CN10K silicon (jsc#SLE-24682). - octeontx2-pf: Fix lmtst ID used in aura free (jsc#SLE-24682). - octeontx2-pf: Fix pfc_alloc_status array overflow (jsc#SLE-24682). - octeontx2-pf: Fix SQE threshold checking (jsc#SLE-24682). - octeontx2-pf: Fix unused variable build error (jsc#SLE-24682). - octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (jsc#SLE-24682). - octeontx2-pf: Reduce minimum mtu size to 60 (jsc#SLE-24682). - octeontx2: Modify mbox request and response structures (jsc#SLE-24682). - padata: Fix list iterator in padata_do_serial() (git-fixes). - PCI: Check for alloc failure in pci_request_irq() (git-fixes). - PCI: dwc: Fix n_fts[] array overrun (git-fixes). - PCI: Fix pci_device_is_present() for VFs by checking PF (git-fixes). - PCI: pci-epf-test: Register notifier if only core_init_notifier is enabled (git-fixes). - PCI: vmd: Disable MSI remapping after suspend (git-fixes). - PCI/sysfs: Fix double free in error path (git-fixes). - phy: usb: s2 WoL wakeup_count not incremented for USB->Eth devices (git-fixes). - pinctrl: k210: call of_node_put() (git-fixes). - pinctrl: meditatek: Startup with the IRQs disabled (git-fixes). - pinctrl: pinconf-generic: add missing of_node_put() (git-fixes). - platform/chrome: cros_ec_typec: Cleanup switch handle return paths (git-fixes). - platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() (git-fixes). - platform/mellanox: mlxbf-pmc: Fix event typo (git-fixes). - platform/x86: huawei-wmi: fix return value calculation (git-fixes). - platform/x86: intel_scu_ipc: fix possible name leak in __intel_scu_ipc_register() (git-fixes). - platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() (git-fixes). - PM: hibernate: Fix mistake in kerneldoc comment (git-fixes). - PM: runtime: Do not call __rpm_callback() from rpm_idle() (git-fixes). - PNP: fix name memory leak in pnp_alloc_dev() (git-fixes). - power: supply: ab8500: Fix error handling in ab8500_charger_init() (git-fixes). - power: supply: fix null pointer dereferencing in power_supply_get_battery_info (git-fixes). - power: supply: fix residue sysfs file in error handle route of __power_supply_register() (git-fixes). - power: supply: z2_battery: Fix possible memleak in z2_batt_probe() (git-fixes). - powerpc: export the CPU node count (bsc#1207016 ltc#201108). - powerpc: Take in account addition CPU node when building kexec FDT (bsc#1207016 ltc#201108). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - proc: fixup uptime selftest (git-fixes). - pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes). - pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES (git-fixes). - pstore: Properly assign mem_type property (git-fixes). - pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion (git-fixes). - pstore/ram: Fix error return code in ramoops_probe() (git-fixes). - pstore/zone: Use GFP_ATOMIC to allocate zone buffer (git-fixes). - pwm: lpc18xx-sct: Fix a comment to match code (git-fixes). - pwm: mediatek: always use bus clock for PWM on MT7622 (git-fixes). - pwm: sifive: Call pwm_sifive_update_clock() while mutex is held (git-fixes). - pwm: tegra: Improve required rate calculation (git-fixes). - r6040: Fix kmemleak in probe and remove (git-fixes). - random: allow partial reads if later user copies fail (bsc#1204911). - random: check for signals every PAGE_SIZE chunk of /dev/random (bsc#1204911). - random: convert to using fops->read_iter() (bsc#1204911). - random: convert to using fops->write_iter() (bsc#1204911). - random: remove outdated INT_MAX >> 6 check in urandom_read() (bsc#1204911). - random: zero buffer after reading entropy from userspace (bsc#1204911). - RDMA: Disable IB HW for UML (git-fixes) - RDMA/core: Fix order of nldev_exit call (git-fixes) - RDMA/core: Make sure 'ib_port' is valid when access sysfs node (git-fixes) - RDMA/efa: Add EFA 0xefa2 PCI ID (git-fixes) - RDMA/hfi: Decrease PCI device reference count in error path (git-fixes) - RDMA/hfi1: Fix error return code in parse_platform_config() (git-fixes) - RDMA/hns: Fix AH attr queried by query_qp (git-fixes) - RDMA/hns: Fix error code of CMD (git-fixes) - RDMA/hns: Fix ext_sge num error when post send (git-fixes) - RDMA/hns: fix memory leak in hns_roce_alloc_mr() (git-fixes) - RDMA/hns: Fix page size cap from firmware (git-fixes) - RDMA/hns: Fix PBL page MTR find (git-fixes) - RDMA/hns: Fix XRC caps on HIP08 (git-fixes) - RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data() (git-fixes) - RDMA/irdma: Do not request 2-level PBLEs for CQ alloc (git-fixes) - RDMA/irdma: Initialize net_type before checking it (git-fixes) - RDMA/irdma: Report the correct link speed (git-fixes) - RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() (git-fixes) - RDMA/nldev: Fix failure to send large messages (git-fixes) - RDMA/nldev: Return '-EAGAIN' if the cm_id isn't from expected port (git-fixes) - RDMA/restrack: Release MR restrack when delete (git-fixes) - RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (git-fixes) - RDMA/siw: Fix immediate work request flush to completion queue (git-fixes) - RDMA/siw: Fix pointer cast warning (git-fixes) - RDMA/siw: Set defined status for work completion with undefined status (git-fixes) - RDMA/srp: Fix error return code in srp_parse_options() (git-fixes) - regulator: bd718x7: Drop unnecessary info print (git-fixes). - regulator: core: fix deadlock on regulator enable (git-fixes). - regulator: core: fix module refcount leak in set_supply() (git-fixes). - regulator: core: fix resource leak in regulator_register() (git-fixes). - regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() (git-fixes). - regulator: core: fix use_count leakage when handling boot-on (git-fixes). - regulator: core: use kfree_const() to free space conditionally (git-fixes). - regulator: qcom-labibb: Fix missing of_node_put() in qcom_labibb_regulator_probe() (git-fixes). - regulator: qcom-rpmh: Fix PMR735a S3 regulator spec (git-fixes). - regulator: slg51000: Wait after asserting CS pin (git-fixes). - regulator: twl6030: fix get status of twl6032 regulators (git-fixes). - remoteproc: core: Do pm_relax when in RPROC_OFFLINE state (git-fixes). - remoteproc: qcom_q6v5_pas: detach power domains on remove (git-fixes). - remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or remove (git-fixes). - remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() (git-fixes). - remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare() in q6v5_wcss_qcs404_power_on() (git-fixes). - remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() (git-fixes). - remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() (git-fixes). - rtc: cmos: fix build on non-ACPI platforms (git-fixes). - rtc: cmos: Fix event handler registration ordering issue (git-fixes). - rtc: cmos: Fix wake alarm breakage (git-fixes). - rtc: ds1347: fix value written to century register (git-fixes). - rtc: mxc_v2: Add missing clk_disable_unprepare() (git-fixes). - rtc: pcf85063: fix pcf85063_clkout_control (gut-fixes). - rtc: pcf85063: Fix reading alarm (git-fixes). - rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe() (git-fixes). - rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 (git-fixes). - rtc: snvs: Allow a time difference on clock register read (git-fixes). - rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() (git-fixes). - rtmutex: Add acquire semantics for rtmutex lock acquisition slow path (bnc#1203829). - s390/boot: add secure boot trailer (bsc#1205257 LTC#200451). - sbitmap: fix lockup while swapping (bsc#1206602). - sched/core: Fix comparison in sched_group_cookie_match() (git-fixes) - sched/core: Fix the bug that task won't enqueue into core (git-fixes) - sched/topology: Remove redundant variable and fix incorrect (git-fixes) - sched/uclamp: Fix relationship between uclamp and migration (git-fixes) - sched/uclamp: Make task_fits_capacity() use util_fits_cpu() (git-fixes) - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map() (git-fixes). - scsi: core: Fix scsi_mode_sense() buffer length handling (git-fixes). - scsi: core: Reallocate device's budget map on queue depth change (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: hisi_sas: Free irq vectors in order for v3 HW (git-fixes). - scsi: hisi_sas: Limit max hw sectors for v3 HW (git-fixes). - scsi: hisi_sas: Use managed PCI functions (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: iscsi: Add recv workqueue helpers (git-fixes). - scsi: iscsi: Fix harmless double shift bug (git-fixes). - scsi: iscsi: Fix possible memory leak when device_register() failed (git-fixes). - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (git-fixes). - scsi: iscsi: kabi: add iscsi_conn_queue_work back (git-fixes). - scsi: iscsi: kabi: fix libiscsi new field (git-fixes). - scsi: iscsi: Merge suspend fields (git-fixes). - scsi: iscsi: Rename iscsi_conn_queue_work() (git-fixes). - scsi: iscsi: Run recv path from workqueue (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). - scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). - scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). - scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). - scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). - scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). - scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). - scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: mpi3mr: Fix memory leaks (git-fixes). - scsi: mpi3mr: Fix reporting of actual data transfer size (git-fixes). - scsi: mpi3mr: Fixes around reply request queues (git-fixes). - scsi: mpt3sas: Do not change DMA mask while reallocating pools (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Fail reset operation if config request timed out (git-fixes). - scsi: mpt3sas: Fix out-of-bounds compiler warning (git-fixes). - scsi: mpt3sas: re-do lost mpt3sas DMA mask fix (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Remove usage of dma_get_required_mask() API (bsc#1206912,bsc#1206098). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: ncr53c8xx: Remove unused retrieve_from_waiting_list() function (git-fixes). - scsi: pm8001: Fix bogus FW crash for maxcpus=1 (git-fixes). - scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm8001: Fix pm80xx_pci_mem_copy() interface (git-fixes). - scsi: pm8001: Fix tag leaks on error (git-fixes). - scsi: pm8001: Fix task leak in pm8001_send_abort_all() (git-fixes). - scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (git-fixes). - scsi: pm8001: Fix use-after-free for aborted TMF sas_task (git-fixes). - scsi: pm80xx: Fix double completion for SATA devices (git-fixes). - scsi: pm80xx: Fix memory leak during rmmod (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Add stag_work to all the vports (git-fixes). - scsi: qedf: Change context reset messages to ratelimited (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() (git-fixes). - scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC (git-fixes). - scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (git-fixes). - scsi: smartpqi: Fix kdump issue when controller is locked up (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: ufs: core: Fix ufshcd_probe_hba() prototype to match the definition (git-fixes). - scsi: ufs: Fix a kernel crash during shutdown (git-fixes). - scsi: ufs: Treat link loss as fatal error (git-fixes). - scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup() (git-fixes). - scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode() (git-fixes). - scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - sctp: sysctl: make extra pointers netns aware (bsc#1204760). - selftests: devlink: fix the fd redirect in dummy_reporter_test (git-fixes). - selftests: set the BUILD variable to absolute path (git-fixes). - selftests: Use optional USERCFLAGS and USERLDFLAGS (git-fixes). - selftests/efivarfs: Add checking of the test return value (git-fixes). - selftests/ftrace: event_triggers: wait longer for test_event_enable (git-fixes). - selftests/powerpc: Fix resource leaks (git-fixes). - serial: 8250_bcm7271: Fix error handling in brcmuart_init() (git-fixes). - serial: amba-pl011: avoid SBSA UART accessing DMACR register (git-fixes). - serial: pch: Fix PCI device refcount leak in pch_request_dma() (git-fixes). - serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle (git-fixes). - serial: stm32: move dma_request_chan() before clk_prepare_enable() (git-fixes). - serial: sunsab: Fix error handling in sunsab_init() (git-fixes). - serial: tegra: Read DMA status before terminating (git-fixes). - soc: mediatek: pm-domains: Fix the power glitch issue (git-fixes). - soc: qcom: llcc: make irq truly optional (git-fixes). - soc: qcom: Select REMAP_MMIO for LLCC driver (git-fixes). - soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe (git-fixes). - soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe (git-fixes). - soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 (git-fixes). - spi: spi-gpio: Do not set MOSI as an input if not 3WIRE mode (git-fixes). - spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE (git-fixes). - spi: Update reference to struct spi_controller (git-fixes). - staging: media: tegra-video: fix chan->mipi value on error (git-fixes). - staging: media: tegra-video: fix device_node use after free (git-fixes). - staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() (git-fixes). - staging: rtl8192u: Fix use after free in ieee80211_rx() (git-fixes). - string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). - test_firmware: fix memory leak in test_firmware_init() (git-fixes). - thermal: core: fix some possible name leaks in error paths (git-fixes). - thermal: int340x: Add missing attribute for data rate base (git-fixes). - thermal/drivers/imx8mm_thermal: Validate temperature range (git-fixes). - thermal/drivers/qcom/temp-alarm: Fix inaccurate warning for gen2 (git-fixes). - timers: implement usleep_idle_range() (git-fixes). - tpm: acpi: Call acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (git-fixes). - tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init() (git-fixes). - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - tracing: Free buffers when a used dynamic event is removed (git-fixes). - tracing/doc: Fix typos on the timerlat tracer documentation (git-fixes). - tracing/osnoise: Fix duration type (git-fixes). - tty: serial: altera_uart_{r,t}x_chars() need only uart_port (git-fixes). - tty: serial: clean up stop-tx part in altera_uart_tx_chars() (git-fixes). - uio: uio_dmem_genirq: Fix deadlock between irq config and handling (git-fixes). - uio: uio_dmem_genirq: Fix missing unlock in irq configuration (git-fixes). - units: Add SI metric prefix definitions (git-fixes). - units: add the HZ macros (git-fixes). - usb: cdnsp: fix lack of ZLP for ep0 (git-fixes). - usb: dwc3: core: defer probe on ulpi_read_id timeout (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes). - usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer (git-fixes). - usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system for Raptor Lake (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup (git-fixes). - usb: gadget: uvc: Prevent buffer overflow in setup handler (git-fixes). - usb: gadget: uvc: Rename bmInterfaceFlags -> bmInterlaceFlags (git-fixes). - usb: rndis_host: Secure rndis_query check against int overflow (git-fixes). - usb: roles: fix of node refcount leak in usb_role_switch_is_parent() (git-fixes). - usb: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes). - usb: serial: f81232: fix division by zero on line-speed change (git-fixes). - usb: serial: f81534: fix division by zero on line-speed change (git-fixes). - usb: serial: option: add Quectel EM05-G modem (git-fixes). - usb: storage: Add check for kcalloc (git-fixes). - usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (git-fixes). - usb: typec: Factor out non-PD fwnode properties (git-fixes). - usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() (git-fixes). - usb: typec: tipd: Cleanup resources if devm_tps6598_psy_register fails (git-fixes). - usb: typec: tipd: Fix spurious fwnode_handle_put in error path (git-fixes). - usb: ulpi: defer ulpi_register on ulpi_read_id timeout (git-fixes). - usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq (git-fixes). - vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() (git-fixes). - vdpa_sim: fix vringh initialization in vdpasim_queue_ready() (git-fixes). - vfio: platform: Do not pass return buffer to ACPI _RST method (git-fixes). - vhost: fix range used in translate_desc() (git-fixes). - vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes). - vmxnet3: correctly report csum_level for encapsulated packet (git-fixes). - vringh: fix range used in iotlb_translate() (git-fixes). - vsock: Enable y2038 safe timeval for timeout (bsc#1206101). - vsock: Refactor vsock_*_getsockopt to resemble sock_getsockopt (bsc#1206101). - wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (git-fixes). - wifi: ath10k: Fix return value in ath10k_pci_init() (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() (git-fixes). - wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() (git-fixes). - wifi: ath9k: verify the expected usb_endpoints are present (git-fixes). - wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() (git-fixes). - wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (git-fixes). - wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails (git-fixes). - wifi: iwlwifi: mvm: fix double free on tx path (git-fixes). - wifi: mac80211: fix memory leak in ieee80211_if_add() (git-fixes). - wifi: mt76: do not run mt76u_status_worker if the device is not running (git-fixes). - wifi: mt76: fix coverity overrun-call in mt76_get_txpower() (git-fixes). - wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port (git-fixes). - wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h (git-fixes). - wifi: rtl8xxxu: Fix the channel width reporting (git-fixes). - wifi: rtl8xxxu: gen2: Turn on the rate control (git-fixes). - wifi: rtw89: fix physts IE page check (git-fixes). - wifi: rtw89: Fix some error handling path in rtw89_core_sta_assoc() (git-fixes). - wifi: rtw89: use u32_encode_bits() to fill MAC quota value (git-fixes). - wifi: wilc1000: sdio: fix module autoloading (git-fixes). - xfrm: Fix oops in __xfrm_state_delete() (bsc#1206794). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:159-1 Released: Thu Jan 26 18:21:56 2023 Summary: Security update for python-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:160-1 Released: Thu Jan 26 18:22:30 2023 Summary: Security update for samba Type: security Severity: important References: 1200102,1201490,1201492,1201493,1201495,1201496,1201689,1204254,1205126,1205385,1205386,1206504,1206546,CVE-2021-20251,CVE-2022-2031,CVE-2022-32742,CVE-2022-32744,CVE-2022-32745,CVE-2022-32746,CVE-2022-3437,CVE-2022-37966,CVE-2022-37967,CVE-2022-38023,CVE-2022-42898 This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). - Updated to version 4.15.13: - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation (bsc#1205385). - CVE-2022-37967: Fixed a potential privilege escalation issue via constrained delegation due to weak a cryptographic algorithm being selected (bsc#1205386). - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel (bsc#1206504). - Updated to version 4.15.12: - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on 32-bit systems (bsc#1205126). - Updated to version 4.15.11: - CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3() (bsc#1204254). - Updated to version 4.15.10: - Fixed a potential crash due to a concurrency issue (bsc#1200102). - Updated to version 4.15.9: - CVE-2022-32742: Fixed an information leak that could be triggered via SMB1 (bsc#1201496). - CVE-2022-32746: Fixed a memory corruption issue in database audit logging (bsc#1201490). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32745: Fixed a remote server crash that could be triggered with certain LDAP requests (bsc#1201492). - CVE-2022-32744: Fixed an issue where AD users could have forged password change requests on behalf of other users (bsc#1201493). Other fixes: - Fixed a problem when using bind as samba-ad-dc backend related to the named service (bsc#1201689). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:161-1 Released: Thu Jan 26 18:23:16 2023 Summary: Security update for python-py Type: security Severity: moderate References: 1204364,CVE-2022-42969 This update for python-py fixes the following issues: - CVE-2022-42969: Fixed an excessive resource consumption that could be triggered when interacting with a Subversion repository containing crated data (bsc#1204364). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:169-1 Released: Thu Jan 26 18:29:53 2023 Summary: Security update for xen Type: security Severity: important References: 1027519,1205209,CVE-2022-23824 This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative execution issues (bnc#1205209). Non-security fixes: - Updated to version 4.16.3 (bsc#1027519). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:175-1 Released: Thu Jan 26 20:53:51 2023 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1207183,1207346 This update for gnutls fixes the following issues: - FIPS: Added GnuTLS DH/ECDH pairwise consistency check for public key regeneration [bsc#1207183] - FIPS: Change all the 140-2 references to FIPS 140-3 in order to account for the new FIPS certification [bsc#1207346] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:179-1 Released: Thu Jan 26 21:54:30 2023 Summary: Recommended update for tar Type: recommended Severity: low References: 1202436 This update for tar fixes the following issue: - Fix hang when unpacking test tarball (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:211-1 Released: Mon Jan 30 17:26:10 2023 Summary: Security update for vim Type: security Severity: moderate References: 1206866,1206867,1206868,1207162,1207396,CVE-2023-0049,CVE-2023-0051,CVE-2023-0054,CVE-2023-0288,CVE-2023-0433 This update for vim fixes the following issues: - Updated to version 9.0.1234: - CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash (bsc#1207396). - CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash (bsc#1207162). - CVE-2023-0054: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1206868). - CVE-2023-0051: Fixed an out of bounds memory access that could cause a crash (bsc#1206867). - CVE-2023-0049: Fixed an out of bounds memory access that could cause a crash (bsc#1206866). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:335-1 Released: Thu Feb 9 13:51:13 2023 Summary: Recommended update for hyper-v Type: recommended Severity: moderate References: This update for hyper-v fixes the following issues: - Provide the latest version for SLE-15-SP4 too. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:341-1 Released: Fri Feb 10 10:04:35 2023 Summary: Security update for bind Type: security Severity: important References: 1207471,1207473,1207475,CVE-2022-3094,CVE-2022-3736,CVE-2022-3924 This update for bind fixes the following issues: - Updated to version 9.16.37 (jsc#SLE-24600): - CVE-2022-3094: Fixed an issue where a message flood could exhaust all available memory (bsc#1207471). - CVE-2022-3736: Fixed a potential crash upon receiving an RRSIG in configurations with stale cache and stale answers enabled and stale-answer-client-timeout set to a positive value (bsc#1207473). - CVE-2022-3924: Fixed a potential crash upon reaching the recursive-clients soft quota in configurations with stale answers enabled and stale-answer-client-timeout set to a positive value (bsc#1207475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:348-1 Released: Fri Feb 10 15:08:41 2023 Summary: Security update for less Type: security Severity: moderate References: 1207815,CVE-2022-46663 This update for less fixes the following issues: - CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:349-1 Released: Fri Feb 10 15:09:03 2023 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1204294 This update for hwinfo fixes the following issues: - Create Xen usb controller device if necessary. (bsc#1204294) The following package changes have been done: - bind-utils-9.16.37-150400.5.17.1 updated - hwinfo-21.84-150400.3.9.1 updated - hyper-v-8-150200.14.8.1 updated - kernel-default-5.14.21-150400.24.41.1 updated - less-590-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libgnutls30-3.7.3-150400.4.24.1 updated - libmount1-2.37.2-150400.8.14.1 updated - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libsystemd0-249.14-150400.8.19.1 updated - libudev1-249.14-150400.8.19.1 updated - libuuid1-2.37.2-150400.8.14.1 updated - libz1-1.2.11-150000.3.39.1 updated - openssl-1_1-1.1.1l-150400.7.22.1 updated - procps-3.3.15-150000.7.28.1 updated - python3-bind-9.16.37-150400.5.17.1 updated - python3-certifi-2018.1.18-150000.3.3.1 updated - python3-py-1.10.0-150100.5.12.1 updated - python3-setuptools-44.1.1-150400.3.3.1 updated - samba-client-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 updated - samba-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 added - sudo-1.9.9-150400.4.12.1 updated - systemd-sysvinit-249.14-150400.8.19.1 updated - systemd-249.14-150400.8.19.1 updated - tar-1.34-150000.3.26.1 updated - udev-249.14-150400.8.19.1 updated - util-linux-systemd-2.37.2-150400.8.14.1 updated - util-linux-2.37.2-150400.8.14.1 updated - vim-data-common-9.0.1234-150000.5.34.1 updated - vim-9.0.1234-150000.5.34.1 updated - xen-libs-4.16.3_02-150400.4.19.1 updated From sle-updates at lists.suse.com Tue Feb 14 08:02:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Feb 2023 09:02:13 +0100 (CET) Subject: SUSE-IU-2023:142-1: Security update of suse-sles-15-sp4-chost-byos-v20230210-hvm-ssd-x86_64 Message-ID: <20230214080213.68343F46D@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230210-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:142-1 Image Tags : suse-sles-15-sp4-chost-byos-v20230210-hvm-ssd-x86_64:20230210 Image Release : Severity : important Type : security References : 1027519 1065729 1187428 1188605 1190969 1191259 1193629 1194038 1199294 1200102 1201068 1201490 1201492 1201493 1201495 1201496 1201689 1202436 1203219 1203652 1203740 1203829 1204254 1204294 1204364 1204614 1204652 1204760 1204911 1204944 1204989 1205000 1205126 1205209 1205257 1205263 1205385 1205386 1205485 1205496 1205601 1205646 1205695 1206073 1206098 1206101 1206188 1206209 1206212 1206273 1206344 1206389 1206390 1206391 1206393 1206394 1206395 1206396 1206397 1206398 1206399 1206412 1206456 1206468 1206504 1206515 1206536 1206546 1206554 1206602 1206619 1206664 1206667 1206703 1206794 1206866 1206867 1206868 1206896 1206912 1207016 1207082 1207162 1207182 1207183 1207264 1207346 1207396 1207471 1207473 1207475 1207533 1207534 1207536 1207538 1207815 CVE-2021-20251 CVE-2022-2031 CVE-2022-23491 CVE-2022-23824 CVE-2022-3094 CVE-2022-3104 CVE-2022-3105 CVE-2022-3106 CVE-2022-3107 CVE-2022-3108 CVE-2022-3111 CVE-2022-3112 CVE-2022-3113 CVE-2022-3114 CVE-2022-3115 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVE-2022-3344 CVE-2022-3437 CVE-2022-3564 CVE-2022-3736 CVE-2022-37966 CVE-2022-37967 CVE-2022-38023 CVE-2022-3924 CVE-2022-40897 CVE-2022-42898 CVE-2022-42969 CVE-2022-4304 CVE-2022-4379 CVE-2022-4415 CVE-2022-4450 CVE-2022-4662 CVE-2022-46663 CVE-2022-47520 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0215 CVE-2023-0286 CVE-2023-0288 CVE-2023-0433 CVE-2023-22809 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20230210-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:114-1 Released: Fri Jan 20 10:22:57 2023 Summary: Security update for sudo Type: security Severity: important References: 1207082,CVE-2023-22809 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:139-1 Released: Wed Jan 25 14:41:55 2023 Summary: Security update for python-certifi Type: security Severity: important References: 1206212,CVE-2022-23491 This update for python-certifi fixes the following issues: - remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle certs (bsc#1206212 CVE-2022-23491) - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 - Add removeTrustCor.patch ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:142-1 Released: Thu Jan 26 06:40:15 2023 Summary: Feature update for bind Type: feature Severity: moderate References: This update for bind fixes the following issues: Version update from 9.16.33 to 9.16.35 (jsc#SLE-24801, jsc#SLE-24600) - New Features: * Support for parsing and validating the dohpath service parameter in SVCB records was added. * named now logs the supported cryptographic algorithms during startup and in the output of named -V - Bug Fixes: * A crash was fixed that happened when a dnssec-policy zone that used NSEC3 was reconfigured to enable inline-signing. * In certain resolution scenarios, quotas could be erroneously reached for servers, including any configured forwarders, resulting in SERVFAIL answers being sent to clients. * rpz-ip rules in response-policy zones could be ineffective in some cases if a query had the CD (Checking Disabled) bit set to 1. * Previously, if Internet connectivity issues were experienced during the initial startup of named, a BIND resolver with dnssec-validation set to auto could enter into a state where it would not recover without stopping named, manually deleting the managed-keys.bind and managed-keys.bind.jnl files, and starting named again. * The statistics counter representing the current number of clients awaiting recursive resolution results (RecursClients) could overflow in certain resolution scenarios. * Previously, BIND failed to start on Solaris-based systems with hundreds of CPUs. * When a DNS resource records TTL value was equal to the resolver configured prefetch eligibility value, the record was erroneously not treated as eligible for prefetching. * Changing just the TSIG key names for primaries in catalog zones member zones was not effective. This has been fixed. - Known Issues: * Upgrading from BIND 9.16.32 or any older version may require a manual configuration change. The following configurations are affected: + type primary zones configured with dnssec-policy but without either allow-update or update-policy + type secondary zones configured with dnssec-policy In these cases please add inline-signing yes; to the individual zone configuration(s). Without applying this change, named will fail to start. For more details, see https://kb.isc.org/docs/dnssec-policy-requires-dynamic-dns-or-inline-signing ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:149-1 Released: Thu Jan 26 10:18:30 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1187428,1188605,1190969,1191259,1193629,1199294,1201068,1203219,1203740,1203829,1204614,1204652,1204760,1204911,1204989,1205257,1205263,1205485,1205496,1205601,1205695,1206073,1206098,1206101,1206188,1206209,1206273,1206344,1206389,1206390,1206391,1206393,1206394,1206395,1206396,1206397,1206398,1206399,1206456,1206468,1206515,1206536,1206554,1206602,1206619,1206664,1206703,1206794,1206896,1206912,1207016,CVE-2022-3104,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3112,CVE-2022-3113,CVE-2022-3114,CVE-2022-3115,CVE-2022-3344,CVE-2022-3564,CVE-2022-4379,CVE-2022-4662,CVE-2022-47520 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3344: Fixed a bug where nested shutdown interception could lead to host crash (bsc#1204652) - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393) - CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515) - CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399) - CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073) - CVE-2022-4379: Fixed a use-after-free vulnerability in nfs4file.c:__nfs42_ssc_open. (bsc#1206209) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2022-3104: Fixed a null pointer dereference caused by caused by a missing check of the return value of kzalloc() in bugs.c:lkdtm_ARRAY_BOUNDS. (bsc#1206396) - CVE-2022-3113: Fixed a null pointer dereference caused by a missing check of the return value of devm_kzalloc. (bsc#1206390) - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2022-3114: Fixed a null pointer dereference caused by a missing check of the return value of kcalloc. (bsc#1206391) - CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394) - CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398) - CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397) The following non-security bugs were fixed: - acct: fix potential integer overflow in encode_comp_t() (git-fixes). - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (git-fixes). - ACPICA: Fix error code path in acpi_ds_call_control_method() (git-fixes). - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (git-fixes). - ALSA: asihpi: fix missing pci_disable_device() (git-fixes). - ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB (git-fixes). - ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops (git-fixes). - ALSA: line6: correct midi status byte when receiving data from podxt (git-fixes). - ALSA: line6: fix stack overflow in line6_midi_transmit (git-fixes). - ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt (git-fixes). - ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (git-fixes). - ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT (git-fixes). - ALSA: pcm: Set missing stop_operating flag at undoing trigger start (git-fixes). - ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event (git-fixes). - ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT (git-fixes). - ALSA: usb-audio: add the quirk for KT0206 device (git-fixes). - amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table() (git-fixes). - apparmor: fix a memleak in multi_transaction_new() (git-fixes). - apparmor: Fix abi check to include v8 abi (git-fixes). - apparmor: fix lockdep warning when removing a namespace (git-fixes). - apparmor: Fix memleak in alloc_ns() (git-fixes). - apparmor: Use pointer to struct aa_label for lbs_cred (git-fixes). - ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels (git-fixes). - ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (git-fixes). - ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-39x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: nuvoton: Remove bogus unit addresses from fixed-partition nodes (git-fixes). - ARM: dts: qcom: apq8064: fix coresight compatible (git-fixes). - ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 (git-fixes). - ARM: dts: rockchip: fix ir-receiver node names (git-fixes). - ARM: dts: rockchip: fix node name for hym8563 rtc (git-fixes). - ARM: dts: rockchip: remove clock-frequency from rtc (git-fixes). - ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name (git-fixes). - ARM: dts: spear600: Fix clcd interrupt (git-fixes). - ARM: dts: stm32: Drop stm32mp15xc.dtsi from Avenger96 (git-fixes). - ARM: dts: stm32: Fix AV96 WLAN regulator gpio property (git-fixes). - ARM: dts: turris-omnia: Add ethernet aliases (git-fixes). - ARM: dts: turris-omnia: Add switch port 6 node (git-fixes). - ARM: mmp: fix timer_read delay (git-fixes). - ARM: ux500: do not directly dereference __iomem (git-fixes). - arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path (performance bsc#1203219). - arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC (git-fixes). - arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name (git-fixes). - arm64: dts: mediatek: pumpkin-common: Fix devicetree warnings (git-fixes). - arm64: dts: mt2712-evb: Fix usb vbus regulators unit names (git-fixes). - arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names (git-fixes). - arm64: dts: mt2712e: Fix unit address for pinctrl node (git-fixes). - arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators (git-fixes). - arm64: dts: mt6779: Fix devicetree build warnings (git-fixes). - arm64: dts: mt7622: drop r_smpl property from mmc node (git-fixes). - arm64: dts: mt8183: drop drv-type from mmc-node (git-fixes). - arm64: dts: mt8183: Fix Mali GPU clock (git-fixes). - arm64: dts: qcom: ipq6018-cp01-c1: use BLSPI1 pins (git-fixes). - arm64: dts: qcom: msm8916: Drop MSS fallback compatible (git-fixes). - arm64: dts: qcom: msm8996: Add MSM8996 Pro support (git-fixes). - arm64: dts: qcom: msm8996: fix GPU OPP table (git-fixes). - arm64: dts: qcom: msm8996: fix supported-hw in cpufreq OPP tables (git-fixes). - arm64: dts: qcom: sdm630: fix UART1 pin bias (git-fixes). - arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias (git-fixes). - arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength (git-fixes). - arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength (git-fixes). - arm64: dts: qcom: sm8250-sony-xperia-edo: fix touchscreen bias-disable (git-fixes). - arm64: dts: qcom: sm8250: correct LPASS pin pull down (git-fixes). - arm64: dts: qcom: sm8250: drop bogus DP PHY clock (git-fixes). - arm64: dts: qcom: sm8250: fix USB-DP PHY registers (git-fixes). - arm64: dts: rockchip: fix ir-receiver node names (git-fixes). - arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series (git-fixes). - arm64: dts: ti: k3-am65-main: Drop dma-coherent in crypto node (git-fixes). - arm64: dts: ti: k3-j721e-main: Drop dma-coherent in crypto node (git-fixes). - ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() (git-fixes). - ASoC: codecs: rt298: Add quirk for KBL-R RVP platform (git-fixes). - ASoC: cs42l51: Correct PGA Volume minimum value (git-fixes). - ASoC: dt-bindings: wcd9335: fix reset line polarity in example (git-fixes). - ASoC: fsl_micfil: explicitly clear CHnF flags (git-fixes). - ASoC: fsl_micfil: explicitly clear software reset bit (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet (git-fixes). - ASoC: jz4740-i2s: Handle independent FIFO flush bits (git-fixes). - ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() (git-fixes). - ASoC: mediatek: mt8173: Enable IRQ when pdata is ready (git-fixes). - ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() (git-fixes). - ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd (git-fixes). - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Correct bounds check for second channel on SX controls (git-fixes). - ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe (git-fixes). - ASoC: pxa: fix null-pointer dereference in filter() (git-fixes). - ASoC: qcom: Add checks for devm_kcalloc (git-fixes). - ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() (git-fixes). - ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() (git-fixes). - ASoC: rt5670: Remove unbalanced pm_runtime_put() (git-fixes). - ASoC: rt711-sdca: fix the latency time of clock stop prepare state machine transitions (git-fixes). - ASoC: soc-pcm: Add NULL check in BE reparenting (git-fixes). - ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register (git-fixes). - ASoC: wm8994: Fix potential deadlock (git-fixes). - ata: ahci: Fix PCS quirk application for suspend (git-fixes). - binfmt_elf: fix documented return value for load_elf_phdrs() (git-fixes). - binfmt_misc: fix shift-out-of-bounds in check_special_flags (git-fixes). - binfmt: Fix error return code in load_elf_fdpic_binary() (git-fixes). - block: Do not reread partition table on exclusively open device (bsc#1190969). - Bluetooth: btintel: Fix missing free skb in btintel_setup_combined() (git-fixes). - Bluetooth: btusb: Add debug message for CSR controllers (git-fixes). - Bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_bcsp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_core: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_h5: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_ll: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_qca: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: MGMT: Fix error report for ADD_EXT_ADV_PARAMS (git-fixes). - Bluetooth: RFCOMM: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - brcmfmac: return error when getting invalid max_flowrings from dongle (git-fixes). - caif: fix memory leak in cfctrl_linkup_request() (git-fixes). - can: do not increase rx statistics when generating a CAN rx error message frame (git-fixes). - can: do not increase rx_bytes statistics for RTR frames (git-fixes). - can: kvaser_usb_leaf: Fix bogus restart events (git-fixes). - can: kvaser_usb_leaf: Fix wrong CAN state after stopping (git-fixes). - can: kvaser_usb_leaf: Set Warning state even without bus errors (git-fixes). - can: kvaser_usb: do not increase tx statistics when sending error message frames (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (git-fixes). - can: kvaser_usb: make use of units.h in assignment of frequency (git-fixes). - can: m_can: fix typo prescalar -> prescaler (git-fixes). - can: m_can: is_lec_err(): clean up LEC error handling (git-fixes). - can: mcba_usb: Fix termination command argument (git-fixes). - can: sja1000: fix size of OCR_MODE_MASK define (git-fixes). - can: tcan4x5x: Remove invalid write in clear_interrupts (git-fixes). - chardev: fix error handling in cdev_device_add() (git-fixes). - cifs: Add 'extbuf' and 'extbuflen' args to smb2_compound_op() (bsc#1193629). - cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1193629). - cifs: do not leak -ENOMEM in smb2_open_file() (bsc#1193629). - cifs: do not refresh cached referrals from unactive mounts (bsc#1193629). - cifs: fix confusing debug message (bsc#1193629). - cifs: Fix kmap_local_page() unmapping (git-fixes). - cifs: fix missing display of three mount options (bsc#1193629). - cifs: fix oops during encryption (bsc#1199294). - cifs: fix refresh of cached referrals (bsc#1193629). - cifs: fix source pathname comparison of dfs supers (bsc#1193629). - cifs: fix various whitespace errors in headers (bsc#1193629). - cifs: get rid of mount options string parsing (bsc#1193629). - cifs: minor cleanup of some headers (bsc#1193629). - cifs: optimize reconnect of nested links (bsc#1193629). - cifs: Parse owner/group for stat in smb311 posix extensions (bsc#1193629). - cifs: print warning when conflicting soft vs. hard mount options specified (bsc#1193629). - cifs: reduce roundtrips on create/qinfo requests (bsc#1193629). - cifs: refresh root referrals (bsc#1193629). - cifs: Remove duplicated include in cifsglob.h (bsc#1193629). - cifs: remove unused smb3_fs_context::mount_options (bsc#1193629). - cifs: set correct ipc status after initial tree connect (bsc#1193629). - cifs: set correct status of tcon ipc when reconnecting (bsc#1193629). - cifs: set correct tcon status after initial tree connect (bsc#1193629). - cifs: set resolved ip in sockaddr (bsc#1193629). - cifs: share dfs connections and supers (bsc#1193629). - cifs: skip alloc when request has no pages (bsc#1193629). - cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use fs_context for automounts (bsc#1193629). - cifs: use origin fullpath for automounts (bsc#1193629). - class: fix possible memory leak in __class_register() (git-fixes). - clk: Fix pointer casting to prevent oops in devm_clk_release() (git-fixes). - clk: generalize devm_clk_get() a bit (git-fixes). - clk: imx: imx8mp: add shared clk gate for usb suspend clk (git-fixes). - clk: imx: replace osc_hdmi with dummy (git-fixes). - clk: nomadik: correct struct name kernel-doc warning (git-fixes). - clk: Provide new devm_clk helpers for prepared and enabled clocks (git-fixes). - clk: qcom: clk-krait: fix wrong div2 functions (git-fixes). - clk: qcom: gcc-sm8250: Use retention mode for USB GDSCs (git-fixes). - clk: qcom: lpass-sc7180: Fix pm_runtime usage (git-fixes). - clk: renesas: r9a06g032: Repair grave increment error (git-fixes). - clk: rockchip: Fix memory leak in rockchip_clk_register_pll() (git-fixes). - clk: samsung: Fix memory leak in _samsung_clk_register_pll() (git-fixes). - clk: socfpga: Fix memory leak in socfpga_gate_init() (git-fixes). - clk: st: Fix memory leak in st_of_quadfs_setup() (git-fixes). - clk: sunxi-ng: v3s: Correct the header guard of ccu-sun8i-v3s.h (git-fixes). - clocksource/drivers/sh_cmt: Access registers according to spec (git-fixes). - clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock() (git-fixes). - cpufreq: ACPI: Defer setting boost MSRs (bsc#1205485). - cpufreq: ACPI: Only set boost MSRs on supported CPUs (bsc#1205485). - cpufreq: ACPI: Remove unused variables 'acpi_cpufreq_online' and 'ret' (bsc#1205485). - cpufreq: intel_pstate: Add Sapphire Rapids support in no-HWP mode (bsc#1201068). - crypto: ccree - Make cc_debugfs_global_fini() available for module init function (git-fixes). - crypto: ccree - Remove debugfs when platform_driver_register failed (git-fixes). - crypto: cryptd - Use request context instead of stack for sub-request (git-fixes). - crypto: hisilicon/qm - fix missing destroy qp_idr (git-fixes). - crypto: img-hash - Fix variable dereferenced before check 'hdev->req' (git-fixes). - crypto: n2 - add missing hash statesize (git-fixes). - crypto: nitrox - avoid double free on error path in nitrox_sriov_init() (git-fixes). - crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe() (git-fixes). - crypto: rockchip - add fallback for ahash (git-fixes). - crypto: rockchip - add fallback for cipher (git-fixes). - crypto: rockchip - better handle cipher key (git-fixes). - crypto: rockchip - do not do custom power management (git-fixes). - crypto: rockchip - do not store mode globally (git-fixes). - crypto: rockchip - remove non-aligned handling (git-fixes). - crypto: rockchip - rework by using crypto_engine (git-fixes). - crypto: sun8i-ss - use dma_addr instead u32 (git-fixes). - crypto: tcrypt - Fix multibuffer skcipher speed test mem leak (git-fixes). - device property: Fix documentation for fwnode_get_next_parent() (git-fixes). - dmaengine: idxd: Fix crc_val field for completion record (git-fixes). - docs/zh_CN: Fix '.. only::' directive's expression (git-fixes). - Documentation: devres: add missing devm_acpi_dma_controller_free() helper (git-fixes). - Documentation: devres: add missing MEM helper (git-fixes). - Documentation: devres: add missing PHY helpers (git-fixes). - Documentation: devres: add missing PWM helper (git-fixes). - drbd: destroy workqueue when drbd device was freed (git-fixes). - drbd: remove call to memset before free device/resource/connection (git-fixes). - drbd: remove usage of list iterator variable after loop (git-fixes). - drbd: set QUEUE_FLAG_STABLE_WRITES (git-fixes). - drbd: use after free in drbd_create_device() (git-fixes). - driver core: Fix bus_type.match() error handling in __driver_attach() (git-fixes). - drivers: dio: fix possible memory leak in dio_init() (git-fixes). - drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static (git-fixes). - drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420 (git-fixes). - drm/amd/display: fix array index out of bound error in bios parser (git-fixes). - drm/amd/display: Manually adjust strobe for DCN303 (git-fixes). - drm/amd/display: prevent memory leak (git-fixes). - drm/amd/display: Use the largest vready_offset in pipe group (git-fixes). - drm/amd/pm/smu11: BACO is supported when it's in BACO state (git-fixes). - drm/amdgpu: fix pci device refcount leak (git-fixes). - drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() (git-fixes). - drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback (git-fixes). - drm/amdgpu: Fix type of second parameter in trans_msg() callback (git-fixes). - drm/amdgpu: handle polaris10/11 overlap asics (v2) (git-fixes). - drm/amdgpu: make display pinning more flexible (v2) (git-fixes). - drm/amdgpu/powerplay/psm: Fix memory leak in power state init (git-fixes). - drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle suspend (git-fixes). - drm/amdkfd: Fix memory leakage (git-fixes). - drm/bridge: adv7533: remove dynamic lane switching from adv7533 bridge (git-fixes). - drm/bridge: anx7625: Fix edid_read break case in sp_tx_edid_read() (git-fixes). - drm/bridge: ti-sn65dsi86: Fix output polarity setting bug (git-fixes). - drm/connector: send hotplug uevent on connector cleanup (git-fixes). - drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink (git-fixes). - drm/etnaviv: add missing quirks for GC300 (git-fixes). - drm/etnaviv: do not truncate physical page address (git-fixes). - drm/fourcc: Add packed 10bit YUV 4:2:0 format (git-fixes). - drm/fourcc: Fix vsub/hsub for Q410 and Q401 (git-fixes). - drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() (git-fixes). - drm/i915: Fix documentation for intel_uncore_forcewake_put__locked (git-fixes). - drm/i915: remove circ_buf.h includes (git-fixes). - drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() (git-fixes). - drm/i915/display: Do not disable DDI/Transcoder when setting phy test pattern (git-fixes). - drm/i915/dsi: fix VBT send packet port selection for dual link DSI (git-fixes). - drm/i915/gvt: fix gvt debugfs destroy (git-fixes). - drm/i915/gvt: fix vgpu debugfs clean in remove (git-fixes). - drm/i915/migrate: do not check the scratch page (git-fixes). - drm/i915/migrate: fix length calculation (git-fixes). - drm/i915/migrate: fix offset calculation (git-fixes). - drm/i915/ttm: never purge busy objects (git-fixes). - drm/imx: ipuv3-plane: Fix overlay plane width (git-fixes). - drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() (git-fixes). - drm/mediatek: Fix return type of mtk_hdmi_bridge_mode_valid() (git-fixes). - drm/mediatek: Modify dpi power on/off sequence (git-fixes). - drm/meson: Reduce the FIFO lines held when AFBC is not used (git-fixes). - drm/msm: Use drm_mode_copy() (git-fixes). - drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure (git-fixes). - drm/panfrost: Fix GEM handle creation ref-counting (git-fixes). - drm/radeon: Add the missed acpi_put_table() to fix memory leak (git-fixes). - drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() (git-fixes). - drm/rockchip: lvds: fix PM usage counter unbalance in poweron (git-fixes). - drm/rockchip: Use drm_mode_copy() (git-fixes). - drm/shmem-helper: Avoid vm_open error paths (git-fixes). - drm/shmem-helper: Remove errant put in error path (git-fixes). - drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() (git-fixes). - drm/sti: Use drm_mode_copy() (git-fixes). - drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() (git-fixes). - drm/vmwgfx: Do not use screen objects when SEV is active (git-fixes). - drm/vmwgfx: Fix a sparse warning in kernel docs (git-fixes). - drm/vmwgfx: Validate the box size for the snooped cursor (git-fixes). - Drop FIPS mode DRBG->getrandom(2) wire-up (bsc#1191259) - dt-bindings: clock: qcom,aoncc-sm8250: fix compatible (git-fixes). - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - dt-bindings: display: sun6i-dsi: Fix clock conditional (git-fixes). - dt-bindings: gpio: gpio-davinci: Increase maxItems in gpio-line-names (git-fixes). - dt-bindings: net: sun8i-emac: Add phy-supply property (git-fixes). - EDAC/mc_sysfs: Increase legacy channel support to 12 (bsc#1205263). - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - extcon: usbc-tusb320: Add support for mode setting and reset (git-fixes). - extcon: usbc-tusb320: Add support for TUSB320L (git-fixes). - extcon: usbc-tusb320: Factor out extcon into dedicated functions (git-fixes). - fbcon: Use kzalloc() in fbcon_prepare_logo() (git-fixes). - fbdev: fbcon: release buffer when fbcon_do_set_font() failed (git-fixes). - fbdev: geode: do not build on UML (git-fixes). - fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB (git-fixes). - fbdev: pm2fb: fix missing pci_disable_device() (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - fbdev: ssd1307fb: Drop optional dependency (git-fixes). - fbdev: uvesafb: do not build on UML (git-fixes). - fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (git-fixes). - fbdev: vermilion: decrease reference count in error path (git-fixes). - fbdev: via: Fix error in via_core_init() (git-fixes). - firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes). - floppy: Fix memory leak in do_floppy_init() (git-fixes). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206273). - gpio: sifive: Fix refcount leak in sifive_gpio_probe (git-fixes). - gpiolib: cdev: fix NULL-pointer dereferences (git-fixes). - gpiolib: check the 'ngpios' property in core gpiolib code (git-fixes). - gpiolib: fix memory leak in gpiochip_setup_dev() (git-fixes). - gpiolib: Get rid of redundant 'else' (git-fixes). - gpiolib: improve coding style for local variables (git-fixes). - gpiolib: make struct comments into real kernel docs (git-fixes). - hamradio: baycom_epp: Fix return type of baycom_send_packet() (git-fixes). - hamradio: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - HID: hid-sensor-custom: set fixed size for custom attributes (git-fixes). - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10 (git-fixes). - HID: mcp2221: do not connect hidraw (git-fixes). - HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint (git-fixes). - HID: plantronics: Additional PIDs for double volume key presses quirk (git-fixes). - HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk (git-fixes). - HID: usbhid: Add ALWAYS_POLL quirk for some mice (git-fixes). - HID: wacom: Ensure bootloader PID is usable in hidraw mode (git-fixes). - HSI: omap_ssi_core: Fix error handling in ssi_init() (git-fixes). - HSI: omap_ssi_core: fix possible memory leak in ssi_probe() (git-fixes). - HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() (git-fixes). - hwmon: (jc42) Convert register access and caching to regmap/regcache (git-fixes). - hwmon: (jc42) Fix missing unlock on error in jc42_write() (git-fixes). - hwmon: (jc42) Restore the min/max/critical temperatures on resume (git-fixes). - hwrng: amd - Fix PCI device refcount leak (git-fixes). - i2c: ismt: Fix an out-of-bounds bug in ismt_access() (git-fixes). - i2c: mux: reg: check return value after calling platform_get_resource() (git-fixes). - i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe (git-fixes). - IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (git-fixes) - ibmveth: Always stop tx queues during close (bsc#1065729). - iio: adc: ad_sigma_delta: do not use internal iio_dev lock (git-fixes). - iio: adc128s052: add proper .data members in adc128_of_match table (git-fixes). - iio: fix memory leak in iio_device_register_eventset() (git-fixes). - iio: temperature: ltc2983: make bulk write buffer DMA-safe (git-fixes). - ima: Fix a potential NULL pointer access in ima_restore_measurement_list (git-fixes). - Input: elants_i2c - properly handle the reset GPIO when power is off (git-fixes). - Input: joystick - fix Kconfig warning for JOYSTICK_ADC (git-fixes). - Input: wistron_btns - disable on UML (git-fixes). - integrity: Fix memory leakage in keyring allocation error path (git-fixes). - ipmi: fix long wait in unload when IPMI disconnect (git-fixes). - ipmi: fix memleak when unload ipmi driver (git-fixes). - ipmi: fix use after free in _ipmi_destroy_user() (git-fixes). - ipmi: kcs: Poll OBF briefly to reduce OBE latency (git-fixes). - ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() (git-fixes). - kABI: reintroduce a non-inline usleep_range (git-fixes). - lib/debugobjects: fix stat count and optimize debug_objects_mem_init (git-fixes). - lib/fonts: fix undefined behavior in bit shift for get_default_font (git-fixes). - mailbox: arm_mhuv2: Fix return value check in mhuv2_probe() (git-fixes). - mailbox: mpfs: read the system controller's status (git-fixes). - mailbox: zynq-ipi: fix error handling while device_register() fails (git-fixes). - media: adv748x: afe: Select input port when initializing AFE (git-fixes). - media: camss: Clean up received buffers on failed start of streaming (git-fixes). - media: dvb-core: Fix double free in dvb_register_device() (git-fixes). - media: dvb-core: Fix ignored return value in dvb_register_frontend() (git-fixes). - media: dvb-frontends: fix leak of memory fw (git-fixes). - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init() (git-fixes). - media: i2c: ad5820: Fix error path (git-fixes). - media: imon: fix a race condition in send_packet() (git-fixes). - media: saa7164: fix missing pci_disable_device() (git-fixes). - media: si470x: Fix use-after-free in si470x_int_in_callback() (git-fixes). - media: solo6x10: fix possible memory leak in solo_sysfs_init() (git-fixes). - media: stv0288: use explicitly signed char (git-fixes). - media: v4l2-ctrls: Fix off-by-one error in integer menu control check (git-fixes). - media: v4l2-dv-timings.c: fix too strict blanking sanity checks (git-fixes). - media: videobuf-dma-contig: use dma_mmap_coherent (git-fixes). - media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init() (git-fixes). - media: vimc: Fix wrong function called when vimc_init() fails (git-fixes). - media: vivid: fix compose size exceed boundary (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mfd: bd957x: Fix Kconfig dependency on REGMAP_IRQ (git-fixes). - mfd: mt6360: Add bounds checking in Regmap read/write call-backs (git-fixes). - mfd: pm8008: Fix return value check in pm8008_probe() (git-fixes). - mfd: pm8008: Remove driver data structure pm8008_data (git-fixes). - mfd: qcom_rpm: Fix an error handling path in qcom_rpm_probe() (git-fixes). - mfd: qcom_rpm: Use devm_of_platform_populate() to simplify code (git-fixes). - misc: ocxl: fix possible name leak in ocxl_file_register_afu() (git-fixes). - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (git-fixes). - mISDN: hfcmulti: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcpci: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcsusb: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). - mm/mempolicy: fix memory leak in set_mempolicy_home_node system call (bsc#1206468). - mmc: alcor: fix return value check of mmc_add_host() (git-fixes). - mmc: atmel-mci: fix return value check of mmc_add_host() (git-fixes). - mmc: core: Normalize the error handling branch in sd_read_ext_regs() (git-fixes). - mmc: f-sdh30: Add quirks for broken timeout clock capability (git-fixes). - mmc: meson-gx: fix return value check of mmc_add_host() (git-fixes). - mmc: mmci: fix return value check of mmc_add_host() (git-fixes). - mmc: moxart: fix return value check of mmc_add_host() (git-fixes). - mmc: mtk-sd: Fix missing clk_disable_unprepare in msdc_of_clock_parse() (git-fixes). - mmc: mxcmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: omap_hsmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: pxamci: fix return value check of mmc_add_host() (git-fixes). - mmc: renesas_sdhi: alway populate SCC pointer (git-fixes). - mmc: renesas_sdhi: better reset from HS400 mode (git-fixes). - mmc: rtsx_pci: fix return value check of mmc_add_host() (git-fixes). - mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K (git-fixes). - mmc: toshsd: fix return value check of mmc_add_host() (git-fixes). - mmc: via-sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (git-fixes). - mmc: wbsd: fix return value check of mmc_add_host() (git-fixes). - mmc: wmt-sdmmc: fix return value check of mmc_add_host() (git-fixes). - module: change to print useful messages from elf_validity_check() (git-fixes). - module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes). - mt76: stop the radar detector after leaving dfs channel (git-fixes). - mtd: Fix device name leak when register device failed in add_mtd_device() (git-fixes). - mtd: lpddr2_nvm: Fix possible null-ptr-deref (git-fixes). - mtd: maps: pxa2xx-flash: fix memory leak in probe (git-fixes). - mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() (git-fixes). - mtd: spi-nor: Fix the number of bytes for the dummy cycles (git-fixes). - mtd: spi-nor: hide jedec_id sysfs attribute if not present (git-fixes). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428 bsc#1206619). - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - net: usb: smsc95xx: fix external PHY reset (git-fixes). - net/mlx5: Fix mlx5_get_next_dev() peer device matching (bsc#1206536). - net/mlx5: Lag, filter non compatible devices (bsc#1206536). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - nfc: Fix potential resource leaks (git-fixes). - nfc: pn533: Clear nfc_target before being used (git-fixes). - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (git-fixes). - NFS: Handle missing attributes in OPEN reply (bsc#1203740). - nilfs2: fix shift-out-of-bounds due to too large exponent of block size (git-fixes). - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() (git-fixes). - octeontx2-af: Add PTP PPS Errata workaround on CN10K silicon (jsc#SLE-24682). - octeontx2-af: Allow mkex profile without DMAC and add L2M/L2B header extraction support (jsc#SLE-24682). - octeontx2-af: Do not reset previous pfc config (jsc#SLE-24682). - octeontx2-af: fix operand size in bitwise operation (jsc#SLE-24682). - octeontx2-af: Initialize PTP_SEC_ROLLOVER register properly (jsc#SLE-24682). - octeontx2-af: Limit link bringup time at firmware (jsc#SLE-24682). - octeontx2-af: return correct ptp timestamp for CN10K silicon (jsc#SLE-24682). - octeontx2-af: Set NIX link credits based on max LMAC (jsc#SLE-24682). - octeontx2-af: Skip CGX/RPM probe incase of zero lmac count (jsc#SLE-24682). - octeontx2-pf: Add egress PFC support (jsc#SLE-24682). - octeontx2-pf: Add support for ptp 1-step mode on CN10K silicon (jsc#SLE-24682). - octeontx2-pf: Fix lmtst ID used in aura free (jsc#SLE-24682). - octeontx2-pf: Fix pfc_alloc_status array overflow (jsc#SLE-24682). - octeontx2-pf: Fix SQE threshold checking (jsc#SLE-24682). - octeontx2-pf: Fix unused variable build error (jsc#SLE-24682). - octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (jsc#SLE-24682). - octeontx2-pf: Reduce minimum mtu size to 60 (jsc#SLE-24682). - octeontx2: Modify mbox request and response structures (jsc#SLE-24682). - padata: Fix list iterator in padata_do_serial() (git-fixes). - PCI: Check for alloc failure in pci_request_irq() (git-fixes). - PCI: dwc: Fix n_fts[] array overrun (git-fixes). - PCI: Fix pci_device_is_present() for VFs by checking PF (git-fixes). - PCI: pci-epf-test: Register notifier if only core_init_notifier is enabled (git-fixes). - PCI: vmd: Disable MSI remapping after suspend (git-fixes). - PCI/sysfs: Fix double free in error path (git-fixes). - phy: usb: s2 WoL wakeup_count not incremented for USB->Eth devices (git-fixes). - pinctrl: k210: call of_node_put() (git-fixes). - pinctrl: meditatek: Startup with the IRQs disabled (git-fixes). - pinctrl: pinconf-generic: add missing of_node_put() (git-fixes). - platform/chrome: cros_ec_typec: Cleanup switch handle return paths (git-fixes). - platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() (git-fixes). - platform/mellanox: mlxbf-pmc: Fix event typo (git-fixes). - platform/x86: huawei-wmi: fix return value calculation (git-fixes). - platform/x86: intel_scu_ipc: fix possible name leak in __intel_scu_ipc_register() (git-fixes). - platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() (git-fixes). - PM: hibernate: Fix mistake in kerneldoc comment (git-fixes). - PM: runtime: Do not call __rpm_callback() from rpm_idle() (git-fixes). - PNP: fix name memory leak in pnp_alloc_dev() (git-fixes). - power: supply: ab8500: Fix error handling in ab8500_charger_init() (git-fixes). - power: supply: fix null pointer dereferencing in power_supply_get_battery_info (git-fixes). - power: supply: fix residue sysfs file in error handle route of __power_supply_register() (git-fixes). - power: supply: z2_battery: Fix possible memleak in z2_batt_probe() (git-fixes). - powerpc: export the CPU node count (bsc#1207016 ltc#201108). - powerpc: Take in account addition CPU node when building kexec FDT (bsc#1207016 ltc#201108). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - proc: fixup uptime selftest (git-fixes). - pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes). - pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES (git-fixes). - pstore: Properly assign mem_type property (git-fixes). - pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion (git-fixes). - pstore/ram: Fix error return code in ramoops_probe() (git-fixes). - pstore/zone: Use GFP_ATOMIC to allocate zone buffer (git-fixes). - pwm: lpc18xx-sct: Fix a comment to match code (git-fixes). - pwm: mediatek: always use bus clock for PWM on MT7622 (git-fixes). - pwm: sifive: Call pwm_sifive_update_clock() while mutex is held (git-fixes). - pwm: tegra: Improve required rate calculation (git-fixes). - r6040: Fix kmemleak in probe and remove (git-fixes). - random: allow partial reads if later user copies fail (bsc#1204911). - random: check for signals every PAGE_SIZE chunk of /dev/random (bsc#1204911). - random: convert to using fops->read_iter() (bsc#1204911). - random: convert to using fops->write_iter() (bsc#1204911). - random: remove outdated INT_MAX >> 6 check in urandom_read() (bsc#1204911). - random: zero buffer after reading entropy from userspace (bsc#1204911). - RDMA: Disable IB HW for UML (git-fixes) - RDMA/core: Fix order of nldev_exit call (git-fixes) - RDMA/core: Make sure 'ib_port' is valid when access sysfs node (git-fixes) - RDMA/efa: Add EFA 0xefa2 PCI ID (git-fixes) - RDMA/hfi: Decrease PCI device reference count in error path (git-fixes) - RDMA/hfi1: Fix error return code in parse_platform_config() (git-fixes) - RDMA/hns: Fix AH attr queried by query_qp (git-fixes) - RDMA/hns: Fix error code of CMD (git-fixes) - RDMA/hns: Fix ext_sge num error when post send (git-fixes) - RDMA/hns: fix memory leak in hns_roce_alloc_mr() (git-fixes) - RDMA/hns: Fix page size cap from firmware (git-fixes) - RDMA/hns: Fix PBL page MTR find (git-fixes) - RDMA/hns: Fix XRC caps on HIP08 (git-fixes) - RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data() (git-fixes) - RDMA/irdma: Do not request 2-level PBLEs for CQ alloc (git-fixes) - RDMA/irdma: Initialize net_type before checking it (git-fixes) - RDMA/irdma: Report the correct link speed (git-fixes) - RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() (git-fixes) - RDMA/nldev: Fix failure to send large messages (git-fixes) - RDMA/nldev: Return '-EAGAIN' if the cm_id isn't from expected port (git-fixes) - RDMA/restrack: Release MR restrack when delete (git-fixes) - RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (git-fixes) - RDMA/siw: Fix immediate work request flush to completion queue (git-fixes) - RDMA/siw: Fix pointer cast warning (git-fixes) - RDMA/siw: Set defined status for work completion with undefined status (git-fixes) - RDMA/srp: Fix error return code in srp_parse_options() (git-fixes) - regulator: bd718x7: Drop unnecessary info print (git-fixes). - regulator: core: fix deadlock on regulator enable (git-fixes). - regulator: core: fix module refcount leak in set_supply() (git-fixes). - regulator: core: fix resource leak in regulator_register() (git-fixes). - regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() (git-fixes). - regulator: core: fix use_count leakage when handling boot-on (git-fixes). - regulator: core: use kfree_const() to free space conditionally (git-fixes). - regulator: qcom-labibb: Fix missing of_node_put() in qcom_labibb_regulator_probe() (git-fixes). - regulator: qcom-rpmh: Fix PMR735a S3 regulator spec (git-fixes). - regulator: slg51000: Wait after asserting CS pin (git-fixes). - regulator: twl6030: fix get status of twl6032 regulators (git-fixes). - remoteproc: core: Do pm_relax when in RPROC_OFFLINE state (git-fixes). - remoteproc: qcom_q6v5_pas: detach power domains on remove (git-fixes). - remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or remove (git-fixes). - remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() (git-fixes). - remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare() in q6v5_wcss_qcs404_power_on() (git-fixes). - remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() (git-fixes). - remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() (git-fixes). - rtc: cmos: fix build on non-ACPI platforms (git-fixes). - rtc: cmos: Fix event handler registration ordering issue (git-fixes). - rtc: cmos: Fix wake alarm breakage (git-fixes). - rtc: ds1347: fix value written to century register (git-fixes). - rtc: mxc_v2: Add missing clk_disable_unprepare() (git-fixes). - rtc: pcf85063: fix pcf85063_clkout_control (gut-fixes). - rtc: pcf85063: Fix reading alarm (git-fixes). - rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe() (git-fixes). - rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 (git-fixes). - rtc: snvs: Allow a time difference on clock register read (git-fixes). - rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() (git-fixes). - rtmutex: Add acquire semantics for rtmutex lock acquisition slow path (bnc#1203829). - s390/boot: add secure boot trailer (bsc#1205257 LTC#200451). - sbitmap: fix lockup while swapping (bsc#1206602). - sched/core: Fix comparison in sched_group_cookie_match() (git-fixes) - sched/core: Fix the bug that task won't enqueue into core (git-fixes) - sched/topology: Remove redundant variable and fix incorrect (git-fixes) - sched/uclamp: Fix relationship between uclamp and migration (git-fixes) - sched/uclamp: Make task_fits_capacity() use util_fits_cpu() (git-fixes) - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map() (git-fixes). - scsi: core: Fix scsi_mode_sense() buffer length handling (git-fixes). - scsi: core: Reallocate device's budget map on queue depth change (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: hisi_sas: Free irq vectors in order for v3 HW (git-fixes). - scsi: hisi_sas: Limit max hw sectors for v3 HW (git-fixes). - scsi: hisi_sas: Use managed PCI functions (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: iscsi: Add recv workqueue helpers (git-fixes). - scsi: iscsi: Fix harmless double shift bug (git-fixes). - scsi: iscsi: Fix possible memory leak when device_register() failed (git-fixes). - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (git-fixes). - scsi: iscsi: kabi: add iscsi_conn_queue_work back (git-fixes). - scsi: iscsi: kabi: fix libiscsi new field (git-fixes). - scsi: iscsi: Merge suspend fields (git-fixes). - scsi: iscsi: Rename iscsi_conn_queue_work() (git-fixes). - scsi: iscsi: Run recv path from workqueue (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). - scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). - scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). - scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). - scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). - scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). - scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). - scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: mpi3mr: Fix memory leaks (git-fixes). - scsi: mpi3mr: Fix reporting of actual data transfer size (git-fixes). - scsi: mpi3mr: Fixes around reply request queues (git-fixes). - scsi: mpt3sas: Do not change DMA mask while reallocating pools (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Fail reset operation if config request timed out (git-fixes). - scsi: mpt3sas: Fix out-of-bounds compiler warning (git-fixes). - scsi: mpt3sas: re-do lost mpt3sas DMA mask fix (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Remove usage of dma_get_required_mask() API (bsc#1206912,bsc#1206098). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: ncr53c8xx: Remove unused retrieve_from_waiting_list() function (git-fixes). - scsi: pm8001: Fix bogus FW crash for maxcpus=1 (git-fixes). - scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm8001: Fix pm80xx_pci_mem_copy() interface (git-fixes). - scsi: pm8001: Fix tag leaks on error (git-fixes). - scsi: pm8001: Fix task leak in pm8001_send_abort_all() (git-fixes). - scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (git-fixes). - scsi: pm8001: Fix use-after-free for aborted TMF sas_task (git-fixes). - scsi: pm80xx: Fix double completion for SATA devices (git-fixes). - scsi: pm80xx: Fix memory leak during rmmod (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Add stag_work to all the vports (git-fixes). - scsi: qedf: Change context reset messages to ratelimited (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() (git-fixes). - scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC (git-fixes). - scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (git-fixes). - scsi: smartpqi: Fix kdump issue when controller is locked up (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: ufs: core: Fix ufshcd_probe_hba() prototype to match the definition (git-fixes). - scsi: ufs: Fix a kernel crash during shutdown (git-fixes). - scsi: ufs: Treat link loss as fatal error (git-fixes). - scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup() (git-fixes). - scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode() (git-fixes). - scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - sctp: sysctl: make extra pointers netns aware (bsc#1204760). - selftests: devlink: fix the fd redirect in dummy_reporter_test (git-fixes). - selftests: set the BUILD variable to absolute path (git-fixes). - selftests: Use optional USERCFLAGS and USERLDFLAGS (git-fixes). - selftests/efivarfs: Add checking of the test return value (git-fixes). - selftests/ftrace: event_triggers: wait longer for test_event_enable (git-fixes). - selftests/powerpc: Fix resource leaks (git-fixes). - serial: 8250_bcm7271: Fix error handling in brcmuart_init() (git-fixes). - serial: amba-pl011: avoid SBSA UART accessing DMACR register (git-fixes). - serial: pch: Fix PCI device refcount leak in pch_request_dma() (git-fixes). - serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle (git-fixes). - serial: stm32: move dma_request_chan() before clk_prepare_enable() (git-fixes). - serial: sunsab: Fix error handling in sunsab_init() (git-fixes). - serial: tegra: Read DMA status before terminating (git-fixes). - soc: mediatek: pm-domains: Fix the power glitch issue (git-fixes). - soc: qcom: llcc: make irq truly optional (git-fixes). - soc: qcom: Select REMAP_MMIO for LLCC driver (git-fixes). - soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe (git-fixes). - soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe (git-fixes). - soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 (git-fixes). - spi: spi-gpio: Do not set MOSI as an input if not 3WIRE mode (git-fixes). - spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE (git-fixes). - spi: Update reference to struct spi_controller (git-fixes). - staging: media: tegra-video: fix chan->mipi value on error (git-fixes). - staging: media: tegra-video: fix device_node use after free (git-fixes). - staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() (git-fixes). - staging: rtl8192u: Fix use after free in ieee80211_rx() (git-fixes). - string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). - test_firmware: fix memory leak in test_firmware_init() (git-fixes). - thermal: core: fix some possible name leaks in error paths (git-fixes). - thermal: int340x: Add missing attribute for data rate base (git-fixes). - thermal/drivers/imx8mm_thermal: Validate temperature range (git-fixes). - thermal/drivers/qcom/temp-alarm: Fix inaccurate warning for gen2 (git-fixes). - timers: implement usleep_idle_range() (git-fixes). - tpm: acpi: Call acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (git-fixes). - tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init() (git-fixes). - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - tracing: Free buffers when a used dynamic event is removed (git-fixes). - tracing/doc: Fix typos on the timerlat tracer documentation (git-fixes). - tracing/osnoise: Fix duration type (git-fixes). - tty: serial: altera_uart_{r,t}x_chars() need only uart_port (git-fixes). - tty: serial: clean up stop-tx part in altera_uart_tx_chars() (git-fixes). - uio: uio_dmem_genirq: Fix deadlock between irq config and handling (git-fixes). - uio: uio_dmem_genirq: Fix missing unlock in irq configuration (git-fixes). - units: Add SI metric prefix definitions (git-fixes). - units: add the HZ macros (git-fixes). - usb: cdnsp: fix lack of ZLP for ep0 (git-fixes). - usb: dwc3: core: defer probe on ulpi_read_id timeout (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes). - usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer (git-fixes). - usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system for Raptor Lake (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup (git-fixes). - usb: gadget: uvc: Prevent buffer overflow in setup handler (git-fixes). - usb: gadget: uvc: Rename bmInterfaceFlags -> bmInterlaceFlags (git-fixes). - usb: rndis_host: Secure rndis_query check against int overflow (git-fixes). - usb: roles: fix of node refcount leak in usb_role_switch_is_parent() (git-fixes). - usb: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes). - usb: serial: f81232: fix division by zero on line-speed change (git-fixes). - usb: serial: f81534: fix division by zero on line-speed change (git-fixes). - usb: serial: option: add Quectel EM05-G modem (git-fixes). - usb: storage: Add check for kcalloc (git-fixes). - usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (git-fixes). - usb: typec: Factor out non-PD fwnode properties (git-fixes). - usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() (git-fixes). - usb: typec: tipd: Cleanup resources if devm_tps6598_psy_register fails (git-fixes). - usb: typec: tipd: Fix spurious fwnode_handle_put in error path (git-fixes). - usb: ulpi: defer ulpi_register on ulpi_read_id timeout (git-fixes). - usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq (git-fixes). - vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() (git-fixes). - vdpa_sim: fix vringh initialization in vdpasim_queue_ready() (git-fixes). - vfio: platform: Do not pass return buffer to ACPI _RST method (git-fixes). - vhost: fix range used in translate_desc() (git-fixes). - vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes). - vmxnet3: correctly report csum_level for encapsulated packet (git-fixes). - vringh: fix range used in iotlb_translate() (git-fixes). - vsock: Enable y2038 safe timeval for timeout (bsc#1206101). - vsock: Refactor vsock_*_getsockopt to resemble sock_getsockopt (bsc#1206101). - wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (git-fixes). - wifi: ath10k: Fix return value in ath10k_pci_init() (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() (git-fixes). - wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() (git-fixes). - wifi: ath9k: verify the expected usb_endpoints are present (git-fixes). - wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() (git-fixes). - wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (git-fixes). - wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails (git-fixes). - wifi: iwlwifi: mvm: fix double free on tx path (git-fixes). - wifi: mac80211: fix memory leak in ieee80211_if_add() (git-fixes). - wifi: mt76: do not run mt76u_status_worker if the device is not running (git-fixes). - wifi: mt76: fix coverity overrun-call in mt76_get_txpower() (git-fixes). - wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port (git-fixes). - wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h (git-fixes). - wifi: rtl8xxxu: Fix the channel width reporting (git-fixes). - wifi: rtl8xxxu: gen2: Turn on the rate control (git-fixes). - wifi: rtw89: fix physts IE page check (git-fixes). - wifi: rtw89: Fix some error handling path in rtw89_core_sta_assoc() (git-fixes). - wifi: rtw89: use u32_encode_bits() to fill MAC quota value (git-fixes). - wifi: wilc1000: sdio: fix module autoloading (git-fixes). - xfrm: Fix oops in __xfrm_state_delete() (bsc#1206794). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:159-1 Released: Thu Jan 26 18:21:56 2023 Summary: Security update for python-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:160-1 Released: Thu Jan 26 18:22:30 2023 Summary: Security update for samba Type: security Severity: important References: 1200102,1201490,1201492,1201493,1201495,1201496,1201689,1204254,1205126,1205385,1205386,1206504,1206546,CVE-2021-20251,CVE-2022-2031,CVE-2022-32742,CVE-2022-32744,CVE-2022-32745,CVE-2022-32746,CVE-2022-3437,CVE-2022-37966,CVE-2022-37967,CVE-2022-38023,CVE-2022-42898 This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). - Updated to version 4.15.13: - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation (bsc#1205385). - CVE-2022-37967: Fixed a potential privilege escalation issue via constrained delegation due to weak a cryptographic algorithm being selected (bsc#1205386). - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel (bsc#1206504). - Updated to version 4.15.12: - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on 32-bit systems (bsc#1205126). - Updated to version 4.15.11: - CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3() (bsc#1204254). - Updated to version 4.15.10: - Fixed a potential crash due to a concurrency issue (bsc#1200102). - Updated to version 4.15.9: - CVE-2022-32742: Fixed an information leak that could be triggered via SMB1 (bsc#1201496). - CVE-2022-32746: Fixed a memory corruption issue in database audit logging (bsc#1201490). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32745: Fixed a remote server crash that could be triggered with certain LDAP requests (bsc#1201492). - CVE-2022-32744: Fixed an issue where AD users could have forged password change requests on behalf of other users (bsc#1201493). Other fixes: - Fixed a problem when using bind as samba-ad-dc backend related to the named service (bsc#1201689). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:161-1 Released: Thu Jan 26 18:23:16 2023 Summary: Security update for python-py Type: security Severity: moderate References: 1204364,CVE-2022-42969 This update for python-py fixes the following issues: - CVE-2022-42969: Fixed an excessive resource consumption that could be triggered when interacting with a Subversion repository containing crated data (bsc#1204364). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:169-1 Released: Thu Jan 26 18:29:53 2023 Summary: Security update for xen Type: security Severity: important References: 1027519,1205209,CVE-2022-23824 This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative execution issues (bnc#1205209). Non-security fixes: - Updated to version 4.16.3 (bsc#1027519). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:175-1 Released: Thu Jan 26 20:53:51 2023 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1207183,1207346 This update for gnutls fixes the following issues: - FIPS: Added GnuTLS DH/ECDH pairwise consistency check for public key regeneration [bsc#1207183] - FIPS: Change all the 140-2 references to FIPS 140-3 in order to account for the new FIPS certification [bsc#1207346] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:179-1 Released: Thu Jan 26 21:54:30 2023 Summary: Recommended update for tar Type: recommended Severity: low References: 1202436 This update for tar fixes the following issue: - Fix hang when unpacking test tarball (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:211-1 Released: Mon Jan 30 17:26:10 2023 Summary: Security update for vim Type: security Severity: moderate References: 1206866,1206867,1206868,1207162,1207396,CVE-2023-0049,CVE-2023-0051,CVE-2023-0054,CVE-2023-0288,CVE-2023-0433 This update for vim fixes the following issues: - Updated to version 9.0.1234: - CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash (bsc#1207396). - CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash (bsc#1207162). - CVE-2023-0054: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1206868). - CVE-2023-0051: Fixed an out of bounds memory access that could cause a crash (bsc#1206867). - CVE-2023-0049: Fixed an out of bounds memory access that could cause a crash (bsc#1206866). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:341-1 Released: Fri Feb 10 10:04:35 2023 Summary: Security update for bind Type: security Severity: important References: 1207471,1207473,1207475,CVE-2022-3094,CVE-2022-3736,CVE-2022-3924 This update for bind fixes the following issues: - Updated to version 9.16.37 (jsc#SLE-24600): - CVE-2022-3094: Fixed an issue where a message flood could exhaust all available memory (bsc#1207471). - CVE-2022-3736: Fixed a potential crash upon receiving an RRSIG in configurations with stale cache and stale answers enabled and stale-answer-client-timeout set to a positive value (bsc#1207473). - CVE-2022-3924: Fixed a potential crash upon reaching the recursive-clients soft quota in configurations with stale answers enabled and stale-answer-client-timeout set to a positive value (bsc#1207475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:348-1 Released: Fri Feb 10 15:08:41 2023 Summary: Security update for less Type: security Severity: moderate References: 1207815,CVE-2022-46663 This update for less fixes the following issues: - CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:349-1 Released: Fri Feb 10 15:09:03 2023 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1204294 This update for hwinfo fixes the following issues: - Create Xen usb controller device if necessary. (bsc#1204294) The following package changes have been done: - bind-utils-9.16.37-150400.5.17.1 updated - hwinfo-21.84-150400.3.9.1 updated - kernel-default-5.14.21-150400.24.41.1 updated - less-590-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libgnutls30-3.7.3-150400.4.24.1 updated - libmount1-2.37.2-150400.8.14.1 updated - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libsystemd0-249.14-150400.8.19.1 updated - libudev1-249.14-150400.8.19.1 updated - libuuid1-2.37.2-150400.8.14.1 updated - libz1-1.2.11-150000.3.39.1 updated - openssl-1_1-1.1.1l-150400.7.22.1 updated - procps-3.3.15-150000.7.28.1 updated - python3-bind-9.16.37-150400.5.17.1 updated - python3-certifi-2018.1.18-150000.3.3.1 updated - python3-py-1.10.0-150100.5.12.1 updated - python3-setuptools-44.1.1-150400.3.3.1 updated - samba-client-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 updated - samba-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 added - sudo-1.9.9-150400.4.12.1 updated - systemd-sysvinit-249.14-150400.8.19.1 updated - systemd-249.14-150400.8.19.1 updated - tar-1.34-150000.3.26.1 updated - udev-249.14-150400.8.19.1 updated - util-linux-systemd-2.37.2-150400.8.14.1 updated - util-linux-2.37.2-150400.8.14.1 updated - vim-data-common-9.0.1234-150000.5.34.1 updated - vim-9.0.1234-150000.5.34.1 updated - xen-libs-4.16.3_02-150400.4.19.1 updated - xen-tools-domU-4.16.3_02-150400.4.19.1 updated From sle-updates at lists.suse.com Tue Feb 14 11:18:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Feb 2023 12:18:59 +0100 (CET) Subject: SUSE-FU-2023:0401-1: moderate: Feature update for LibreOffice Message-ID: <20230214111859.5C4A3F46D@maintenance.suse.de> SUSE Feature Update: Feature update for LibreOffice ______________________________________________________________________________ Announcement ID: SUSE-FU-2023:0401-1 Rating: moderate References: PED-1785 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 feature fixes and contains one feature can now be installed. Description: This update for LibreOffice fixes the following issues: libreoffice: - Version update from 7.3.6.2 to 7.4.3.2 (jsc#PED-1785): * For the highlights of changes of version 7.4 please consult the official release notes: https://wiki.documentfoundation.org/ReleaseNotes/7.4 * Updated bundled dependencies: * boost version update from 1_77_0 to 1_79_0 * curl version update from 7.83.1 to 7.86.0 * icu4c-data version update from 70_1 to 71_1 * icu4c version update from 70_1 to 71_1 * pdfium version update from 4699 to 5058 * poppler version update from 21.11.0 to 22.09.0 * poppler-data version update from 0.4.10 to 0.4.11 * skia version from m97-a7230803d64ae9d44f4e128244480111a3ae967 to m103-b301ff025004c9cd82816c86c547588e6c24b466 * New build dependencies: * fixmath-devel * libwebp-devel * zlib-devel * dragonbox-devel * at-spi2-core-devel * libtiff-devel dragonbox: - New package at version 1.1.3 * New dependency for LibreOffice 7.4 fixmath: - New package at version 2022.07.20 * New dependency for LibreOffice 7.4 libmwaw: - Version update from 0.3.20 to 0.3.21 (jsc#PED-1785): * add debug code to read some private rsrc data * allow to read some MacWrite which does not have printer informations * add a parser for Scoop files * add a parser for ScriptWriter files * add a parser for ReadySetGo 1-4 files Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-401=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-401=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-401=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): dragonbox-devel-1.1.3-150400.9.3.2 fixmath-debugsource-2022.07.20-150400.9.3.2 fixmath-devel-2022.07.20-150400.9.3.2 fixmath-devel-debuginfo-2022.07.20-150400.9.3.2 libmwaw-0_3-3-0.3.21-150000.4.17.7 libmwaw-0_3-3-debuginfo-0.3.21-150000.4.17.7 libmwaw-debuginfo-0.3.21-150000.4.17.7 libmwaw-debugsource-0.3.21-150000.4.17.7 libmwaw-devel-0.3.21-150000.4.17.7 libmwaw-tools-0.3.21-150000.4.17.7 libmwaw-tools-debuginfo-0.3.21-150000.4.17.7 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): libreoffice-7.4.3.2-150400.17.3.8 libreoffice-base-7.4.3.2-150400.17.3.8 libreoffice-base-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-base-drivers-postgresql-7.4.3.2-150400.17.3.8 libreoffice-base-drivers-postgresql-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-calc-7.4.3.2-150400.17.3.8 libreoffice-calc-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-calc-extensions-7.4.3.2-150400.17.3.8 libreoffice-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-debugsource-7.4.3.2-150400.17.3.8 libreoffice-draw-7.4.3.2-150400.17.3.8 libreoffice-draw-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-filters-optional-7.4.3.2-150400.17.3.8 libreoffice-gnome-7.4.3.2-150400.17.3.8 libreoffice-gnome-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-gtk3-7.4.3.2-150400.17.3.8 libreoffice-gtk3-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-impress-7.4.3.2-150400.17.3.8 libreoffice-impress-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-librelogo-7.4.3.2-150400.17.3.8 libreoffice-mailmerge-7.4.3.2-150400.17.3.8 libreoffice-math-7.4.3.2-150400.17.3.8 libreoffice-math-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-officebean-7.4.3.2-150400.17.3.8 libreoffice-officebean-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-pyuno-7.4.3.2-150400.17.3.8 libreoffice-pyuno-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-qt5-7.4.3.2-150400.17.3.8 libreoffice-qt5-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-sdk-7.4.3.2-150400.17.3.8 libreoffice-sdk-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-sdk-doc-7.4.3.2-150400.17.3.8 libreoffice-writer-7.4.3.2-150400.17.3.8 libreoffice-writer-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-writer-extensions-7.4.3.2-150400.17.3.8 libreofficekit-7.4.3.2-150400.17.3.8 libreofficekit-devel-7.4.3.2-150400.17.3.8 - openSUSE Leap 15.4 (noarch): libmwaw-devel-doc-0.3.21-150000.4.17.7 libreoffice-branding-upstream-7.4.3.2-150400.17.3.8 libreoffice-gdb-pretty-printers-7.4.3.2-150400.17.3.8 libreoffice-glade-7.4.3.2-150400.17.3.8 libreoffice-icon-themes-7.4.3.2-150400.17.3.8 libreoffice-l10n-af-7.4.3.2-150400.17.3.8 libreoffice-l10n-am-7.4.3.2-150400.17.3.8 libreoffice-l10n-ar-7.4.3.2-150400.17.3.8 libreoffice-l10n-as-7.4.3.2-150400.17.3.8 libreoffice-l10n-ast-7.4.3.2-150400.17.3.8 libreoffice-l10n-be-7.4.3.2-150400.17.3.8 libreoffice-l10n-bg-7.4.3.2-150400.17.3.8 libreoffice-l10n-bn-7.4.3.2-150400.17.3.8 libreoffice-l10n-bn_IN-7.4.3.2-150400.17.3.8 libreoffice-l10n-bo-7.4.3.2-150400.17.3.8 libreoffice-l10n-br-7.4.3.2-150400.17.3.8 libreoffice-l10n-brx-7.4.3.2-150400.17.3.8 libreoffice-l10n-bs-7.4.3.2-150400.17.3.8 libreoffice-l10n-ca-7.4.3.2-150400.17.3.8 libreoffice-l10n-ca_valencia-7.4.3.2-150400.17.3.8 libreoffice-l10n-ckb-7.4.3.2-150400.17.3.8 libreoffice-l10n-cs-7.4.3.2-150400.17.3.8 libreoffice-l10n-cy-7.4.3.2-150400.17.3.8 libreoffice-l10n-da-7.4.3.2-150400.17.3.8 libreoffice-l10n-de-7.4.3.2-150400.17.3.8 libreoffice-l10n-dgo-7.4.3.2-150400.17.3.8 libreoffice-l10n-dsb-7.4.3.2-150400.17.3.8 libreoffice-l10n-dz-7.4.3.2-150400.17.3.8 libreoffice-l10n-el-7.4.3.2-150400.17.3.8 libreoffice-l10n-en-7.4.3.2-150400.17.3.8 libreoffice-l10n-en_GB-7.4.3.2-150400.17.3.8 libreoffice-l10n-en_ZA-7.4.3.2-150400.17.3.8 libreoffice-l10n-eo-7.4.3.2-150400.17.3.8 libreoffice-l10n-es-7.4.3.2-150400.17.3.8 libreoffice-l10n-et-7.4.3.2-150400.17.3.8 libreoffice-l10n-eu-7.4.3.2-150400.17.3.8 libreoffice-l10n-fa-7.4.3.2-150400.17.3.8 libreoffice-l10n-fi-7.4.3.2-150400.17.3.8 libreoffice-l10n-fr-7.4.3.2-150400.17.3.8 libreoffice-l10n-fur-7.4.3.2-150400.17.3.8 libreoffice-l10n-fy-7.4.3.2-150400.17.3.8 libreoffice-l10n-ga-7.4.3.2-150400.17.3.8 libreoffice-l10n-gd-7.4.3.2-150400.17.3.8 libreoffice-l10n-gl-7.4.3.2-150400.17.3.8 libreoffice-l10n-gu-7.4.3.2-150400.17.3.8 libreoffice-l10n-gug-7.4.3.2-150400.17.3.8 libreoffice-l10n-he-7.4.3.2-150400.17.3.8 libreoffice-l10n-hi-7.4.3.2-150400.17.3.8 libreoffice-l10n-hr-7.4.3.2-150400.17.3.8 libreoffice-l10n-hsb-7.4.3.2-150400.17.3.8 libreoffice-l10n-hu-7.4.3.2-150400.17.3.8 libreoffice-l10n-id-7.4.3.2-150400.17.3.8 libreoffice-l10n-is-7.4.3.2-150400.17.3.8 libreoffice-l10n-it-7.4.3.2-150400.17.3.8 libreoffice-l10n-ja-7.4.3.2-150400.17.3.8 libreoffice-l10n-ka-7.4.3.2-150400.17.3.8 libreoffice-l10n-kab-7.4.3.2-150400.17.3.8 libreoffice-l10n-kk-7.4.3.2-150400.17.3.8 libreoffice-l10n-km-7.4.3.2-150400.17.3.8 libreoffice-l10n-kmr_Latn-7.4.3.2-150400.17.3.8 libreoffice-l10n-kn-7.4.3.2-150400.17.3.8 libreoffice-l10n-ko-7.4.3.2-150400.17.3.8 libreoffice-l10n-kok-7.4.3.2-150400.17.3.8 libreoffice-l10n-ks-7.4.3.2-150400.17.3.8 libreoffice-l10n-lb-7.4.3.2-150400.17.3.8 libreoffice-l10n-lo-7.4.3.2-150400.17.3.8 libreoffice-l10n-lt-7.4.3.2-150400.17.3.8 libreoffice-l10n-lv-7.4.3.2-150400.17.3.8 libreoffice-l10n-mai-7.4.3.2-150400.17.3.8 libreoffice-l10n-mk-7.4.3.2-150400.17.3.8 libreoffice-l10n-ml-7.4.3.2-150400.17.3.8 libreoffice-l10n-mn-7.4.3.2-150400.17.3.8 libreoffice-l10n-mni-7.4.3.2-150400.17.3.8 libreoffice-l10n-mr-7.4.3.2-150400.17.3.8 libreoffice-l10n-my-7.4.3.2-150400.17.3.8 libreoffice-l10n-nb-7.4.3.2-150400.17.3.8 libreoffice-l10n-ne-7.4.3.2-150400.17.3.8 libreoffice-l10n-nl-7.4.3.2-150400.17.3.8 libreoffice-l10n-nn-7.4.3.2-150400.17.3.8 libreoffice-l10n-nr-7.4.3.2-150400.17.3.8 libreoffice-l10n-nso-7.4.3.2-150400.17.3.8 libreoffice-l10n-oc-7.4.3.2-150400.17.3.8 libreoffice-l10n-om-7.4.3.2-150400.17.3.8 libreoffice-l10n-or-7.4.3.2-150400.17.3.8 libreoffice-l10n-pa-7.4.3.2-150400.17.3.8 libreoffice-l10n-pl-7.4.3.2-150400.17.3.8 libreoffice-l10n-pt_BR-7.4.3.2-150400.17.3.8 libreoffice-l10n-pt_PT-7.4.3.2-150400.17.3.8 libreoffice-l10n-ro-7.4.3.2-150400.17.3.8 libreoffice-l10n-ru-7.4.3.2-150400.17.3.8 libreoffice-l10n-rw-7.4.3.2-150400.17.3.8 libreoffice-l10n-sa_IN-7.4.3.2-150400.17.3.8 libreoffice-l10n-sat-7.4.3.2-150400.17.3.8 libreoffice-l10n-sd-7.4.3.2-150400.17.3.8 libreoffice-l10n-si-7.4.3.2-150400.17.3.8 libreoffice-l10n-sid-7.4.3.2-150400.17.3.8 libreoffice-l10n-sk-7.4.3.2-150400.17.3.8 libreoffice-l10n-sl-7.4.3.2-150400.17.3.8 libreoffice-l10n-sq-7.4.3.2-150400.17.3.8 libreoffice-l10n-sr-7.4.3.2-150400.17.3.8 libreoffice-l10n-ss-7.4.3.2-150400.17.3.8 libreoffice-l10n-st-7.4.3.2-150400.17.3.8 libreoffice-l10n-sv-7.4.3.2-150400.17.3.8 libreoffice-l10n-sw_TZ-7.4.3.2-150400.17.3.8 libreoffice-l10n-szl-7.4.3.2-150400.17.3.8 libreoffice-l10n-ta-7.4.3.2-150400.17.3.8 libreoffice-l10n-te-7.4.3.2-150400.17.3.8 libreoffice-l10n-tg-7.4.3.2-150400.17.3.8 libreoffice-l10n-th-7.4.3.2-150400.17.3.8 libreoffice-l10n-tn-7.4.3.2-150400.17.3.8 libreoffice-l10n-tr-7.4.3.2-150400.17.3.8 libreoffice-l10n-ts-7.4.3.2-150400.17.3.8 libreoffice-l10n-tt-7.4.3.2-150400.17.3.8 libreoffice-l10n-ug-7.4.3.2-150400.17.3.8 libreoffice-l10n-uk-7.4.3.2-150400.17.3.8 libreoffice-l10n-uz-7.4.3.2-150400.17.3.8 libreoffice-l10n-ve-7.4.3.2-150400.17.3.8 libreoffice-l10n-vec-7.4.3.2-150400.17.3.8 libreoffice-l10n-vi-7.4.3.2-150400.17.3.8 libreoffice-l10n-xh-7.4.3.2-150400.17.3.8 libreoffice-l10n-zh_CN-7.4.3.2-150400.17.3.8 libreoffice-l10n-zh_TW-7.4.3.2-150400.17.3.8 libreoffice-l10n-zu-7.4.3.2-150400.17.3.8 - SUSE Linux Enterprise Workstation Extension 15-SP4 (noarch): libreoffice-branding-upstream-7.4.3.2-150400.17.3.8 libreoffice-icon-themes-7.4.3.2-150400.17.3.8 libreoffice-l10n-af-7.4.3.2-150400.17.3.8 libreoffice-l10n-ar-7.4.3.2-150400.17.3.8 libreoffice-l10n-as-7.4.3.2-150400.17.3.8 libreoffice-l10n-bg-7.4.3.2-150400.17.3.8 libreoffice-l10n-bn-7.4.3.2-150400.17.3.8 libreoffice-l10n-br-7.4.3.2-150400.17.3.8 libreoffice-l10n-ca-7.4.3.2-150400.17.3.8 libreoffice-l10n-ckb-7.4.3.2-150400.17.3.8 libreoffice-l10n-cs-7.4.3.2-150400.17.3.8 libreoffice-l10n-cy-7.4.3.2-150400.17.3.8 libreoffice-l10n-da-7.4.3.2-150400.17.3.8 libreoffice-l10n-de-7.4.3.2-150400.17.3.8 libreoffice-l10n-dz-7.4.3.2-150400.17.3.8 libreoffice-l10n-el-7.4.3.2-150400.17.3.8 libreoffice-l10n-en-7.4.3.2-150400.17.3.8 libreoffice-l10n-eo-7.4.3.2-150400.17.3.8 libreoffice-l10n-es-7.4.3.2-150400.17.3.8 libreoffice-l10n-et-7.4.3.2-150400.17.3.8 libreoffice-l10n-eu-7.4.3.2-150400.17.3.8 libreoffice-l10n-fa-7.4.3.2-150400.17.3.8 libreoffice-l10n-fi-7.4.3.2-150400.17.3.8 libreoffice-l10n-fr-7.4.3.2-150400.17.3.8 libreoffice-l10n-fur-7.4.3.2-150400.17.3.8 libreoffice-l10n-ga-7.4.3.2-150400.17.3.8 libreoffice-l10n-gl-7.4.3.2-150400.17.3.8 libreoffice-l10n-gu-7.4.3.2-150400.17.3.8 libreoffice-l10n-he-7.4.3.2-150400.17.3.8 libreoffice-l10n-hi-7.4.3.2-150400.17.3.8 libreoffice-l10n-hr-7.4.3.2-150400.17.3.8 libreoffice-l10n-hu-7.4.3.2-150400.17.3.8 libreoffice-l10n-it-7.4.3.2-150400.17.3.8 libreoffice-l10n-ja-7.4.3.2-150400.17.3.8 libreoffice-l10n-kk-7.4.3.2-150400.17.3.8 libreoffice-l10n-kn-7.4.3.2-150400.17.3.8 libreoffice-l10n-ko-7.4.3.2-150400.17.3.8 libreoffice-l10n-lt-7.4.3.2-150400.17.3.8 libreoffice-l10n-lv-7.4.3.2-150400.17.3.8 libreoffice-l10n-mai-7.4.3.2-150400.17.3.8 libreoffice-l10n-ml-7.4.3.2-150400.17.3.8 libreoffice-l10n-mr-7.4.3.2-150400.17.3.8 libreoffice-l10n-nb-7.4.3.2-150400.17.3.8 libreoffice-l10n-nl-7.4.3.2-150400.17.3.8 libreoffice-l10n-nn-7.4.3.2-150400.17.3.8 libreoffice-l10n-nr-7.4.3.2-150400.17.3.8 libreoffice-l10n-nso-7.4.3.2-150400.17.3.8 libreoffice-l10n-or-7.4.3.2-150400.17.3.8 libreoffice-l10n-pa-7.4.3.2-150400.17.3.8 libreoffice-l10n-pl-7.4.3.2-150400.17.3.8 libreoffice-l10n-pt_BR-7.4.3.2-150400.17.3.8 libreoffice-l10n-pt_PT-7.4.3.2-150400.17.3.8 libreoffice-l10n-ro-7.4.3.2-150400.17.3.8 libreoffice-l10n-ru-7.4.3.2-150400.17.3.8 libreoffice-l10n-si-7.4.3.2-150400.17.3.8 libreoffice-l10n-sk-7.4.3.2-150400.17.3.8 libreoffice-l10n-sl-7.4.3.2-150400.17.3.8 libreoffice-l10n-sr-7.4.3.2-150400.17.3.8 libreoffice-l10n-ss-7.4.3.2-150400.17.3.8 libreoffice-l10n-st-7.4.3.2-150400.17.3.8 libreoffice-l10n-sv-7.4.3.2-150400.17.3.8 libreoffice-l10n-ta-7.4.3.2-150400.17.3.8 libreoffice-l10n-te-7.4.3.2-150400.17.3.8 libreoffice-l10n-th-7.4.3.2-150400.17.3.8 libreoffice-l10n-tn-7.4.3.2-150400.17.3.8 libreoffice-l10n-tr-7.4.3.2-150400.17.3.8 libreoffice-l10n-ts-7.4.3.2-150400.17.3.8 libreoffice-l10n-uk-7.4.3.2-150400.17.3.8 libreoffice-l10n-ve-7.4.3.2-150400.17.3.8 libreoffice-l10n-xh-7.4.3.2-150400.17.3.8 libreoffice-l10n-zh_CN-7.4.3.2-150400.17.3.8 libreoffice-l10n-zh_TW-7.4.3.2-150400.17.3.8 libreoffice-l10n-zu-7.4.3.2-150400.17.3.8 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): dragonbox-devel-1.1.3-150400.9.3.2 fixmath-debugsource-2022.07.20-150400.9.3.2 fixmath-devel-2022.07.20-150400.9.3.2 fixmath-devel-debuginfo-2022.07.20-150400.9.3.2 libmwaw-0_3-3-0.3.21-150000.4.17.7 libmwaw-0_3-3-debuginfo-0.3.21-150000.4.17.7 libmwaw-debuginfo-0.3.21-150000.4.17.7 libmwaw-debugsource-0.3.21-150000.4.17.7 libreoffice-7.4.3.2-150400.17.3.8 libreoffice-base-7.4.3.2-150400.17.3.8 libreoffice-base-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-base-drivers-postgresql-7.4.3.2-150400.17.3.8 libreoffice-base-drivers-postgresql-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-calc-7.4.3.2-150400.17.3.8 libreoffice-calc-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-calc-extensions-7.4.3.2-150400.17.3.8 libreoffice-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-debugsource-7.4.3.2-150400.17.3.8 libreoffice-draw-7.4.3.2-150400.17.3.8 libreoffice-draw-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-filters-optional-7.4.3.2-150400.17.3.8 libreoffice-gnome-7.4.3.2-150400.17.3.8 libreoffice-gnome-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-gtk3-7.4.3.2-150400.17.3.8 libreoffice-gtk3-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-impress-7.4.3.2-150400.17.3.8 libreoffice-impress-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-mailmerge-7.4.3.2-150400.17.3.8 libreoffice-math-7.4.3.2-150400.17.3.8 libreoffice-math-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-officebean-7.4.3.2-150400.17.3.8 libreoffice-officebean-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-pyuno-7.4.3.2-150400.17.3.8 libreoffice-pyuno-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-writer-7.4.3.2-150400.17.3.8 libreoffice-writer-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-writer-extensions-7.4.3.2-150400.17.3.8 libreofficekit-7.4.3.2-150400.17.3.8 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): dragonbox-devel-1.1.3-150400.9.3.2 fixmath-debugsource-2022.07.20-150400.9.3.2 fixmath-devel-2022.07.20-150400.9.3.2 fixmath-devel-debuginfo-2022.07.20-150400.9.3.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): libmwaw-0_3-3-0.3.21-150000.4.17.7 libmwaw-0_3-3-debuginfo-0.3.21-150000.4.17.7 libmwaw-debuginfo-0.3.21-150000.4.17.7 libmwaw-debugsource-0.3.21-150000.4.17.7 libmwaw-devel-0.3.21-150000.4.17.7 libmwaw-tools-0.3.21-150000.4.17.7 libmwaw-tools-debuginfo-0.3.21-150000.4.17.7 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le): libreoffice-7.4.3.2-150400.17.3.8 libreoffice-base-7.4.3.2-150400.17.3.8 libreoffice-base-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-base-drivers-postgresql-7.4.3.2-150400.17.3.8 libreoffice-base-drivers-postgresql-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-calc-7.4.3.2-150400.17.3.8 libreoffice-calc-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-calc-extensions-7.4.3.2-150400.17.3.8 libreoffice-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-debugsource-7.4.3.2-150400.17.3.8 libreoffice-draw-7.4.3.2-150400.17.3.8 libreoffice-draw-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-filters-optional-7.4.3.2-150400.17.3.8 libreoffice-gnome-7.4.3.2-150400.17.3.8 libreoffice-gnome-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-gtk3-7.4.3.2-150400.17.3.8 libreoffice-gtk3-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-impress-7.4.3.2-150400.17.3.8 libreoffice-impress-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-librelogo-7.4.3.2-150400.17.3.8 libreoffice-mailmerge-7.4.3.2-150400.17.3.8 libreoffice-math-7.4.3.2-150400.17.3.8 libreoffice-math-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-officebean-7.4.3.2-150400.17.3.8 libreoffice-officebean-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-pyuno-7.4.3.2-150400.17.3.8 libreoffice-pyuno-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-qt5-7.4.3.2-150400.17.3.8 libreoffice-qt5-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-sdk-7.4.3.2-150400.17.3.8 libreoffice-sdk-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-sdk-doc-7.4.3.2-150400.17.3.8 libreoffice-writer-7.4.3.2-150400.17.3.8 libreoffice-writer-debuginfo-7.4.3.2-150400.17.3.8 libreoffice-writer-extensions-7.4.3.2-150400.17.3.8 libreofficekit-7.4.3.2-150400.17.3.8 libreofficekit-devel-7.4.3.2-150400.17.3.8 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): libmwaw-devel-doc-0.3.21-150000.4.17.7 libreoffice-branding-upstream-7.4.3.2-150400.17.3.8 libreoffice-gdb-pretty-printers-7.4.3.2-150400.17.3.8 libreoffice-glade-7.4.3.2-150400.17.3.8 libreoffice-icon-themes-7.4.3.2-150400.17.3.8 libreoffice-l10n-af-7.4.3.2-150400.17.3.8 libreoffice-l10n-am-7.4.3.2-150400.17.3.8 libreoffice-l10n-ar-7.4.3.2-150400.17.3.8 libreoffice-l10n-as-7.4.3.2-150400.17.3.8 libreoffice-l10n-ast-7.4.3.2-150400.17.3.8 libreoffice-l10n-be-7.4.3.2-150400.17.3.8 libreoffice-l10n-bg-7.4.3.2-150400.17.3.8 libreoffice-l10n-bn-7.4.3.2-150400.17.3.8 libreoffice-l10n-bn_IN-7.4.3.2-150400.17.3.8 libreoffice-l10n-bo-7.4.3.2-150400.17.3.8 libreoffice-l10n-br-7.4.3.2-150400.17.3.8 libreoffice-l10n-brx-7.4.3.2-150400.17.3.8 libreoffice-l10n-bs-7.4.3.2-150400.17.3.8 libreoffice-l10n-ca-7.4.3.2-150400.17.3.8 libreoffice-l10n-ca_valencia-7.4.3.2-150400.17.3.8 libreoffice-l10n-ckb-7.4.3.2-150400.17.3.8 libreoffice-l10n-cs-7.4.3.2-150400.17.3.8 libreoffice-l10n-cy-7.4.3.2-150400.17.3.8 libreoffice-l10n-da-7.4.3.2-150400.17.3.8 libreoffice-l10n-de-7.4.3.2-150400.17.3.8 libreoffice-l10n-dgo-7.4.3.2-150400.17.3.8 libreoffice-l10n-dsb-7.4.3.2-150400.17.3.8 libreoffice-l10n-dz-7.4.3.2-150400.17.3.8 libreoffice-l10n-el-7.4.3.2-150400.17.3.8 libreoffice-l10n-en-7.4.3.2-150400.17.3.8 libreoffice-l10n-en_GB-7.4.3.2-150400.17.3.8 libreoffice-l10n-en_ZA-7.4.3.2-150400.17.3.8 libreoffice-l10n-eo-7.4.3.2-150400.17.3.8 libreoffice-l10n-es-7.4.3.2-150400.17.3.8 libreoffice-l10n-et-7.4.3.2-150400.17.3.8 libreoffice-l10n-eu-7.4.3.2-150400.17.3.8 libreoffice-l10n-fa-7.4.3.2-150400.17.3.8 libreoffice-l10n-fi-7.4.3.2-150400.17.3.8 libreoffice-l10n-fr-7.4.3.2-150400.17.3.8 libreoffice-l10n-fur-7.4.3.2-150400.17.3.8 libreoffice-l10n-fy-7.4.3.2-150400.17.3.8 libreoffice-l10n-ga-7.4.3.2-150400.17.3.8 libreoffice-l10n-gd-7.4.3.2-150400.17.3.8 libreoffice-l10n-gl-7.4.3.2-150400.17.3.8 libreoffice-l10n-gu-7.4.3.2-150400.17.3.8 libreoffice-l10n-gug-7.4.3.2-150400.17.3.8 libreoffice-l10n-he-7.4.3.2-150400.17.3.8 libreoffice-l10n-hi-7.4.3.2-150400.17.3.8 libreoffice-l10n-hr-7.4.3.2-150400.17.3.8 libreoffice-l10n-hsb-7.4.3.2-150400.17.3.8 libreoffice-l10n-hu-7.4.3.2-150400.17.3.8 libreoffice-l10n-id-7.4.3.2-150400.17.3.8 libreoffice-l10n-is-7.4.3.2-150400.17.3.8 libreoffice-l10n-it-7.4.3.2-150400.17.3.8 libreoffice-l10n-ja-7.4.3.2-150400.17.3.8 libreoffice-l10n-ka-7.4.3.2-150400.17.3.8 libreoffice-l10n-kab-7.4.3.2-150400.17.3.8 libreoffice-l10n-kk-7.4.3.2-150400.17.3.8 libreoffice-l10n-km-7.4.3.2-150400.17.3.8 libreoffice-l10n-kmr_Latn-7.4.3.2-150400.17.3.8 libreoffice-l10n-kn-7.4.3.2-150400.17.3.8 libreoffice-l10n-ko-7.4.3.2-150400.17.3.8 libreoffice-l10n-kok-7.4.3.2-150400.17.3.8 libreoffice-l10n-ks-7.4.3.2-150400.17.3.8 libreoffice-l10n-lb-7.4.3.2-150400.17.3.8 libreoffice-l10n-lo-7.4.3.2-150400.17.3.8 libreoffice-l10n-lt-7.4.3.2-150400.17.3.8 libreoffice-l10n-lv-7.4.3.2-150400.17.3.8 libreoffice-l10n-mai-7.4.3.2-150400.17.3.8 libreoffice-l10n-mk-7.4.3.2-150400.17.3.8 libreoffice-l10n-ml-7.4.3.2-150400.17.3.8 libreoffice-l10n-mn-7.4.3.2-150400.17.3.8 libreoffice-l10n-mni-7.4.3.2-150400.17.3.8 libreoffice-l10n-mr-7.4.3.2-150400.17.3.8 libreoffice-l10n-my-7.4.3.2-150400.17.3.8 libreoffice-l10n-nb-7.4.3.2-150400.17.3.8 libreoffice-l10n-ne-7.4.3.2-150400.17.3.8 libreoffice-l10n-nl-7.4.3.2-150400.17.3.8 libreoffice-l10n-nn-7.4.3.2-150400.17.3.8 libreoffice-l10n-nr-7.4.3.2-150400.17.3.8 libreoffice-l10n-nso-7.4.3.2-150400.17.3.8 libreoffice-l10n-oc-7.4.3.2-150400.17.3.8 libreoffice-l10n-om-7.4.3.2-150400.17.3.8 libreoffice-l10n-or-7.4.3.2-150400.17.3.8 libreoffice-l10n-pa-7.4.3.2-150400.17.3.8 libreoffice-l10n-pl-7.4.3.2-150400.17.3.8 libreoffice-l10n-pt_BR-7.4.3.2-150400.17.3.8 libreoffice-l10n-pt_PT-7.4.3.2-150400.17.3.8 libreoffice-l10n-ro-7.4.3.2-150400.17.3.8 libreoffice-l10n-ru-7.4.3.2-150400.17.3.8 libreoffice-l10n-rw-7.4.3.2-150400.17.3.8 libreoffice-l10n-sa_IN-7.4.3.2-150400.17.3.8 libreoffice-l10n-sat-7.4.3.2-150400.17.3.8 libreoffice-l10n-sd-7.4.3.2-150400.17.3.8 libreoffice-l10n-si-7.4.3.2-150400.17.3.8 libreoffice-l10n-sid-7.4.3.2-150400.17.3.8 libreoffice-l10n-sk-7.4.3.2-150400.17.3.8 libreoffice-l10n-sl-7.4.3.2-150400.17.3.8 libreoffice-l10n-sq-7.4.3.2-150400.17.3.8 libreoffice-l10n-sr-7.4.3.2-150400.17.3.8 libreoffice-l10n-ss-7.4.3.2-150400.17.3.8 libreoffice-l10n-st-7.4.3.2-150400.17.3.8 libreoffice-l10n-sv-7.4.3.2-150400.17.3.8 libreoffice-l10n-sw_TZ-7.4.3.2-150400.17.3.8 libreoffice-l10n-szl-7.4.3.2-150400.17.3.8 libreoffice-l10n-ta-7.4.3.2-150400.17.3.8 libreoffice-l10n-te-7.4.3.2-150400.17.3.8 libreoffice-l10n-tg-7.4.3.2-150400.17.3.8 libreoffice-l10n-th-7.4.3.2-150400.17.3.8 libreoffice-l10n-tn-7.4.3.2-150400.17.3.8 libreoffice-l10n-tr-7.4.3.2-150400.17.3.8 libreoffice-l10n-ts-7.4.3.2-150400.17.3.8 libreoffice-l10n-tt-7.4.3.2-150400.17.3.8 libreoffice-l10n-ug-7.4.3.2-150400.17.3.8 libreoffice-l10n-uk-7.4.3.2-150400.17.3.8 libreoffice-l10n-uz-7.4.3.2-150400.17.3.8 libreoffice-l10n-ve-7.4.3.2-150400.17.3.8 libreoffice-l10n-vec-7.4.3.2-150400.17.3.8 libreoffice-l10n-vi-7.4.3.2-150400.17.3.8 libreoffice-l10n-xh-7.4.3.2-150400.17.3.8 libreoffice-l10n-zh_CN-7.4.3.2-150400.17.3.8 libreoffice-l10n-zh_TW-7.4.3.2-150400.17.3.8 libreoffice-l10n-zu-7.4.3.2-150400.17.3.8 References: From sle-updates at lists.suse.com Tue Feb 14 14:18:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Feb 2023 15:18:40 +0100 (CET) Subject: SUSE-SU-2023:0403-1: moderate: Security update for python-setuptools Message-ID: <20230214141840.644FEF78A@maintenance.suse.de> SUSE Security Update: Security update for python-setuptools ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0403-1 Rating: moderate References: #1206667 Cross-References: CVE-2022-40897 CVSS scores: CVE-2022-40897 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40897 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: HPE Helion Openstack 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-403=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2023-403=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2023-403=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-setuptools-36.5.0-3.3.1 - SUSE OpenStack Cloud 8 (noarch): python-setuptools-36.5.0-3.3.1 - HPE Helion Openstack 8 (noarch): python-setuptools-36.5.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2022-40897.html https://bugzilla.suse.com/1206667 From sle-updates at lists.suse.com Tue Feb 14 14:19:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Feb 2023 15:19:19 +0100 (CET) Subject: SUSE-SU-2023:0402-1: moderate: Security update for python-setuptools Message-ID: <20230214141919.210BDF78A@maintenance.suse.de> SUSE Security Update: Security update for python-setuptools ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0402-1 Rating: moderate References: #1206667 Cross-References: CVE-2022-40897 CVSS scores: CVE-2022-40897 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40897 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-402=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-402=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-setuptools-40.1.0-3.3.1 - SUSE OpenStack Cloud 9 (noarch): python-setuptools-40.1.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2022-40897.html https://bugzilla.suse.com/1206667 From sle-updates at lists.suse.com Tue Feb 14 14:20:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Feb 2023 15:20:03 +0100 (CET) Subject: SUSE-SU-2023:0405-1: important: Security update for libbpf Message-ID: <20230214142003.1F3C3F78A@maintenance.suse.de> SUSE Security Update: Security update for libbpf ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0405-1 Rating: important References: #1204391 #1204502 Cross-References: CVE-2022-3534 CVE-2022-3606 CVSS scores: CVE-2022-3534 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3534 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-3606 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3606 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libbpf fixes the following issues: - CVE-2022-3534: Fixed use-after-free in btf_dump_name_dups (bsc#1204391). - CVE-2022-3606: Fixed null pointer dereference in find_prog_by_sec_insn() (bsc#1204502). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-405=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-405=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libbpf-debugsource-0.5.0-150400.3.3.1 libbpf-devel-0.5.0-150400.3.3.1 libbpf0-0.5.0-150400.3.3.1 libbpf0-debuginfo-0.5.0-150400.3.3.1 - openSUSE Leap 15.4 (x86_64): libbpf0-32bit-0.5.0-150400.3.3.1 libbpf0-32bit-debuginfo-0.5.0-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libbpf-debugsource-0.5.0-150400.3.3.1 libbpf0-0.5.0-150400.3.3.1 libbpf0-debuginfo-0.5.0-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-3534.html https://www.suse.com/security/cve/CVE-2022-3606.html https://bugzilla.suse.com/1204391 https://bugzilla.suse.com/1204502 From sle-updates at lists.suse.com Tue Feb 14 17:20:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Feb 2023 18:20:07 +0100 (CET) Subject: SUSE-SU-2023:0406-1: important: Security update for the Linux Kernel Message-ID: <20230214172007.9A6CCF78A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0406-1 Rating: important References: #1203183 #1203693 #1203740 #1204171 #1204614 #1204760 #1205149 #1206073 #1206113 #1206114 #1206314 #1206389 #1206393 #1206395 #1206398 #1206399 #1206515 #1206664 #1206677 #1206784 #1207036 #1207125 #1207134 #1207186 #1207188 #1207189 #1207190 #1207237 #1207769 #1207823 PED-1706 Cross-References: CVE-2022-3105 CVE-2022-3107 CVE-2022-3108 CVE-2022-3112 CVE-2022-3115 CVE-2022-3435 CVE-2022-3564 CVE-2022-3643 CVE-2022-42328 CVE-2022-42329 CVE-2022-4662 CVE-2022-47520 CVE-2022-47929 CVE-2023-0266 CVE-2023-23454 CVE-2023-23455 CVSS scores: CVE-2022-3105 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3105 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3107 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3107 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3108 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3108 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3112 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3112 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3115 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3115 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3435 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-3435 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2022-3564 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3564 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3643 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2022-3643 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-42328 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4662 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4662 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-47520 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-47520 (SUSE): 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L CVE-2022-47929 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-47929 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2023-0266 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-0266 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-23454 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-23454 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-23455 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-23455 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 ______________________________________________________________________________ An update that solves 16 vulnerabilities, contains one feature and has 14 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). - CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036). - CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134). - CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237). - CVE-2022-47520: Fixed a out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet in the WILC1000 wireless driver (bsc#1206515). - CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bnc#1206664). - CVE-2022-42328, CVE-2022-42329: Fixed deadlock inside the netback driver that could have been triggered from a VM guest (bnc#1206114). - CVE-2022-3643: Fixed reset/abort/crash via netback from VM guest (bnc#1206113). - CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bnc#1206073). - CVE-2022-3435: Fixed a out-of-bounds read in function fib_nh_match of the file net/ipv4/fib_semantics.c. It is possible to initiate the attack remotely (bnc#1204171). - CVE-2022-3115: Fixed a null pointer dereference inside malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c that lacked a check of the return value of kzalloc() (bnc#1206393). - CVE-2022-3112: Fixed a null pointer dereference in amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c that lacked a check of the return value of kzalloc() (bnc#1206399). - CVE-2022-3108: Fixed missing check of return value of kmemdup() (bnc#1206389). - CVE-2022-3107: Fixed missing check of return value of kvmalloc_array() (bnc#1206395). - CVE-2022-3105: Fixed missing check of kmalloc_array() in uapi_finalize in drivers/infiniband/core/uverbs_uapi.c (bnc#1206398). The following non-security bugs were fixed: - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: check empty report_list in bigben_probe() (git-fixes, bsc#1206784). - HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784). - NFS: Handle missing attributes in OPEN reply (bsc#1203740). - constraints: increase disk space for all architectures (bsc#1203693). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). - net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - rpm: suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - sctp: sysctl: make extra pointers netns aware (bsc#1204760). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-406=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-406=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-406=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-406=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-406=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-406=1 Package List: - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): kernel-default-5.3.18-150200.24.142.1 kernel-default-base-5.3.18-150200.24.142.1.150200.9.67.1 kernel-default-debuginfo-5.3.18-150200.24.142.1 kernel-default-debugsource-5.3.18-150200.24.142.1 kernel-default-devel-5.3.18-150200.24.142.1 kernel-default-devel-debuginfo-5.3.18-150200.24.142.1 kernel-obs-build-5.3.18-150200.24.142.1 kernel-obs-build-debugsource-5.3.18-150200.24.142.1 kernel-syms-5.3.18-150200.24.142.1 reiserfs-kmp-default-5.3.18-150200.24.142.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.142.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): kernel-devel-5.3.18-150200.24.142.1 kernel-docs-5.3.18-150200.24.142.1 kernel-macros-5.3.18-150200.24.142.1 kernel-source-5.3.18-150200.24.142.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): kernel-preempt-5.3.18-150200.24.142.1 kernel-preempt-debuginfo-5.3.18-150200.24.142.1 kernel-preempt-debugsource-5.3.18-150200.24.142.1 kernel-preempt-devel-5.3.18-150200.24.142.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.142.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150200.24.142.1 kernel-default-base-5.3.18-150200.24.142.1.150200.9.67.1 kernel-default-debuginfo-5.3.18-150200.24.142.1 kernel-default-debugsource-5.3.18-150200.24.142.1 kernel-default-devel-5.3.18-150200.24.142.1 kernel-default-devel-debuginfo-5.3.18-150200.24.142.1 kernel-obs-build-5.3.18-150200.24.142.1 kernel-obs-build-debugsource-5.3.18-150200.24.142.1 kernel-syms-5.3.18-150200.24.142.1 reiserfs-kmp-default-5.3.18-150200.24.142.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.142.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): kernel-preempt-5.3.18-150200.24.142.1 kernel-preempt-debuginfo-5.3.18-150200.24.142.1 kernel-preempt-debugsource-5.3.18-150200.24.142.1 kernel-preempt-devel-5.3.18-150200.24.142.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.142.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): kernel-devel-5.3.18-150200.24.142.1 kernel-docs-5.3.18-150200.24.142.1 kernel-macros-5.3.18-150200.24.142.1 kernel-source-5.3.18-150200.24.142.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150200.24.142.1 kernel-default-debugsource-5.3.18-150200.24.142.1 kernel-default-livepatch-5.3.18-150200.24.142.1 kernel-default-livepatch-devel-5.3.18-150200.24.142.1 kernel-livepatch-5_3_18-150200_24_142-default-1-150200.5.3.1 kernel-livepatch-SLE15-SP2_Update_33-debugsource-1-150200.5.3.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x): kernel-livepatch-5_3_18-150200_24_142-default-debuginfo-1-150200.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): kernel-default-5.3.18-150200.24.142.1 kernel-default-base-5.3.18-150200.24.142.1.150200.9.67.1 kernel-default-debuginfo-5.3.18-150200.24.142.1 kernel-default-debugsource-5.3.18-150200.24.142.1 kernel-default-devel-5.3.18-150200.24.142.1 kernel-default-devel-debuginfo-5.3.18-150200.24.142.1 kernel-obs-build-5.3.18-150200.24.142.1 kernel-obs-build-debugsource-5.3.18-150200.24.142.1 kernel-preempt-5.3.18-150200.24.142.1 kernel-preempt-debuginfo-5.3.18-150200.24.142.1 kernel-preempt-debugsource-5.3.18-150200.24.142.1 kernel-preempt-devel-5.3.18-150200.24.142.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.142.1 kernel-syms-5.3.18-150200.24.142.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): kernel-devel-5.3.18-150200.24.142.1 kernel-docs-5.3.18-150200.24.142.1 kernel-macros-5.3.18-150200.24.142.1 kernel-source-5.3.18-150200.24.142.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150200.24.142.1 cluster-md-kmp-default-debuginfo-5.3.18-150200.24.142.1 dlm-kmp-default-5.3.18-150200.24.142.1 dlm-kmp-default-debuginfo-5.3.18-150200.24.142.1 gfs2-kmp-default-5.3.18-150200.24.142.1 gfs2-kmp-default-debuginfo-5.3.18-150200.24.142.1 kernel-default-debuginfo-5.3.18-150200.24.142.1 kernel-default-debugsource-5.3.18-150200.24.142.1 ocfs2-kmp-default-5.3.18-150200.24.142.1 ocfs2-kmp-default-debuginfo-5.3.18-150200.24.142.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): kernel-default-5.3.18-150200.24.142.1 kernel-default-base-5.3.18-150200.24.142.1.150200.9.67.1 kernel-default-debuginfo-5.3.18-150200.24.142.1 kernel-default-debugsource-5.3.18-150200.24.142.1 kernel-default-devel-5.3.18-150200.24.142.1 kernel-default-devel-debuginfo-5.3.18-150200.24.142.1 kernel-obs-build-5.3.18-150200.24.142.1 kernel-obs-build-debugsource-5.3.18-150200.24.142.1 kernel-preempt-5.3.18-150200.24.142.1 kernel-preempt-debuginfo-5.3.18-150200.24.142.1 kernel-preempt-debugsource-5.3.18-150200.24.142.1 kernel-preempt-devel-5.3.18-150200.24.142.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.142.1 kernel-syms-5.3.18-150200.24.142.1 reiserfs-kmp-default-5.3.18-150200.24.142.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.142.1 - SUSE Enterprise Storage 7 (noarch): kernel-devel-5.3.18-150200.24.142.1 kernel-docs-5.3.18-150200.24.142.1 kernel-macros-5.3.18-150200.24.142.1 kernel-source-5.3.18-150200.24.142.1 References: https://www.suse.com/security/cve/CVE-2022-3105.html https://www.suse.com/security/cve/CVE-2022-3107.html https://www.suse.com/security/cve/CVE-2022-3108.html https://www.suse.com/security/cve/CVE-2022-3112.html https://www.suse.com/security/cve/CVE-2022-3115.html https://www.suse.com/security/cve/CVE-2022-3435.html https://www.suse.com/security/cve/CVE-2022-3564.html https://www.suse.com/security/cve/CVE-2022-3643.html https://www.suse.com/security/cve/CVE-2022-42328.html https://www.suse.com/security/cve/CVE-2022-42329.html https://www.suse.com/security/cve/CVE-2022-4662.html https://www.suse.com/security/cve/CVE-2022-47520.html https://www.suse.com/security/cve/CVE-2022-47929.html https://www.suse.com/security/cve/CVE-2023-0266.html https://www.suse.com/security/cve/CVE-2023-23454.html https://www.suse.com/security/cve/CVE-2023-23455.html https://bugzilla.suse.com/1203183 https://bugzilla.suse.com/1203693 https://bugzilla.suse.com/1203740 https://bugzilla.suse.com/1204171 https://bugzilla.suse.com/1204614 https://bugzilla.suse.com/1204760 https://bugzilla.suse.com/1205149 https://bugzilla.suse.com/1206073 https://bugzilla.suse.com/1206113 https://bugzilla.suse.com/1206114 https://bugzilla.suse.com/1206314 https://bugzilla.suse.com/1206389 https://bugzilla.suse.com/1206393 https://bugzilla.suse.com/1206395 https://bugzilla.suse.com/1206398 https://bugzilla.suse.com/1206399 https://bugzilla.suse.com/1206515 https://bugzilla.suse.com/1206664 https://bugzilla.suse.com/1206677 https://bugzilla.suse.com/1206784 https://bugzilla.suse.com/1207036 https://bugzilla.suse.com/1207125 https://bugzilla.suse.com/1207134 https://bugzilla.suse.com/1207186 https://bugzilla.suse.com/1207188 https://bugzilla.suse.com/1207189 https://bugzilla.suse.com/1207190 https://bugzilla.suse.com/1207237 https://bugzilla.suse.com/1207769 https://bugzilla.suse.com/1207823 From sle-updates at lists.suse.com Tue Feb 14 17:23:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Feb 2023 18:23:49 +0100 (CET) Subject: SUSE-SU-2023:0407-1: important: Security update for the Linux Kernel Message-ID: <20230214172349.849ABFCC9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0407-1 Rating: important References: #1203693 #1205149 #1206073 #1206664 #1206677 #1206784 #1207036 #1207186 #1207237 Cross-References: CVE-2022-3564 CVE-2022-4662 CVE-2022-47929 CVE-2023-23454 CVSS scores: CVE-2022-3564 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3564 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4662 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4662 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-47929 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-47929 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2023-23454 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-23454 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves four vulnerabilities and has 5 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237). - CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036). - CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bnc#1206664). - CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bnc#1206073). The following non-security bugs were fixed: - Added support for enabling livepatching related packages on -RT (jsc#PED-1706). - Added suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149). - Reverted "constraints: increase disk space for all architectures" (bsc#1203693). - HID: betop: check shape of output reports (bsc#1207186). - HID: betop: fix slab-out-of-bounds Write in betop_probe (bsc#1207186). - HID: check empty report_list in hid_validate_values() (bsc#1206784). - net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). - net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-407=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-407=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-407=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-407=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-407=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2023-407=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): kernel-devel-4.12.14-95.117.1 kernel-macros-4.12.14-95.117.1 kernel-source-4.12.14-95.117.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): kernel-default-4.12.14-95.117.1 kernel-default-base-4.12.14-95.117.1 kernel-default-base-debuginfo-4.12.14-95.117.1 kernel-default-debuginfo-4.12.14-95.117.1 kernel-default-debugsource-4.12.14-95.117.1 kernel-default-devel-4.12.14-95.117.1 kernel-default-devel-debuginfo-4.12.14-95.117.1 kernel-syms-4.12.14-95.117.1 - SUSE OpenStack Cloud 9 (noarch): kernel-devel-4.12.14-95.117.1 kernel-macros-4.12.14-95.117.1 kernel-source-4.12.14-95.117.1 - SUSE OpenStack Cloud 9 (x86_64): kernel-default-4.12.14-95.117.1 kernel-default-base-4.12.14-95.117.1 kernel-default-base-debuginfo-4.12.14-95.117.1 kernel-default-debuginfo-4.12.14-95.117.1 kernel-default-debugsource-4.12.14-95.117.1 kernel-default-devel-4.12.14-95.117.1 kernel-default-devel-debuginfo-4.12.14-95.117.1 kernel-syms-4.12.14-95.117.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): kernel-default-4.12.14-95.117.1 kernel-default-base-4.12.14-95.117.1 kernel-default-base-debuginfo-4.12.14-95.117.1 kernel-default-debuginfo-4.12.14-95.117.1 kernel-default-debugsource-4.12.14-95.117.1 kernel-default-devel-4.12.14-95.117.1 kernel-syms-4.12.14-95.117.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.117.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): kernel-devel-4.12.14-95.117.1 kernel-macros-4.12.14-95.117.1 kernel-source-4.12.14-95.117.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.117.1 kernel-default-base-4.12.14-95.117.1 kernel-default-base-debuginfo-4.12.14-95.117.1 kernel-default-debuginfo-4.12.14-95.117.1 kernel-default-debugsource-4.12.14-95.117.1 kernel-default-devel-4.12.14-95.117.1 kernel-syms-4.12.14-95.117.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): kernel-devel-4.12.14-95.117.1 kernel-macros-4.12.14-95.117.1 kernel-source-4.12.14-95.117.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): kernel-default-devel-debuginfo-4.12.14-95.117.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): kernel-default-man-4.12.14-95.117.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kernel-default-kgraft-4.12.14-95.117.1 kernel-default-kgraft-devel-4.12.14-95.117.1 kgraft-patch-4_12_14-95_117-default-1-6.3.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.117.1 cluster-md-kmp-default-debuginfo-4.12.14-95.117.1 dlm-kmp-default-4.12.14-95.117.1 dlm-kmp-default-debuginfo-4.12.14-95.117.1 gfs2-kmp-default-4.12.14-95.117.1 gfs2-kmp-default-debuginfo-4.12.14-95.117.1 kernel-default-debuginfo-4.12.14-95.117.1 kernel-default-debugsource-4.12.14-95.117.1 ocfs2-kmp-default-4.12.14-95.117.1 ocfs2-kmp-default-debuginfo-4.12.14-95.117.1 References: https://www.suse.com/security/cve/CVE-2022-3564.html https://www.suse.com/security/cve/CVE-2022-4662.html https://www.suse.com/security/cve/CVE-2022-47929.html https://www.suse.com/security/cve/CVE-2023-23454.html https://bugzilla.suse.com/1203693 https://bugzilla.suse.com/1205149 https://bugzilla.suse.com/1206073 https://bugzilla.suse.com/1206664 https://bugzilla.suse.com/1206677 https://bugzilla.suse.com/1206784 https://bugzilla.suse.com/1207036 https://bugzilla.suse.com/1207186 https://bugzilla.suse.com/1207237 From sle-updates at lists.suse.com Tue Feb 14 17:25:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Feb 2023 18:25:21 +0100 (CET) Subject: SUSE-SU-2023:0408-1: moderate: Security update for nodejs18 Message-ID: <20230214172521.75D72FCC9@maintenance.suse.de> SUSE Security Update: Security update for nodejs18 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0408-1 Rating: moderate References: #1200303 #1201325 #1201326 #1201327 #1201328 #1203831 #1203832 #1205042 #1205119 #1205236 PED-2097 PED-3192 Cross-References: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2022-35255 CVE-2022-35256 CVE-2022-43548 CVSS scores: CVE-2022-32212 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-32212 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32213 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-32214 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-32214 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-32215 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-32215 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-35255 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-35255 (SUSE): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2022-35256 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2022-43548 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43548 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that solves 7 vulnerabilities, contains two features and has three fixes is now available. Description: This update for nodejs18 fixes the following issues: This update ships nodejs18 (jsc#PED-2097) Update to NodejJS 18.13.0 LTS: * build: disable v8 snapshot compression by default * crypto: update root certificates * deps: update ICU to 72.1 * doc: + add doc-only deprecation for headers/trailers setters + add Rafael to the tsc + deprecate use of invalid ports in url.parse + deprecate url.parse() * lib: drop fetch experimental warning * net: add autoSelectFamily and autoSelectFamilyAttemptTimeout options * src: + add uvwasi version + add initial shadow realm support * test_runner: + add t.after() hook + don't use a symbol for runHook() * tls: + add "ca" property to certificate object * util: + add fast path for utf8 encoding + improve textdecoder decode performance + add MIME utilities - Fixes compatibility with ICU 72.1 (bsc#1205236) - Fix migration to openssl-3 (bsc#1205042) Update to NodeJS 18.12.1 LTS: * inspector: DNS rebinding in --inspect via invalid octal IP (bsc#1205119, CVE-2022-43548) Update to NodeJS 18.12.0 LTS: * Running in 'watch' mode using node --watch restarts the process when an imported file is changed. * fs: add FileHandle.prototype.readLines * http: add writeEarlyHints function to ServerResponse * http2: make early hints generic * util: add default value option to parsearg Update to NodeJS 18.11.0: * added experimental watch mode -- running in 'watch' mode using node --watch restarts the process when an imported file is changed * fs: add FileHandle.prototype.readLines * http: add writeEarlyHints function to ServerResponse * http2: make early hints generic * lib: refactor transferable AbortSignal * src: add detailed embedder process initialization API * util: add default value option to parsearg Update to NodeJS 18.10.0: * deps: upgrade npm to 8.19.2 * http: throw error on content-length mismatch * stream: add ReadableByteStream.tee() Update to Nodejs 18.9.1: * deps: llhttp updated to 6.0.10 + CVE-2022-32213 bypass via obs-fold mechanic (bsc#1201325) + Incorrect Parsing of Multi-line Transfer-Encoding (CVE-2022-32215, bsc#1201327) + Incorrect Parsing of Header Fields (CVE-2022-35256, bsc#1203832) * crypto: fix weak randomness in WebCrypto keygen (CVE-2022-35255, bsc#1203831) Update to Nodejs 18.9.0: * lib - add diagnostics channel for process and worker * os - add machine method * report - expose report public native apis * src - expose environment RequestInterrupt api * vm - include vm context in the embedded snapshot Changes in 18.8.0: * bootstrap: implement run-time user-land snapshots via --build-snapshot and --snapshot-blob. See * crypto: + allow zero-length IKM in HKDF and in webcrypto PBKDF2 + allow zero-length secret KeyObject * deps: upgrade npm to 8.18.0 * http: make idle http parser count configurable * net: add local family * src: print source map error source on demand * tls: pass a valid socket on tlsClientError Update to Nodejs 18.7.0: * events: add CustomEvent * http: add drop request event for http server * lib: improved diagnostics_channel subscribe/unsubscribe * util: add tokens to parseArgs - enable crypto policy ciphers for TW and SLE15 SP4+ (bsc#1200303) Update to Nodejs 18.6.0: * Experimental ESM Loader Hooks API. For details see, https://nodejs.org/api/esm.html * dns: export error code constants from dns/promises * esm: add chaining to loaders * http: add diagnostics channel for http client * http: add perf_hooks detail for http request and client * module: add isBuiltIn method * net: add drop event for net server * test_runner: expose describe and it * v8: add v8.startupSnapshot utils For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18 .6.0 Update to Nodejs 18.5.0: * http: stricter Transfer-Encoding and header separator parsing (bsc#1201325, bsc#1201326, bsc#1201327, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215) * src: fix IPv4 validation in inspector_socket (bsc#1201328, CVE-2022-32212) For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18 .5.0 Update to Nodejs 18.4.0. For detailed changes see, https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18 .4.0 - refreshed: versioned.patch, linker_lto_jobs.patch, nodejs-libpath.patch Initial packaging of Nodejs 18.2.0. For detailed changes since previous versions, see https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V18.md# 18.2.0 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-408=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs18-18.13.0-8.3.1 nodejs18-debuginfo-18.13.0-8.3.1 nodejs18-debugsource-18.13.0-8.3.1 nodejs18-devel-18.13.0-8.3.1 npm18-18.13.0-8.3.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs18-docs-18.13.0-8.3.1 References: https://www.suse.com/security/cve/CVE-2022-32212.html https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-32214.html https://www.suse.com/security/cve/CVE-2022-32215.html https://www.suse.com/security/cve/CVE-2022-35255.html https://www.suse.com/security/cve/CVE-2022-35256.html https://www.suse.com/security/cve/CVE-2022-43548.html https://bugzilla.suse.com/1200303 https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1201326 https://bugzilla.suse.com/1201327 https://bugzilla.suse.com/1201328 https://bugzilla.suse.com/1203831 https://bugzilla.suse.com/1203832 https://bugzilla.suse.com/1205042 https://bugzilla.suse.com/1205119 https://bugzilla.suse.com/1205236 From sle-updates at lists.suse.com Tue Feb 14 20:19:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Feb 2023 21:19:06 +0100 (CET) Subject: SUSE-SU-2023:0411-1: critical: Security update for haproxy Message-ID: <20230214201906.C22D6F78A@maintenance.suse.de> SUSE Security Update: Security update for haproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0411-1 Rating: critical References: #1208132 Cross-References: CVE-2023-25725 CVSS scores: CVE-2023-25725 (SUSE): 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L Affected Products: SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise Micro 5.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for haproxy fixes the following issues: - CVE-2023-25725: Fixed a serious vulnerability in the HTTP/1 parser (bsc#1208132). - Fixed an issue where sensitive data might leak to the backend. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-411=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-411=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-411=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-411=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): haproxy-2.4.8+git0.d1f8d41e0-150400.3.10.1 haproxy-debuginfo-2.4.8+git0.d1f8d41e0-150400.3.10.1 haproxy-debugsource-2.4.8+git0.d1f8d41e0-150400.3.10.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): haproxy-2.4.8+git0.d1f8d41e0-150400.3.10.1 haproxy-debuginfo-2.4.8+git0.d1f8d41e0-150400.3.10.1 haproxy-debugsource-2.4.8+git0.d1f8d41e0-150400.3.10.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): haproxy-2.4.8+git0.d1f8d41e0-150400.3.10.1 haproxy-debuginfo-2.4.8+git0.d1f8d41e0-150400.3.10.1 haproxy-debugsource-2.4.8+git0.d1f8d41e0-150400.3.10.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): haproxy-2.4.8+git0.d1f8d41e0-150400.3.10.1 haproxy-debuginfo-2.4.8+git0.d1f8d41e0-150400.3.10.1 haproxy-debugsource-2.4.8+git0.d1f8d41e0-150400.3.10.1 References: https://www.suse.com/security/cve/CVE-2023-25725.html https://bugzilla.suse.com/1208132 From sle-updates at lists.suse.com Tue Feb 14 20:20:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Feb 2023 21:20:20 +0100 (CET) Subject: SUSE-SU-2023:0409-1: important: Security update for the Linux Kernel Message-ID: <20230214202020.EC67EF78A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0409-1 Rating: important References: #1195175 #1204502 #1206677 #1207034 #1207497 #1207508 #1207769 #1207878 Cross-References: CVE-2022-3606 CVE-2023-0179 CVSS scores: CVE-2022-3606 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3606 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-0179 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves two vulnerabilities and has 6 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3606: Fixed a null pointer dereference inside the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF (bnc#1204502). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). The following non-security bugs were fixed: - KVM: VMX: fix crash cleanup when KVM wasn't used (bsc#1207508). - RDMA/core: Fix ib block iterator counter overflow (bsc#1207878). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - blktrace: ensure our debugfs dir exists (git-fixes). - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: fix flush with external metadata device (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm integrity: select CRYPTO_SKCIPHER (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm space maps: do not reset space map allocation cursor when committing (git-fixes). - dm table: Remove BUG_ON(in_interrupt()) (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm verity: fix require_signatures module_param permissions (git-fixes). - dm verity: skip verity work if I/O error when system is shutting down (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - kabi/severities: add mlx5 internal symbols - loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes). - loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix max value for 'first_minor' (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - nbd: make the config put is called before the notifying the waiter (git-fixes). - nbd: restore default timeout when setting it to zero (git-fixes). - net/mlx5: Allocate individual capability (bsc#1195175). - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - net/mlx5: Fix flow counters SF bulk query len (bsc#1195175). - net/mlx5: Reduce flow counters bulk query buffer size for SFs (bsc#1195175). - net/mlx5: Reorganize current and maximal capabilities to be per-type (bsc#1195175). - net/mlx5: Use order-0 allocations for EQs (bsc#1195175). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - rbd: work around -Wuninitialized warning (git-fixes). - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (git-fixes). - scsi: NCR5380: Add disconnect_mask module parameter (git-fixes). - scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes). - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (git-fixes). - scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: bnx2fc: Return failure if io_req is already in ABTS processing (git-fixes). - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO (git-fixes). - scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes). - scsi: core: Do not start concurrent async scan on same host (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - scsi: core: Fix capacity set to zero after offlinining device (git-fixes). - scsi: core: Fix hang of freezing queue between blocking and running device (git-fixes). - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: core: free sgtables in case command setup fails (git-fixes). - scsi: core: sysfs: Fix hang when device state is set via sysfs (git-fixes). - scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (git-fixes). - scsi: cxlflash: Fix error return code in cxlflash_probe() (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes). - scsi: fnic: fix use after free (git-fixes). - scsi: hisi_sas: Check sas_port before using it (git-fixes). - scsi: hisi_sas: Do not reset phy timer to wait for stray phy up (git-fixes). - scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq (git-fixes). - scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw() (git-fixes). - scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (git-fixes). - scsi: iscsi: Do not destroy session if there are outstanding connections (git-fixes). - scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes). - scsi: iscsi: Do not send data to unbound connection (git-fixes). - scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj (git-fixes). - scsi: iscsi: Fix shost->max_id use (git-fixes). - scsi: iscsi: Report unbind session event when the target has been removed (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libfc: Fix a format specifier (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes). - scsi: libsas: Add LUN number check in .slave_alloc callback (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() (git-fixes). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: megaraid_sas: Fix resource leak in case of probe failure (git-fixes). - scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs (git-fixes). - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: mpt3sas: Block PCI config access from userspace during reset (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (git-fixes). - scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm: Balance pm_only counter of request queue during system resume (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Add check to synchronize abort and flush (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: qedf: Return SUCCESS if stale rport is encountered (git-fixes). - scsi: qedi: Fix failed disconnect handling (git-fixes). - scsi: qedi: Fix list_del corruption while removing active I/O (git-fixes). - scsi: qedi: Fix null ref during abort handling (git-fixes). - scsi: qedi: Protect active command list to avoid list corruption (git-fixes). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: num_tgts must be >= 0 (git-fixes). - scsi: scsi_dh_alua: Check for negative result value (git-fixes). - scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() (git-fixes). - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes). - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes). - scsi: scsi_transport_spi: Fix function pointer check (git-fixes). - scsi: scsi_transport_spi: Set RQF_PM for domain validation commands (git-fixes). - scsi: sd: Free scsi_disk device via put_device() (git-fixes). - scsi: sd: Suppress spurious errors when WRITE SAME is being disabled (git-fixes). - scsi: ses: Fix unsigned comparison with less than zero (git-fixes). - scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes). - scsi: sr: Return appropriate error code when disk is ejected (git-fixes). - scsi: sr: Return correct event when media event code is 3 (git-fixes). - scsi: st: Fix a use after free in st_open() (git-fixes). - scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() (git-fixes). - scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes). - scsi: ufs: Clean up completed request without interrupt notification (git-fixes). - scsi: ufs: Fix a race condition in the tracing code (git-fixes). - scsi: ufs: Fix error handing during hibern8 enter (git-fixes). - scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes). - scsi: ufs: Fix interrupt error message for shared interrupts (git-fixes). - scsi: ufs: Fix irq return code (git-fixes). - scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes). - scsi: ufs: Fix tm request when non-fatal error happens (git-fixes). - scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() (git-fixes). - scsi: ufs: Fix up auto hibern8 enablement (git-fixes). - scsi: ufs: Fix wrong print message in dev_err() (git-fixes). - scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes). - scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (git-fixes). - scsi: ufs: Make ufshcd_add_command_trace() easier to read (git-fixes). - scsi: ufs: fix potential bug which ends in system hang (git-fixes). - scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() (git-fixes). - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - scsi: vmw_pvscsi: Set correct residual data length (git-fixes). - scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-409=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-409=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-409=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-409=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-409=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-409=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-409=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-409=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-409=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-409=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-409=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-409=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-409=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-409=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-409=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): kernel-default-5.3.18-150300.59.112.1 kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 - openSUSE Leap 15.4 (aarch64): dtb-al-5.3.18-150300.59.112.1 dtb-zte-5.3.18-150300.59.112.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): kernel-default-5.3.18-150300.59.112.1 kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 kernel-default-devel-5.3.18-150300.59.112.1 kernel-default-devel-debuginfo-5.3.18-150300.59.112.1 - SUSE Manager Server 4.2 (x86_64): kernel-preempt-5.3.18-150300.59.112.1 kernel-preempt-debuginfo-5.3.18-150300.59.112.1 kernel-preempt-debugsource-5.3.18-150300.59.112.1 - SUSE Manager Server 4.2 (noarch): kernel-devel-5.3.18-150300.59.112.1 kernel-macros-5.3.18-150300.59.112.1 - SUSE Manager Server 4.2 (s390x): kernel-zfcpdump-5.3.18-150300.59.112.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.112.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.112.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): kernel-default-5.3.18-150300.59.112.1 kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 kernel-default-devel-5.3.18-150300.59.112.1 kernel-default-devel-debuginfo-5.3.18-150300.59.112.1 kernel-preempt-5.3.18-150300.59.112.1 kernel-preempt-debuginfo-5.3.18-150300.59.112.1 kernel-preempt-debugsource-5.3.18-150300.59.112.1 - SUSE Manager Retail Branch Server 4.2 (noarch): kernel-devel-5.3.18-150300.59.112.1 kernel-macros-5.3.18-150300.59.112.1 - SUSE Manager Proxy 4.2 (noarch): kernel-devel-5.3.18-150300.59.112.1 kernel-macros-5.3.18-150300.59.112.1 - SUSE Manager Proxy 4.2 (x86_64): kernel-default-5.3.18-150300.59.112.1 kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 kernel-default-devel-5.3.18-150300.59.112.1 kernel-default-devel-debuginfo-5.3.18-150300.59.112.1 kernel-preempt-5.3.18-150300.59.112.1 kernel-preempt-debuginfo-5.3.18-150300.59.112.1 kernel-preempt-debugsource-5.3.18-150300.59.112.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): kernel-default-5.3.18-150300.59.112.1 kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 kernel-default-devel-5.3.18-150300.59.112.1 kernel-default-devel-debuginfo-5.3.18-150300.59.112.1 kernel-obs-build-5.3.18-150300.59.112.1 kernel-obs-build-debugsource-5.3.18-150300.59.112.1 kernel-syms-5.3.18-150300.59.112.1 reiserfs-kmp-default-5.3.18-150300.59.112.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.112.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch): kernel-devel-5.3.18-150300.59.112.1 kernel-docs-5.3.18-150300.59.112.1 kernel-macros-5.3.18-150300.59.112.1 kernel-source-5.3.18-150300.59.112.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (x86_64): kernel-preempt-5.3.18-150300.59.112.1 kernel-preempt-debuginfo-5.3.18-150300.59.112.1 kernel-preempt-debugsource-5.3.18-150300.59.112.1 kernel-preempt-devel-5.3.18-150300.59.112.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.112.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150300.59.112.1 kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 kernel-default-devel-5.3.18-150300.59.112.1 kernel-default-devel-debuginfo-5.3.18-150300.59.112.1 kernel-obs-build-5.3.18-150300.59.112.1 kernel-obs-build-debugsource-5.3.18-150300.59.112.1 kernel-syms-5.3.18-150300.59.112.1 reiserfs-kmp-default-5.3.18-150300.59.112.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.112.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 x86_64): kernel-preempt-5.3.18-150300.59.112.1 kernel-preempt-debuginfo-5.3.18-150300.59.112.1 kernel-preempt-debugsource-5.3.18-150300.59.112.1 kernel-preempt-devel-5.3.18-150300.59.112.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.112.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64): kernel-64kb-5.3.18-150300.59.112.1 kernel-64kb-debuginfo-5.3.18-150300.59.112.1 kernel-64kb-debugsource-5.3.18-150300.59.112.1 kernel-64kb-devel-5.3.18-150300.59.112.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.112.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): kernel-devel-5.3.18-150300.59.112.1 kernel-docs-5.3.18-150300.59.112.1 kernel-macros-5.3.18-150300.59.112.1 kernel-source-5.3.18-150300.59.112.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (s390x): kernel-zfcpdump-5.3.18-150300.59.112.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.112.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.112.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): kernel-default-5.3.18-150300.59.112.1 kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 kernel-default-devel-5.3.18-150300.59.112.1 kernel-default-devel-debuginfo-5.3.18-150300.59.112.1 kernel-obs-build-5.3.18-150300.59.112.1 kernel-obs-build-debugsource-5.3.18-150300.59.112.1 kernel-preempt-5.3.18-150300.59.112.1 kernel-preempt-debuginfo-5.3.18-150300.59.112.1 kernel-preempt-debugsource-5.3.18-150300.59.112.1 kernel-preempt-devel-5.3.18-150300.59.112.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.112.1 kernel-syms-5.3.18-150300.59.112.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): kernel-devel-5.3.18-150300.59.112.1 kernel-docs-5.3.18-150300.59.112.1 kernel-macros-5.3.18-150300.59.112.1 kernel-source-5.3.18-150300.59.112.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 kernel-default-livepatch-5.3.18-150300.59.112.1 kernel-default-livepatch-devel-5.3.18-150300.59.112.1 kernel-livepatch-5_3_18-150300_59_112-default-1-150300.7.3.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.112.1 kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.112.1 kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): kernel-default-5.3.18-150300.59.112.1 kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 kernel-default-devel-5.3.18-150300.59.112.1 kernel-default-devel-debuginfo-5.3.18-150300.59.112.1 kernel-obs-build-5.3.18-150300.59.112.1 kernel-obs-build-debugsource-5.3.18-150300.59.112.1 kernel-preempt-5.3.18-150300.59.112.1 kernel-preempt-debuginfo-5.3.18-150300.59.112.1 kernel-preempt-debugsource-5.3.18-150300.59.112.1 kernel-preempt-devel-5.3.18-150300.59.112.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.112.1 kernel-syms-5.3.18-150300.59.112.1 reiserfs-kmp-default-5.3.18-150300.59.112.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.112.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64): kernel-64kb-5.3.18-150300.59.112.1 kernel-64kb-debuginfo-5.3.18-150300.59.112.1 kernel-64kb-debugsource-5.3.18-150300.59.112.1 kernel-64kb-devel-5.3.18-150300.59.112.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.112.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): kernel-devel-5.3.18-150300.59.112.1 kernel-docs-5.3.18-150300.59.112.1 kernel-macros-5.3.18-150300.59.112.1 kernel-source-5.3.18-150300.59.112.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): kernel-default-5.3.18-150300.59.112.1 kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 kernel-default-devel-5.3.18-150300.59.112.1 kernel-default-devel-debuginfo-5.3.18-150300.59.112.1 kernel-obs-build-5.3.18-150300.59.112.1 kernel-obs-build-debugsource-5.3.18-150300.59.112.1 kernel-preempt-5.3.18-150300.59.112.1 kernel-preempt-debuginfo-5.3.18-150300.59.112.1 kernel-preempt-debugsource-5.3.18-150300.59.112.1 kernel-preempt-devel-5.3.18-150300.59.112.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.112.1 kernel-syms-5.3.18-150300.59.112.1 reiserfs-kmp-default-5.3.18-150300.59.112.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.112.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64): kernel-64kb-5.3.18-150300.59.112.1 kernel-64kb-debuginfo-5.3.18-150300.59.112.1 kernel-64kb-debugsource-5.3.18-150300.59.112.1 kernel-64kb-devel-5.3.18-150300.59.112.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.112.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): kernel-devel-5.3.18-150300.59.112.1 kernel-docs-5.3.18-150300.59.112.1 kernel-macros-5.3.18-150300.59.112.1 kernel-source-5.3.18-150300.59.112.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.112.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.112.1 dlm-kmp-default-5.3.18-150300.59.112.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.112.1 gfs2-kmp-default-5.3.18-150300.59.112.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 ocfs2-kmp-default-5.3.18-150300.59.112.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.112.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): kernel-default-5.3.18-150300.59.112.1 kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 kernel-default-devel-5.3.18-150300.59.112.1 kernel-default-devel-debuginfo-5.3.18-150300.59.112.1 kernel-obs-build-5.3.18-150300.59.112.1 kernel-obs-build-debugsource-5.3.18-150300.59.112.1 kernel-preempt-5.3.18-150300.59.112.1 kernel-preempt-debuginfo-5.3.18-150300.59.112.1 kernel-preempt-debugsource-5.3.18-150300.59.112.1 kernel-preempt-devel-5.3.18-150300.59.112.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.112.1 kernel-syms-5.3.18-150300.59.112.1 reiserfs-kmp-default-5.3.18-150300.59.112.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.112.1 - SUSE Enterprise Storage 7.1 (aarch64): kernel-64kb-5.3.18-150300.59.112.1 kernel-64kb-debuginfo-5.3.18-150300.59.112.1 kernel-64kb-debugsource-5.3.18-150300.59.112.1 kernel-64kb-devel-5.3.18-150300.59.112.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.112.1 - SUSE Enterprise Storage 7.1 (noarch): kernel-devel-5.3.18-150300.59.112.1 kernel-docs-5.3.18-150300.59.112.1 kernel-macros-5.3.18-150300.59.112.1 kernel-source-5.3.18-150300.59.112.1 References: https://www.suse.com/security/cve/CVE-2022-3606.html https://www.suse.com/security/cve/CVE-2023-0179.html https://bugzilla.suse.com/1195175 https://bugzilla.suse.com/1204502 https://bugzilla.suse.com/1206677 https://bugzilla.suse.com/1207034 https://bugzilla.suse.com/1207497 https://bugzilla.suse.com/1207508 https://bugzilla.suse.com/1207769 https://bugzilla.suse.com/1207878 From sle-updates at lists.suse.com Tue Feb 14 20:22:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Feb 2023 21:22:05 +0100 (CET) Subject: SUSE-SU-2023:0413-1: critical: Security update for haproxy Message-ID: <20230214202205.04706F78A@maintenance.suse.de> SUSE Security Update: Security update for haproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0413-1 Rating: critical References: #1207181 #1208132 Cross-References: CVE-2023-0056 CVE-2023-25725 CVSS scores: CVE-2023-0056 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-25725 (SUSE): 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L Affected Products: SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for haproxy fixes the following issues: - CVE-2023-25725: Fixed a serious vulnerability in the HTTP/1 parser (bsc#1208132). - CVE-2023-0056: Fixed denial of service via crash in http_wait_for_response() (bsc#1207181). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-413=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-413=1 Package List: - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): haproxy-2.0.14-150200.11.15.1 haproxy-debuginfo-2.0.14-150200.11.15.1 haproxy-debugsource-2.0.14-150200.11.15.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): haproxy-2.0.14-150200.11.15.1 haproxy-debuginfo-2.0.14-150200.11.15.1 haproxy-debugsource-2.0.14-150200.11.15.1 References: https://www.suse.com/security/cve/CVE-2023-0056.html https://www.suse.com/security/cve/CVE-2023-25725.html https://bugzilla.suse.com/1207181 https://bugzilla.suse.com/1208132 From sle-updates at lists.suse.com Tue Feb 14 20:22:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Feb 2023 21:22:56 +0100 (CET) Subject: SUSE-SU-2023:0412-1: critical: Security update for haproxy Message-ID: <20230214202256.AE7C1F78A@maintenance.suse.de> SUSE Security Update: Security update for haproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0412-1 Rating: critical References: #1207181 #1208132 Cross-References: CVE-2023-0056 CVE-2023-25725 CVSS scores: CVE-2023-0056 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-25725 (SUSE): 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for haproxy fixes the following issues: - CVE-2023-25725: Fixed a serious vulnerability in the HTTP/1 parser (bsc#1208132). - CVE-2023-0056: Fixed denial of service via crash in http_wait_for_response() (bsc#1207181). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-412=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): haproxy-2.0.14-150100.8.27.1 haproxy-debuginfo-2.0.14-150100.8.27.1 haproxy-debugsource-2.0.14-150100.8.27.1 References: https://www.suse.com/security/cve/CVE-2023-0056.html https://www.suse.com/security/cve/CVE-2023-25725.html https://bugzilla.suse.com/1207181 https://bugzilla.suse.com/1208132 From sle-updates at lists.suse.com Tue Feb 14 20:24:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Feb 2023 21:24:02 +0100 (CET) Subject: SUSE-SU-2023:0410-1: important: Security update for the Linux Kernel Message-ID: <20230214202402.A3A85F78A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0410-1 Rating: important References: #1203693 #1205149 #1206073 #1206389 #1206395 #1206664 #1206677 #1206784 #1207036 #1207186 #1207237 PED-1706 Cross-References: CVE-2022-3107 CVE-2022-3108 CVE-2022-3564 CVE-2022-4662 CVE-2022-47929 CVE-2023-23454 CVSS scores: CVE-2022-3107 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3107 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3108 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3108 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3564 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3564 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4662 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4662 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-47929 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-47929 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2023-23454 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-23454 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 6 vulnerabilities, contains one feature and has 5 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3107: Fixed missing check of return value of kvmalloc_array() (bnc#1206395). - CVE-2022-3108: Fixed missing check of return value of kmemdup() (bnc#1206389). - CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bnc#1206073). - CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bnc#1206664). - CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237). - CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036). The following non-security bugs were fixed: - Added support for enabling livepatching related packages on -RT (jsc#PED-1706). - Added suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149). - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes, bsc#1207186). - HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784). - Reverted "constraints: increase disk space for all architectures" (bsc#1203693) - net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). - net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-410=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-410=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-410=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-410=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-410=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-410=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): kernel-default-base-debuginfo-4.12.14-150100.197.134.1 kernel-vanilla-4.12.14-150100.197.134.1 kernel-vanilla-base-4.12.14-150100.197.134.1 kernel-vanilla-base-debuginfo-4.12.14-150100.197.134.1 kernel-vanilla-debuginfo-4.12.14-150100.197.134.1 kernel-vanilla-debugsource-4.12.14-150100.197.134.1 kernel-vanilla-devel-4.12.14-150100.197.134.1 kernel-vanilla-devel-debuginfo-4.12.14-150100.197.134.1 kernel-vanilla-livepatch-devel-4.12.14-150100.197.134.1 - openSUSE Leap 15.4 (ppc64le x86_64): kernel-debug-base-4.12.14-150100.197.134.1 kernel-debug-base-debuginfo-4.12.14-150100.197.134.1 - openSUSE Leap 15.4 (x86_64): kernel-kvmsmall-base-4.12.14-150100.197.134.1 kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.134.1 - openSUSE Leap 15.4 (s390x): kernel-default-man-4.12.14-150100.197.134.1 kernel-zfcpdump-man-4.12.14-150100.197.134.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): kernel-default-4.12.14-150100.197.134.1 kernel-default-base-4.12.14-150100.197.134.1 kernel-default-base-debuginfo-4.12.14-150100.197.134.1 kernel-default-debuginfo-4.12.14-150100.197.134.1 kernel-default-debugsource-4.12.14-150100.197.134.1 kernel-default-devel-4.12.14-150100.197.134.1 kernel-default-devel-debuginfo-4.12.14-150100.197.134.1 kernel-obs-build-4.12.14-150100.197.134.1 kernel-obs-build-debugsource-4.12.14-150100.197.134.1 kernel-syms-4.12.14-150100.197.134.1 reiserfs-kmp-default-4.12.14-150100.197.134.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.134.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): kernel-devel-4.12.14-150100.197.134.1 kernel-docs-4.12.14-150100.197.134.1 kernel-macros-4.12.14-150100.197.134.1 kernel-source-4.12.14-150100.197.134.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-150100.197.134.1 kernel-default-base-4.12.14-150100.197.134.1 kernel-default-base-debuginfo-4.12.14-150100.197.134.1 kernel-default-debuginfo-4.12.14-150100.197.134.1 kernel-default-debugsource-4.12.14-150100.197.134.1 kernel-default-devel-4.12.14-150100.197.134.1 kernel-default-devel-debuginfo-4.12.14-150100.197.134.1 kernel-obs-build-4.12.14-150100.197.134.1 kernel-obs-build-debugsource-4.12.14-150100.197.134.1 kernel-syms-4.12.14-150100.197.134.1 reiserfs-kmp-default-4.12.14-150100.197.134.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.134.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): kernel-devel-4.12.14-150100.197.134.1 kernel-docs-4.12.14-150100.197.134.1 kernel-macros-4.12.14-150100.197.134.1 kernel-source-4.12.14-150100.197.134.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): kernel-default-man-4.12.14-150100.197.134.1 kernel-zfcpdump-debuginfo-4.12.14-150100.197.134.1 kernel-zfcpdump-debugsource-4.12.14-150100.197.134.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150100.197.134.1 kernel-default-debugsource-4.12.14-150100.197.134.1 kernel-default-livepatch-4.12.14-150100.197.134.1 kernel-default-livepatch-devel-4.12.14-150100.197.134.1 kernel-livepatch-4_12_14-150100_197_134-default-1-150100.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): kernel-default-4.12.14-150100.197.134.1 kernel-default-base-4.12.14-150100.197.134.1 kernel-default-base-debuginfo-4.12.14-150100.197.134.1 kernel-default-debuginfo-4.12.14-150100.197.134.1 kernel-default-debugsource-4.12.14-150100.197.134.1 kernel-default-devel-4.12.14-150100.197.134.1 kernel-default-devel-debuginfo-4.12.14-150100.197.134.1 kernel-obs-build-4.12.14-150100.197.134.1 kernel-obs-build-debugsource-4.12.14-150100.197.134.1 kernel-syms-4.12.14-150100.197.134.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): kernel-devel-4.12.14-150100.197.134.1 kernel-docs-4.12.14-150100.197.134.1 kernel-macros-4.12.14-150100.197.134.1 kernel-source-4.12.14-150100.197.134.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150100.197.134.1 cluster-md-kmp-default-debuginfo-4.12.14-150100.197.134.1 dlm-kmp-default-4.12.14-150100.197.134.1 dlm-kmp-default-debuginfo-4.12.14-150100.197.134.1 gfs2-kmp-default-4.12.14-150100.197.134.1 gfs2-kmp-default-debuginfo-4.12.14-150100.197.134.1 kernel-default-debuginfo-4.12.14-150100.197.134.1 kernel-default-debugsource-4.12.14-150100.197.134.1 ocfs2-kmp-default-4.12.14-150100.197.134.1 ocfs2-kmp-default-debuginfo-4.12.14-150100.197.134.1 - SUSE CaaS Platform 4.0 (x86_64): kernel-default-4.12.14-150100.197.134.1 kernel-default-base-4.12.14-150100.197.134.1 kernel-default-base-debuginfo-4.12.14-150100.197.134.1 kernel-default-debuginfo-4.12.14-150100.197.134.1 kernel-default-debugsource-4.12.14-150100.197.134.1 kernel-default-devel-4.12.14-150100.197.134.1 kernel-default-devel-debuginfo-4.12.14-150100.197.134.1 kernel-obs-build-4.12.14-150100.197.134.1 kernel-obs-build-debugsource-4.12.14-150100.197.134.1 kernel-syms-4.12.14-150100.197.134.1 reiserfs-kmp-default-4.12.14-150100.197.134.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.134.1 - SUSE CaaS Platform 4.0 (noarch): kernel-devel-4.12.14-150100.197.134.1 kernel-docs-4.12.14-150100.197.134.1 kernel-macros-4.12.14-150100.197.134.1 kernel-source-4.12.14-150100.197.134.1 References: https://www.suse.com/security/cve/CVE-2022-3107.html https://www.suse.com/security/cve/CVE-2022-3108.html https://www.suse.com/security/cve/CVE-2022-3564.html https://www.suse.com/security/cve/CVE-2022-4662.html https://www.suse.com/security/cve/CVE-2022-47929.html https://www.suse.com/security/cve/CVE-2023-23454.html https://bugzilla.suse.com/1203693 https://bugzilla.suse.com/1205149 https://bugzilla.suse.com/1206073 https://bugzilla.suse.com/1206389 https://bugzilla.suse.com/1206395 https://bugzilla.suse.com/1206664 https://bugzilla.suse.com/1206677 https://bugzilla.suse.com/1206784 https://bugzilla.suse.com/1207036 https://bugzilla.suse.com/1207186 https://bugzilla.suse.com/1207237 From sle-updates at lists.suse.com Wed Feb 15 14:20:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2023 15:20:06 +0100 (CET) Subject: SUSE-SU-2023:0416-1: important: Security update for the Linux Kernel Message-ID: <20230215142006.C1B82F78A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0416-1 Rating: important References: #1055710 #1084513 #1131430 #1133374 #1154848 #1166098 #1173514 #1177471 #1191961 #1196973 #1197331 #1197343 #1197366 #1197391 #1198516 #1198829 #1199063 #1199426 #1199487 #1199650 #1199657 #1200598 #1200619 #1200692 #1200910 #1201050 #1201251 #1201429 #1201635 #1201636 #1201940 #1201948 #1202097 #1202346 #1202347 #1202393 #1202500 #1202897 #1202898 #1202960 #1203107 #1203271 #1203514 #1203769 #1203960 #1203987 #1204166 #1204354 #1204405 #1204431 #1204439 #1204574 #1204631 #1204646 #1204647 #1204653 #1204894 #1204922 #1205220 #1205514 #1205671 #1205796 #1206677 Cross-References: CVE-2017-13695 CVE-2018-7755 CVE-2019-3837 CVE-2019-3900 CVE-2020-15393 CVE-2020-16119 CVE-2020-36557 CVE-2020-36558 CVE-2021-26341 CVE-2021-33655 CVE-2021-33656 CVE-2021-34981 CVE-2021-39713 CVE-2021-45868 CVE-2022-1011 CVE-2022-1048 CVE-2022-1353 CVE-2022-1462 CVE-2022-1652 CVE-2022-1679 CVE-2022-20132 CVE-2022-20166 CVE-2022-20368 CVE-2022-20369 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21385 CVE-2022-21499 CVE-2022-2318 CVE-2022-2663 CVE-2022-28356 CVE-2022-29900 CVE-2022-29901 CVE-2022-3028 CVE-2022-3303 CVE-2022-33981 CVE-2022-3424 CVE-2022-3524 CVE-2022-3565 CVE-2022-3566 CVE-2022-3586 CVE-2022-3621 CVE-2022-3635 CVE-2022-3646 CVE-2022-3649 CVE-2022-36879 CVE-2022-36946 CVE-2022-3903 CVE-2022-39188 CVE-2022-40768 CVE-2022-4095 CVE-2022-41218 CVE-2022-41848 CVE-2022-41850 CVE-2022-41858 CVE-2022-43750 CVE-2022-44032 CVE-2022-44033 CVE-2022-45934 CVSS scores: CVE-2017-13695 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2017-13695 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2018-7755 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2018-7755 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-3837 (NVD) : 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2019-3837 (SUSE): 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2019-3900 (NVD) : 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2019-3900 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-15393 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-15393 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-16119 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-16119 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36557 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36557 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36558 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36558 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26341 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-33655 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (NVD) : 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H CVE-2021-34981 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-39713 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39713 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-45868 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45868 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1048 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1353 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1353 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2022-1462 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1462 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2022-20166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20166 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-21123 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21127 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21180 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21385 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21385 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21499 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-2318 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2663 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-2663 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-28356 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-28356 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-29900 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29901 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-33981 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3524 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3565 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3566 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3566 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3621 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3646 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3646 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3649 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3649 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2022-41858 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-43750 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-44032 (NVD) : 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-44032 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-44033 (NVD) : 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-44033 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS-EXTREME-CORE ______________________________________________________________________________ An update that solves 62 vulnerabilities and has one errata is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-13695: Fixed fix acpi operand cache leak in nseval.c (bsc#1055710). - CVE-2018-7755: Fixed bypass of kernel security protections such as KASLR using fd_locked_ioctl function in drivers/block/floppy.c (bnc#1084513). - CVE-2019-3837: Fixed memory leak due to thread-unsafe implementation of the net_dma code in tcp_recvmsg() (bnc#1131430). - CVE-2019-3900: Fixed infinite loop while receiving packets in vhost_net (bnc#1133374). - CVE-2020-15393: Fixed memory leak in usbtest_disconnect in drivers/usb/misc/usbtest.c (bnc#1173514). - CVE-2020-16119: Fixed use-after-free exploitable by a local attacker due to reuse of a DCCP socket (bnc#1177471). - CVE-2020-36557: Fixed race condition in the VT_DISALLOCATE ioctl and closing/opening of ttys which could lead to a use-after-free (bnc#1201429). - CVE-2020-36558: Fixed race condition in VT_RESIZEX (bsc#1200910). - CVE-2021-26341: Fixed vulnerablity where some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bnc#1201050). - CVE-2021-33655: When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds (bnc#1201635). - CVE-2021-33656: Fixed memory out of bounds write when setting font with malicous data by ioctl cmd PIO_FONT (bnc#1201636). - CVE-2021-34981: Fixed file refcounter in bluetooth cmtp when cmtp_attach_device fails (bsc#1191961). - CVE-2021-39713: Fixed race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1196973). - CVE-2021-45868: Fixed use-after-free in fs/quota/quota_tree.c (bnc#1197366). - CVE-2022-1011: Fixed UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes (bsc#1197343). - CVE-2022-1048: Fixed potential AB/BA lock with buffer_mutex and mmap_lock (bsc#1197331). - CVE-2022-1353: Fixed denial of service in the pfkey_register function in net/key/af_key.c (bnc#1198516). - CVE-2022-1462: Fixed out-of-bounds read in the TeleTYpe subsystem allowing local user to crash the system or read unauthorized random data from memory (bnc#1198829). - CVE-2022-1652: Fixed use after free in floppy (bsc#1199063). - CVE-2022-1679: Fixed use-after-free in the atheros wireless adapter driver (bnc#1199487). - CVE-2022-20132: Fixed out of bounds read in lg_probe and related functions of hid-lg.c and other USB HID files (bnc#1200619). - CVE-2022-20166: Fixed out of bounds write due to a heap buffer overflow which could lead to local escalation of privilege with System execution privileges needed (bnc#1200598). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bnc#1202346). - CVE-2022-20369: Fixed out of bounds write due to improper input validation in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-21166, CVE-2022-21127, CVE-2022-21123, CVE-2022-21125, CVE-2022-21180: Fixed stale MMIO data transient information leaks (INTEL-TA-00615) (bnc#1199650). - CVE-2022-21385: Fixed warn in rds_message_alloc_sgs (bnc#1202897). - CVE-2022-21499: Fixed issue where it was trivial to break out of lockdown using kgdb (bsc#1199426). - CVE-2022-2318: Fixed use-after-free caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges (bnc#1201251). - CVE-2022-2663: Fixed possible firewall bypass when users are using unencrypted IRC due to message handling confusion in nf_conntrack_irc (bnc#1202097). - CVE-2022-28356: Fixed refcount leak bug in net/llc/af_llc.c (bnc#1197391). - CVE-2022-29900: Fixed mis-trained branch predictions for return instructions that may have allowed arbitrary speculative code execution under certain microarchitecture-dependent conditions (bnc#1199657). - CVE-2022-29901: Fixed vulnerability where an attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions (bnc#1199657). - CVE-2022-3028: Fixed a race condition in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously (bnc#1202898). - CVE-2022-3303: Fixed race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-33981: Fixed denial of service in drivers/block/floppy.c (bnc#1200692). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option leading to kernel panic (bnc#1204166). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options of the component IPv6 Handler (bnc#1204354). - CVE-2022-3565: Fixed use-after-free in del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth (bnc#1204431). - CVE-2022-3566: Fixed race condition in the TCP Handler (bnc#1204405). - CVE-2022-3586: Fixed use-after-free in the sch_sfb enqueue function (bnc#1204439). - CVE-2022-3621: Fixed null pointer dereference in fs/nilfs2/inode.c of the component nilfs2 (bnc#1204574). - CVE-2022-3635: Fixed use-after-free in IPsec (bnc#1204631). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF (bnc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode of the file fs/nilfs2/inode.c (bnc#1204647). - CVE-2022-36879: Fixed double refcount drop in xfrm_expand_policies in net/xfrm/xfrm_policy.c (bnc#1201948). - CVE-2022-36946: Fixed denial of service in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bnc#1201940). - CVE-2022-3903: Fixed incorrect read request flaw in the Infrared Transceiver USB driver (bnc#1205220). - CVE-2022-39188: Fixed TLB flush for PFNMAP mappings before unlink_file_vma() (bsc#1203107). - CVE-2022-40768: Fixed information leak in drivers/scsi/stex.c (bnc#1203514). - CVE-2022-4095: Fixed use-after-free in rtl8712 (bsc#1205514). - CVE-2022-41218: Fixed use-after-free in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-41848: Fixed use-after-free in drivers/char/pcmcia/synclink_cs.c (bnc#1203987). - CVE-2022-41850: Fixed use-after-free in roccat_report_event in drivers/hid/hid-roccat.c (bnc#1203960). - CVE-2022-41858: Fixed NULL pointer dereference in drivers/net/slip/slip.c (bnc#1205671). - CVE-2022-43750: Fixed memory corruption in drivers/usb/mon/mon_bin.c (bnc#1204653). - CVE-2022-44032: Fixed race condition in drivers/char/pcmcia/cm4000_cs.c (bnc#1204894). - CVE-2022-44033: Fixed use-after-free in drivers/char/pcmcia/cm4040_cs.c (bnc#1204922). - CVE-2022-45934: Fixed integer wraparound in net/bluetooth/l2cap_core.c (bnc#1205796). The following non-security bugs were fixed: - Fail if no bound addresses can be used for a given scope (bsc#1206677). - Fixed missing check on handle in net_sched cls_route (bsc#1202393). - Trim skb to alloc size to avoid MSG_TRUNC (bsc#1166098). - Fixed confusing boot logging with Skylake on RETBLEED kernel (bsc#1202500). - Fixed retbleed performance issues (bsc#1203271). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS-EXTREME-CORE: zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-416=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS-EXTREME-CORE (x86_64): kernel-default-3.0.101-108.138.1 kernel-default-base-3.0.101-108.138.1 kernel-default-devel-3.0.101-108.138.1 kernel-ec2-3.0.101-108.138.1 kernel-ec2-base-3.0.101-108.138.1 kernel-ec2-devel-3.0.101-108.138.1 kernel-source-3.0.101-108.138.1 kernel-syms-3.0.101-108.138.1 kernel-trace-3.0.101-108.138.1 kernel-trace-base-3.0.101-108.138.1 kernel-trace-devel-3.0.101-108.138.1 kernel-xen-3.0.101-108.138.1 kernel-xen-base-3.0.101-108.138.1 kernel-xen-devel-3.0.101-108.138.1 References: https://www.suse.com/security/cve/CVE-2017-13695.html https://www.suse.com/security/cve/CVE-2018-7755.html https://www.suse.com/security/cve/CVE-2019-3837.html https://www.suse.com/security/cve/CVE-2019-3900.html https://www.suse.com/security/cve/CVE-2020-15393.html https://www.suse.com/security/cve/CVE-2020-16119.html https://www.suse.com/security/cve/CVE-2020-36557.html https://www.suse.com/security/cve/CVE-2020-36558.html https://www.suse.com/security/cve/CVE-2021-26341.html https://www.suse.com/security/cve/CVE-2021-33655.html https://www.suse.com/security/cve/CVE-2021-33656.html https://www.suse.com/security/cve/CVE-2021-34981.html https://www.suse.com/security/cve/CVE-2021-39713.html https://www.suse.com/security/cve/CVE-2021-45868.html https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-1353.html https://www.suse.com/security/cve/CVE-2022-1462.html https://www.suse.com/security/cve/CVE-2022-1652.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20132.html https://www.suse.com/security/cve/CVE-2022-20166.html https://www.suse.com/security/cve/CVE-2022-20368.html https://www.suse.com/security/cve/CVE-2022-20369.html https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21127.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-21180.html https://www.suse.com/security/cve/CVE-2022-21385.html https://www.suse.com/security/cve/CVE-2022-21499.html https://www.suse.com/security/cve/CVE-2022-2318.html https://www.suse.com/security/cve/CVE-2022-2663.html https://www.suse.com/security/cve/CVE-2022-28356.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-29901.html https://www.suse.com/security/cve/CVE-2022-3028.html https://www.suse.com/security/cve/CVE-2022-3303.html https://www.suse.com/security/cve/CVE-2022-33981.html https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-3524.html https://www.suse.com/security/cve/CVE-2022-3565.html https://www.suse.com/security/cve/CVE-2022-3566.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3621.html https://www.suse.com/security/cve/CVE-2022-3635.html https://www.suse.com/security/cve/CVE-2022-3646.html https://www.suse.com/security/cve/CVE-2022-3649.html https://www.suse.com/security/cve/CVE-2022-36879.html https://www.suse.com/security/cve/CVE-2022-36946.html https://www.suse.com/security/cve/CVE-2022-3903.html https://www.suse.com/security/cve/CVE-2022-39188.html https://www.suse.com/security/cve/CVE-2022-40768.html https://www.suse.com/security/cve/CVE-2022-4095.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-41848.html https://www.suse.com/security/cve/CVE-2022-41850.html https://www.suse.com/security/cve/CVE-2022-41858.html https://www.suse.com/security/cve/CVE-2022-43750.html https://www.suse.com/security/cve/CVE-2022-44032.html https://www.suse.com/security/cve/CVE-2022-44033.html https://www.suse.com/security/cve/CVE-2022-45934.html https://bugzilla.suse.com/1055710 https://bugzilla.suse.com/1084513 https://bugzilla.suse.com/1131430 https://bugzilla.suse.com/1133374 https://bugzilla.suse.com/1154848 https://bugzilla.suse.com/1166098 https://bugzilla.suse.com/1173514 https://bugzilla.suse.com/1177471 https://bugzilla.suse.com/1191961 https://bugzilla.suse.com/1196973 https://bugzilla.suse.com/1197331 https://bugzilla.suse.com/1197343 https://bugzilla.suse.com/1197366 https://bugzilla.suse.com/1197391 https://bugzilla.suse.com/1198516 https://bugzilla.suse.com/1198829 https://bugzilla.suse.com/1199063 https://bugzilla.suse.com/1199426 https://bugzilla.suse.com/1199487 https://bugzilla.suse.com/1199650 https://bugzilla.suse.com/1199657 https://bugzilla.suse.com/1200598 https://bugzilla.suse.com/1200619 https://bugzilla.suse.com/1200692 https://bugzilla.suse.com/1200910 https://bugzilla.suse.com/1201050 https://bugzilla.suse.com/1201251 https://bugzilla.suse.com/1201429 https://bugzilla.suse.com/1201635 https://bugzilla.suse.com/1201636 https://bugzilla.suse.com/1201940 https://bugzilla.suse.com/1201948 https://bugzilla.suse.com/1202097 https://bugzilla.suse.com/1202346 https://bugzilla.suse.com/1202347 https://bugzilla.suse.com/1202393 https://bugzilla.suse.com/1202500 https://bugzilla.suse.com/1202897 https://bugzilla.suse.com/1202898 https://bugzilla.suse.com/1202960 https://bugzilla.suse.com/1203107 https://bugzilla.suse.com/1203271 https://bugzilla.suse.com/1203514 https://bugzilla.suse.com/1203769 https://bugzilla.suse.com/1203960 https://bugzilla.suse.com/1203987 https://bugzilla.suse.com/1204166 https://bugzilla.suse.com/1204354 https://bugzilla.suse.com/1204405 https://bugzilla.suse.com/1204431 https://bugzilla.suse.com/1204439 https://bugzilla.suse.com/1204574 https://bugzilla.suse.com/1204631 https://bugzilla.suse.com/1204646 https://bugzilla.suse.com/1204647 https://bugzilla.suse.com/1204653 https://bugzilla.suse.com/1204894 https://bugzilla.suse.com/1204922 https://bugzilla.suse.com/1205220 https://bugzilla.suse.com/1205514 https://bugzilla.suse.com/1205671 https://bugzilla.suse.com/1205796 https://bugzilla.suse.com/1206677 From sle-updates at lists.suse.com Wed Feb 15 14:27:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2023 15:27:37 +0100 (CET) Subject: SUSE-RU-2023:0414-1: important: Recommended update for powerpc-utils Message-ID: <20230215142737.88A48F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0414-1 Rating: important References: #1195404 #1206518 Affected Products: SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for powerpc-utils fixes the following issues: - Fix lparstat cpu mode display in a dedicated-donating LPAR (bsc#1206518) - Fix cpu utilization display - Fix setting primary HNV link when using NetworkManager (bsc#1195404) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-414=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-414=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-414=1 Package List: - SUSE Manager Server 4.2 (ppc64le): powerpc-utils-1.3.10-150300.9.29.1 powerpc-utils-debuginfo-1.3.10-150300.9.29.1 powerpc-utils-debugsource-1.3.10-150300.9.29.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le): powerpc-utils-1.3.10-150300.9.29.1 powerpc-utils-debuginfo-1.3.10-150300.9.29.1 powerpc-utils-debugsource-1.3.10-150300.9.29.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (ppc64le): powerpc-utils-1.3.10-150300.9.29.1 powerpc-utils-debuginfo-1.3.10-150300.9.29.1 powerpc-utils-debugsource-1.3.10-150300.9.29.1 References: https://bugzilla.suse.com/1195404 https://bugzilla.suse.com/1206518 From sle-updates at lists.suse.com Wed Feb 15 14:28:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2023 15:28:31 +0100 (CET) Subject: SUSE-SU-2023:0419-1: moderate: Security update for nodejs18 Message-ID: <20230215142831.B42B8F78A@maintenance.suse.de> SUSE Security Update: Security update for nodejs18 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0419-1 Rating: moderate References: #1200303 #1201325 #1201326 #1201327 #1201328 #1203831 #1203832 #1205042 #1205119 #1205236 PED-2097 PED-3192 Cross-References: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2022-35255 CVE-2022-35256 CVE-2022-43548 CVSS scores: CVE-2022-32212 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-32212 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32213 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-32214 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-32214 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-32215 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-32215 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-35255 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-35255 (SUSE): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2022-35256 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2022-43548 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43548 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Web Scripting 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap 15.5 ______________________________________________________________________________ An update that solves 7 vulnerabilities, contains two features and has three fixes is now available. Description: This update for nodejs18 fixes the following issues: This update ships nodejs18 (jsc#PED-2097) Update to NodejJS 18.13.0 LTS: * build: disable v8 snapshot compression by default * crypto: update root certificates * deps: update ICU to 72.1 * doc: + add doc-only deprecation for headers/trailers setters + add Rafael to the tsc + deprecate use of invalid ports in url.parse + deprecate url.parse() * lib: drop fetch experimental warning * net: add autoSelectFamily and autoSelectFamilyAttemptTimeout options * src: + add uvwasi version + add initial shadow realm support * test_runner: + add t.after() hook + don't use a symbol for runHook() * tls: + add "ca" property to certificate object * util: + add fast path for utf8 encoding + improve textdecoder decode performance + add MIME utilities - Fixes compatibility with ICU 72.1 (bsc#1205236) - Fix migration to openssl-3 (bsc#1205042) Update to NodeJS 18.12.1 LTS: * inspector: DNS rebinding in --inspect via invalid octal IP (bsc#1205119, CVE-2022-43548) Update to NodeJS 18.12.0 LTS: * Running in 'watch' mode using node --watch restarts the process when an imported file is changed. * fs: add FileHandle.prototype.readLines * http: add writeEarlyHints function to ServerResponse * http2: make early hints generic * util: add default value option to parsearg Update to NodeJS 18.11.0: * added experimental watch mode -- running in 'watch' mode using node --watch restarts the process when an imported file is changed * fs: add FileHandle.prototype.readLines * http: add writeEarlyHints function to ServerResponse * http2: make early hints generic * lib: refactor transferable AbortSignal * src: add detailed embedder process initialization API * util: add default value option to parsearg Update to NodeJS 18.10.0: * deps: upgrade npm to 8.19.2 * http: throw error on content-length mismatch * stream: add ReadableByteStream.tee() Update to Nodejs 18.9.1: * deps: llhttp updated to 6.0.10 + CVE-2022-32213 bypass via obs-fold mechanic (bsc#1201325) + Incorrect Parsing of Multi-line Transfer-Encoding (CVE-2022-32215, bsc#1201327) + Incorrect Parsing of Header Fields (CVE-2022-35256, bsc#1203832) * crypto: fix weak randomness in WebCrypto keygen (CVE-2022-35255, bsc#1203831) Update to Nodejs 18.9.0: * lib - add diagnostics channel for process and worker * os - add machine method * report - expose report public native apis * src - expose environment RequestInterrupt api * vm - include vm context in the embedded snapshot Changes in 18.8.0: * bootstrap: implement run-time user-land snapshots via --build-snapshot and --snapshot-blob. See * crypto: + allow zero-length IKM in HKDF and in webcrypto PBKDF2 + allow zero-length secret KeyObject * deps: upgrade npm to 8.18.0 * http: make idle http parser count configurable * net: add local family * src: print source map error source on demand * tls: pass a valid socket on tlsClientError Update to Nodejs 18.7.0: * events: add CustomEvent * http: add drop request event for http server * lib: improved diagnostics_channel subscribe/unsubscribe * util: add tokens to parseArgs - enable crypto policy ciphers for TW and SLE15 SP4+ (bsc#1200303) Update to Nodejs 18.6.0: * Experimental ESM Loader Hooks API. For details see, https://nodejs.org/api/esm.html * dns: export error code constants from dns/promises * esm: add chaining to loaders * http: add diagnostics channel for http client * http: add perf_hooks detail for http request and client * module: add isBuiltIn method * net: add drop event for net server * test_runner: expose describe and it * v8: add v8.startupSnapshot utils For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18 .6.0 Update to Nodejs 18.5.0: * http: stricter Transfer-Encoding and header separator parsing (bsc#1201325, bsc#1201326, bsc#1201327, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215) * src: fix IPv4 validation in inspector_socket (bsc#1201328, CVE-2022-32212) For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18 .5.0 Update to Nodejs 18.4.0. For detailed changes see, https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18 .4.0 Initial packaging of Nodejs 18.2.0. For detailed changes since previous versions, see https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V18.md# 18.2.0 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.5: zypper in -t patch openSUSE-SLE-15.5-2023-419=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-419=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-419=1 Package List: - openSUSE Leap 15.5 (aarch64 s390x x86_64): corepack18-18.13.0-150400.9.3.1 nodejs18-18.13.0-150400.9.3.1 nodejs18-debuginfo-18.13.0-150400.9.3.1 nodejs18-debugsource-18.13.0-150400.9.3.1 nodejs18-devel-18.13.0-150400.9.3.1 npm18-18.13.0-150400.9.3.1 - openSUSE Leap 15.5 (noarch): nodejs18-docs-18.13.0-150400.9.3.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): corepack18-18.13.0-150400.9.3.1 nodejs18-18.13.0-150400.9.3.1 nodejs18-debuginfo-18.13.0-150400.9.3.1 nodejs18-debugsource-18.13.0-150400.9.3.1 nodejs18-devel-18.13.0-150400.9.3.1 npm18-18.13.0-150400.9.3.1 - openSUSE Leap 15.4 (noarch): nodejs18-docs-18.13.0-150400.9.3.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64): nodejs18-18.13.0-150400.9.3.1 nodejs18-debuginfo-18.13.0-150400.9.3.1 nodejs18-debugsource-18.13.0-150400.9.3.1 nodejs18-devel-18.13.0-150400.9.3.1 npm18-18.13.0-150400.9.3.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (noarch): nodejs18-docs-18.13.0-150400.9.3.1 References: https://www.suse.com/security/cve/CVE-2022-32212.html https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-32214.html https://www.suse.com/security/cve/CVE-2022-32215.html https://www.suse.com/security/cve/CVE-2022-35255.html https://www.suse.com/security/cve/CVE-2022-35256.html https://www.suse.com/security/cve/CVE-2022-43548.html https://bugzilla.suse.com/1200303 https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1201326 https://bugzilla.suse.com/1201327 https://bugzilla.suse.com/1201328 https://bugzilla.suse.com/1203831 https://bugzilla.suse.com/1203832 https://bugzilla.suse.com/1205042 https://bugzilla.suse.com/1205119 https://bugzilla.suse.com/1205236 From sle-updates at lists.suse.com Wed Feb 15 14:30:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2023 15:30:00 +0100 (CET) Subject: SUSE-SU-2023:0420-1: important: Security update for the Linux Kernel Message-ID: <20230215143000.BA42FF78A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0420-1 Rating: important References: #1108488 #1205705 #1205709 #1206073 #1206113 #1206664 #1206677 #1206784 #1207036 #1207125 #1207186 #1207237 Cross-References: CVE-2018-9517 CVE-2022-3564 CVE-2022-3643 CVE-2022-42895 CVE-2022-42896 CVE-2022-4662 CVE-2022-47929 CVE-2023-23454 CVE-2023-23455 CVSS scores: CVE-2018-9517 (NVD) : 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2018-9517 (SUSE): 2.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-3564 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3564 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3643 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2022-3643 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-42895 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-4662 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4662 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-47929 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-47929 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2023-23454 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-23454 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-23455 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-23455 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 9 vulnerabilities and has three fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-9517: Fixed possible memory corruption due to a use after free in pppol2tp_connect (bsc#1108488). - CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206073). - CVE-2022-3643: Fixed reset/abort/crash via netback from VM guest (bsc#1206113). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bsc#1206664). - CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bsc#1207237). - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). The following non-security bugs were fixed: - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes). - HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-420=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.199.1 kernel-default-base-4.4.121-92.199.1 kernel-default-base-debuginfo-4.4.121-92.199.1 kernel-default-debuginfo-4.4.121-92.199.1 kernel-default-debugsource-4.4.121-92.199.1 kernel-default-devel-4.4.121-92.199.1 kernel-syms-4.4.121-92.199.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.199.1 kernel-macros-4.4.121-92.199.1 kernel-source-4.4.121-92.199.1 References: https://www.suse.com/security/cve/CVE-2018-9517.html https://www.suse.com/security/cve/CVE-2022-3564.html https://www.suse.com/security/cve/CVE-2022-3643.html https://www.suse.com/security/cve/CVE-2022-42895.html https://www.suse.com/security/cve/CVE-2022-42896.html https://www.suse.com/security/cve/CVE-2022-4662.html https://www.suse.com/security/cve/CVE-2022-47929.html https://www.suse.com/security/cve/CVE-2023-23454.html https://www.suse.com/security/cve/CVE-2023-23455.html https://bugzilla.suse.com/1108488 https://bugzilla.suse.com/1205705 https://bugzilla.suse.com/1205709 https://bugzilla.suse.com/1206073 https://bugzilla.suse.com/1206113 https://bugzilla.suse.com/1206664 https://bugzilla.suse.com/1206677 https://bugzilla.suse.com/1206784 https://bugzilla.suse.com/1207036 https://bugzilla.suse.com/1207125 https://bugzilla.suse.com/1207186 https://bugzilla.suse.com/1207237 From sle-updates at lists.suse.com Wed Feb 15 14:31:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2023 15:31:42 +0100 (CET) Subject: SUSE-RU-2023:0415-1: important: Recommended update for powerpc-utils Message-ID: <20230215143142.597B9F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0415-1 Rating: important References: #1195404 #1206518 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for powerpc-utils fixes the following issues: - Fix lparstat cpu mode display in a dedicated-donating LPAR (bsc#1206518) - Fix cpu utilization display - Fix setting primary HNV link when using NetworkManager (bsc#1195404) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-415=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-415=1 Package List: - openSUSE Leap 15.4 (ppc64le): powerpc-utils-1.3.10-150400.19.9.1 powerpc-utils-debuginfo-1.3.10-150400.19.9.1 powerpc-utils-debugsource-1.3.10-150400.19.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (ppc64le): powerpc-utils-1.3.10-150400.19.9.1 powerpc-utils-debuginfo-1.3.10-150400.19.9.1 powerpc-utils-debugsource-1.3.10-150400.19.9.1 References: https://bugzilla.suse.com/1195404 https://bugzilla.suse.com/1206518 From sle-updates at lists.suse.com Wed Feb 15 14:32:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2023 15:32:44 +0100 (CET) Subject: SUSE-SU-2023:0418-1: important: Security update for git Message-ID: <20230215143244.C93A9F78A@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0418-1 Rating: important References: #1204455 #1204456 #1208027 #1208028 Cross-References: CVE-2022-39253 CVE-2022-39260 CVE-2023-22490 CVE-2023-23946 CVSS scores: CVE-2022-39253 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-39253 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2022-39260 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-39260 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2023-22490 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2023-22490 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N CVE-2023-23946 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2023-23946 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027). - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running "git apply" (bsc#1208028). - CVE-2022-39260: Fixed overflow in `split_cmdline()`, leading to arbitrary heap writes and remote code execution (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-418=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-418=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-418=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-418=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-418=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-418=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-418=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-418=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): git-svn-debuginfo-2.26.2-150000.47.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): git-2.26.2-150000.47.1 git-arch-2.26.2-150000.47.1 git-core-2.26.2-150000.47.1 git-core-debuginfo-2.26.2-150000.47.1 git-cvs-2.26.2-150000.47.1 git-daemon-2.26.2-150000.47.1 git-daemon-debuginfo-2.26.2-150000.47.1 git-debuginfo-2.26.2-150000.47.1 git-debugsource-2.26.2-150000.47.1 git-email-2.26.2-150000.47.1 git-gui-2.26.2-150000.47.1 git-svn-2.26.2-150000.47.1 git-svn-debuginfo-2.26.2-150000.47.1 git-web-2.26.2-150000.47.1 gitk-2.26.2-150000.47.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): git-doc-2.26.2-150000.47.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): git-2.26.2-150000.47.1 git-arch-2.26.2-150000.47.1 git-core-2.26.2-150000.47.1 git-core-debuginfo-2.26.2-150000.47.1 git-cvs-2.26.2-150000.47.1 git-daemon-2.26.2-150000.47.1 git-daemon-debuginfo-2.26.2-150000.47.1 git-debuginfo-2.26.2-150000.47.1 git-debugsource-2.26.2-150000.47.1 git-email-2.26.2-150000.47.1 git-gui-2.26.2-150000.47.1 git-svn-2.26.2-150000.47.1 git-svn-debuginfo-2.26.2-150000.47.1 git-web-2.26.2-150000.47.1 gitk-2.26.2-150000.47.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): git-doc-2.26.2-150000.47.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): git-2.26.2-150000.47.1 git-arch-2.26.2-150000.47.1 git-core-2.26.2-150000.47.1 git-core-debuginfo-2.26.2-150000.47.1 git-cvs-2.26.2-150000.47.1 git-daemon-2.26.2-150000.47.1 git-daemon-debuginfo-2.26.2-150000.47.1 git-debuginfo-2.26.2-150000.47.1 git-debugsource-2.26.2-150000.47.1 git-email-2.26.2-150000.47.1 git-gui-2.26.2-150000.47.1 git-svn-2.26.2-150000.47.1 git-svn-debuginfo-2.26.2-150000.47.1 git-web-2.26.2-150000.47.1 gitk-2.26.2-150000.47.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): git-doc-2.26.2-150000.47.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): git-2.26.2-150000.47.1 git-arch-2.26.2-150000.47.1 git-core-2.26.2-150000.47.1 git-core-debuginfo-2.26.2-150000.47.1 git-cvs-2.26.2-150000.47.1 git-daemon-2.26.2-150000.47.1 git-daemon-debuginfo-2.26.2-150000.47.1 git-debuginfo-2.26.2-150000.47.1 git-debugsource-2.26.2-150000.47.1 git-email-2.26.2-150000.47.1 git-gui-2.26.2-150000.47.1 git-svn-2.26.2-150000.47.1 git-svn-debuginfo-2.26.2-150000.47.1 git-web-2.26.2-150000.47.1 gitk-2.26.2-150000.47.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): git-doc-2.26.2-150000.47.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): git-2.26.2-150000.47.1 git-arch-2.26.2-150000.47.1 git-core-2.26.2-150000.47.1 git-core-debuginfo-2.26.2-150000.47.1 git-cvs-2.26.2-150000.47.1 git-daemon-2.26.2-150000.47.1 git-daemon-debuginfo-2.26.2-150000.47.1 git-debuginfo-2.26.2-150000.47.1 git-debugsource-2.26.2-150000.47.1 git-email-2.26.2-150000.47.1 git-gui-2.26.2-150000.47.1 git-svn-2.26.2-150000.47.1 git-svn-debuginfo-2.26.2-150000.47.1 git-web-2.26.2-150000.47.1 gitk-2.26.2-150000.47.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): git-doc-2.26.2-150000.47.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): git-2.26.2-150000.47.1 git-arch-2.26.2-150000.47.1 git-core-2.26.2-150000.47.1 git-core-debuginfo-2.26.2-150000.47.1 git-cvs-2.26.2-150000.47.1 git-daemon-2.26.2-150000.47.1 git-daemon-debuginfo-2.26.2-150000.47.1 git-debuginfo-2.26.2-150000.47.1 git-debugsource-2.26.2-150000.47.1 git-email-2.26.2-150000.47.1 git-gui-2.26.2-150000.47.1 git-svn-2.26.2-150000.47.1 git-svn-debuginfo-2.26.2-150000.47.1 git-web-2.26.2-150000.47.1 gitk-2.26.2-150000.47.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): git-doc-2.26.2-150000.47.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): git-2.26.2-150000.47.1 git-arch-2.26.2-150000.47.1 git-core-2.26.2-150000.47.1 git-core-debuginfo-2.26.2-150000.47.1 git-cvs-2.26.2-150000.47.1 git-daemon-2.26.2-150000.47.1 git-daemon-debuginfo-2.26.2-150000.47.1 git-debuginfo-2.26.2-150000.47.1 git-debugsource-2.26.2-150000.47.1 git-email-2.26.2-150000.47.1 git-gui-2.26.2-150000.47.1 git-svn-2.26.2-150000.47.1 git-svn-debuginfo-2.26.2-150000.47.1 git-web-2.26.2-150000.47.1 gitk-2.26.2-150000.47.1 - SUSE Enterprise Storage 7 (noarch): git-doc-2.26.2-150000.47.1 - SUSE CaaS Platform 4.0 (x86_64): git-2.26.2-150000.47.1 git-arch-2.26.2-150000.47.1 git-core-2.26.2-150000.47.1 git-core-debuginfo-2.26.2-150000.47.1 git-cvs-2.26.2-150000.47.1 git-daemon-2.26.2-150000.47.1 git-daemon-debuginfo-2.26.2-150000.47.1 git-debuginfo-2.26.2-150000.47.1 git-debugsource-2.26.2-150000.47.1 git-email-2.26.2-150000.47.1 git-gui-2.26.2-150000.47.1 git-svn-2.26.2-150000.47.1 git-svn-debuginfo-2.26.2-150000.47.1 git-web-2.26.2-150000.47.1 gitk-2.26.2-150000.47.1 - SUSE CaaS Platform 4.0 (noarch): git-doc-2.26.2-150000.47.1 References: https://www.suse.com/security/cve/CVE-2022-39253.html https://www.suse.com/security/cve/CVE-2022-39260.html https://www.suse.com/security/cve/CVE-2023-22490.html https://www.suse.com/security/cve/CVE-2023-23946.html https://bugzilla.suse.com/1204455 https://bugzilla.suse.com/1204456 https://bugzilla.suse.com/1208027 https://bugzilla.suse.com/1208028 From sle-updates at lists.suse.com Wed Feb 15 20:27:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2023 21:27:23 +0100 (CET) Subject: SUSE-SU-2023:0425-1: moderate: Security update for curl Message-ID: <20230215202723.EC888F78A@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0425-1 Rating: moderate References: #1207992 Cross-References: CVE-2023-23916 CVSS scores: CVE-2023-23916 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-425=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-425=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.60.0-11.55.1 curl-debugsource-7.60.0-11.55.1 libcurl-devel-7.60.0-11.55.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): curl-7.60.0-11.55.1 curl-debuginfo-7.60.0-11.55.1 curl-debugsource-7.60.0-11.55.1 libcurl4-7.60.0-11.55.1 libcurl4-debuginfo-7.60.0-11.55.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libcurl4-32bit-7.60.0-11.55.1 libcurl4-debuginfo-32bit-7.60.0-11.55.1 References: https://www.suse.com/security/cve/CVE-2023-23916.html https://bugzilla.suse.com/1207992 From sle-updates at lists.suse.com Wed Feb 15 20:31:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2023 21:31:23 +0100 (CET) Subject: SUSE-SU-2023:0430-1: important: Security update for git Message-ID: <20230215203123.41782F78A@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0430-1 Rating: important References: #1208027 #1208028 Cross-References: CVE-2023-22490 CVE-2023-23946 CVSS scores: CVE-2023-22490 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2023-22490 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N CVE-2023-23946 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2023-23946 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027). - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running "git apply" (bsc#1208028). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-430=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-430=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-430=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-430=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-430=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-430=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-430=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-430=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-430=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-430=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-430=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-430=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.24.1 git-arch-2.35.3-150300.10.24.1 git-core-2.35.3-150300.10.24.1 git-core-debuginfo-2.35.3-150300.10.24.1 git-credential-gnome-keyring-2.35.3-150300.10.24.1 git-credential-gnome-keyring-debuginfo-2.35.3-150300.10.24.1 git-credential-libsecret-2.35.3-150300.10.24.1 git-credential-libsecret-debuginfo-2.35.3-150300.10.24.1 git-cvs-2.35.3-150300.10.24.1 git-daemon-2.35.3-150300.10.24.1 git-daemon-debuginfo-2.35.3-150300.10.24.1 git-debuginfo-2.35.3-150300.10.24.1 git-debugsource-2.35.3-150300.10.24.1 git-email-2.35.3-150300.10.24.1 git-gui-2.35.3-150300.10.24.1 git-p4-2.35.3-150300.10.24.1 git-svn-2.35.3-150300.10.24.1 git-web-2.35.3-150300.10.24.1 gitk-2.35.3-150300.10.24.1 perl-Git-2.35.3-150300.10.24.1 - openSUSE Leap 15.4 (noarch): git-doc-2.35.3-150300.10.24.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): git-core-2.35.3-150300.10.24.1 git-core-debuginfo-2.35.3-150300.10.24.1 git-debuginfo-2.35.3-150300.10.24.1 git-debugsource-2.35.3-150300.10.24.1 perl-Git-2.35.3-150300.10.24.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): git-core-2.35.3-150300.10.24.1 git-core-debuginfo-2.35.3-150300.10.24.1 git-debuginfo-2.35.3-150300.10.24.1 git-debugsource-2.35.3-150300.10.24.1 perl-Git-2.35.3-150300.10.24.1 - SUSE Manager Proxy 4.2 (x86_64): git-core-2.35.3-150300.10.24.1 git-core-debuginfo-2.35.3-150300.10.24.1 git-debuginfo-2.35.3-150300.10.24.1 git-debugsource-2.35.3-150300.10.24.1 perl-Git-2.35.3-150300.10.24.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): git-2.35.3-150300.10.24.1 git-arch-2.35.3-150300.10.24.1 git-core-2.35.3-150300.10.24.1 git-core-debuginfo-2.35.3-150300.10.24.1 git-cvs-2.35.3-150300.10.24.1 git-daemon-2.35.3-150300.10.24.1 git-daemon-debuginfo-2.35.3-150300.10.24.1 git-debuginfo-2.35.3-150300.10.24.1 git-debugsource-2.35.3-150300.10.24.1 git-email-2.35.3-150300.10.24.1 git-gui-2.35.3-150300.10.24.1 git-svn-2.35.3-150300.10.24.1 git-web-2.35.3-150300.10.24.1 gitk-2.35.3-150300.10.24.1 perl-Git-2.35.3-150300.10.24.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch): git-doc-2.35.3-150300.10.24.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.24.1 git-arch-2.35.3-150300.10.24.1 git-core-2.35.3-150300.10.24.1 git-core-debuginfo-2.35.3-150300.10.24.1 git-cvs-2.35.3-150300.10.24.1 git-daemon-2.35.3-150300.10.24.1 git-daemon-debuginfo-2.35.3-150300.10.24.1 git-debuginfo-2.35.3-150300.10.24.1 git-debugsource-2.35.3-150300.10.24.1 git-email-2.35.3-150300.10.24.1 git-gui-2.35.3-150300.10.24.1 git-svn-2.35.3-150300.10.24.1 git-web-2.35.3-150300.10.24.1 gitk-2.35.3-150300.10.24.1 perl-Git-2.35.3-150300.10.24.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): git-doc-2.35.3-150300.10.24.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): git-2.35.3-150300.10.24.1 git-arch-2.35.3-150300.10.24.1 git-core-2.35.3-150300.10.24.1 git-core-debuginfo-2.35.3-150300.10.24.1 git-cvs-2.35.3-150300.10.24.1 git-daemon-2.35.3-150300.10.24.1 git-daemon-debuginfo-2.35.3-150300.10.24.1 git-debuginfo-2.35.3-150300.10.24.1 git-debugsource-2.35.3-150300.10.24.1 git-email-2.35.3-150300.10.24.1 git-gui-2.35.3-150300.10.24.1 git-svn-2.35.3-150300.10.24.1 git-web-2.35.3-150300.10.24.1 gitk-2.35.3-150300.10.24.1 perl-Git-2.35.3-150300.10.24.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): git-doc-2.35.3-150300.10.24.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.24.1 git-arch-2.35.3-150300.10.24.1 git-cvs-2.35.3-150300.10.24.1 git-daemon-2.35.3-150300.10.24.1 git-daemon-debuginfo-2.35.3-150300.10.24.1 git-debuginfo-2.35.3-150300.10.24.1 git-debugsource-2.35.3-150300.10.24.1 git-email-2.35.3-150300.10.24.1 git-gui-2.35.3-150300.10.24.1 git-svn-2.35.3-150300.10.24.1 git-web-2.35.3-150300.10.24.1 gitk-2.35.3-150300.10.24.1 perl-Git-2.35.3-150300.10.24.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): git-doc-2.35.3-150300.10.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): git-core-2.35.3-150300.10.24.1 git-core-debuginfo-2.35.3-150300.10.24.1 git-debuginfo-2.35.3-150300.10.24.1 git-debugsource-2.35.3-150300.10.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): git-2.35.3-150300.10.24.1 git-arch-2.35.3-150300.10.24.1 git-core-2.35.3-150300.10.24.1 git-core-debuginfo-2.35.3-150300.10.24.1 git-cvs-2.35.3-150300.10.24.1 git-daemon-2.35.3-150300.10.24.1 git-daemon-debuginfo-2.35.3-150300.10.24.1 git-debuginfo-2.35.3-150300.10.24.1 git-debugsource-2.35.3-150300.10.24.1 git-email-2.35.3-150300.10.24.1 git-gui-2.35.3-150300.10.24.1 git-svn-2.35.3-150300.10.24.1 git-web-2.35.3-150300.10.24.1 gitk-2.35.3-150300.10.24.1 perl-Git-2.35.3-150300.10.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): git-doc-2.35.3-150300.10.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): git-2.35.3-150300.10.24.1 git-arch-2.35.3-150300.10.24.1 git-core-2.35.3-150300.10.24.1 git-core-debuginfo-2.35.3-150300.10.24.1 git-cvs-2.35.3-150300.10.24.1 git-daemon-2.35.3-150300.10.24.1 git-daemon-debuginfo-2.35.3-150300.10.24.1 git-debuginfo-2.35.3-150300.10.24.1 git-debugsource-2.35.3-150300.10.24.1 git-email-2.35.3-150300.10.24.1 git-gui-2.35.3-150300.10.24.1 git-svn-2.35.3-150300.10.24.1 git-web-2.35.3-150300.10.24.1 gitk-2.35.3-150300.10.24.1 perl-Git-2.35.3-150300.10.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): git-doc-2.35.3-150300.10.24.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): git-2.35.3-150300.10.24.1 git-arch-2.35.3-150300.10.24.1 git-core-2.35.3-150300.10.24.1 git-core-debuginfo-2.35.3-150300.10.24.1 git-cvs-2.35.3-150300.10.24.1 git-daemon-2.35.3-150300.10.24.1 git-daemon-debuginfo-2.35.3-150300.10.24.1 git-debuginfo-2.35.3-150300.10.24.1 git-debugsource-2.35.3-150300.10.24.1 git-email-2.35.3-150300.10.24.1 git-gui-2.35.3-150300.10.24.1 git-svn-2.35.3-150300.10.24.1 git-web-2.35.3-150300.10.24.1 gitk-2.35.3-150300.10.24.1 perl-Git-2.35.3-150300.10.24.1 - SUSE Enterprise Storage 7.1 (noarch): git-doc-2.35.3-150300.10.24.1 References: https://www.suse.com/security/cve/CVE-2023-22490.html https://www.suse.com/security/cve/CVE-2023-23946.html https://bugzilla.suse.com/1208027 https://bugzilla.suse.com/1208028 From sle-updates at lists.suse.com Wed Feb 15 20:35:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2023 21:35:40 +0100 (CET) Subject: SUSE-SU-2023:0426-1: important: Security update for git Message-ID: <20230215203540.4DEE6F78A@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0426-1 Rating: important References: #1208027 #1208028 Cross-References: CVE-2023-22490 CVE-2023-23946 CVSS scores: CVE-2023-22490 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2023-22490 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N CVE-2023-23946 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2023-23946 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027). - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running "git apply" (bsc#1208028). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-426=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-426=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2023-426=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-426=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-426=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-426=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-426=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-426=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2023-426=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): git-2.26.2-27.66.1 git-core-2.26.2-27.66.1 git-core-debuginfo-2.26.2-27.66.1 git-cvs-2.26.2-27.66.1 git-daemon-2.26.2-27.66.1 git-daemon-debuginfo-2.26.2-27.66.1 git-debugsource-2.26.2-27.66.1 git-email-2.26.2-27.66.1 git-gui-2.26.2-27.66.1 git-svn-2.26.2-27.66.1 git-web-2.26.2-27.66.1 gitk-2.26.2-27.66.1 - SUSE OpenStack Cloud 9 (x86_64): git-2.26.2-27.66.1 git-core-2.26.2-27.66.1 git-core-debuginfo-2.26.2-27.66.1 git-cvs-2.26.2-27.66.1 git-daemon-2.26.2-27.66.1 git-daemon-debuginfo-2.26.2-27.66.1 git-debugsource-2.26.2-27.66.1 git-email-2.26.2-27.66.1 git-gui-2.26.2-27.66.1 git-svn-2.26.2-27.66.1 git-web-2.26.2-27.66.1 gitk-2.26.2-27.66.1 - SUSE OpenStack Cloud 8 (x86_64): git-2.26.2-27.66.1 git-debugsource-2.26.2-27.66.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): git-2.26.2-27.66.1 git-arch-2.26.2-27.66.1 git-core-2.26.2-27.66.1 git-core-debuginfo-2.26.2-27.66.1 git-cvs-2.26.2-27.66.1 git-daemon-2.26.2-27.66.1 git-daemon-debuginfo-2.26.2-27.66.1 git-debugsource-2.26.2-27.66.1 git-email-2.26.2-27.66.1 git-gui-2.26.2-27.66.1 git-svn-2.26.2-27.66.1 git-svn-debuginfo-2.26.2-27.66.1 git-web-2.26.2-27.66.1 gitk-2.26.2-27.66.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): git-doc-2.26.2-27.66.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): git-2.26.2-27.66.1 git-core-2.26.2-27.66.1 git-core-debuginfo-2.26.2-27.66.1 git-cvs-2.26.2-27.66.1 git-daemon-2.26.2-27.66.1 git-daemon-debuginfo-2.26.2-27.66.1 git-debugsource-2.26.2-27.66.1 git-email-2.26.2-27.66.1 git-gui-2.26.2-27.66.1 git-svn-2.26.2-27.66.1 git-web-2.26.2-27.66.1 gitk-2.26.2-27.66.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): git-2.26.2-27.66.1 git-core-2.26.2-27.66.1 git-core-debuginfo-2.26.2-27.66.1 git-cvs-2.26.2-27.66.1 git-daemon-2.26.2-27.66.1 git-daemon-debuginfo-2.26.2-27.66.1 git-debugsource-2.26.2-27.66.1 git-email-2.26.2-27.66.1 git-gui-2.26.2-27.66.1 git-svn-2.26.2-27.66.1 git-web-2.26.2-27.66.1 gitk-2.26.2-27.66.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): git-2.26.2-27.66.1 git-core-2.26.2-27.66.1 git-core-debuginfo-2.26.2-27.66.1 git-cvs-2.26.2-27.66.1 git-daemon-2.26.2-27.66.1 git-daemon-debuginfo-2.26.2-27.66.1 git-debugsource-2.26.2-27.66.1 git-email-2.26.2-27.66.1 git-gui-2.26.2-27.66.1 git-svn-2.26.2-27.66.1 git-web-2.26.2-27.66.1 gitk-2.26.2-27.66.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): git-2.26.2-27.66.1 git-core-2.26.2-27.66.1 git-core-debuginfo-2.26.2-27.66.1 git-cvs-2.26.2-27.66.1 git-daemon-2.26.2-27.66.1 git-daemon-debuginfo-2.26.2-27.66.1 git-debugsource-2.26.2-27.66.1 git-email-2.26.2-27.66.1 git-gui-2.26.2-27.66.1 git-svn-2.26.2-27.66.1 git-web-2.26.2-27.66.1 gitk-2.26.2-27.66.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): git-doc-2.26.2-27.66.1 - HPE Helion Openstack 8 (x86_64): git-2.26.2-27.66.1 git-debugsource-2.26.2-27.66.1 References: https://www.suse.com/security/cve/CVE-2023-22490.html https://www.suse.com/security/cve/CVE-2023-23946.html https://bugzilla.suse.com/1208027 https://bugzilla.suse.com/1208028 From sle-updates at lists.suse.com Wed Feb 15 20:37:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2023 21:37:30 +0100 (CET) Subject: SUSE-RU-2022:4256-2: moderate: Recommended update for gcc12 Message-ID: <20230215203730.C0A5EF78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc12 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4256-2 Rating: moderate References: PED-2030 Affected Products: SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP1 SUSE Linux Enterprise Desktop 15-SP2 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Installer 15-SP1 SUSE Linux Enterprise Installer 15-SP2 SUSE Linux Enterprise Installer 15-SP3 SUSE Linux Enterprise Installer 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the "Development Tools" module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install "gcc12" or "gcc12-c++" or one of the other "gcc12-COMPILER" frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Installer 15-SP4: zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-422=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2023-422=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2023-422=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2023-422=1 Package List: - SUSE Linux Enterprise Installer 15-SP4 (aarch64 ppc64le s390x x86_64): libstdc++6-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Installer 15-SP3 (aarch64 ppc64le s390x x86_64): libstdc++6-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): libstdc++6-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): libstdc++6-12.2.1+git416-150000.1.5.1 References: From sle-updates at lists.suse.com Wed Feb 15 20:41:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2023 21:41:14 +0100 (CET) Subject: SUSE-SU-2023:0428-1: important: Security update for ImageMagick Message-ID: <20230215204114.B6CB5F78A@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0428-1 Rating: important References: #1207982 #1207983 Cross-References: CVE-2022-44267 CVE-2022-44268 CVSS scores: CVE-2022-44267 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-44267 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-44268 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-44268 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2022-44267: Fixed a denial of service when parsing a PNG image (bsc#1207982). - CVE-2022-44268: Fixed arbitrary file disclosure when parsing a PNG image (bsc#1207983). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-428=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-428=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-428=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ImageMagick-7.1.0.9-150400.6.12.1 ImageMagick-config-7-SUSE-7.1.0.9-150400.6.12.1 ImageMagick-config-7-upstream-7.1.0.9-150400.6.12.1 ImageMagick-debuginfo-7.1.0.9-150400.6.12.1 ImageMagick-debugsource-7.1.0.9-150400.6.12.1 ImageMagick-devel-7.1.0.9-150400.6.12.1 ImageMagick-extra-7.1.0.9-150400.6.12.1 ImageMagick-extra-debuginfo-7.1.0.9-150400.6.12.1 libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.12.1 libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.12.1 libMagick++-devel-7.1.0.9-150400.6.12.1 libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.12.1 libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.12.1 libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.12.1 libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.12.1 perl-PerlMagick-7.1.0.9-150400.6.12.1 perl-PerlMagick-debuginfo-7.1.0.9-150400.6.12.1 - openSUSE Leap 15.4 (x86_64): ImageMagick-devel-32bit-7.1.0.9-150400.6.12.1 libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.12.1 libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.12.1 libMagick++-devel-32bit-7.1.0.9-150400.6.12.1 libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.12.1 libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.12.1 libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.12.1 libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.12.1 - openSUSE Leap 15.4 (noarch): ImageMagick-doc-7.1.0.9-150400.6.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.1.0.9-150400.6.12.1 ImageMagick-debugsource-7.1.0.9-150400.6.12.1 perl-PerlMagick-7.1.0.9-150400.6.12.1 perl-PerlMagick-debuginfo-7.1.0.9-150400.6.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): ImageMagick-7.1.0.9-150400.6.12.1 ImageMagick-config-7-SUSE-7.1.0.9-150400.6.12.1 ImageMagick-config-7-upstream-7.1.0.9-150400.6.12.1 ImageMagick-debuginfo-7.1.0.9-150400.6.12.1 ImageMagick-debugsource-7.1.0.9-150400.6.12.1 ImageMagick-devel-7.1.0.9-150400.6.12.1 libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.12.1 libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.12.1 libMagick++-devel-7.1.0.9-150400.6.12.1 libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.12.1 libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.12.1 libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.12.1 libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.12.1 References: https://www.suse.com/security/cve/CVE-2022-44267.html https://www.suse.com/security/cve/CVE-2022-44268.html https://bugzilla.suse.com/1207982 https://bugzilla.suse.com/1207983 From sle-updates at lists.suse.com Wed Feb 15 20:45:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2023 21:45:17 +0100 (CET) Subject: SUSE-SU-2023:0424-1: important: Security update for ImageMagick Message-ID: <20230215204517.A5E30F78A@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0424-1 Rating: important References: #1207982 #1207983 Cross-References: CVE-2022-44267 CVE-2022-44268 CVSS scores: CVE-2022-44267 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-44267 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-44268 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-44268 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2022-44267: Fixed a denial of service when parsing a PNG image (bsc#1207982). - CVE-2022-44268: Fixed arbitrary file disclosure when parsing a PNG image (bsc#1207983). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-424=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-424=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-424=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-424=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-424=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-424=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-424=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-424=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-424=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-424=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-424=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 - openSUSE Leap 15.4 (x86_64): libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.42.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): ImageMagick-7.0.7.34-150200.10.42.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1 ImageMagick-debuginfo-7.0.7.34-150200.10.42.1 ImageMagick-debugsource-7.0.7.34-150200.10.42.1 ImageMagick-devel-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1 libMagick++-devel-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 perl-PerlMagick-7.0.7.34-150200.10.42.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): ImageMagick-7.0.7.34-150200.10.42.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1 ImageMagick-debuginfo-7.0.7.34-150200.10.42.1 ImageMagick-debugsource-7.0.7.34-150200.10.42.1 ImageMagick-devel-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1 libMagick++-devel-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 perl-PerlMagick-7.0.7.34-150200.10.42.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-150200.10.42.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1 ImageMagick-debuginfo-7.0.7.34-150200.10.42.1 ImageMagick-debugsource-7.0.7.34-150200.10.42.1 ImageMagick-devel-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1 libMagick++-devel-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 perl-PerlMagick-7.0.7.34-150200.10.42.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-150200.10.42.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1 ImageMagick-debuginfo-7.0.7.34-150200.10.42.1 ImageMagick-debugsource-7.0.7.34-150200.10.42.1 ImageMagick-devel-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1 libMagick++-devel-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 perl-PerlMagick-7.0.7.34-150200.10.42.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): ImageMagick-7.0.7.34-150200.10.42.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1 ImageMagick-debuginfo-7.0.7.34-150200.10.42.1 ImageMagick-debugsource-7.0.7.34-150200.10.42.1 ImageMagick-devel-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1 libMagick++-devel-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 perl-PerlMagick-7.0.7.34-150200.10.42.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): ImageMagick-7.0.7.34-150200.10.42.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1 ImageMagick-debuginfo-7.0.7.34-150200.10.42.1 ImageMagick-debugsource-7.0.7.34-150200.10.42.1 ImageMagick-devel-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1 libMagick++-devel-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 perl-PerlMagick-7.0.7.34-150200.10.42.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): ImageMagick-7.0.7.34-150200.10.42.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1 ImageMagick-debuginfo-7.0.7.34-150200.10.42.1 ImageMagick-debugsource-7.0.7.34-150200.10.42.1 ImageMagick-devel-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1 libMagick++-devel-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 perl-PerlMagick-7.0.7.34-150200.10.42.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): ImageMagick-7.0.7.34-150200.10.42.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1 ImageMagick-debuginfo-7.0.7.34-150200.10.42.1 ImageMagick-debugsource-7.0.7.34-150200.10.42.1 ImageMagick-devel-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1 libMagick++-devel-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 perl-PerlMagick-7.0.7.34-150200.10.42.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): ImageMagick-7.0.7.34-150200.10.42.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1 ImageMagick-debuginfo-7.0.7.34-150200.10.42.1 ImageMagick-debugsource-7.0.7.34-150200.10.42.1 ImageMagick-devel-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1 libMagick++-devel-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 perl-PerlMagick-7.0.7.34-150200.10.42.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): ImageMagick-7.0.7.34-150200.10.42.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1 ImageMagick-debuginfo-7.0.7.34-150200.10.42.1 ImageMagick-debugsource-7.0.7.34-150200.10.42.1 ImageMagick-devel-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1 libMagick++-devel-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 perl-PerlMagick-7.0.7.34-150200.10.42.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1 References: https://www.suse.com/security/cve/CVE-2022-44267.html https://www.suse.com/security/cve/CVE-2022-44268.html https://bugzilla.suse.com/1207982 https://bugzilla.suse.com/1207983 From sle-updates at lists.suse.com Wed Feb 15 20:49:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2023 21:49:32 +0100 (CET) Subject: SUSE-SU-2023:0427-1: important: Security update for bind Message-ID: <20230215204932.B6C2FF78A@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0427-1 Rating: important References: #1207471 Cross-References: CVE-2022-3094 CVSS scores: CVE-2022-3094 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3094 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bind fixes the following issues: - CVE-2022-3094: Fixed memory exhaustion due to UPDATE message flooding (bsc#1207471). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-427=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-427=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-427=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-427=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-427=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-427=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-427=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-427=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-427=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-427=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-427=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): bind-chrootenv-9.16.6-150300.22.27.1 bind-devel-9.16.6-150300.22.27.1 libbind9-1600-9.16.6-150300.22.27.1 libbind9-1600-debuginfo-9.16.6-150300.22.27.1 libdns1605-9.16.6-150300.22.27.1 libdns1605-debuginfo-9.16.6-150300.22.27.1 libirs-devel-9.16.6-150300.22.27.1 libirs1601-9.16.6-150300.22.27.1 libirs1601-debuginfo-9.16.6-150300.22.27.1 libisc1606-9.16.6-150300.22.27.1 libisc1606-debuginfo-9.16.6-150300.22.27.1 libisccc1600-9.16.6-150300.22.27.1 libisccc1600-debuginfo-9.16.6-150300.22.27.1 libisccfg1600-9.16.6-150300.22.27.1 libisccfg1600-debuginfo-9.16.6-150300.22.27.1 libns1604-9.16.6-150300.22.27.1 libns1604-debuginfo-9.16.6-150300.22.27.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): bind-9.16.6-150300.22.27.1 bind-chrootenv-9.16.6-150300.22.27.1 bind-debuginfo-9.16.6-150300.22.27.1 bind-debugsource-9.16.6-150300.22.27.1 bind-devel-9.16.6-150300.22.27.1 bind-utils-9.16.6-150300.22.27.1 bind-utils-debuginfo-9.16.6-150300.22.27.1 libbind9-1600-9.16.6-150300.22.27.1 libbind9-1600-debuginfo-9.16.6-150300.22.27.1 libdns1605-9.16.6-150300.22.27.1 libdns1605-debuginfo-9.16.6-150300.22.27.1 libirs-devel-9.16.6-150300.22.27.1 libirs1601-9.16.6-150300.22.27.1 libirs1601-debuginfo-9.16.6-150300.22.27.1 libisc1606-9.16.6-150300.22.27.1 libisc1606-debuginfo-9.16.6-150300.22.27.1 libisccc1600-9.16.6-150300.22.27.1 libisccc1600-debuginfo-9.16.6-150300.22.27.1 libisccfg1600-9.16.6-150300.22.27.1 libisccfg1600-debuginfo-9.16.6-150300.22.27.1 libns1604-9.16.6-150300.22.27.1 libns1604-debuginfo-9.16.6-150300.22.27.1 - SUSE Manager Server 4.2 (noarch): bind-doc-9.16.6-150300.22.27.1 python3-bind-9.16.6-150300.22.27.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): bind-9.16.6-150300.22.27.1 bind-chrootenv-9.16.6-150300.22.27.1 bind-debuginfo-9.16.6-150300.22.27.1 bind-debugsource-9.16.6-150300.22.27.1 bind-devel-9.16.6-150300.22.27.1 bind-utils-9.16.6-150300.22.27.1 bind-utils-debuginfo-9.16.6-150300.22.27.1 libbind9-1600-9.16.6-150300.22.27.1 libbind9-1600-debuginfo-9.16.6-150300.22.27.1 libdns1605-9.16.6-150300.22.27.1 libdns1605-debuginfo-9.16.6-150300.22.27.1 libirs-devel-9.16.6-150300.22.27.1 libirs1601-9.16.6-150300.22.27.1 libirs1601-debuginfo-9.16.6-150300.22.27.1 libisc1606-9.16.6-150300.22.27.1 libisc1606-debuginfo-9.16.6-150300.22.27.1 libisccc1600-9.16.6-150300.22.27.1 libisccc1600-debuginfo-9.16.6-150300.22.27.1 libisccfg1600-9.16.6-150300.22.27.1 libisccfg1600-debuginfo-9.16.6-150300.22.27.1 libns1604-9.16.6-150300.22.27.1 libns1604-debuginfo-9.16.6-150300.22.27.1 - SUSE Manager Retail Branch Server 4.2 (noarch): bind-doc-9.16.6-150300.22.27.1 python3-bind-9.16.6-150300.22.27.1 - SUSE Manager Proxy 4.2 (x86_64): bind-9.16.6-150300.22.27.1 bind-chrootenv-9.16.6-150300.22.27.1 bind-debuginfo-9.16.6-150300.22.27.1 bind-debugsource-9.16.6-150300.22.27.1 bind-devel-9.16.6-150300.22.27.1 bind-utils-9.16.6-150300.22.27.1 bind-utils-debuginfo-9.16.6-150300.22.27.1 libbind9-1600-9.16.6-150300.22.27.1 libbind9-1600-debuginfo-9.16.6-150300.22.27.1 libdns1605-9.16.6-150300.22.27.1 libdns1605-debuginfo-9.16.6-150300.22.27.1 libirs-devel-9.16.6-150300.22.27.1 libirs1601-9.16.6-150300.22.27.1 libirs1601-debuginfo-9.16.6-150300.22.27.1 libisc1606-9.16.6-150300.22.27.1 libisc1606-debuginfo-9.16.6-150300.22.27.1 libisccc1600-9.16.6-150300.22.27.1 libisccc1600-debuginfo-9.16.6-150300.22.27.1 libisccfg1600-9.16.6-150300.22.27.1 libisccfg1600-debuginfo-9.16.6-150300.22.27.1 libns1604-9.16.6-150300.22.27.1 libns1604-debuginfo-9.16.6-150300.22.27.1 - SUSE Manager Proxy 4.2 (noarch): bind-doc-9.16.6-150300.22.27.1 python3-bind-9.16.6-150300.22.27.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): bind-9.16.6-150300.22.27.1 bind-chrootenv-9.16.6-150300.22.27.1 bind-debuginfo-9.16.6-150300.22.27.1 bind-debugsource-9.16.6-150300.22.27.1 bind-devel-9.16.6-150300.22.27.1 bind-utils-9.16.6-150300.22.27.1 bind-utils-debuginfo-9.16.6-150300.22.27.1 libbind9-1600-9.16.6-150300.22.27.1 libbind9-1600-debuginfo-9.16.6-150300.22.27.1 libdns1605-9.16.6-150300.22.27.1 libdns1605-debuginfo-9.16.6-150300.22.27.1 libirs-devel-9.16.6-150300.22.27.1 libirs1601-9.16.6-150300.22.27.1 libirs1601-debuginfo-9.16.6-150300.22.27.1 libisc1606-9.16.6-150300.22.27.1 libisc1606-debuginfo-9.16.6-150300.22.27.1 libisccc1600-9.16.6-150300.22.27.1 libisccc1600-debuginfo-9.16.6-150300.22.27.1 libisccfg1600-9.16.6-150300.22.27.1 libisccfg1600-debuginfo-9.16.6-150300.22.27.1 libns1604-9.16.6-150300.22.27.1 libns1604-debuginfo-9.16.6-150300.22.27.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch): bind-doc-9.16.6-150300.22.27.1 python3-bind-9.16.6-150300.22.27.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): bind-9.16.6-150300.22.27.1 bind-chrootenv-9.16.6-150300.22.27.1 bind-debuginfo-9.16.6-150300.22.27.1 bind-debugsource-9.16.6-150300.22.27.1 bind-devel-9.16.6-150300.22.27.1 bind-utils-9.16.6-150300.22.27.1 bind-utils-debuginfo-9.16.6-150300.22.27.1 libbind9-1600-9.16.6-150300.22.27.1 libbind9-1600-debuginfo-9.16.6-150300.22.27.1 libdns1605-9.16.6-150300.22.27.1 libdns1605-debuginfo-9.16.6-150300.22.27.1 libirs-devel-9.16.6-150300.22.27.1 libirs1601-9.16.6-150300.22.27.1 libirs1601-debuginfo-9.16.6-150300.22.27.1 libisc1606-9.16.6-150300.22.27.1 libisc1606-debuginfo-9.16.6-150300.22.27.1 libisccc1600-9.16.6-150300.22.27.1 libisccc1600-debuginfo-9.16.6-150300.22.27.1 libisccfg1600-9.16.6-150300.22.27.1 libisccfg1600-debuginfo-9.16.6-150300.22.27.1 libns1604-9.16.6-150300.22.27.1 libns1604-debuginfo-9.16.6-150300.22.27.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): bind-doc-9.16.6-150300.22.27.1 python3-bind-9.16.6-150300.22.27.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): bind-doc-9.16.6-150300.22.27.1 python3-bind-9.16.6-150300.22.27.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): bind-9.16.6-150300.22.27.1 bind-chrootenv-9.16.6-150300.22.27.1 bind-debuginfo-9.16.6-150300.22.27.1 bind-debugsource-9.16.6-150300.22.27.1 bind-devel-9.16.6-150300.22.27.1 bind-utils-9.16.6-150300.22.27.1 bind-utils-debuginfo-9.16.6-150300.22.27.1 libbind9-1600-9.16.6-150300.22.27.1 libbind9-1600-debuginfo-9.16.6-150300.22.27.1 libdns1605-9.16.6-150300.22.27.1 libdns1605-debuginfo-9.16.6-150300.22.27.1 libirs-devel-9.16.6-150300.22.27.1 libirs1601-9.16.6-150300.22.27.1 libirs1601-debuginfo-9.16.6-150300.22.27.1 libisc1606-9.16.6-150300.22.27.1 libisc1606-debuginfo-9.16.6-150300.22.27.1 libisccc1600-9.16.6-150300.22.27.1 libisccc1600-debuginfo-9.16.6-150300.22.27.1 libisccfg1600-9.16.6-150300.22.27.1 libisccfg1600-debuginfo-9.16.6-150300.22.27.1 libns1604-9.16.6-150300.22.27.1 libns1604-debuginfo-9.16.6-150300.22.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.16.6-150300.22.27.1 bind-debugsource-9.16.6-150300.22.27.1 libbind9-1600-9.16.6-150300.22.27.1 libbind9-1600-debuginfo-9.16.6-150300.22.27.1 libdns1605-9.16.6-150300.22.27.1 libdns1605-debuginfo-9.16.6-150300.22.27.1 libirs1601-9.16.6-150300.22.27.1 libirs1601-debuginfo-9.16.6-150300.22.27.1 libisc1606-9.16.6-150300.22.27.1 libisc1606-debuginfo-9.16.6-150300.22.27.1 libisccc1600-9.16.6-150300.22.27.1 libisccc1600-debuginfo-9.16.6-150300.22.27.1 libisccfg1600-9.16.6-150300.22.27.1 libisccfg1600-debuginfo-9.16.6-150300.22.27.1 libns1604-9.16.6-150300.22.27.1 libns1604-debuginfo-9.16.6-150300.22.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): bind-9.16.6-150300.22.27.1 bind-chrootenv-9.16.6-150300.22.27.1 bind-debuginfo-9.16.6-150300.22.27.1 bind-debugsource-9.16.6-150300.22.27.1 bind-devel-9.16.6-150300.22.27.1 bind-utils-9.16.6-150300.22.27.1 bind-utils-debuginfo-9.16.6-150300.22.27.1 libbind9-1600-9.16.6-150300.22.27.1 libbind9-1600-debuginfo-9.16.6-150300.22.27.1 libdns1605-9.16.6-150300.22.27.1 libdns1605-debuginfo-9.16.6-150300.22.27.1 libirs-devel-9.16.6-150300.22.27.1 libirs1601-9.16.6-150300.22.27.1 libirs1601-debuginfo-9.16.6-150300.22.27.1 libisc1606-9.16.6-150300.22.27.1 libisc1606-debuginfo-9.16.6-150300.22.27.1 libisccc1600-9.16.6-150300.22.27.1 libisccc1600-debuginfo-9.16.6-150300.22.27.1 libisccfg1600-9.16.6-150300.22.27.1 libisccfg1600-debuginfo-9.16.6-150300.22.27.1 libns1604-9.16.6-150300.22.27.1 libns1604-debuginfo-9.16.6-150300.22.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): bind-doc-9.16.6-150300.22.27.1 python3-bind-9.16.6-150300.22.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): bind-9.16.6-150300.22.27.1 bind-chrootenv-9.16.6-150300.22.27.1 bind-debuginfo-9.16.6-150300.22.27.1 bind-debugsource-9.16.6-150300.22.27.1 bind-devel-9.16.6-150300.22.27.1 bind-utils-9.16.6-150300.22.27.1 bind-utils-debuginfo-9.16.6-150300.22.27.1 libbind9-1600-9.16.6-150300.22.27.1 libbind9-1600-debuginfo-9.16.6-150300.22.27.1 libdns1605-9.16.6-150300.22.27.1 libdns1605-debuginfo-9.16.6-150300.22.27.1 libirs-devel-9.16.6-150300.22.27.1 libirs1601-9.16.6-150300.22.27.1 libirs1601-debuginfo-9.16.6-150300.22.27.1 libisc1606-9.16.6-150300.22.27.1 libisc1606-debuginfo-9.16.6-150300.22.27.1 libisccc1600-9.16.6-150300.22.27.1 libisccc1600-debuginfo-9.16.6-150300.22.27.1 libisccfg1600-9.16.6-150300.22.27.1 libisccfg1600-debuginfo-9.16.6-150300.22.27.1 libns1604-9.16.6-150300.22.27.1 libns1604-debuginfo-9.16.6-150300.22.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): bind-doc-9.16.6-150300.22.27.1 python3-bind-9.16.6-150300.22.27.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): bind-9.16.6-150300.22.27.1 bind-chrootenv-9.16.6-150300.22.27.1 bind-debuginfo-9.16.6-150300.22.27.1 bind-debugsource-9.16.6-150300.22.27.1 bind-devel-9.16.6-150300.22.27.1 bind-utils-9.16.6-150300.22.27.1 bind-utils-debuginfo-9.16.6-150300.22.27.1 libbind9-1600-9.16.6-150300.22.27.1 libbind9-1600-debuginfo-9.16.6-150300.22.27.1 libdns1605-9.16.6-150300.22.27.1 libdns1605-debuginfo-9.16.6-150300.22.27.1 libirs-devel-9.16.6-150300.22.27.1 libirs1601-9.16.6-150300.22.27.1 libirs1601-debuginfo-9.16.6-150300.22.27.1 libisc1606-9.16.6-150300.22.27.1 libisc1606-debuginfo-9.16.6-150300.22.27.1 libisccc1600-9.16.6-150300.22.27.1 libisccc1600-debuginfo-9.16.6-150300.22.27.1 libisccfg1600-9.16.6-150300.22.27.1 libisccfg1600-debuginfo-9.16.6-150300.22.27.1 libns1604-9.16.6-150300.22.27.1 libns1604-debuginfo-9.16.6-150300.22.27.1 - SUSE Enterprise Storage 7.1 (noarch): bind-doc-9.16.6-150300.22.27.1 python3-bind-9.16.6-150300.22.27.1 References: https://www.suse.com/security/cve/CVE-2022-3094.html https://bugzilla.suse.com/1207471 From sle-updates at lists.suse.com Wed Feb 15 20:53:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2023 21:53:34 +0100 (CET) Subject: SUSE-SU-2023:0423-1: moderate: Security update for aws-efs-utils Message-ID: <20230215205334.3683DF78A@maintenance.suse.de> SUSE Security Update: Security update for aws-efs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0423-1 Rating: moderate References: #1191055 #1206737 Cross-References: CVE-2022-46174 CVSS scores: CVE-2022-46174 (NVD) : 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2022-46174 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for aws-efs-utils fixes the following issues: - Updated to version 1.34.5: - CVE-2022-46174: Fixed a race condition when mounting filesystems using TLS, which could result in various failures (bsc#1206737). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-423=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-423=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-423=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-423=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-423=1 Package List: - openSUSE Leap 15.4 (noarch): aws-efs-utils-1.34.5-150100.4.11.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): aws-efs-utils-1.34.5-150100.4.11.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): aws-efs-utils-1.34.5-150100.4.11.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): aws-efs-utils-1.34.5-150100.4.11.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): aws-efs-utils-1.34.5-150100.4.11.1 References: https://www.suse.com/security/cve/CVE-2022-46174.html https://bugzilla.suse.com/1191055 https://bugzilla.suse.com/1206737 From sle-updates at lists.suse.com Wed Feb 15 20:57:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2023 21:57:32 +0100 (CET) Subject: SUSE-SU-2023:0421-1: important: Security update for ImageMagick Message-ID: <20230215205732.1582DF78A@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0421-1 Rating: important References: #1207982 #1207983 Cross-References: CVE-2022-44267 CVE-2022-44268 CVSS scores: CVE-2022-44267 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-44267 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-44268 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-44268 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2022-44267: Fixed a denial of service when parsing a PNG image (bsc#1207982). - CVE-2022-44268: Fixed arbitrary file disclosure when parsing a PNG image (bsc#1207983). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-421=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-421=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2023-421=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-421=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-421=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-421=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-421=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-421=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.183.1 ImageMagick-config-6-upstream-6.8.8.1-71.183.1 ImageMagick-debuginfo-6.8.8.1-71.183.1 ImageMagick-debugsource-6.8.8.1-71.183.1 libMagickCore-6_Q16-1-6.8.8.1-71.183.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.183.1 libMagickWand-6_Q16-1-6.8.8.1-71.183.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.183.1 - SUSE OpenStack Cloud 9 (x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.183.1 ImageMagick-config-6-upstream-6.8.8.1-71.183.1 ImageMagick-debuginfo-6.8.8.1-71.183.1 ImageMagick-debugsource-6.8.8.1-71.183.1 libMagickCore-6_Q16-1-6.8.8.1-71.183.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.183.1 libMagickWand-6_Q16-1-6.8.8.1-71.183.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.183.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): ImageMagick-6.8.8.1-71.183.1 ImageMagick-debuginfo-6.8.8.1-71.183.1 ImageMagick-debugsource-6.8.8.1-71.183.1 libMagick++-6_Q16-3-6.8.8.1-71.183.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.183.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.183.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.183.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.183.1 ImageMagick-config-6-SUSE-6.8.8.1-71.183.1 ImageMagick-config-6-upstream-6.8.8.1-71.183.1 ImageMagick-debuginfo-6.8.8.1-71.183.1 ImageMagick-debugsource-6.8.8.1-71.183.1 ImageMagick-devel-6.8.8.1-71.183.1 libMagick++-6_Q16-3-6.8.8.1-71.183.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.183.1 libMagick++-devel-6.8.8.1-71.183.1 perl-PerlMagick-6.8.8.1-71.183.1 perl-PerlMagick-debuginfo-6.8.8.1-71.183.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.183.1 ImageMagick-config-6-upstream-6.8.8.1-71.183.1 ImageMagick-debuginfo-6.8.8.1-71.183.1 ImageMagick-debugsource-6.8.8.1-71.183.1 libMagickCore-6_Q16-1-6.8.8.1-71.183.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.183.1 libMagickWand-6_Q16-1-6.8.8.1-71.183.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.183.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.183.1 ImageMagick-config-6-upstream-6.8.8.1-71.183.1 ImageMagick-debuginfo-6.8.8.1-71.183.1 ImageMagick-debugsource-6.8.8.1-71.183.1 libMagickCore-6_Q16-1-6.8.8.1-71.183.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.183.1 libMagickWand-6_Q16-1-6.8.8.1-71.183.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.183.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.183.1 ImageMagick-config-6-upstream-6.8.8.1-71.183.1 ImageMagick-debuginfo-6.8.8.1-71.183.1 ImageMagick-debugsource-6.8.8.1-71.183.1 libMagickCore-6_Q16-1-6.8.8.1-71.183.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.183.1 libMagickWand-6_Q16-1-6.8.8.1-71.183.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.183.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.183.1 ImageMagick-config-6-upstream-6.8.8.1-71.183.1 ImageMagick-debuginfo-6.8.8.1-71.183.1 ImageMagick-debugsource-6.8.8.1-71.183.1 libMagickCore-6_Q16-1-6.8.8.1-71.183.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.183.1 libMagickWand-6_Q16-1-6.8.8.1-71.183.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.183.1 References: https://www.suse.com/security/cve/CVE-2022-44267.html https://www.suse.com/security/cve/CVE-2022-44268.html https://bugzilla.suse.com/1207982 https://bugzilla.suse.com/1207983 From sle-updates at lists.suse.com Wed Feb 15 21:01:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2023 22:01:28 +0100 (CET) Subject: SUSE-SU-2023:0429-1: important: Security update for curl Message-ID: <20230215210128.1484CF78A@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0429-1 Rating: important References: #1207990 #1207991 #1207992 Cross-References: CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVSS scores: CVE-2023-23914 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2023-23915 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2023-23916 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-429=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-429=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-429=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-429=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): curl-7.79.1-150400.5.15.1 curl-debuginfo-7.79.1-150400.5.15.1 curl-debugsource-7.79.1-150400.5.15.1 libcurl4-7.79.1-150400.5.15.1 libcurl4-debuginfo-7.79.1-150400.5.15.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): curl-7.79.1-150400.5.15.1 curl-debuginfo-7.79.1-150400.5.15.1 curl-debugsource-7.79.1-150400.5.15.1 libcurl-devel-7.79.1-150400.5.15.1 libcurl4-7.79.1-150400.5.15.1 libcurl4-debuginfo-7.79.1-150400.5.15.1 - openSUSE Leap 15.4 (x86_64): libcurl-devel-32bit-7.79.1-150400.5.15.1 libcurl4-32bit-7.79.1-150400.5.15.1 libcurl4-32bit-debuginfo-7.79.1-150400.5.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): curl-7.79.1-150400.5.15.1 curl-debuginfo-7.79.1-150400.5.15.1 curl-debugsource-7.79.1-150400.5.15.1 libcurl-devel-7.79.1-150400.5.15.1 libcurl4-7.79.1-150400.5.15.1 libcurl4-debuginfo-7.79.1-150400.5.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libcurl4-32bit-7.79.1-150400.5.15.1 libcurl4-32bit-debuginfo-7.79.1-150400.5.15.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): curl-7.79.1-150400.5.15.1 curl-debuginfo-7.79.1-150400.5.15.1 curl-debugsource-7.79.1-150400.5.15.1 libcurl4-7.79.1-150400.5.15.1 libcurl4-debuginfo-7.79.1-150400.5.15.1 References: https://www.suse.com/security/cve/CVE-2023-23914.html https://www.suse.com/security/cve/CVE-2023-23915.html https://www.suse.com/security/cve/CVE-2023-23916.html https://bugzilla.suse.com/1207990 https://bugzilla.suse.com/1207991 https://bugzilla.suse.com/1207992 From sle-updates at lists.suse.com Wed Feb 15 21:05:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2023 22:05:59 +0100 (CET) Subject: SUSE-RU-2023:0432-1: moderate: Recommended update for graphite2 Message-ID: <20230215210559.88682F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for graphite2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0432-1 Rating: moderate References: #1207676 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for graphite2 fixes the following issue: - Correct license string to LGPL-2.1-or-later OR MPL-2.0 OR GPL-2.0-or-later (bsc#1207676) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-432=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-432=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-432=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-432=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-432=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-432=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-432=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-432=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-432=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-432=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-432=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-432=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-432=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-432=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-432=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-432=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-432=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-432=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-432=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-432=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-432=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-432=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): graphite2-debuginfo-1.3.11-150000.4.3.1 graphite2-debugsource-1.3.11-150000.4.3.1 libgraphite2-3-1.3.11-150000.4.3.1 libgraphite2-3-debuginfo-1.3.11-150000.4.3.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): graphite2-debuginfo-1.3.11-150000.4.3.1 graphite2-debugsource-1.3.11-150000.4.3.1 libgraphite2-3-1.3.11-150000.4.3.1 libgraphite2-3-debuginfo-1.3.11-150000.4.3.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): graphite2-1.3.11-150000.4.3.1 graphite2-debuginfo-1.3.11-150000.4.3.1 graphite2-debugsource-1.3.11-150000.4.3.1 graphite2-devel-1.3.11-150000.4.3.1 libgraphite2-3-1.3.11-150000.4.3.1 libgraphite2-3-debuginfo-1.3.11-150000.4.3.1 - openSUSE Leap 15.4 (x86_64): libgraphite2-3-32bit-1.3.11-150000.4.3.1 libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): graphite2-debuginfo-1.3.11-150000.4.3.1 graphite2-debugsource-1.3.11-150000.4.3.1 graphite2-devel-1.3.11-150000.4.3.1 libgraphite2-3-1.3.11-150000.4.3.1 libgraphite2-3-debuginfo-1.3.11-150000.4.3.1 - SUSE Manager Server 4.2 (x86_64): libgraphite2-3-32bit-1.3.11-150000.4.3.1 libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): graphite2-debuginfo-1.3.11-150000.4.3.1 graphite2-debugsource-1.3.11-150000.4.3.1 graphite2-devel-1.3.11-150000.4.3.1 libgraphite2-3-1.3.11-150000.4.3.1 libgraphite2-3-32bit-1.3.11-150000.4.3.1 libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1 libgraphite2-3-debuginfo-1.3.11-150000.4.3.1 - SUSE Manager Proxy 4.2 (x86_64): graphite2-debuginfo-1.3.11-150000.4.3.1 graphite2-debugsource-1.3.11-150000.4.3.1 graphite2-devel-1.3.11-150000.4.3.1 libgraphite2-3-1.3.11-150000.4.3.1 libgraphite2-3-32bit-1.3.11-150000.4.3.1 libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1 libgraphite2-3-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): graphite2-debuginfo-1.3.11-150000.4.3.1 graphite2-debugsource-1.3.11-150000.4.3.1 graphite2-devel-1.3.11-150000.4.3.1 libgraphite2-3-1.3.11-150000.4.3.1 libgraphite2-3-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (x86_64): libgraphite2-3-32bit-1.3.11-150000.4.3.1 libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): graphite2-debuginfo-1.3.11-150000.4.3.1 graphite2-debugsource-1.3.11-150000.4.3.1 graphite2-devel-1.3.11-150000.4.3.1 libgraphite2-3-1.3.11-150000.4.3.1 libgraphite2-3-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libgraphite2-3-32bit-1.3.11-150000.4.3.1 libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): graphite2-debuginfo-1.3.11-150000.4.3.1 graphite2-debugsource-1.3.11-150000.4.3.1 graphite2-devel-1.3.11-150000.4.3.1 libgraphite2-3-1.3.11-150000.4.3.1 libgraphite2-3-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libgraphite2-3-32bit-1.3.11-150000.4.3.1 libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): graphite2-debuginfo-1.3.11-150000.4.3.1 graphite2-debugsource-1.3.11-150000.4.3.1 graphite2-devel-1.3.11-150000.4.3.1 libgraphite2-3-1.3.11-150000.4.3.1 libgraphite2-3-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (x86_64): libgraphite2-3-32bit-1.3.11-150000.4.3.1 libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): graphite2-debuginfo-1.3.11-150000.4.3.1 graphite2-debugsource-1.3.11-150000.4.3.1 graphite2-devel-1.3.11-150000.4.3.1 libgraphite2-3-1.3.11-150000.4.3.1 libgraphite2-3-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libgraphite2-3-32bit-1.3.11-150000.4.3.1 libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): graphite2-debuginfo-1.3.11-150000.4.3.1 graphite2-debugsource-1.3.11-150000.4.3.1 graphite2-devel-1.3.11-150000.4.3.1 libgraphite2-3-1.3.11-150000.4.3.1 libgraphite2-3-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libgraphite2-3-32bit-1.3.11-150000.4.3.1 libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): graphite2-debuginfo-1.3.11-150000.4.3.1 graphite2-debugsource-1.3.11-150000.4.3.1 graphite2-devel-1.3.11-150000.4.3.1 libgraphite2-3-1.3.11-150000.4.3.1 libgraphite2-3-32bit-1.3.11-150000.4.3.1 libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1 libgraphite2-3-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): graphite2-debuginfo-1.3.11-150000.4.3.1 graphite2-debugsource-1.3.11-150000.4.3.1 graphite2-devel-1.3.11-150000.4.3.1 libgraphite2-3-1.3.11-150000.4.3.1 libgraphite2-3-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libgraphite2-3-32bit-1.3.11-150000.4.3.1 libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): graphite2-debuginfo-1.3.11-150000.4.3.1 graphite2-debugsource-1.3.11-150000.4.3.1 libgraphite2-3-1.3.11-150000.4.3.1 libgraphite2-3-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): graphite2-debuginfo-1.3.11-150000.4.3.1 graphite2-debugsource-1.3.11-150000.4.3.1 libgraphite2-3-1.3.11-150000.4.3.1 libgraphite2-3-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): graphite2-debuginfo-1.3.11-150000.4.3.1 graphite2-debugsource-1.3.11-150000.4.3.1 graphite2-devel-1.3.11-150000.4.3.1 libgraphite2-3-1.3.11-150000.4.3.1 libgraphite2-3-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (x86_64): libgraphite2-3-32bit-1.3.11-150000.4.3.1 libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): graphite2-debuginfo-1.3.11-150000.4.3.1 graphite2-debugsource-1.3.11-150000.4.3.1 graphite2-devel-1.3.11-150000.4.3.1 libgraphite2-3-1.3.11-150000.4.3.1 libgraphite2-3-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (x86_64): libgraphite2-3-32bit-1.3.11-150000.4.3.1 libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): graphite2-debuginfo-1.3.11-150000.4.3.1 graphite2-debugsource-1.3.11-150000.4.3.1 graphite2-devel-1.3.11-150000.4.3.1 libgraphite2-3-1.3.11-150000.4.3.1 libgraphite2-3-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libgraphite2-3-32bit-1.3.11-150000.4.3.1 libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): graphite2-debuginfo-1.3.11-150000.4.3.1 graphite2-debugsource-1.3.11-150000.4.3.1 graphite2-devel-1.3.11-150000.4.3.1 libgraphite2-3-1.3.11-150000.4.3.1 libgraphite2-3-debuginfo-1.3.11-150000.4.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libgraphite2-3-32bit-1.3.11-150000.4.3.1 libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): graphite2-debuginfo-1.3.11-150000.4.3.1 graphite2-debugsource-1.3.11-150000.4.3.1 graphite2-devel-1.3.11-150000.4.3.1 libgraphite2-3-1.3.11-150000.4.3.1 libgraphite2-3-debuginfo-1.3.11-150000.4.3.1 - SUSE Enterprise Storage 7.1 (x86_64): libgraphite2-3-32bit-1.3.11-150000.4.3.1 libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): graphite2-debuginfo-1.3.11-150000.4.3.1 graphite2-debugsource-1.3.11-150000.4.3.1 graphite2-devel-1.3.11-150000.4.3.1 libgraphite2-3-1.3.11-150000.4.3.1 libgraphite2-3-debuginfo-1.3.11-150000.4.3.1 - SUSE Enterprise Storage 7 (x86_64): libgraphite2-3-32bit-1.3.11-150000.4.3.1 libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1 - SUSE CaaS Platform 4.0 (x86_64): graphite2-debuginfo-1.3.11-150000.4.3.1 graphite2-debugsource-1.3.11-150000.4.3.1 graphite2-devel-1.3.11-150000.4.3.1 libgraphite2-3-1.3.11-150000.4.3.1 libgraphite2-3-32bit-1.3.11-150000.4.3.1 libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1 libgraphite2-3-debuginfo-1.3.11-150000.4.3.1 References: https://bugzilla.suse.com/1207676 From sle-updates at lists.suse.com Wed Feb 15 21:10:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2023 22:10:48 +0100 (CET) Subject: SUSE-SU-2023:0431-1: important: Security update for apache2-mod_security2 Message-ID: <20230215211048.8C3B7F78A@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_security2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0431-1 Rating: important References: #1207379 Cross-References: CVE-2023-24021 CVSS scores: CVE-2023-24021 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2023-24021 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2-mod_security2 fixes the following issues: - CVE-2023-24021: Fixed FILES_TMP_CONTENT missing complete content (bsc#1207379). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-431=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-431=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apache2-mod_security2-2.9.4-150400.3.6.1 apache2-mod_security2-debuginfo-2.9.4-150400.3.6.1 apache2-mod_security2-debugsource-2.9.4-150400.3.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_security2-2.9.4-150400.3.6.1 apache2-mod_security2-debuginfo-2.9.4-150400.3.6.1 apache2-mod_security2-debugsource-2.9.4-150400.3.6.1 References: https://www.suse.com/security/cve/CVE-2023-24021.html https://bugzilla.suse.com/1207379 From sle-updates at lists.suse.com Thu Feb 16 02:21:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 03:21:59 +0100 (CET) Subject: SUSE-SU-2023:0056-2: important: Security update for libksba Message-ID: <20230216022159.417EAF46D@maintenance.suse.de> SUSE Security Update: Security update for libksba ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0056-2 Rating: important References: #1206579 Cross-References: CVE-2022-47629 CVSS scores: CVE-2022-47629 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-47629 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-56=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-56=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-56=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-56=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-56=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-56=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-56=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-56=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-56=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-56=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-56=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-56=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-56=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-56=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-56=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-56=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.2 (ppc64le s390x x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba-devel-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba-devel-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 - SUSE Manager Proxy 4.2 (x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba-devel-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba-devel-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba-devel-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba-devel-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba-devel-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba-devel-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba-devel-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba-devel-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba-devel-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba-devel-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba-devel-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba-devel-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba-devel-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba-devel-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 - SUSE CaaS Platform 4.0 (x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba-devel-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 References: https://www.suse.com/security/cve/CVE-2022-47629.html https://bugzilla.suse.com/1206579 From sle-updates at lists.suse.com Thu Feb 16 08:06:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 09:06:10 +0100 (CET) Subject: SUSE-CU-2023:345-1: Security update of suse/sles12sp5 Message-ID: <20230216080610.45296F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:345-1 Container Tags : suse/sles12sp5:6.5.437 , suse/sles12sp5:latest Container Release : 6.5.437 Severity : moderate Type : security References : 1207992 CVE-2023-23916 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:425-1 Released: Wed Feb 15 16:34:23 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libcurl4-7.60.0-11.55.1 updated From sle-updates at lists.suse.com Thu Feb 16 08:07:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 09:07:12 +0100 (CET) Subject: SUSE-CU-2023:346-1: Security update of suse/389-ds Message-ID: <20230216080712.88E90F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:346-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-19.17 , suse/389-ds:latest Container Release : 19.17 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - container:sles15-image-15.0.0-27.14.35 updated From sle-updates at lists.suse.com Thu Feb 16 08:08:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 09:08:03 +0100 (CET) Subject: SUSE-CU-2023:348-1: Security update of suse/registry Message-ID: <20230216080803.DB021F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:348-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-5.7 , suse/registry:latest Container Release : 5.7 Severity : critical Type : security References : 1207247 1207250 1207251 1207866 CVE-2006-20001 CVE-2022-25147 CVE-2022-36760 CVE-2022-37436 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:322-1 Released: Wed Feb 8 16:19:37 2023 Summary: Security update for apache2 Type: security Severity: important References: 1207247,1207250,1207251,CVE-2006-20001,CVE-2022-36760,CVE-2022-37436 This update for apache2 fixes the following issues: - CVE-2022-37436: Fixed an issue in mod_proxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body (bsc#1207251). - CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow request smuggling attacks (bsc#1207250). - CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request header could cause memory corruption (bsc#1207247). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:389-1 Released: Mon Feb 13 09:41:49 2023 Summary: Security update for apr-util Type: security Severity: critical References: 1207866,CVE-2022-25147 This update for apr-util fixes the following issues: - CVE-2022-25147: Fixed a buffer overflow possible with specially crafted input during base64 encoding (bsc#1207866) The following package changes have been done: - apache2-utils-2.4.51-150400.6.6.1 updated - libapr-util1-1.6.1-150300.18.5.1 updated From sle-updates at lists.suse.com Thu Feb 16 08:08:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 09:08:56 +0100 (CET) Subject: SUSE-CU-2023:350-1: Security update of bci/dotnet-sdk Message-ID: <20230216080856.46680F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:350-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-51.27 , bci/dotnet-sdk:3.1.32 , bci/dotnet-sdk:3.1.32-51.27 Container Release : 51.27 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - container:sles15-image-15.0.0-27.14.35 updated From sle-updates at lists.suse.com Thu Feb 16 08:09:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 09:09:45 +0100 (CET) Subject: SUSE-CU-2023:352-1: Security update of bci/dotnet-sdk Message-ID: <20230216080945.222B9F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:352-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-35.89 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-35.89 Container Release : 35.89 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - container:sles15-image-15.0.0-27.14.35 updated From sle-updates at lists.suse.com Thu Feb 16 08:10:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 09:10:36 +0100 (CET) Subject: SUSE-CU-2023:354-1: Security update of bci/dotnet-sdk Message-ID: <20230216081036.EBB7DF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:354-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-29.12 , bci/dotnet-sdk:6.0.13 , bci/dotnet-sdk:6.0.13-29.12 Container Release : 29.12 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - container:sles15-image-15.0.0-27.14.35 updated From sle-updates at lists.suse.com Thu Feb 16 08:11:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 09:11:25 +0100 (CET) Subject: SUSE-CU-2023:356-1: Security update of bci/dotnet-runtime Message-ID: <20230216081125.420BBF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:356-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-52.27 , bci/dotnet-runtime:3.1.32 , bci/dotnet-runtime:3.1.32-52.27 Container Release : 52.27 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - container:sles15-image-15.0.0-27.14.35 updated From sle-updates at lists.suse.com Thu Feb 16 08:12:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 09:12:09 +0100 (CET) Subject: SUSE-CU-2023:357-1: Security update of bci/dotnet-runtime Message-ID: <20230216081209.58A62F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:357-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-34.88 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-34.88 Container Release : 34.88 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - container:sles15-image-15.0.0-27.14.35 updated From sle-updates at lists.suse.com Thu Feb 16 08:12:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 09:12:53 +0100 (CET) Subject: SUSE-CU-2023:358-1: Security update of bci/dotnet-runtime Message-ID: <20230216081253.BE3F9F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:358-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-26.12 , bci/dotnet-runtime:6.0.13 , bci/dotnet-runtime:6.0.13-26.12 Container Release : 26.12 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - container:sles15-image-15.0.0-27.14.35 updated From sle-updates at lists.suse.com Thu Feb 16 08:13:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 09:13:30 +0100 (CET) Subject: SUSE-CU-2023:359-1: Security update of bci/golang Message-ID: <20230216081330.4EBF7F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:359-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-19.30 Container Release : 19.30 Severity : moderate Type : security References : 1207815 CVE-2022-46663 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:348-1 Released: Fri Feb 10 15:08:41 2023 Summary: Security update for less Type: security Severity: moderate References: 1207815,CVE-2022-46663 This update for less fixes the following issues: - CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815). The following package changes have been done: - less-590-150400.3.3.1 updated From sle-updates at lists.suse.com Thu Feb 16 08:13:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 09:13:31 +0100 (CET) Subject: SUSE-CU-2023:360-1: Security update of bci/golang Message-ID: <20230216081331.99D3BF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:360-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-19.31 Container Release : 19.31 Severity : important Type : security References : 1207990 1207991 1207992 1208027 1208028 CVE-2023-22490 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVE-2023-23946 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:430-1 Released: Wed Feb 15 17:42:25 2023 Summary: Security update for git Type: security Severity: important References: 1208027,1208028,CVE-2023-22490,CVE-2023-23946 This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027). - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply' (bsc#1208028). The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - git-core-2.35.3-150300.10.24.1 updated - container:sles15-image-15.0.0-27.14.35 updated From sle-updates at lists.suse.com Thu Feb 16 08:13:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 09:13:59 +0100 (CET) Subject: SUSE-CU-2023:361-1: Security update of bci/golang Message-ID: <20230216081359.0C86DF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:361-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-20.15 , bci/golang:latest Container Release : 20.15 Severity : moderate Type : security References : 1207815 CVE-2022-46663 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:348-1 Released: Fri Feb 10 15:08:41 2023 Summary: Security update for less Type: security Severity: moderate References: 1207815,CVE-2022-46663 This update for less fixes the following issues: - CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815). The following package changes have been done: - less-590-150400.3.3.1 updated From sle-updates at lists.suse.com Thu Feb 16 08:14:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 09:14:38 +0100 (CET) Subject: SUSE-CU-2023:362-1: Security update of bci/bci-init Message-ID: <20230216081438.E7EC9F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:362-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.25.11 , bci/bci-init:latest Container Release : 25.11 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - container:sles15-image-15.0.0-27.14.35 updated From sle-updates at lists.suse.com Thu Feb 16 08:15:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 09:15:15 +0100 (CET) Subject: SUSE-CU-2023:363-1: Security update of bci/nodejs Message-ID: <20230216081515.0F1C2F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:363-1 Container Tags : bci/node:14 , bci/node:14-36.30 , bci/nodejs:14 , bci/nodejs:14-36.30 Container Release : 36.30 Severity : moderate Type : security References : 1207815 CVE-2022-46663 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:348-1 Released: Fri Feb 10 15:08:41 2023 Summary: Security update for less Type: security Severity: moderate References: 1207815,CVE-2022-46663 This update for less fixes the following issues: - CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815). The following package changes have been done: - less-590-150400.3.3.1 updated From sle-updates at lists.suse.com Thu Feb 16 08:15:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 09:15:16 +0100 (CET) Subject: SUSE-CU-2023:364-1: Security update of bci/nodejs Message-ID: <20230216081516.3711FF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:364-1 Container Tags : bci/node:14 , bci/node:14-36.31 , bci/nodejs:14 , bci/nodejs:14-36.31 Container Release : 36.31 Severity : important Type : security References : 1207990 1207991 1207992 1208027 1208028 CVE-2023-22490 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVE-2023-23946 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:430-1 Released: Wed Feb 15 17:42:25 2023 Summary: Security update for git Type: security Severity: important References: 1208027,1208028,CVE-2023-22490,CVE-2023-23946 This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027). - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply' (bsc#1208028). The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - git-core-2.35.3-150300.10.24.1 updated - container:sles15-image-15.0.0-27.14.35 updated From sle-updates at lists.suse.com Thu Feb 16 08:15:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 09:15:45 +0100 (CET) Subject: SUSE-CU-2023:365-1: Security update of bci/nodejs Message-ID: <20230216081545.DD9A7F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:365-1 Container Tags : bci/node:16 , bci/node:16-13.13 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-13.13 , bci/nodejs:latest Container Release : 13.13 Severity : moderate Type : security References : 1207815 CVE-2022-46663 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:348-1 Released: Fri Feb 10 15:08:41 2023 Summary: Security update for less Type: security Severity: moderate References: 1207815,CVE-2022-46663 This update for less fixes the following issues: - CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815). The following package changes have been done: - less-590-150400.3.3.1 updated From sle-updates at lists.suse.com Thu Feb 16 08:15:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 09:15:47 +0100 (CET) Subject: SUSE-CU-2023:366-1: Security update of bci/nodejs Message-ID: <20230216081547.3068FF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:366-1 Container Tags : bci/node:16 , bci/node:16-13.14 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-13.14 , bci/nodejs:latest Container Release : 13.14 Severity : important Type : security References : 1207990 1207991 1207992 1208027 1208028 CVE-2023-22490 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVE-2023-23946 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:430-1 Released: Wed Feb 15 17:42:25 2023 Summary: Security update for git Type: security Severity: important References: 1208027,1208028,CVE-2023-22490,CVE-2023-23946 This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027). - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply' (bsc#1208028). The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - git-core-2.35.3-150300.10.24.1 updated - container:sles15-image-15.0.0-27.14.35 updated From sle-updates at lists.suse.com Thu Feb 16 08:16:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 09:16:35 +0100 (CET) Subject: SUSE-CU-2023:367-1: Security update of bci/openjdk-devel Message-ID: <20230216081635.D13C9F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:367-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-38.64 Container Release : 38.64 Severity : moderate Type : security References : 1207815 CVE-2022-46663 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:348-1 Released: Fri Feb 10 15:08:41 2023 Summary: Security update for less Type: security Severity: moderate References: 1207815,CVE-2022-46663 This update for less fixes the following issues: - CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815). The following package changes have been done: - less-590-150400.3.3.1 updated - container:bci-openjdk-11-15.4.11-34.30 updated From sle-updates at lists.suse.com Thu Feb 16 08:16:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 09:16:50 +0100 (CET) Subject: SUSE-CU-2023:368-1: Security update of bci/openjdk-devel Message-ID: <20230216081650.15FC3F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:368-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-13.29 , bci/openjdk-devel:latest Container Release : 13.29 Severity : moderate Type : security References : 1207815 CVE-2022-46663 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:348-1 Released: Fri Feb 10 15:08:41 2023 Summary: Security update for less Type: security Severity: moderate References: 1207815,CVE-2022-46663 This update for less fixes the following issues: - CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815). The following package changes have been done: - less-590-150400.3.3.1 updated - container:bci-openjdk-17-15.4.17-12.15 updated From sle-updates at lists.suse.com Thu Feb 16 08:17:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 09:17:45 +0100 (CET) Subject: SUSE-CU-2023:370-1: Security update of suse/pcp Message-ID: <20230216081745.8785EF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:370-1 Container Tags : suse/pcp:5 , suse/pcp:5-12.26 , suse/pcp:5.2 , suse/pcp:5.2-12.26 , suse/pcp:5.2.2 , suse/pcp:5.2.2-12.26 , suse/pcp:latest Container Release : 12.26 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - container:bci-bci-init-15.4-15.4-25.11 updated From sle-updates at lists.suse.com Thu Feb 16 08:18:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 09:18:19 +0100 (CET) Subject: SUSE-CU-2023:371-1: Security update of bci/python Message-ID: <20230216081819.71705F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:371-1 Container Tags : bci/python:3 , bci/python:3-11.16 , bci/python:3.10 , bci/python:3.10-11.16 , bci/python:latest Container Release : 11.16 Severity : moderate Type : security References : 1207815 CVE-2022-46663 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:348-1 Released: Fri Feb 10 15:08:41 2023 Summary: Security update for less Type: security Severity: moderate References: 1207815,CVE-2022-46663 This update for less fixes the following issues: - CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815). The following package changes have been done: - less-590-150400.3.3.1 updated From sle-updates at lists.suse.com Thu Feb 16 11:23:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 12:23:36 +0100 (CET) Subject: SUSE-SU-2023:0433-1: important: Security update for the Linux Kernel Message-ID: <20230216112336.73C74F78A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0433-1 Rating: important References: #1065729 #1185861 #1185863 #1186449 #1191256 #1192868 #1193629 #1194869 #1195175 #1195655 #1196058 #1199701 #1204063 #1204356 #1204662 #1205495 #1206006 #1206036 #1206056 #1206057 #1206258 #1206363 #1206459 #1206616 #1206677 #1206784 #1207010 #1207034 #1207036 #1207050 #1207125 #1207134 #1207149 #1207158 #1207184 #1207186 #1207190 #1207237 #1207263 #1207269 #1207497 #1207500 #1207501 #1207506 #1207507 #1207734 #1207769 #1207795 #1207842 #1207878 #1207933 SLE-21132 SLE-24682 Cross-References: CVE-2020-24588 CVE-2022-4382 CVE-2022-47929 CVE-2023-0122 CVE-2023-0179 CVE-2023-0266 CVE-2023-0590 CVE-2023-23454 CVE-2023-23455 CVSS scores: CVE-2020-24588 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2020-24588 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-4382 (NVD) : 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4382 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-47929 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-47929 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2023-0122 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-0122 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-0179 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-0266 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-0266 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-0590 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-23454 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-23454 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-23455 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-23455 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that solves 9 vulnerabilities, contains two features and has 42 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). - CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). - CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bnc#1207050). - CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race condition among the superblock operations inside the gadgetfs code (bsc#1206258). - CVE-2020-24588: Fixed injection of arbitrary network packets against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n) (bsc#1199701). The following non-security bugs were fixed: - ACPI: EC: Fix EC address space handler unregistration (bsc#1207149). - ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149). - ACPI: PRM: Check whether EFI runtime is available (git-fixes). - ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149). - ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149). - ALSA: control-led: use strscpy in set_led_id() (git-fixes). - ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (git-fixes). - ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (git-fixes). - ALSA: hda/realtek - Turn on power early (git-fixes). - ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes). - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes). - ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle (git-fixes). - ALSA: hda: cs35l41: Do not return -EINVAL from system suspend/resume (git-fixes). - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (git-fixes). - ALSA: usb-audio: Make sure to stop endpoints before closing EPs (git-fixes). - ALSA: usb-audio: Relax hw constraints for implicit fb sync (git-fixes). - ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (git-fixes). - ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (git-fixes). - ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes). - ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes). - ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes). - ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes). - ARM: imx: add missing of_node_put() (git-fixes). - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes). - ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes). - ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes). - ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes). - ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes). - ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (git-fixes). - ASoC: wm8904: fix wrong outputs volume after power reactivation (git-fixes). - Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (git-fixes). - Bluetooth: hci_qca: Fix driver shutdown on closed serdev (git-fixes). - Documentation: Remove bogus claim about del_timer_sync() (git-fixes). - HID: betop: check shape of output reports (git-fixes). - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: check empty report_list in bigben_probe() (git-fixes). - HID: check empty report_list in hid_validate_values() (git-fixes). - HID: drop assumptions on non-empty lists (git-fixes, bsc#1206784). - HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes). - HID: playstation: sanity check DualSense calibration data (git-fixes). - HID: revert CHERRY_MOUSE_000C quirk (git-fixes). - IB/hfi1: Fix expected receive setup error exit issues (git-fixes) - IB/hfi1: Immediately remove invalid memory from hardware (git-fixes) - IB/hfi1: Reject a zero-length user expected buffer (git-fixes) - IB/hfi1: Remove user expected buffer invalidate race (git-fixes) - IB/hfi1: Reserve user expected TIDs (git-fixes) - IB/mad: Do not call to function that might sleep while in atomic context (git-fixes). - KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init() (bsc#1206616). - PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP (bsc#1207269). - PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (git-fixes). - RDMA/core: Fix ib block iterator counter overflow (bsc#1207878). - RDMA/core: Fix ib block iterator counter overflow (git-fixes) - RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes) - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes) - RDMA/rxe: Prevent faulty rkey generation (git-fixes) - RDMA/srp: Move large values to a new enum for gcc13 (git-fixes) - Revert "ARM: dts: armada-38x: Fix compatible string for gpios" (git-fixes). - Revert "ARM: dts: armada-39x: Fix compatible string for gpios" (git-fixes). - Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode" (git-fixes). - Revert "Revert "block, bfq: honor already-setup queue merges"" (git-fixes). - Revert "arm64: dts: meson-sm1-odroid-hc4: disable unused USB PHY0" (git-fixes). - Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" (git-fixes). - SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes). - USB: gadget: Fix use-after-free during usb config switch (git-fixes). - USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes). - USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes). - USB: serial: option: add Quectel EC200U modem (git-fixes). - USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes). - USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes). - USB: serial: option: add Quectel EM05CN modem (git-fixes). - VMCI: Use threaded irqs instead of tasklets (git-fixes). - arm64: atomics: format whitespace consistently (git-fixes). - arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes). - arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (git-fixes). - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes). - arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes). - arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes). - arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes). - arm64: dts: qcom: msm8992: Do not use sfpb mutex (git-fixes). - arm64: efi: Execute runtime services from a dedicated stack (git-fixes). - ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes). - ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - bfq: fix use-after-free in bfq_dispatch_request (git-fixes). - bfq: fix waker_bfqq inconsistency crash (git-fixes). - blk-throttle: prevent overflow while calculating wait time (git-fixes). - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - block, bfq: do not move oom_bfqq (git-fixes). - block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes). - block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes). - block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes). - block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes). - block/bfq_wf2q: correct weight to ioprio (git-fixes). - block/bio: remove duplicate append pages code (git-fixes). - block: check minor range in device_add_disk() (git-fixes). - block: ensure iov_iter advances for added pages (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes). - block: use bdev_get_queue() in bio.c (git-fixes). - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (git-fixes). - bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes). - bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes). - bnxt_en: add dynamic debug support for HWRM messages (git-fixes). - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git-fixes). - bnxt_en: fix the handling of PCIE-AER (git-fixes). - bnxt_en: refactor bnxt_cancel_reservations() (git-fixes). - btrfs: add helper to delete a dir entry from a log tree (bsc#1207263). - btrfs: avoid inode logging during rename and link when possible (bsc#1207263). - btrfs: avoid logging all directory changes during renames (bsc#1207263). - btrfs: backport recent fixes for send/receive into SLE15 SP4/SP5 (bsc#1206036 bsc#1207500 ltc#201363). - btrfs: do not log unnecessary boundary keys when logging directory (bsc#1207263). - btrfs: fix assertion failure when logging directory key range item (bsc#1207263). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056 bsc#1207507 ltc#201367). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057 bsc#1207506 ltc#201368). - btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158). - btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158). - btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes). - btrfs: join running log transaction when logging new name (bsc#1207263). - btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158). - btrfs: pass the dentry to btrfs_log_new_name() instead of the inode (bsc#1207263). - btrfs: prepare extents to be logged before locking a log tree path (bsc#1207263). - btrfs: put initial index value of a directory in a constant (bsc#1207263). - btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158). - btrfs: qgroup: remove outdated TODO comments (bsc#1207158). - btrfs: remove unnecessary NULL check for the new inode during rename exchange (bsc#1207263). - btrfs: remove useless path release in the fast fsync path (bsc#1207263). - btrfs: remove write and wait of struct walk_control (bsc#1207263). - btrfs: stop copying old dir items when logging a directory (bsc#1207263). - btrfs: stop doing unnecessary log updates during a rename (bsc#1207263). - btrfs: stop trying to log subdirectories created in past transactions (bsc#1207263). - btrfs: use single variable to track return value at btrfs_log_inode() (bsc#1207263). - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes). - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes). - cifs: Fix uninitialized memory read for smb311 posix symlink create (git-fixes). - cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629). - cifs: do not include page data when checking signature (git-fixes). - cifs: do not query ifaces on smb1 mounts (git-fixes). - cifs: don't take exclusive lock for updating target hints (bsc#1193629). - cifs: fix double free on failed kerberos auth (git-fixes). - cifs: fix file info setting in cifs_open_file() (git-fixes). - cifs: fix file info setting in cifs_query_path_info() (git-fixes). - cifs: fix potential deadlock in cache_refresh_path() (git-fixes). - cifs: fix potential memory leaks in session setup (bsc#1193629). - cifs: fix race in assemble_neg_contexts() (bsc#1193629). - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629). - cifs: handle cache lookup errors different than -ENOENT (bsc#1193629). - cifs: ignore ipc reconnect failures during dfs failover (bsc#1193629). - cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1193629). - cifs: remove duplicate code in __refresh_tcon() (bsc#1193629). - cifs: remove redundant assignment to the variable match (bsc#1193629). - cifs: remove unused function (bsc#1193629). - comedi: adv_pci1760: Fix PWM instruction handling (git-fixes). - config: arm64: Fix Freescale LPUART dependency (boo#1204063). - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes). - cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes). - crypto: fixed DH and ECDH implemention for FIPS PCT (jsc#SLE-21132,bsc#1191256,bsc#1207184). - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: clear the journal on suspend (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix alloc_dax error handling in alloc_dev (git-fixes). - dm: requeue IO if mapping table not yet available (git-fixes). - dmaengine: Fix double increment of client_count in dma_chan_get() (git-fixes). - dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable (git-fixes). - dmaengine: idxd: Let probe fail when workqueue cannot be enabled (git-fixes). - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-fixes). - dmaengine: lgm: Move DT parsing after initialization (git-fixes). - dmaengine: tegra210-adma: fix global intr clear (git-fixes). - dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG (git-fixes). - dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (git-fixes). - docs: Fix the docs build with Sphinx 6.0 (git-fixes). - driver core: Fix test_async_probe_init saves device in wrong array (git-fixes). - drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - drm/amd/display: Calculate output_color_space after pixel encoding adjustment (git-fixes). - drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (git-fixes). - drm/amd/display: Fix set scaling doesn's work (git-fixes). - drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734). - drm/amd/display: fix issues with driver unload (git-fixes). - drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes). - drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes). - drm/amdgpu: drop experimental flag on aldebaran (git-fixes). - drm/hyperv: Add error message for fb size greater than allocated (git-fixes). - drm/i915/adlp: Fix typo for reference clock (git-fixes). - drm/i915/display: Check source height is > 0 (git-fixes). - drm/i915/gt: Reset twice (git-fixes). - drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-fixes). - drm/i915: Fix potential bit_17 double-free (git-fixes). - drm/i915: re-disable RC6p on Sandy Bridge (git-fixes). - drm/msm/adreno: Make adreno quirks not overwrite each other (git-fixes). - drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer (git-fixes). - drm/msm: another fix for the headless Adreno GPU (git-fixes). - drm/panfrost: fix GENERIC_ATOMIC64 dependency (git-fixes). - drm/vc4: hdmi: make CEC adapter name unique (git-fixes). - drm/virtio: Fix GEM handle creation UAF (git-fixes). - drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes). - dt-bindings: msm/dsi: Do not require vcca-supply on 14nm PHY (git-fixes). - dt-bindings: msm/dsi: Do not require vdds-supply on 10nm PHY (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix description of core clock (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (git-fixes). - dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (git-fixes). - efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes). - efi: fix userspace infinite retry read efivars after EFI runtime services page fault (git-fixes). - efi: rt-wrapper: Add missing include (git-fixes). - efi: tpm: Avoid READ_ONCE() for accessing the event log (git-fixes). - ext4: Fixup pages without buffers (bsc#1205495). - extcon: usbc-tusb320: fix kernel-doc warning (git-fixes). - fbcon: Check font dimension limits (git-fixes). - fbdev: omapfb: avoid stack overflow warning (git-fixes). - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_notification (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_response (git-fixes). - fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-fixes). - fs: remove __sync_filesystem (git-fixes). - ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes). - ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes). - git_sort: add usb-linus branch for gregkh/usb - gsmi: fix null-deref in gsmi_get_variable (git-fixes). - hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes). - i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes). - i2c: mv64xxx: Remove shutdown method from driver (git-fixes). - i40e: Disallow ip4 and ip6 l4_4_bytes (git-fixes). - i40e: Fix error handling in i40e_init_module() (git-fixes). - i40e: Fix not setting default xps_cpus after reset (git-fixes). - igb: Allocate MSI-X vector when testing (git-fixes). - iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes). - iio: adc: stm32-dfsdm: fill module aliases (git-fixes). - iio: hid: fix the retval in accel_3d_capture_sample (git-fixes). - iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes). - iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes). - iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes). - iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes). - iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes). - iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes). - iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes). - iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes). - iio:adc:twl6030: Enable measurement of VAC (git-fixes). - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes). - ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459). - ipmi:ssif: Increase the message retry time (bsc#1206459). - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (git-fixes). - ixgbevf: Fix resource leak in ixgbevf_init_module() (git-fixes). - jbd2: use the correct print format (git-fixes). - kABI workaround for struct acpi_ec (bsc#1207149). - kABI: Preserve TRACE_EVENT_FL values (git-fixes). - kabi/severities: add mlx5 internal symbols - l2tp: Do not sleep and disable BH under writer-side sk_callback_lock (git-fixes). - loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - mei: me: add meteor lake point M DID (git-fixes). - memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (git-fixes). - memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (git-fixes). - memory: tegra: Remove clients SID override programming (git-fixes). - misc: fastrpc: Do not remove map on creater_process and device_release (git-fixes). - misc: fastrpc: Fix use-after-free race condition for maps (git-fixes). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - mm: compaction: kABI: avoid pglist_data kABI breakage (bsc#1207010). - mm: compaction: support triggering of proactive compaction by user (bsc#1207010). - mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (git-fixes). - mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (git-fixes). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes). - mt76: mt7921: avoid unnecessary spin_lock/spin_unlock in mt7921_mcu_tx_done_event (git-fixes). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - net/mlx4: Check retval of mlx4_bitmap_init (git-fixes). - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842). - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (git-fixes). - net: ena: Fix error handling in ena_init() (git-fixes). - net: liquidio: release resources when liquidio driver open failed (git-fixes). - net: liquidio: simplify if expression (git-fixes). - net: macvlan: Use built-in RCU list checking (git-fixes). - net: macvlan: fix memory leaks of macvlan_common_newlink (git-fixes). - net: mdio: validate parameter addr in mdiobus_get_phy() (git-fixes). - net: nfc: Fix use-after-free in local_cleanup() (git-fixes). - net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes). - net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes). - net: tun: Fix memory leaks of napi_get_frags (git-fixes). - net: tun: Fix use-after-free in tun_detach() (git-fixes). - net: tun: call napi_schedule_prep() to ensure we own a napi (git-fixes). - net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes). - net: usb: sr9700: Handle negative len (git-fixes). - net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (git-fixes). - netrom: Fix use-after-free caused by accept on already connected socket (git-fixes). - netrom: Fix use-after-free of a listening socket (git-fixes). - nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - octeontx2-af: Fix reference count issue in rvu_sdp_init() (jsc#SLE-24682). - octeontx2-af: debugsfs: fix pci device refcount leak (git-fixes). - octeontx2-pf: Add check for devm_kcalloc (git-fixes). - octeontx2-pf: Fix potential memory leak in otx2_init_tc() (jsc#SLE-24682). - of/address: Return an error when no valid dma-ranges are found (git-fixes). - phy: Revert "phy: qualcomm: usb28nm: Add MDM9607 init sequence" (git-fixes). - phy: phy-can-transceiver: Skip warning if no "max-bitrate" (git-fixes). - phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (git-fixes). - phy: ti: fix Kconfig warning and operator precedence (git-fixes). - pinctrl: amd: Add dynamic debugging for active GPIOs (git-fixes). - pinctrl: rockchip: fix mux route data for rk3568 (git-fixes). - platform/surface: aggregator: Add missing call to ssam_request_sync_free() (git-fixes). - platform/surface: aggregator: Ignore command messages not intended for us (git-fixes). - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes). - platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting (git-fixes). - platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present (git-fixes). - platform/x86: sony-laptop: Do not turn off 0x153 keyboard backlight during probe (git-fixes). - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes). - powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869). - powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869). - powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes). - powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869). - powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869). - powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869). - powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869). - qlcnic: fix sleep-in-atomic-context bugs caused by msleep (git-fixes). - r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes). - r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes). - regulator: da9211: Use irq handler when ready (git-fixes). - rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage - s390/qeth: fix various format strings (git-fixes). - sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes) - sched/core: Introduce sched_asym_cpucap_active() (git-fixes) - sched/cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes) - sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes) - sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes) - sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes) - sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes) - scsi: Revert "scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT" (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - scsi: efct: Fix possible memleak in efct_device_init() (git-fixes). - scsi: elx: libefc: Fix second parameter type in state callbacks (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes). - scsi: scsi_debug: Fix a warning in resp_report_zones() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_verify() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes). - scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (bsc#1206006). - scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes). - scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes). - scsi: ufs: core: Enable link lost interrupt (git-fixes). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests: Provide local define of __cpuid_count() (git-fixes). - serial: 8250_dma: Fix DMA Rx rearm race (git-fixes). - serial: atmel: fix incorrect baudrate setup (git-fixes). - serial: pch_uart: Pass correct sg to dma_unmap_sg() (git-fixes). - sfc: fix potential memleak in __ef100_hard_start_xmit() (git-fixes). - soc: imx8m: Fix incorrect check for of_clk_get_by_name() (git-fixes). - spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes). - staging: mt7621-dts: change some node hex addresses to lower case (git-fixes). - staging: vchiq_arm: fix enum vchiq_status return types (git-fixes). - swim3: add missing major.h include (git-fixes). - tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (git-fixes). - thermal/core: Remove duplicate information when an error occurs (git-fixes). - thunderbolt: Do not call PM runtime functions in tb_retimer_scan() (git-fixes). - thunderbolt: Do not report errors if on-board retimers are found (git-fixes). - thunderbolt: Use correct function to calculate maximum USB3 link rate (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation. - tick/sched: Fix non-kernel-doc comment (git-fixes). - tomoyo: fix broken dependency on *.conf.default (git-fixes). - tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes). - tracing/hist: Fix issue of losting command info in error_log (git-fixes). - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-fixes). - tracing/hist: Fix wrong return value in parse_action_params() (git-fixes). - tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes). - tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing/probes: Handle system names with hyphens (git-fixes). - tracing: Add '__rel_loc' using trace event macros (git-fixes). - tracing: Add DYNAMIC flag for dynamic events (git-fixes). - tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes). - tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing: Do not use out-of-sync va_list in event printing (git-fixes). - tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes). - tracing: Fix a kmemleak false positive in tracing_map (git-fixes). - tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes). - tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes). - tracing: Fix issue of missing one synthetic field (git-fixes). - tracing: Fix mismatched comment in __string_len (git-fixes). - tracing: Fix possible memory leak in __create_synth_event() error path (git-fixes). - tracing: Fix race where histograms can be called before the event (git-fixes). - tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes). - tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes). - tracing: Fix warning on variable 'struct trace_array' (git-fixes). - tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-fixes). - tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes). - tracing: Have type enum modifications copy the strings (git-fixes). - tracing: Make tp_printk work on syscall tracepoints (git-fixes). - tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes). - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes). - tty: fix possible null-ptr-defer in spk_ttyio_release (git-fixes). - tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer (git-fixes). - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (git-fixes). - usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes). - usb: cdns3: remove fetched trb from cache before dequeuing (git-fixes). - usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes). - usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes). - usb: fotg210-udc: Fix ages old endianness issues (git-fixes). - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (git-fixes). - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes). - usb: gadget: f_hid: fix refcount leak on error path (git-fixes). - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-fixes). - usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes). - usb: gadget: g_webcam: Send color matching descriptor per frame (git-fixes). - usb: gadget: udc: core: Print error code in usb_gadget_probe_driver() (git-fixes). - usb: gadget: udc: core: Revise comments for USB ep enable/disable (git-fixes). - usb: gadget: udc: core: Use pr_fmt() to prefix messages (git-fixes). - usb: gadget: udc: core: remove usage of list iterator past the loop body (git-fixes). - usb: host: ehci-fsl: Fix module alias (git-fixes). - usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes). - usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes). - usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git-fixes). - usb: xhci: Check endpoint is valid before dereferencing it (git-fixes). - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes). - vfs: make sync_filesystem return errors from ->sync_fs (git-fixes). - virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes). - virtio-net: correctly enable callback during start_xmit (git-fixes). - virtio_pci: modify ENOENT to EINVAL (git-fixes). - w1: fix WARNING after calling w1_process() (git-fixes). - w1: fix deadloop in __w1_remove_master_device() (git-fixes). - wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes) - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). - wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (git-fixes). - wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes). - wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (git-fixes). - wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (git-fixes). - wifi: mt76: sdio: poll sta stat when device transmits data (git-fixes). - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (git-fixes). - x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes). - x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes). - xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes). - xfs: fix incorrect error-out in xfs_remove (git-fixes). - xfs: fix incorrect i_nlink caused by inode racing (git-fixes). - xfs: fix maxlevels comparisons in the btree staging code (git-fixes). - xfs: fix memory leak in xfs_errortag_init (git-fixes). - xfs: get rid of assert from xfs_btree_islastblock (git-fixes). - xfs: get root inode correctly at bulkstat (git-fixes). - xfs: initialize the check_owner object fully (git-fixes). - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes). - xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes). - xfs: return errors in xfs_fs_sync_fs (git-fixes). - xfs: xfstest fails with error missing kernel patch (git-fixes bsc#1207501 ltc#201370). - xhci-pci: set the dma max_seg_size (git-fixes). - xhci: Fix null pointer dereference when host dies (git-fixes). - zram: Delete patch for regression addressed (bsc#1207933). - zram: do not lookup algorithm in backends table (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-433=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-433=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-433=1 - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-433=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-433=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-433=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-433=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-433=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-433=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): kernel-default-5.14.21-150400.24.46.1 kernel-default-base-5.14.21-150400.24.46.1.150400.24.17.3 kernel-default-debuginfo-5.14.21-150400.24.46.1 kernel-default-debugsource-5.14.21-150400.24.46.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.14.21-150400.24.46.1 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.46.1 dlm-kmp-default-5.14.21-150400.24.46.1 dlm-kmp-default-debuginfo-5.14.21-150400.24.46.1 gfs2-kmp-default-5.14.21-150400.24.46.1 gfs2-kmp-default-debuginfo-5.14.21-150400.24.46.1 kernel-default-5.14.21-150400.24.46.1 kernel-default-base-5.14.21-150400.24.46.1.150400.24.17.3 kernel-default-base-rebuild-5.14.21-150400.24.46.1.150400.24.17.3 kernel-default-debuginfo-5.14.21-150400.24.46.1 kernel-default-debugsource-5.14.21-150400.24.46.1 kernel-default-devel-5.14.21-150400.24.46.1 kernel-default-devel-debuginfo-5.14.21-150400.24.46.1 kernel-default-extra-5.14.21-150400.24.46.1 kernel-default-extra-debuginfo-5.14.21-150400.24.46.1 kernel-default-livepatch-5.14.21-150400.24.46.1 kernel-default-livepatch-devel-5.14.21-150400.24.46.1 kernel-default-optional-5.14.21-150400.24.46.1 kernel-default-optional-debuginfo-5.14.21-150400.24.46.1 kernel-obs-build-5.14.21-150400.24.46.1 kernel-obs-build-debugsource-5.14.21-150400.24.46.1 kernel-obs-qa-5.14.21-150400.24.46.1 kernel-syms-5.14.21-150400.24.46.1 kselftests-kmp-default-5.14.21-150400.24.46.1 kselftests-kmp-default-debuginfo-5.14.21-150400.24.46.1 ocfs2-kmp-default-5.14.21-150400.24.46.1 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.46.1 reiserfs-kmp-default-5.14.21-150400.24.46.1 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.46.1 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): kernel-kvmsmall-5.14.21-150400.24.46.1 kernel-kvmsmall-debuginfo-5.14.21-150400.24.46.1 kernel-kvmsmall-debugsource-5.14.21-150400.24.46.1 kernel-kvmsmall-devel-5.14.21-150400.24.46.1 kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.46.1 kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.46.1 - openSUSE Leap 15.4 (ppc64le x86_64): kernel-debug-5.14.21-150400.24.46.1 kernel-debug-debuginfo-5.14.21-150400.24.46.1 kernel-debug-debugsource-5.14.21-150400.24.46.1 kernel-debug-devel-5.14.21-150400.24.46.1 kernel-debug-devel-debuginfo-5.14.21-150400.24.46.1 kernel-debug-livepatch-devel-5.14.21-150400.24.46.1 - openSUSE Leap 15.4 (aarch64): cluster-md-kmp-64kb-5.14.21-150400.24.46.1 cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.46.1 dlm-kmp-64kb-5.14.21-150400.24.46.1 dlm-kmp-64kb-debuginfo-5.14.21-150400.24.46.1 dtb-allwinner-5.14.21-150400.24.46.1 dtb-altera-5.14.21-150400.24.46.1 dtb-amazon-5.14.21-150400.24.46.1 dtb-amd-5.14.21-150400.24.46.1 dtb-amlogic-5.14.21-150400.24.46.1 dtb-apm-5.14.21-150400.24.46.1 dtb-apple-5.14.21-150400.24.46.1 dtb-arm-5.14.21-150400.24.46.1 dtb-broadcom-5.14.21-150400.24.46.1 dtb-cavium-5.14.21-150400.24.46.1 dtb-exynos-5.14.21-150400.24.46.1 dtb-freescale-5.14.21-150400.24.46.1 dtb-hisilicon-5.14.21-150400.24.46.1 dtb-lg-5.14.21-150400.24.46.1 dtb-marvell-5.14.21-150400.24.46.1 dtb-mediatek-5.14.21-150400.24.46.1 dtb-nvidia-5.14.21-150400.24.46.1 dtb-qcom-5.14.21-150400.24.46.1 dtb-renesas-5.14.21-150400.24.46.1 dtb-rockchip-5.14.21-150400.24.46.1 dtb-socionext-5.14.21-150400.24.46.1 dtb-sprd-5.14.21-150400.24.46.1 dtb-xilinx-5.14.21-150400.24.46.1 gfs2-kmp-64kb-5.14.21-150400.24.46.1 gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.46.1 kernel-64kb-5.14.21-150400.24.46.1 kernel-64kb-debuginfo-5.14.21-150400.24.46.1 kernel-64kb-debugsource-5.14.21-150400.24.46.1 kernel-64kb-devel-5.14.21-150400.24.46.1 kernel-64kb-devel-debuginfo-5.14.21-150400.24.46.1 kernel-64kb-extra-5.14.21-150400.24.46.1 kernel-64kb-extra-debuginfo-5.14.21-150400.24.46.1 kernel-64kb-livepatch-devel-5.14.21-150400.24.46.1 kernel-64kb-optional-5.14.21-150400.24.46.1 kernel-64kb-optional-debuginfo-5.14.21-150400.24.46.1 kselftests-kmp-64kb-5.14.21-150400.24.46.1 kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.46.1 ocfs2-kmp-64kb-5.14.21-150400.24.46.1 ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.46.1 reiserfs-kmp-64kb-5.14.21-150400.24.46.1 reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.46.1 - openSUSE Leap 15.4 (noarch): kernel-devel-5.14.21-150400.24.46.1 kernel-docs-5.14.21-150400.24.46.2 kernel-docs-html-5.14.21-150400.24.46.2 kernel-macros-5.14.21-150400.24.46.1 kernel-source-5.14.21-150400.24.46.1 kernel-source-vanilla-5.14.21-150400.24.46.1 - openSUSE Leap 15.4 (s390x): kernel-zfcpdump-5.14.21-150400.24.46.1 kernel-zfcpdump-debuginfo-5.14.21-150400.24.46.1 kernel-zfcpdump-debugsource-5.14.21-150400.24.46.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): kernel-default-debuginfo-5.14.21-150400.24.46.1 kernel-default-debugsource-5.14.21-150400.24.46.1 kernel-default-extra-5.14.21-150400.24.46.1 kernel-default-extra-debuginfo-5.14.21-150400.24.46.1 - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-default-debuginfo-5.14.21-150400.24.46.1 kernel-default-debugsource-5.14.21-150400.24.46.1 kernel-default-livepatch-5.14.21-150400.24.46.1 kernel-default-livepatch-devel-5.14.21-150400.24.46.1 kernel-livepatch-5_14_21-150400_24_46-default-1-150400.9.3.3 kernel-livepatch-5_14_21-150400_24_46-default-debuginfo-1-150400.9.3.3 kernel-livepatch-SLE15-SP4_Update_8-debugsource-1-150400.9.3.3 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.14.21-150400.24.46.1 kernel-default-debugsource-5.14.21-150400.24.46.1 reiserfs-kmp-default-5.14.21-150400.24.46.1 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.46.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.14.21-150400.24.46.1 kernel-obs-build-debugsource-5.14.21-150400.24.46.1 kernel-syms-5.14.21-150400.24.46.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): kernel-docs-5.14.21-150400.24.46.2 kernel-source-5.14.21-150400.24.46.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-5.14.21-150400.24.46.1 kernel-default-base-5.14.21-150400.24.46.1.150400.24.17.3 kernel-default-debuginfo-5.14.21-150400.24.46.1 kernel-default-debugsource-5.14.21-150400.24.46.1 kernel-default-devel-5.14.21-150400.24.46.1 kernel-default-devel-debuginfo-5.14.21-150400.24.46.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64): kernel-64kb-5.14.21-150400.24.46.1 kernel-64kb-debuginfo-5.14.21-150400.24.46.1 kernel-64kb-debugsource-5.14.21-150400.24.46.1 kernel-64kb-devel-5.14.21-150400.24.46.1 kernel-64kb-devel-debuginfo-5.14.21-150400.24.46.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): kernel-devel-5.14.21-150400.24.46.1 kernel-macros-5.14.21-150400.24.46.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (s390x): kernel-zfcpdump-5.14.21-150400.24.46.1 kernel-zfcpdump-debuginfo-5.14.21-150400.24.46.1 kernel-zfcpdump-debugsource-5.14.21-150400.24.46.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): kernel-default-5.14.21-150400.24.46.1 kernel-default-base-5.14.21-150400.24.46.1.150400.24.17.3 kernel-default-debuginfo-5.14.21-150400.24.46.1 kernel-default-debugsource-5.14.21-150400.24.46.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.14.21-150400.24.46.1 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.46.1 dlm-kmp-default-5.14.21-150400.24.46.1 dlm-kmp-default-debuginfo-5.14.21-150400.24.46.1 gfs2-kmp-default-5.14.21-150400.24.46.1 gfs2-kmp-default-debuginfo-5.14.21-150400.24.46.1 kernel-default-debuginfo-5.14.21-150400.24.46.1 kernel-default-debugsource-5.14.21-150400.24.46.1 ocfs2-kmp-default-5.14.21-150400.24.46.1 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.46.1 References: https://www.suse.com/security/cve/CVE-2020-24588.html https://www.suse.com/security/cve/CVE-2022-4382.html https://www.suse.com/security/cve/CVE-2022-47929.html https://www.suse.com/security/cve/CVE-2023-0122.html https://www.suse.com/security/cve/CVE-2023-0179.html https://www.suse.com/security/cve/CVE-2023-0266.html https://www.suse.com/security/cve/CVE-2023-0590.html https://www.suse.com/security/cve/CVE-2023-23454.html https://www.suse.com/security/cve/CVE-2023-23455.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1185861 https://bugzilla.suse.com/1185863 https://bugzilla.suse.com/1186449 https://bugzilla.suse.com/1191256 https://bugzilla.suse.com/1192868 https://bugzilla.suse.com/1193629 https://bugzilla.suse.com/1194869 https://bugzilla.suse.com/1195175 https://bugzilla.suse.com/1195655 https://bugzilla.suse.com/1196058 https://bugzilla.suse.com/1199701 https://bugzilla.suse.com/1204063 https://bugzilla.suse.com/1204356 https://bugzilla.suse.com/1204662 https://bugzilla.suse.com/1205495 https://bugzilla.suse.com/1206006 https://bugzilla.suse.com/1206036 https://bugzilla.suse.com/1206056 https://bugzilla.suse.com/1206057 https://bugzilla.suse.com/1206258 https://bugzilla.suse.com/1206363 https://bugzilla.suse.com/1206459 https://bugzilla.suse.com/1206616 https://bugzilla.suse.com/1206677 https://bugzilla.suse.com/1206784 https://bugzilla.suse.com/1207010 https://bugzilla.suse.com/1207034 https://bugzilla.suse.com/1207036 https://bugzilla.suse.com/1207050 https://bugzilla.suse.com/1207125 https://bugzilla.suse.com/1207134 https://bugzilla.suse.com/1207149 https://bugzilla.suse.com/1207158 https://bugzilla.suse.com/1207184 https://bugzilla.suse.com/1207186 https://bugzilla.suse.com/1207190 https://bugzilla.suse.com/1207237 https://bugzilla.suse.com/1207263 https://bugzilla.suse.com/1207269 https://bugzilla.suse.com/1207497 https://bugzilla.suse.com/1207500 https://bugzilla.suse.com/1207501 https://bugzilla.suse.com/1207506 https://bugzilla.suse.com/1207507 https://bugzilla.suse.com/1207734 https://bugzilla.suse.com/1207769 https://bugzilla.suse.com/1207795 https://bugzilla.suse.com/1207842 https://bugzilla.suse.com/1207878 https://bugzilla.suse.com/1207933 From sle-updates at lists.suse.com Thu Feb 16 11:31:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 12:31:01 +0100 (CET) Subject: SUSE-SU-2023:0434-1: important: Security update for mozilla-nss Message-ID: <20230216113101.70F83F78A@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0434-1 Rating: important References: #1208138 Cross-References: CVE-2023-0767 CVSS scores: CVE-2023-0767 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 (bsc#1208138): - CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-434=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-434=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-434=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-434=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): libfreebl3-3.79.4-150400.3.26.1 libfreebl3-debuginfo-3.79.4-150400.3.26.1 libfreebl3-hmac-3.79.4-150400.3.26.1 libsoftokn3-3.79.4-150400.3.26.1 libsoftokn3-debuginfo-3.79.4-150400.3.26.1 libsoftokn3-hmac-3.79.4-150400.3.26.1 mozilla-nss-3.79.4-150400.3.26.1 mozilla-nss-certs-3.79.4-150400.3.26.1 mozilla-nss-certs-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-debugsource-3.79.4-150400.3.26.1 mozilla-nss-tools-3.79.4-150400.3.26.1 mozilla-nss-tools-debuginfo-3.79.4-150400.3.26.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.4-150400.3.26.1 libfreebl3-debuginfo-3.79.4-150400.3.26.1 libfreebl3-hmac-3.79.4-150400.3.26.1 libsoftokn3-3.79.4-150400.3.26.1 libsoftokn3-debuginfo-3.79.4-150400.3.26.1 libsoftokn3-hmac-3.79.4-150400.3.26.1 mozilla-nss-3.79.4-150400.3.26.1 mozilla-nss-certs-3.79.4-150400.3.26.1 mozilla-nss-certs-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-debugsource-3.79.4-150400.3.26.1 mozilla-nss-devel-3.79.4-150400.3.26.1 mozilla-nss-sysinit-3.79.4-150400.3.26.1 mozilla-nss-sysinit-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-tools-3.79.4-150400.3.26.1 mozilla-nss-tools-debuginfo-3.79.4-150400.3.26.1 - openSUSE Leap 15.4 (x86_64): libfreebl3-32bit-3.79.4-150400.3.26.1 libfreebl3-32bit-debuginfo-3.79.4-150400.3.26.1 libfreebl3-hmac-32bit-3.79.4-150400.3.26.1 libsoftokn3-32bit-3.79.4-150400.3.26.1 libsoftokn3-32bit-debuginfo-3.79.4-150400.3.26.1 libsoftokn3-hmac-32bit-3.79.4-150400.3.26.1 mozilla-nss-32bit-3.79.4-150400.3.26.1 mozilla-nss-32bit-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-certs-32bit-3.79.4-150400.3.26.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-sysinit-32bit-3.79.4-150400.3.26.1 mozilla-nss-sysinit-32bit-debuginfo-3.79.4-150400.3.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.4-150400.3.26.1 libfreebl3-debuginfo-3.79.4-150400.3.26.1 libfreebl3-hmac-3.79.4-150400.3.26.1 libsoftokn3-3.79.4-150400.3.26.1 libsoftokn3-debuginfo-3.79.4-150400.3.26.1 libsoftokn3-hmac-3.79.4-150400.3.26.1 mozilla-nss-3.79.4-150400.3.26.1 mozilla-nss-certs-3.79.4-150400.3.26.1 mozilla-nss-certs-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-debugsource-3.79.4-150400.3.26.1 mozilla-nss-devel-3.79.4-150400.3.26.1 mozilla-nss-sysinit-3.79.4-150400.3.26.1 mozilla-nss-sysinit-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-tools-3.79.4-150400.3.26.1 mozilla-nss-tools-debuginfo-3.79.4-150400.3.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libfreebl3-32bit-3.79.4-150400.3.26.1 libfreebl3-32bit-debuginfo-3.79.4-150400.3.26.1 libfreebl3-hmac-32bit-3.79.4-150400.3.26.1 libsoftokn3-32bit-3.79.4-150400.3.26.1 libsoftokn3-32bit-debuginfo-3.79.4-150400.3.26.1 libsoftokn3-hmac-32bit-3.79.4-150400.3.26.1 mozilla-nss-32bit-3.79.4-150400.3.26.1 mozilla-nss-32bit-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-certs-32bit-3.79.4-150400.3.26.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150400.3.26.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libfreebl3-3.79.4-150400.3.26.1 libfreebl3-debuginfo-3.79.4-150400.3.26.1 libfreebl3-hmac-3.79.4-150400.3.26.1 libsoftokn3-3.79.4-150400.3.26.1 libsoftokn3-debuginfo-3.79.4-150400.3.26.1 libsoftokn3-hmac-3.79.4-150400.3.26.1 mozilla-nss-3.79.4-150400.3.26.1 mozilla-nss-certs-3.79.4-150400.3.26.1 mozilla-nss-certs-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-debugsource-3.79.4-150400.3.26.1 mozilla-nss-tools-3.79.4-150400.3.26.1 mozilla-nss-tools-debuginfo-3.79.4-150400.3.26.1 References: https://www.suse.com/security/cve/CVE-2023-0767.html https://bugzilla.suse.com/1208138 From sle-updates at lists.suse.com Thu Feb 16 14:19:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 15:19:40 +0100 (CET) Subject: SUSE-SU-2023:0435-1: moderate: Security update for java-17-openjdk Message-ID: <20230216141940.D9B5FFCC9@maintenance.suse.de> SUSE Security Update: Security update for java-17-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0435-1 Rating: moderate References: #1205916 #1207246 #1207248 Cross-References: CVE-2023-21835 CVE-2023-21843 CVSS scores: CVE-2023-21835 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2023-21835 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2023-21843 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2023-21843 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for java-17-openjdk fixes the following issues: Updated to version jdk-17.0.6.0+10: - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246). - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). Bugfixes: - Avoid calling C_GetInfo() too early, before cryptoki is initialized (bsc#1205916). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-435=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-435=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): java-17-openjdk-17.0.6.0-150400.3.12.1 java-17-openjdk-accessibility-17.0.6.0-150400.3.12.1 java-17-openjdk-accessibility-debuginfo-17.0.6.0-150400.3.12.1 java-17-openjdk-debuginfo-17.0.6.0-150400.3.12.1 java-17-openjdk-debugsource-17.0.6.0-150400.3.12.1 java-17-openjdk-demo-17.0.6.0-150400.3.12.1 java-17-openjdk-devel-17.0.6.0-150400.3.12.1 java-17-openjdk-devel-debuginfo-17.0.6.0-150400.3.12.1 java-17-openjdk-headless-17.0.6.0-150400.3.12.1 java-17-openjdk-headless-debuginfo-17.0.6.0-150400.3.12.1 java-17-openjdk-jmods-17.0.6.0-150400.3.12.1 java-17-openjdk-src-17.0.6.0-150400.3.12.1 - openSUSE Leap 15.4 (noarch): java-17-openjdk-javadoc-17.0.6.0-150400.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): java-17-openjdk-17.0.6.0-150400.3.12.1 java-17-openjdk-debuginfo-17.0.6.0-150400.3.12.1 java-17-openjdk-debugsource-17.0.6.0-150400.3.12.1 java-17-openjdk-demo-17.0.6.0-150400.3.12.1 java-17-openjdk-devel-17.0.6.0-150400.3.12.1 java-17-openjdk-devel-debuginfo-17.0.6.0-150400.3.12.1 java-17-openjdk-headless-17.0.6.0-150400.3.12.1 java-17-openjdk-headless-debuginfo-17.0.6.0-150400.3.12.1 References: https://www.suse.com/security/cve/CVE-2023-21835.html https://www.suse.com/security/cve/CVE-2023-21843.html https://bugzilla.suse.com/1205916 https://bugzilla.suse.com/1207246 https://bugzilla.suse.com/1207248 From sle-updates at lists.suse.com Thu Feb 16 14:22:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 15:22:46 +0100 (CET) Subject: SUSE-SU-2023:0436-1: moderate: Security update for java-11-openjdk Message-ID: <20230216142246.D1E7BFCC9@maintenance.suse.de> SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0436-1 Rating: moderate References: #1207246 #1207248 Cross-References: CVE-2023-21835 CVE-2023-21843 CVSS scores: CVE-2023-21835 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2023-21835 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2023-21843 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2023-21843 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for java-11-openjdk fixes the following issues: - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-436=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.18.0-3.52.1 java-11-openjdk-debugsource-11.0.18.0-3.52.1 java-11-openjdk-demo-11.0.18.0-3.52.1 java-11-openjdk-devel-11.0.18.0-3.52.1 java-11-openjdk-headless-11.0.18.0-3.52.1 References: https://www.suse.com/security/cve/CVE-2023-21835.html https://www.suse.com/security/cve/CVE-2023-21843.html https://bugzilla.suse.com/1207246 https://bugzilla.suse.com/1207248 From sle-updates at lists.suse.com Thu Feb 16 14:25:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 15:25:55 +0100 (CET) Subject: SUSE-SU-2023:0437-1: moderate: Security update for java-1_8_0-openjdk Message-ID: <20230216142555.2D016FCC9@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0437-1 Rating: moderate References: #1207248 #1207249 Cross-References: CVE-2023-21830 CVE-2023-21843 CVSS scores: CVE-2023-21830 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2023-21830 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2023-21843 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2023-21843 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for java-1_8_0-openjdk fixes the following issues: Updated to version jdk8u362 (icedtea-3.26.0): - CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249). - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-437=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-437=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-437=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-437=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-437=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-437=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_8_0-openjdk-1.8.0.362-27.84.1 java-1_8_0-openjdk-debuginfo-1.8.0.362-27.84.1 java-1_8_0-openjdk-debugsource-1.8.0.362-27.84.1 java-1_8_0-openjdk-demo-1.8.0.362-27.84.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.362-27.84.1 java-1_8_0-openjdk-devel-1.8.0.362-27.84.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.362-27.84.1 java-1_8_0-openjdk-headless-1.8.0.362-27.84.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.362-27.84.1 - SUSE OpenStack Cloud 9 (x86_64): java-1_8_0-openjdk-1.8.0.362-27.84.1 java-1_8_0-openjdk-debuginfo-1.8.0.362-27.84.1 java-1_8_0-openjdk-debugsource-1.8.0.362-27.84.1 java-1_8_0-openjdk-demo-1.8.0.362-27.84.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.362-27.84.1 java-1_8_0-openjdk-devel-1.8.0.362-27.84.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.362-27.84.1 java-1_8_0-openjdk-headless-1.8.0.362-27.84.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.362-27.84.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.362-27.84.1 java-1_8_0-openjdk-debuginfo-1.8.0.362-27.84.1 java-1_8_0-openjdk-debugsource-1.8.0.362-27.84.1 java-1_8_0-openjdk-demo-1.8.0.362-27.84.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.362-27.84.1 java-1_8_0-openjdk-devel-1.8.0.362-27.84.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.362-27.84.1 java-1_8_0-openjdk-headless-1.8.0.362-27.84.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.362-27.84.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.362-27.84.1 java-1_8_0-openjdk-debuginfo-1.8.0.362-27.84.1 java-1_8_0-openjdk-debugsource-1.8.0.362-27.84.1 java-1_8_0-openjdk-demo-1.8.0.362-27.84.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.362-27.84.1 java-1_8_0-openjdk-devel-1.8.0.362-27.84.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.362-27.84.1 java-1_8_0-openjdk-headless-1.8.0.362-27.84.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.362-27.84.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.362-27.84.1 java-1_8_0-openjdk-debuginfo-1.8.0.362-27.84.1 java-1_8_0-openjdk-debugsource-1.8.0.362-27.84.1 java-1_8_0-openjdk-demo-1.8.0.362-27.84.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.362-27.84.1 java-1_8_0-openjdk-devel-1.8.0.362-27.84.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.362-27.84.1 java-1_8_0-openjdk-headless-1.8.0.362-27.84.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.362-27.84.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-openjdk-1.8.0.362-27.84.1 java-1_8_0-openjdk-debuginfo-1.8.0.362-27.84.1 java-1_8_0-openjdk-debugsource-1.8.0.362-27.84.1 java-1_8_0-openjdk-demo-1.8.0.362-27.84.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.362-27.84.1 java-1_8_0-openjdk-devel-1.8.0.362-27.84.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.362-27.84.1 java-1_8_0-openjdk-headless-1.8.0.362-27.84.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.362-27.84.1 References: https://www.suse.com/security/cve/CVE-2023-21830.html https://www.suse.com/security/cve/CVE-2023-21843.html https://bugzilla.suse.com/1207248 https://bugzilla.suse.com/1207249 From sle-updates at lists.suse.com Thu Feb 16 17:18:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 18:18:43 +0100 (CET) Subject: SUSE-RU-2023:0439-1: moderate: Recommended update for dracut Message-ID: <20230216171843.32F87F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0439-1 Rating: moderate References: #1069169 #1186056 #1204929 #1205175 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for dracut fixes the following issues: - Exclude USB drivers in strict hostonly mode (bsc#1186056) - Warn if included with no multipath devices and no user conf (bsc#1069169) - Improve detection of installed kernel versions (bsc#1205175) - chown using rpc default group (bsc#1204929) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-439=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-439=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-439=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-439=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): dracut-055+suse.331.g05b9ccb7-150400.3.16.1 dracut-debuginfo-055+suse.331.g05b9ccb7-150400.3.16.1 dracut-debugsource-055+suse.331.g05b9ccb7-150400.3.16.1 dracut-fips-055+suse.331.g05b9ccb7-150400.3.16.1 dracut-mkinitrd-deprecated-055+suse.331.g05b9ccb7-150400.3.16.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): dracut-055+suse.331.g05b9ccb7-150400.3.16.1 dracut-debuginfo-055+suse.331.g05b9ccb7-150400.3.16.1 dracut-debugsource-055+suse.331.g05b9ccb7-150400.3.16.1 dracut-extra-055+suse.331.g05b9ccb7-150400.3.16.1 dracut-fips-055+suse.331.g05b9ccb7-150400.3.16.1 dracut-ima-055+suse.331.g05b9ccb7-150400.3.16.1 dracut-mkinitrd-deprecated-055+suse.331.g05b9ccb7-150400.3.16.1 dracut-tools-055+suse.331.g05b9ccb7-150400.3.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): dracut-055+suse.331.g05b9ccb7-150400.3.16.1 dracut-debuginfo-055+suse.331.g05b9ccb7-150400.3.16.1 dracut-debugsource-055+suse.331.g05b9ccb7-150400.3.16.1 dracut-fips-055+suse.331.g05b9ccb7-150400.3.16.1 dracut-ima-055+suse.331.g05b9ccb7-150400.3.16.1 dracut-mkinitrd-deprecated-055+suse.331.g05b9ccb7-150400.3.16.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): dracut-055+suse.331.g05b9ccb7-150400.3.16.1 dracut-debuginfo-055+suse.331.g05b9ccb7-150400.3.16.1 dracut-debugsource-055+suse.331.g05b9ccb7-150400.3.16.1 dracut-fips-055+suse.331.g05b9ccb7-150400.3.16.1 dracut-mkinitrd-deprecated-055+suse.331.g05b9ccb7-150400.3.16.1 References: https://bugzilla.suse.com/1069169 https://bugzilla.suse.com/1186056 https://bugzilla.suse.com/1204929 https://bugzilla.suse.com/1205175 From sle-updates at lists.suse.com Thu Feb 16 17:21:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2023 18:21:45 +0100 (CET) Subject: SUSE-RU-2023:0440-1: important: Recommended update for sle_quickstarts Message-ID: <20230216172145.224B9F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle_quickstarts ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0440-1 Rating: important References: SLE-25039 Affected Products: openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for sle_quickstarts contains the following fixes: Documentation: - Quick start updates for SLE 15 SP4 QU2 (STIG hardening in YaST and AutoYaST). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-440=1 Package List: - openSUSE Leap 15.4 (noarch): sle_quickstarts-15.4-150400.3.3.1 References: From sle-updates at lists.suse.com Fri Feb 17 08:04:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:04:46 +0100 (CET) Subject: SUSE-CU-2023:373-1: Security update of suse/sle15 Message-ID: <20230217080446.BA985F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:373-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.736 Container Release : 6.2.736 Severity : important Type : security References : 1207533 1207534 1207536 CVE-2022-4304 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:308-1 Released: Tue Feb 7 17:33:37 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,CVE-2022-4304,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - libopenssl1_1-1.1.0i-150100.14.42.1 updated - openssl-1_1-1.1.0i-150100.14.42.1 updated From sle-updates at lists.suse.com Fri Feb 17 08:06:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:06:11 +0100 (CET) Subject: SUSE-CU-2023:374-1: Security update of suse/sle15 Message-ID: <20230217080611.B9F9FF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:374-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.261 Container Release : 9.5.261 Severity : important Type : security References : 1121365 1198472 1207533 1207534 1207536 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:310-1 Released: Tue Feb 7 17:35:34 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.57.1 updated - libopenssl1_1-1.1.1d-150200.11.57.1 updated - openssl-1_1-1.1.1d-150200.11.57.1 updated From sle-updates at lists.suse.com Fri Feb 17 08:06:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:06:41 +0100 (CET) Subject: SUSE-CU-2023:375-1: Security update of suse/389-ds Message-ID: <20230217080641.C719EF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:375-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-19.18 , suse/389-ds:latest Container Release : 19.18 Severity : important Type : security References : 1208138 CVE-2023-0767 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:434-1 Released: Thu Feb 16 09:08:05 2023 Summary: Security update for mozilla-nss Type: security Severity: important References: 1208138,CVE-2023-0767 This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 (bsc#1208138): - CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types. The following package changes have been done: - libfreebl3-3.79.4-150400.3.26.1 updated - libfreebl3-hmac-3.79.4-150400.3.26.1 updated - mozilla-nss-certs-3.79.4-150400.3.26.1 updated - libsoftokn3-3.79.4-150400.3.26.1 updated - mozilla-nss-3.79.4-150400.3.26.1 updated - mozilla-nss-tools-3.79.4-150400.3.26.1 updated - libsoftokn3-hmac-3.79.4-150400.3.26.1 updated From sle-updates at lists.suse.com Fri Feb 17 08:07:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:07:12 +0100 (CET) Subject: SUSE-CU-2023:376-1: Security update of bci/dotnet-aspnet Message-ID: <20230217080712.51A25F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:376-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-46.27 , bci/dotnet-aspnet:3.1.32 , bci/dotnet-aspnet:3.1.32-46.27 Container Release : 46.27 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - container:sles15-image-15.0.0-27.14.35 updated From sle-updates at lists.suse.com Fri Feb 17 08:07:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:07:40 +0100 (CET) Subject: SUSE-CU-2023:377-1: Security update of bci/dotnet-aspnet Message-ID: <20230217080740.987C1F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:377-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-27.90 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-27.90 Container Release : 27.90 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - container:sles15-image-15.0.0-27.14.35 updated From sle-updates at lists.suse.com Fri Feb 17 08:08:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:08:10 +0100 (CET) Subject: SUSE-CU-2023:378-1: Security update of bci/dotnet-aspnet Message-ID: <20230217080810.2318DF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:378-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-27.12 , bci/dotnet-aspnet:6.0.13 , bci/dotnet-aspnet:6.0.13-27.12 Container Release : 27.12 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - container:sles15-image-15.0.0-27.14.35 updated From sle-updates at lists.suse.com Fri Feb 17 08:08:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:08:28 +0100 (CET) Subject: SUSE-CU-2023:379-1: Security update of bci/golang Message-ID: <20230217080828.BC79AF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:379-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-20.16 , bci/golang:latest Container Release : 20.16 Severity : important Type : security References : 1207990 1207991 1207992 1208027 1208028 CVE-2023-22490 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVE-2023-23946 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:430-1 Released: Wed Feb 15 17:42:25 2023 Summary: Security update for git Type: security Severity: important References: 1208027,1208028,CVE-2023-22490,CVE-2023-23946 This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027). - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply' (bsc#1208028). The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - git-core-2.35.3-150300.10.24.1 updated - container:sles15-image-15.0.0-27.14.35 updated From sle-updates at lists.suse.com Fri Feb 17 08:09:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:09:02 +0100 (CET) Subject: SUSE-CU-2023:380-1: Security update of bci/openjdk-devel Message-ID: <20230217080902.2D891F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:380-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-38.69 Container Release : 38.69 Severity : important Type : security References : 1207676 1207990 1207991 1207992 1208027 1208028 CVE-2023-22490 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVE-2023-23946 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:430-1 Released: Wed Feb 15 17:42:25 2023 Summary: Security update for git Type: security Severity: important References: 1208027,1208028,CVE-2023-22490,CVE-2023-23946 This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027). - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply' (bsc#1208028). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:432-1 Released: Wed Feb 15 18:48:25 2023 Summary: Recommended update for graphite2 Type: recommended Severity: moderate References: 1207676 This update for graphite2 fixes the following issue: - Correct license string to LGPL-2.1-or-later OR MPL-2.0 OR GPL-2.0-or-later (bsc#1207676) The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - libgraphite2-3-1.3.11-150000.4.3.1 updated - git-core-2.35.3-150300.10.24.1 updated - container:bci-openjdk-11-15.4.11-34.32 updated From sle-updates at lists.suse.com Fri Feb 17 08:09:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:09:03 +0100 (CET) Subject: SUSE-CU-2023:381-1: Security update of bci/openjdk-devel Message-ID: <20230217080903.01174F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:381-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-38.72 Container Release : 38.72 Severity : important Type : security References : 1208138 CVE-2023-0767 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:434-1 Released: Thu Feb 16 09:08:05 2023 Summary: Security update for mozilla-nss Type: security Severity: important References: 1208138,CVE-2023-0767 This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 (bsc#1208138): - CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types. The following package changes have been done: - libfreebl3-3.79.4-150400.3.26.1 updated - libfreebl3-hmac-3.79.4-150400.3.26.1 updated - mozilla-nss-certs-3.79.4-150400.3.26.1 updated - libsoftokn3-3.79.4-150400.3.26.1 updated - mozilla-nss-3.79.4-150400.3.26.1 updated - libsoftokn3-hmac-3.79.4-150400.3.26.1 updated - container:bci-openjdk-11-15.4.11-34.33 updated From sle-updates at lists.suse.com Fri Feb 17 08:09:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:09:29 +0100 (CET) Subject: SUSE-CU-2023:382-1: Security update of bci/openjdk Message-ID: <20230217080929.96A66F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:382-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-34.32 Container Release : 34.32 Severity : important Type : security References : 1207676 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:432-1 Released: Wed Feb 15 18:48:25 2023 Summary: Recommended update for graphite2 Type: recommended Severity: moderate References: 1207676 This update for graphite2 fixes the following issue: - Correct license string to LGPL-2.1-or-later OR MPL-2.0 OR GPL-2.0-or-later (bsc#1207676) The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - libgraphite2-3-1.3.11-150000.4.3.1 updated - container:sles15-image-15.0.0-27.14.35 updated From sle-updates at lists.suse.com Fri Feb 17 08:09:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:09:30 +0100 (CET) Subject: SUSE-CU-2023:383-1: Security update of bci/openjdk Message-ID: <20230217080930.8B025F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:383-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-34.33 Container Release : 34.33 Severity : important Type : security References : 1208138 CVE-2023-0767 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:434-1 Released: Thu Feb 16 09:08:05 2023 Summary: Security update for mozilla-nss Type: security Severity: important References: 1208138,CVE-2023-0767 This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 (bsc#1208138): - CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types. The following package changes have been done: - libfreebl3-3.79.4-150400.3.26.1 updated - libfreebl3-hmac-3.79.4-150400.3.26.1 updated - mozilla-nss-certs-3.79.4-150400.3.26.1 updated - libsoftokn3-3.79.4-150400.3.26.1 updated - mozilla-nss-3.79.4-150400.3.26.1 updated - libsoftokn3-hmac-3.79.4-150400.3.26.1 updated From sle-updates at lists.suse.com Fri Feb 17 08:09:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:09:40 +0100 (CET) Subject: SUSE-CU-2023:384-1: Security update of bci/openjdk-devel Message-ID: <20230217080940.9CC2DF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:384-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-13.31 , bci/openjdk-devel:latest Container Release : 13.31 Severity : important Type : security References : 1207990 1207991 1207992 1208027 1208028 CVE-2023-22490 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVE-2023-23946 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:430-1 Released: Wed Feb 15 17:42:25 2023 Summary: Security update for git Type: security Severity: important References: 1208027,1208028,CVE-2023-22490,CVE-2023-23946 This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027). - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply' (bsc#1208028). The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - git-core-2.35.3-150300.10.24.1 updated - container:bci-openjdk-17-15.4.17-12.16 updated From sle-updates at lists.suse.com Fri Feb 17 08:09:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:09:41 +0100 (CET) Subject: SUSE-CU-2023:385-1: Security update of bci/openjdk-devel Message-ID: <20230217080941.81D98F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:385-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-13.36 , bci/openjdk-devel:latest Container Release : 13.36 Severity : important Type : security References : 1205916 1207246 1207248 1208138 CVE-2023-0767 CVE-2023-21835 CVE-2023-21843 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:434-1 Released: Thu Feb 16 09:08:05 2023 Summary: Security update for mozilla-nss Type: security Severity: important References: 1208138,CVE-2023-0767 This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 (bsc#1208138): - CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:435-1 Released: Thu Feb 16 11:06:29 2023 Summary: Security update for java-17-openjdk Type: security Severity: moderate References: 1205916,1207246,1207248,CVE-2023-21835,CVE-2023-21843 This update for java-17-openjdk fixes the following issues: Updated to version jdk-17.0.6.0+10: - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246). - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). Bugfixes: - Avoid calling C_GetInfo() too early, before cryptoki is initialized (bsc#1205916). The following package changes have been done: - libfreebl3-3.79.4-150400.3.26.1 updated - libfreebl3-hmac-3.79.4-150400.3.26.1 updated - mozilla-nss-certs-3.79.4-150400.3.26.1 updated - libsoftokn3-3.79.4-150400.3.26.1 updated - mozilla-nss-3.79.4-150400.3.26.1 updated - libsoftokn3-hmac-3.79.4-150400.3.26.1 updated - java-17-openjdk-headless-17.0.6.0-150400.3.12.1 updated - java-17-openjdk-17.0.6.0-150400.3.12.1 updated - java-17-openjdk-devel-17.0.6.0-150400.3.12.1 updated - container:bci-openjdk-17-15.4.17-12.18 updated From sle-updates at lists.suse.com Fri Feb 17 08:09:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:09:48 +0100 (CET) Subject: SUSE-CU-2023:386-1: Security update of bci/openjdk Message-ID: <20230217080948.E73FAF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:386-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.16 , bci/openjdk:latest Container Release : 12.16 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - container:sles15-image-15.0.0-27.14.35 updated From sle-updates at lists.suse.com Fri Feb 17 08:09:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:09:49 +0100 (CET) Subject: SUSE-CU-2023:387-1: Security update of bci/openjdk Message-ID: <20230217080949.B9B5FF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:387-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.18 , bci/openjdk:latest Container Release : 12.18 Severity : important Type : security References : 1205916 1207246 1207248 1208138 CVE-2023-0767 CVE-2023-21835 CVE-2023-21843 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:434-1 Released: Thu Feb 16 09:08:05 2023 Summary: Security update for mozilla-nss Type: security Severity: important References: 1208138,CVE-2023-0767 This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 (bsc#1208138): - CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:435-1 Released: Thu Feb 16 11:06:29 2023 Summary: Security update for java-17-openjdk Type: security Severity: moderate References: 1205916,1207246,1207248,CVE-2023-21835,CVE-2023-21843 This update for java-17-openjdk fixes the following issues: Updated to version jdk-17.0.6.0+10: - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246). - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). Bugfixes: - Avoid calling C_GetInfo() too early, before cryptoki is initialized (bsc#1205916). The following package changes have been done: - libfreebl3-3.79.4-150400.3.26.1 updated - libfreebl3-hmac-3.79.4-150400.3.26.1 updated - mozilla-nss-certs-3.79.4-150400.3.26.1 updated - libsoftokn3-3.79.4-150400.3.26.1 updated - mozilla-nss-3.79.4-150400.3.26.1 updated - libsoftokn3-hmac-3.79.4-150400.3.26.1 updated - java-17-openjdk-headless-17.0.6.0-150400.3.12.1 updated - java-17-openjdk-17.0.6.0-150400.3.12.1 updated From sle-updates at lists.suse.com Fri Feb 17 08:10:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:10:28 +0100 (CET) Subject: SUSE-CU-2023:388-1: Security update of suse/pcp Message-ID: <20230217081028.6B185F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:388-1 Container Tags : suse/pcp:5 , suse/pcp:5-12.27 , suse/pcp:5.2 , suse/pcp:5.2-12.27 , suse/pcp:5.2.2 , suse/pcp:5.2.2-12.27 , suse/pcp:latest Container Release : 12.27 Severity : important Type : security References : 1208138 CVE-2023-0767 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:434-1 Released: Thu Feb 16 09:08:05 2023 Summary: Security update for mozilla-nss Type: security Severity: important References: 1208138,CVE-2023-0767 This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 (bsc#1208138): - CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types. The following package changes have been done: - libfreebl3-3.79.4-150400.3.26.1 updated - libfreebl3-hmac-3.79.4-150400.3.26.1 updated - mozilla-nss-certs-3.79.4-150400.3.26.1 updated - libsoftokn3-3.79.4-150400.3.26.1 updated - mozilla-nss-3.79.4-150400.3.26.1 updated - libsoftokn3-hmac-3.79.4-150400.3.26.1 updated From sle-updates at lists.suse.com Fri Feb 17 08:10:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:10:51 +0100 (CET) Subject: SUSE-CU-2023:371-1: Security update of bci/python Message-ID: <20230217081051.C798CF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:371-1 Container Tags : bci/python:3 , bci/python:3-11.16 , bci/python:3.10 , bci/python:3.10-11.16 , bci/python:latest Container Release : 11.16 Severity : moderate Type : security References : 1207815 CVE-2022-46663 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:348-1 Released: Fri Feb 10 15:08:41 2023 Summary: Security update for less Type: security Severity: moderate References: 1207815,CVE-2022-46663 This update for less fixes the following issues: - CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815). The following package changes have been done: - less-590-150400.3.3.1 updated From sle-updates at lists.suse.com Fri Feb 17 08:10:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:10:52 +0100 (CET) Subject: SUSE-CU-2023:389-1: Security update of bci/python Message-ID: <20230217081052.B1328F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:389-1 Container Tags : bci/python:3 , bci/python:3-11.17 , bci/python:3.10 , bci/python:3.10-11.17 , bci/python:latest Container Release : 11.17 Severity : important Type : security References : 1207990 1207991 1207992 1208027 1208028 CVE-2023-22490 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVE-2023-23946 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:430-1 Released: Wed Feb 15 17:42:25 2023 Summary: Security update for git Type: security Severity: important References: 1208027,1208028,CVE-2023-22490,CVE-2023-23946 This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027). - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply' (bsc#1208028). The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - curl-7.79.1-150400.5.15.1 updated - git-core-2.35.3-150300.10.24.1 updated - container:sles15-image-15.0.0-27.14.35 updated From sle-updates at lists.suse.com Fri Feb 17 08:11:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:11:18 +0100 (CET) Subject: SUSE-CU-2023:390-1: Security update of bci/python Message-ID: <20230217081118.6F9D9F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:390-1 Container Tags : bci/python:3 , bci/python:3-34.17 , bci/python:3.6 , bci/python:3.6-34.17 Container Release : 34.17 Severity : moderate Type : security References : 1207815 CVE-2022-46663 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:348-1 Released: Fri Feb 10 15:08:41 2023 Summary: Security update for less Type: security Severity: moderate References: 1207815,CVE-2022-46663 This update for less fixes the following issues: - CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815). The following package changes have been done: - less-590-150400.3.3.1 updated From sle-updates at lists.suse.com Fri Feb 17 08:11:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:11:19 +0100 (CET) Subject: SUSE-CU-2023:391-1: Security update of bci/python Message-ID: <20230217081119.4CA7CF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:391-1 Container Tags : bci/python:3 , bci/python:3-34.18 , bci/python:3.6 , bci/python:3.6-34.18 Container Release : 34.18 Severity : important Type : security References : 1207990 1207991 1207992 1208027 1208028 CVE-2023-22490 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVE-2023-23946 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:430-1 Released: Wed Feb 15 17:42:25 2023 Summary: Security update for git Type: security Severity: important References: 1208027,1208028,CVE-2023-22490,CVE-2023-23946 This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027). - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply' (bsc#1208028). The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - curl-7.79.1-150400.5.15.1 updated - git-core-2.35.3-150300.10.24.1 updated - container:sles15-image-15.0.0-27.14.35 updated From sle-updates at lists.suse.com Fri Feb 17 08:11:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:11:43 +0100 (CET) Subject: SUSE-CU-2023:392-1: Security update of bci/ruby Message-ID: <20230217081143.DE639F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:392-1 Container Tags : bci/ruby:2 , bci/ruby:2-33.15 , bci/ruby:2.5 , bci/ruby:2.5-33.15 , bci/ruby:latest Container Release : 33.15 Severity : moderate Type : security References : 1207815 CVE-2022-46663 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:348-1 Released: Fri Feb 10 15:08:41 2023 Summary: Security update for less Type: security Severity: moderate References: 1207815,CVE-2022-46663 This update for less fixes the following issues: - CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815). The following package changes have been done: - less-590-150400.3.3.1 updated From sle-updates at lists.suse.com Fri Feb 17 08:19:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:19:56 +0100 (CET) Subject: SUSE-CU-2023:392-1: Security update of bci/ruby Message-ID: <20230217081956.0ABB8F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:392-1 Container Tags : bci/ruby:2 , bci/ruby:2-33.15 , bci/ruby:2.5 , bci/ruby:2.5-33.15 , bci/ruby:latest Container Release : 33.15 Severity : moderate Type : security References : 1207815 CVE-2022-46663 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:348-1 Released: Fri Feb 10 15:08:41 2023 Summary: Security update for less Type: security Severity: moderate References: 1207815,CVE-2022-46663 This update for less fixes the following issues: - CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815). The following package changes have been done: - less-590-150400.3.3.1 updated From sle-updates at lists.suse.com Fri Feb 17 08:19:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:19:57 +0100 (CET) Subject: SUSE-CU-2023:393-1: Security update of bci/ruby Message-ID: <20230217081957.2E4FFF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:393-1 Container Tags : bci/ruby:2 , bci/ruby:2-33.16 , bci/ruby:2.5 , bci/ruby:2.5-33.16 , bci/ruby:latest Container Release : 33.16 Severity : important Type : security References : 1207990 1207991 1207992 1208027 1208028 CVE-2023-22490 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVE-2023-23946 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:430-1 Released: Wed Feb 15 17:42:25 2023 Summary: Security update for git Type: security Severity: important References: 1208027,1208028,CVE-2023-22490,CVE-2023-23946 This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027). - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply' (bsc#1208028). The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - curl-7.79.1-150400.5.15.1 updated - git-core-2.35.3-150300.10.24.1 updated - container:sles15-image-15.0.0-27.14.35 updated From sle-updates at lists.suse.com Fri Feb 17 08:20:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:20:07 +0100 (CET) Subject: SUSE-CU-2023:394-1: Security update of bci/rust Message-ID: <20230217082007.3A23BF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:394-1 Container Tags : bci/rust:1.65 , bci/rust:1.65-13.15 Container Release : 13.15 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - container:sles15-image-15.0.0-27.14.35 updated From sle-updates at lists.suse.com Fri Feb 17 08:20:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:20:11 +0100 (CET) Subject: SUSE-CU-2023:395-1: Security update of bci/rust Message-ID: <20230217082011.C3305F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:395-1 Container Tags : bci/rust:1.66 , bci/rust:1.66-2.15 , bci/rust:latest Container Release : 2.15 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libcurl4-7.79.1-150400.5.15.1 updated - container:sles15-image-15.0.0-27.14.35 updated From sle-updates at lists.suse.com Fri Feb 17 08:20:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 09:20:41 +0100 (CET) Subject: SUSE-CU-2023:397-1: Security update of suse/sle15 Message-ID: <20230217082041.8D00CF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:397-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.35 , suse/sle15:15.4 , suse/sle15:15.4.27.14.35 Container Release : 27.14.35 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - curl-7.79.1-150400.5.15.1 updated - libcurl4-7.79.1-150400.5.15.1 updated From sle-updates at lists.suse.com Fri Feb 17 14:21:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 15:21:02 +0100 (CET) Subject: SUSE-SU-2023:0444-1: important: Security update for rubygem-actionpack-5_1 Message-ID: <20230217142102.5F534F46D@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionpack-5_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0444-1 Rating: important References: #1207451 #1207455 Cross-References: CVE-2023-22792 CVE-2023-22795 CVSS scores: CVE-2023-22792 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-22795 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-actionpack-5_1 fixes the following issues: - CVE-2023-22795: Fixed ReDoS in Action Dispatch cache (bsc#1207451). - CVE-2023-22792: Fixed ReDoS in Action Dispatch cookies (bnc#1207455). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-444=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-444=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-444=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-444=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-444=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1 ruby2.5-rubygem-actionpack-doc-5_1-5.1.4-150000.3.15.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1 References: https://www.suse.com/security/cve/CVE-2023-22792.html https://www.suse.com/security/cve/CVE-2023-22795.html https://bugzilla.suse.com/1207451 https://bugzilla.suse.com/1207455 From sle-updates at lists.suse.com Fri Feb 17 14:24:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 15:24:39 +0100 (CET) Subject: SUSE-SU-2023:0443-1: important: Security update for mozilla-nss Message-ID: <20230217142439.111E4F46D@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0443-1 Rating: important References: #1208138 Cross-References: CVE-2023-0767 CVSS scores: CVE-2023-0767 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 (bsc#1208138): - CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-443=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-443=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-443=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-443=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-443=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-443=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-443=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-443=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-443=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-443=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-443=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-443=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-443=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-443=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-443=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-443=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-443=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-443=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-443=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Manager Server 4.2 (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Manager Proxy 4.2 (x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-sysinit-32bit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-sysinit-32bit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-sysinit-32bit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-sysinit-32bit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Enterprise Storage 7.1 (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-sysinit-32bit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Enterprise Storage 7 (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE CaaS Platform 4.0 (x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 References: https://www.suse.com/security/cve/CVE-2023-0767.html https://bugzilla.suse.com/1208138 From sle-updates at lists.suse.com Fri Feb 17 14:28:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 15:28:00 +0100 (CET) Subject: SUSE-RU-2023:0445-1: moderate: Recommended update for scap-security-guide Message-ID: <20230217142800.BC679F46D@maintenance.suse.de> SUSE Recommended Update: Recommended update for scap-security-guide ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0445-1 Rating: moderate References: ECO-3319 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for scap-security-guide fixes the following issues: scap-security-guide was updated to 0.1.66 (jsc#ECO-3319) - Ubuntu 22.04 CIS - OL7 stig v2r9 update - Bump OL8 STIG version to V1R4 - Update RHEL7 STIG to V3R10 - Update RHEL8 STIG to V1R9 - Introduce CIS RHEL9 profiles - also various SUSE profile fixes were done Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-445=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): scap-security-guide-0.1.66-9.6.1 scap-security-guide-debian-0.1.66-9.6.1 scap-security-guide-redhat-0.1.66-9.6.1 scap-security-guide-ubuntu-0.1.66-9.6.1 References: From sle-updates at lists.suse.com Fri Feb 17 14:31:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 15:31:01 +0100 (CET) Subject: SUSE-RU-2023:0446-1: moderate: Recommended update for util-linux Message-ID: <20230217143101.06599F46D@maintenance.suse.de> SUSE Recommended Update: Recommended update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0446-1 Rating: moderate References: #1194038 #1205646 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-446=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-446=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-446=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-446=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-446=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-446=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-446=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-446=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libblkid-devel-2.33.2-150100.4.32.1 libblkid-devel-static-2.33.2-150100.4.32.1 libblkid1-2.33.2-150100.4.32.1 libblkid1-debuginfo-2.33.2-150100.4.32.1 libfdisk-devel-2.33.2-150100.4.32.1 libfdisk1-2.33.2-150100.4.32.1 libfdisk1-debuginfo-2.33.2-150100.4.32.1 libmount-devel-2.33.2-150100.4.32.1 libmount1-2.33.2-150100.4.32.1 libmount1-debuginfo-2.33.2-150100.4.32.1 libsmartcols-devel-2.33.2-150100.4.32.1 libsmartcols1-2.33.2-150100.4.32.1 libsmartcols1-debuginfo-2.33.2-150100.4.32.1 libuuid-devel-2.33.2-150100.4.32.1 libuuid-devel-static-2.33.2-150100.4.32.1 libuuid1-2.33.2-150100.4.32.1 libuuid1-debuginfo-2.33.2-150100.4.32.1 util-linux-2.33.2-150100.4.32.1 util-linux-debuginfo-2.33.2-150100.4.32.1 util-linux-debugsource-2.33.2-150100.4.32.1 util-linux-systemd-2.33.2-150100.4.32.1 util-linux-systemd-debuginfo-2.33.2-150100.4.32.1 util-linux-systemd-debugsource-2.33.2-150100.4.32.1 uuidd-2.33.2-150100.4.32.1 uuidd-debuginfo-2.33.2-150100.4.32.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libblkid1-32bit-2.33.2-150100.4.32.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.32.1 libmount1-32bit-2.33.2-150100.4.32.1 libmount1-32bit-debuginfo-2.33.2-150100.4.32.1 libuuid1-32bit-2.33.2-150100.4.32.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.32.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): util-linux-lang-2.33.2-150100.4.32.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libblkid-devel-2.33.2-150100.4.32.1 libblkid-devel-static-2.33.2-150100.4.32.1 libblkid1-2.33.2-150100.4.32.1 libblkid1-debuginfo-2.33.2-150100.4.32.1 libfdisk-devel-2.33.2-150100.4.32.1 libfdisk1-2.33.2-150100.4.32.1 libfdisk1-debuginfo-2.33.2-150100.4.32.1 libmount-devel-2.33.2-150100.4.32.1 libmount1-2.33.2-150100.4.32.1 libmount1-debuginfo-2.33.2-150100.4.32.1 libsmartcols-devel-2.33.2-150100.4.32.1 libsmartcols1-2.33.2-150100.4.32.1 libsmartcols1-debuginfo-2.33.2-150100.4.32.1 libuuid-devel-2.33.2-150100.4.32.1 libuuid-devel-static-2.33.2-150100.4.32.1 libuuid1-2.33.2-150100.4.32.1 libuuid1-debuginfo-2.33.2-150100.4.32.1 util-linux-2.33.2-150100.4.32.1 util-linux-debuginfo-2.33.2-150100.4.32.1 util-linux-debugsource-2.33.2-150100.4.32.1 util-linux-systemd-2.33.2-150100.4.32.1 util-linux-systemd-debuginfo-2.33.2-150100.4.32.1 util-linux-systemd-debugsource-2.33.2-150100.4.32.1 uuidd-2.33.2-150100.4.32.1 uuidd-debuginfo-2.33.2-150100.4.32.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): util-linux-lang-2.33.2-150100.4.32.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libblkid1-32bit-2.33.2-150100.4.32.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.32.1 libmount1-32bit-2.33.2-150100.4.32.1 libmount1-32bit-debuginfo-2.33.2-150100.4.32.1 libuuid1-32bit-2.33.2-150100.4.32.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.32.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libblkid-devel-2.33.2-150100.4.32.1 libblkid-devel-static-2.33.2-150100.4.32.1 libblkid1-2.33.2-150100.4.32.1 libblkid1-debuginfo-2.33.2-150100.4.32.1 libfdisk-devel-2.33.2-150100.4.32.1 libfdisk1-2.33.2-150100.4.32.1 libfdisk1-debuginfo-2.33.2-150100.4.32.1 libmount-devel-2.33.2-150100.4.32.1 libmount1-2.33.2-150100.4.32.1 libmount1-debuginfo-2.33.2-150100.4.32.1 libsmartcols-devel-2.33.2-150100.4.32.1 libsmartcols1-2.33.2-150100.4.32.1 libsmartcols1-debuginfo-2.33.2-150100.4.32.1 libuuid-devel-2.33.2-150100.4.32.1 libuuid-devel-static-2.33.2-150100.4.32.1 libuuid1-2.33.2-150100.4.32.1 libuuid1-debuginfo-2.33.2-150100.4.32.1 util-linux-2.33.2-150100.4.32.1 util-linux-debuginfo-2.33.2-150100.4.32.1 util-linux-debugsource-2.33.2-150100.4.32.1 util-linux-systemd-2.33.2-150100.4.32.1 util-linux-systemd-debuginfo-2.33.2-150100.4.32.1 util-linux-systemd-debugsource-2.33.2-150100.4.32.1 uuidd-2.33.2-150100.4.32.1 uuidd-debuginfo-2.33.2-150100.4.32.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): util-linux-lang-2.33.2-150100.4.32.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libblkid1-32bit-2.33.2-150100.4.32.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.32.1 libmount1-32bit-2.33.2-150100.4.32.1 libmount1-32bit-debuginfo-2.33.2-150100.4.32.1 libuuid1-32bit-2.33.2-150100.4.32.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.32.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libblkid-devel-2.33.2-150100.4.32.1 libblkid-devel-static-2.33.2-150100.4.32.1 libblkid1-2.33.2-150100.4.32.1 libblkid1-debuginfo-2.33.2-150100.4.32.1 libfdisk-devel-2.33.2-150100.4.32.1 libfdisk1-2.33.2-150100.4.32.1 libfdisk1-debuginfo-2.33.2-150100.4.32.1 libmount-devel-2.33.2-150100.4.32.1 libmount1-2.33.2-150100.4.32.1 libmount1-debuginfo-2.33.2-150100.4.32.1 libsmartcols-devel-2.33.2-150100.4.32.1 libsmartcols1-2.33.2-150100.4.32.1 libsmartcols1-debuginfo-2.33.2-150100.4.32.1 libuuid-devel-2.33.2-150100.4.32.1 libuuid-devel-static-2.33.2-150100.4.32.1 libuuid1-2.33.2-150100.4.32.1 libuuid1-debuginfo-2.33.2-150100.4.32.1 util-linux-2.33.2-150100.4.32.1 util-linux-debuginfo-2.33.2-150100.4.32.1 util-linux-debugsource-2.33.2-150100.4.32.1 util-linux-systemd-2.33.2-150100.4.32.1 util-linux-systemd-debuginfo-2.33.2-150100.4.32.1 util-linux-systemd-debugsource-2.33.2-150100.4.32.1 uuidd-2.33.2-150100.4.32.1 uuidd-debuginfo-2.33.2-150100.4.32.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): util-linux-lang-2.33.2-150100.4.32.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libblkid1-32bit-2.33.2-150100.4.32.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.32.1 libmount1-32bit-2.33.2-150100.4.32.1 libmount1-32bit-debuginfo-2.33.2-150100.4.32.1 libuuid1-32bit-2.33.2-150100.4.32.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libblkid-devel-2.33.2-150100.4.32.1 libblkid-devel-static-2.33.2-150100.4.32.1 libblkid1-2.33.2-150100.4.32.1 libblkid1-debuginfo-2.33.2-150100.4.32.1 libfdisk-devel-2.33.2-150100.4.32.1 libfdisk1-2.33.2-150100.4.32.1 libfdisk1-debuginfo-2.33.2-150100.4.32.1 libmount-devel-2.33.2-150100.4.32.1 libmount1-2.33.2-150100.4.32.1 libmount1-debuginfo-2.33.2-150100.4.32.1 libsmartcols-devel-2.33.2-150100.4.32.1 libsmartcols1-2.33.2-150100.4.32.1 libsmartcols1-debuginfo-2.33.2-150100.4.32.1 libuuid-devel-2.33.2-150100.4.32.1 libuuid-devel-static-2.33.2-150100.4.32.1 libuuid1-2.33.2-150100.4.32.1 libuuid1-debuginfo-2.33.2-150100.4.32.1 util-linux-2.33.2-150100.4.32.1 util-linux-debuginfo-2.33.2-150100.4.32.1 util-linux-debugsource-2.33.2-150100.4.32.1 util-linux-systemd-2.33.2-150100.4.32.1 util-linux-systemd-debuginfo-2.33.2-150100.4.32.1 util-linux-systemd-debugsource-2.33.2-150100.4.32.1 uuidd-2.33.2-150100.4.32.1 uuidd-debuginfo-2.33.2-150100.4.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): util-linux-lang-2.33.2-150100.4.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libblkid1-32bit-2.33.2-150100.4.32.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.32.1 libmount1-32bit-2.33.2-150100.4.32.1 libmount1-32bit-debuginfo-2.33.2-150100.4.32.1 libuuid1-32bit-2.33.2-150100.4.32.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libblkid-devel-2.33.2-150100.4.32.1 libblkid-devel-static-2.33.2-150100.4.32.1 libblkid1-2.33.2-150100.4.32.1 libblkid1-debuginfo-2.33.2-150100.4.32.1 libfdisk-devel-2.33.2-150100.4.32.1 libfdisk1-2.33.2-150100.4.32.1 libfdisk1-debuginfo-2.33.2-150100.4.32.1 libmount-devel-2.33.2-150100.4.32.1 libmount1-2.33.2-150100.4.32.1 libmount1-debuginfo-2.33.2-150100.4.32.1 libsmartcols-devel-2.33.2-150100.4.32.1 libsmartcols1-2.33.2-150100.4.32.1 libsmartcols1-debuginfo-2.33.2-150100.4.32.1 libuuid-devel-2.33.2-150100.4.32.1 libuuid-devel-static-2.33.2-150100.4.32.1 libuuid1-2.33.2-150100.4.32.1 libuuid1-debuginfo-2.33.2-150100.4.32.1 util-linux-2.33.2-150100.4.32.1 util-linux-debuginfo-2.33.2-150100.4.32.1 util-linux-debugsource-2.33.2-150100.4.32.1 util-linux-systemd-2.33.2-150100.4.32.1 util-linux-systemd-debuginfo-2.33.2-150100.4.32.1 util-linux-systemd-debugsource-2.33.2-150100.4.32.1 uuidd-2.33.2-150100.4.32.1 uuidd-debuginfo-2.33.2-150100.4.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libblkid1-32bit-2.33.2-150100.4.32.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.32.1 libmount1-32bit-2.33.2-150100.4.32.1 libmount1-32bit-debuginfo-2.33.2-150100.4.32.1 libuuid1-32bit-2.33.2-150100.4.32.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): util-linux-lang-2.33.2-150100.4.32.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libblkid-devel-2.33.2-150100.4.32.1 libblkid-devel-static-2.33.2-150100.4.32.1 libblkid1-2.33.2-150100.4.32.1 libblkid1-debuginfo-2.33.2-150100.4.32.1 libfdisk-devel-2.33.2-150100.4.32.1 libfdisk1-2.33.2-150100.4.32.1 libfdisk1-debuginfo-2.33.2-150100.4.32.1 libmount-devel-2.33.2-150100.4.32.1 libmount1-2.33.2-150100.4.32.1 libmount1-debuginfo-2.33.2-150100.4.32.1 libsmartcols-devel-2.33.2-150100.4.32.1 libsmartcols1-2.33.2-150100.4.32.1 libsmartcols1-debuginfo-2.33.2-150100.4.32.1 libuuid-devel-2.33.2-150100.4.32.1 libuuid-devel-static-2.33.2-150100.4.32.1 libuuid1-2.33.2-150100.4.32.1 libuuid1-debuginfo-2.33.2-150100.4.32.1 util-linux-2.33.2-150100.4.32.1 util-linux-debuginfo-2.33.2-150100.4.32.1 util-linux-debugsource-2.33.2-150100.4.32.1 util-linux-systemd-2.33.2-150100.4.32.1 util-linux-systemd-debuginfo-2.33.2-150100.4.32.1 util-linux-systemd-debugsource-2.33.2-150100.4.32.1 uuidd-2.33.2-150100.4.32.1 uuidd-debuginfo-2.33.2-150100.4.32.1 - SUSE Enterprise Storage 7 (noarch): util-linux-lang-2.33.2-150100.4.32.1 - SUSE Enterprise Storage 7 (x86_64): libblkid1-32bit-2.33.2-150100.4.32.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.32.1 libmount1-32bit-2.33.2-150100.4.32.1 libmount1-32bit-debuginfo-2.33.2-150100.4.32.1 libuuid1-32bit-2.33.2-150100.4.32.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.32.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libblkid-devel-2.33.2-150100.4.32.1 libblkid-devel-static-2.33.2-150100.4.32.1 libblkid1-2.33.2-150100.4.32.1 libblkid1-debuginfo-2.33.2-150100.4.32.1 libfdisk-devel-2.33.2-150100.4.32.1 libfdisk1-2.33.2-150100.4.32.1 libfdisk1-debuginfo-2.33.2-150100.4.32.1 libmount-devel-2.33.2-150100.4.32.1 libmount1-2.33.2-150100.4.32.1 libmount1-debuginfo-2.33.2-150100.4.32.1 libsmartcols-devel-2.33.2-150100.4.32.1 libsmartcols1-2.33.2-150100.4.32.1 libsmartcols1-debuginfo-2.33.2-150100.4.32.1 libuuid-devel-2.33.2-150100.4.32.1 libuuid-devel-static-2.33.2-150100.4.32.1 libuuid1-2.33.2-150100.4.32.1 libuuid1-debuginfo-2.33.2-150100.4.32.1 util-linux-2.33.2-150100.4.32.1 util-linux-debuginfo-2.33.2-150100.4.32.1 util-linux-debugsource-2.33.2-150100.4.32.1 util-linux-systemd-2.33.2-150100.4.32.1 util-linux-systemd-debuginfo-2.33.2-150100.4.32.1 util-linux-systemd-debugsource-2.33.2-150100.4.32.1 uuidd-2.33.2-150100.4.32.1 uuidd-debuginfo-2.33.2-150100.4.32.1 - SUSE Enterprise Storage 6 (noarch): util-linux-lang-2.33.2-150100.4.32.1 - SUSE Enterprise Storage 6 (x86_64): libblkid1-32bit-2.33.2-150100.4.32.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.32.1 libmount1-32bit-2.33.2-150100.4.32.1 libmount1-32bit-debuginfo-2.33.2-150100.4.32.1 libuuid1-32bit-2.33.2-150100.4.32.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.32.1 - SUSE CaaS Platform 4.0 (noarch): util-linux-lang-2.33.2-150100.4.32.1 - SUSE CaaS Platform 4.0 (x86_64): libblkid-devel-2.33.2-150100.4.32.1 libblkid-devel-static-2.33.2-150100.4.32.1 libblkid1-2.33.2-150100.4.32.1 libblkid1-32bit-2.33.2-150100.4.32.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.32.1 libblkid1-debuginfo-2.33.2-150100.4.32.1 libfdisk-devel-2.33.2-150100.4.32.1 libfdisk1-2.33.2-150100.4.32.1 libfdisk1-debuginfo-2.33.2-150100.4.32.1 libmount-devel-2.33.2-150100.4.32.1 libmount1-2.33.2-150100.4.32.1 libmount1-32bit-2.33.2-150100.4.32.1 libmount1-32bit-debuginfo-2.33.2-150100.4.32.1 libmount1-debuginfo-2.33.2-150100.4.32.1 libsmartcols-devel-2.33.2-150100.4.32.1 libsmartcols1-2.33.2-150100.4.32.1 libsmartcols1-debuginfo-2.33.2-150100.4.32.1 libuuid-devel-2.33.2-150100.4.32.1 libuuid-devel-static-2.33.2-150100.4.32.1 libuuid1-2.33.2-150100.4.32.1 libuuid1-32bit-2.33.2-150100.4.32.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.32.1 libuuid1-debuginfo-2.33.2-150100.4.32.1 util-linux-2.33.2-150100.4.32.1 util-linux-debuginfo-2.33.2-150100.4.32.1 util-linux-debugsource-2.33.2-150100.4.32.1 util-linux-systemd-2.33.2-150100.4.32.1 util-linux-systemd-debuginfo-2.33.2-150100.4.32.1 util-linux-systemd-debugsource-2.33.2-150100.4.32.1 uuidd-2.33.2-150100.4.32.1 uuidd-debuginfo-2.33.2-150100.4.32.1 References: https://bugzilla.suse.com/1194038 https://bugzilla.suse.com/1205646 From sle-updates at lists.suse.com Fri Feb 17 14:34:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 15:34:11 +0100 (CET) Subject: SUSE-SU-2023:0441-1: moderate: Security update for tar Message-ID: <20230217143411.B7549F46D@maintenance.suse.de> SUSE Security Update: Security update for tar ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0441-1 Rating: moderate References: #1207753 Cross-References: CVE-2022-48303 CVSS scores: CVE-2022-48303 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-48303 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-441=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): tar-1.27.1-15.18.1 tar-debuginfo-1.27.1-15.18.1 tar-debugsource-1.27.1-15.18.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): tar-lang-1.27.1-15.18.1 References: https://www.suse.com/security/cve/CVE-2022-48303.html https://bugzilla.suse.com/1207753 From sle-updates at lists.suse.com Fri Feb 17 14:37:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 15:37:00 +0100 (CET) Subject: SUSE-SU-2023:0442-1: important: Security update for rubygem-actionpack-4_2 Message-ID: <20230217143700.328CDF46D@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionpack-4_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0442-1 Rating: important References: #1207451 #1207455 Cross-References: CVE-2023-22792 CVE-2023-22795 CVSS scores: CVE-2023-22792 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-22795 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-actionpack-4_2 fixes the following issues: - CVE-2023-22795: Fixed possible ReDoS based DoS vulnerability in Action Dispatch via specially crafted HTTP header (bsc#1207451). - CVE-2023-22792: Fixed possible ReDoS based DoS vulnerability in Action Dispatch via specially crafted cookies (bsc#1207455). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-442=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-442=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ruby2.1-rubygem-actionpack-4_2-4.2.9-7.15.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-actionpack-4_2-4.2.9-7.15.1 References: https://www.suse.com/security/cve/CVE-2023-22792.html https://www.suse.com/security/cve/CVE-2023-22795.html https://bugzilla.suse.com/1207451 https://bugzilla.suse.com/1207455 From sle-updates at lists.suse.com Fri Feb 17 17:17:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2023 18:17:35 +0100 (CET) Subject: SUSE-SU-2023:0447-1: important: Security update for apache2-mod_security2 Message-ID: <20230217171735.DB51CF78A@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_security2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0447-1 Rating: important References: #1207379 Cross-References: CVE-2023-24021 CVSS scores: CVE-2023-24021 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2023-24021 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2-mod_security2 fixes the following issues: - CVE-2023-24021: Fixed FILES_TMP_CONTENT missing complete content (bsc#1207379). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-447=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-447=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-447=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-447=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-447=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-447=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-447=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-447=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-447=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-447=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-447=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-447=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-447=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-447=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-447=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-447=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.2 (ppc64le s390x x86_64): apache2-mod_security2-2.9.2-150000.3.9.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.9.1 apache2-mod_security2-debugsource-2.9.2-150000.3.9.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): apache2-mod_security2-2.9.2-150000.3.9.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.9.1 apache2-mod_security2-debugsource-2.9.2-150000.3.9.1 - SUSE Manager Proxy 4.2 (x86_64): apache2-mod_security2-2.9.2-150000.3.9.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.9.1 apache2-mod_security2-debugsource-2.9.2-150000.3.9.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): apache2-mod_security2-2.9.2-150000.3.9.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.9.1 apache2-mod_security2-debugsource-2.9.2-150000.3.9.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): apache2-mod_security2-2.9.2-150000.3.9.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.9.1 apache2-mod_security2-debugsource-2.9.2-150000.3.9.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): apache2-mod_security2-2.9.2-150000.3.9.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.9.1 apache2-mod_security2-debugsource-2.9.2-150000.3.9.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): apache2-mod_security2-2.9.2-150000.3.9.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.9.1 apache2-mod_security2-debugsource-2.9.2-150000.3.9.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): apache2-mod_security2-2.9.2-150000.3.9.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.9.1 apache2-mod_security2-debugsource-2.9.2-150000.3.9.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): apache2-mod_security2-2.9.2-150000.3.9.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.9.1 apache2-mod_security2-debugsource-2.9.2-150000.3.9.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): apache2-mod_security2-2.9.2-150000.3.9.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.9.1 apache2-mod_security2-debugsource-2.9.2-150000.3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): apache2-mod_security2-2.9.2-150000.3.9.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.9.1 apache2-mod_security2-debugsource-2.9.2-150000.3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): apache2-mod_security2-2.9.2-150000.3.9.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.9.1 apache2-mod_security2-debugsource-2.9.2-150000.3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): apache2-mod_security2-2.9.2-150000.3.9.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.9.1 apache2-mod_security2-debugsource-2.9.2-150000.3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): apache2-mod_security2-2.9.2-150000.3.9.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.9.1 apache2-mod_security2-debugsource-2.9.2-150000.3.9.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): apache2-mod_security2-2.9.2-150000.3.9.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.9.1 apache2-mod_security2-debugsource-2.9.2-150000.3.9.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): apache2-mod_security2-2.9.2-150000.3.9.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.9.1 apache2-mod_security2-debugsource-2.9.2-150000.3.9.1 - SUSE CaaS Platform 4.0 (x86_64): apache2-mod_security2-2.9.2-150000.3.9.1 apache2-mod_security2-debuginfo-2.9.2-150000.3.9.1 apache2-mod_security2-debugsource-2.9.2-150000.3.9.1 References: https://www.suse.com/security/cve/CVE-2023-24021.html https://bugzilla.suse.com/1207379 From sle-updates at lists.suse.com Sat Feb 18 08:04:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Feb 2023 09:04:29 +0100 (CET) Subject: SUSE-CU-2023:398-1: Recommended update of suse/sle15 Message-ID: <20230218080429.39FC7F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:398-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.737 Container Release : 6.2.737 Severity : moderate Type : recommended References : 1194038 1205646 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:446-1 Released: Fri Feb 17 09:52:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). The following package changes have been done: - libblkid1-2.33.2-150100.4.32.1 updated - libfdisk1-2.33.2-150100.4.32.1 updated - libmount1-2.33.2-150100.4.32.1 updated - libsmartcols1-2.33.2-150100.4.32.1 updated - libuuid1-2.33.2-150100.4.32.1 updated - util-linux-2.33.2-150100.4.32.1 updated From sle-updates at lists.suse.com Sat Feb 18 08:06:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Feb 2023 09:06:08 +0100 (CET) Subject: SUSE-CU-2023:399-1: Recommended update of suse/sle15 Message-ID: <20230218080608.AEB4FF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:399-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.262 Container Release : 9.5.262 Severity : moderate Type : recommended References : 1194038 1205646 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:446-1 Released: Fri Feb 17 09:52:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). The following package changes have been done: - libblkid1-2.33.2-150100.4.32.1 updated - libfdisk1-2.33.2-150100.4.32.1 updated - libmount1-2.33.2-150100.4.32.1 updated - libsmartcols1-2.33.2-150100.4.32.1 updated - libuuid1-2.33.2-150100.4.32.1 updated - util-linux-2.33.2-150100.4.32.1 updated From sle-updates at lists.suse.com Mon Feb 20 11:18:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Feb 2023 12:18:15 +0100 (CET) Subject: SUSE-SU-2023:0451-1: moderate: Security update for postgresql-jdbc Message-ID: <20230220111815.2E4FFFCFA@maintenance.suse.de> SUSE Security Update: Security update for postgresql-jdbc ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0451-1 Rating: moderate References: #1206921 Cross-References: CVE-2022-41946 CVSS scores: CVE-2022-41946 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41946 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql-jdbc fixes the following issues: - CVE-2022-41946: Fixed a local information disclosure issue due to improper handling of temporary files (bsc#1206921). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-451=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-451=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): postgresql-jdbc-42.2.25-150300.3.11.2 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): postgresql-jdbc-42.2.25-150300.3.11.2 References: https://www.suse.com/security/cve/CVE-2022-41946.html https://bugzilla.suse.com/1206921 From sle-updates at lists.suse.com Mon Feb 20 11:18:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Feb 2023 12:18:55 +0100 (CET) Subject: SUSE-RU-2023:0449-1: important: Recommended update for python-pylint Message-ID: <20230220111855.6E0D5FCFA@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-pylint ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0449-1 Rating: important References: #1206991 MSC-556 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update releases the python-pylint to the PackageHub Subpackages. (bsc#1206991, ijsc#MSC-556) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-449=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-449=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-editdistance-debuginfo-0.3.1-150000.3.2.1 python-editdistance-debugsource-0.3.1-150000.3.2.1 python3-editdistance-0.3.1-150000.3.2.1 python3-editdistance-debuginfo-0.3.1-150000.3.2.1 - openSUSE Leap 15.4 (noarch): python3-mccabe-0.6.1-150000.3.2.1 python3-pylint-1.8.2-150000.3.5.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): python3-editdistance-0.3.1-150000.3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): python3-mccabe-0.6.1-150000.3.2.1 python3-pylint-1.8.2-150000.3.5.2 References: https://bugzilla.suse.com/1206991 From sle-updates at lists.suse.com Mon Feb 20 11:19:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Feb 2023 12:19:55 +0100 (CET) Subject: SUSE-SU-2023:0450-1: important: Security update for postgresql12 Message-ID: <20230220111955.A6C9EFCFA@maintenance.suse.de> SUSE Security Update: Security update for postgresql12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0450-1 Rating: important References: #1208102 Cross-References: CVE-2022-41862 CVSS scores: CVE-2022-41862 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql12 fixes the following issues: Update to 12.14: - CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-450=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-450=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-450=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-450=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-450=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-450=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-450=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-450=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-450=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-450=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): postgresql12-12.14-150200.8.41.1 postgresql12-contrib-12.14-150200.8.41.1 postgresql12-contrib-debuginfo-12.14-150200.8.41.1 postgresql12-debuginfo-12.14-150200.8.41.1 postgresql12-debugsource-12.14-150200.8.41.1 postgresql12-devel-12.14-150200.8.41.1 postgresql12-devel-debuginfo-12.14-150200.8.41.1 postgresql12-llvmjit-12.14-150200.8.41.1 postgresql12-llvmjit-debuginfo-12.14-150200.8.41.1 postgresql12-llvmjit-devel-12.14-150200.8.41.1 postgresql12-plperl-12.14-150200.8.41.1 postgresql12-plperl-debuginfo-12.14-150200.8.41.1 postgresql12-plpython-12.14-150200.8.41.1 postgresql12-plpython-debuginfo-12.14-150200.8.41.1 postgresql12-pltcl-12.14-150200.8.41.1 postgresql12-pltcl-debuginfo-12.14-150200.8.41.1 postgresql12-server-12.14-150200.8.41.1 postgresql12-server-debuginfo-12.14-150200.8.41.1 postgresql12-server-devel-12.14-150200.8.41.1 postgresql12-server-devel-debuginfo-12.14-150200.8.41.1 postgresql12-test-12.14-150200.8.41.1 - openSUSE Leap 15.4 (noarch): postgresql12-docs-12.14-150200.8.41.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): postgresql12-12.14-150200.8.41.1 postgresql12-contrib-12.14-150200.8.41.1 postgresql12-contrib-debuginfo-12.14-150200.8.41.1 postgresql12-debuginfo-12.14-150200.8.41.1 postgresql12-debugsource-12.14-150200.8.41.1 postgresql12-devel-12.14-150200.8.41.1 postgresql12-devel-debuginfo-12.14-150200.8.41.1 postgresql12-plperl-12.14-150200.8.41.1 postgresql12-plperl-debuginfo-12.14-150200.8.41.1 postgresql12-plpython-12.14-150200.8.41.1 postgresql12-plpython-debuginfo-12.14-150200.8.41.1 postgresql12-pltcl-12.14-150200.8.41.1 postgresql12-pltcl-debuginfo-12.14-150200.8.41.1 postgresql12-server-12.14-150200.8.41.1 postgresql12-server-debuginfo-12.14-150200.8.41.1 postgresql12-server-devel-12.14-150200.8.41.1 postgresql12-server-devel-debuginfo-12.14-150200.8.41.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch): postgresql12-docs-12.14-150200.8.41.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): postgresql12-12.14-150200.8.41.1 postgresql12-contrib-12.14-150200.8.41.1 postgresql12-contrib-debuginfo-12.14-150200.8.41.1 postgresql12-debuginfo-12.14-150200.8.41.1 postgresql12-debugsource-12.14-150200.8.41.1 postgresql12-devel-12.14-150200.8.41.1 postgresql12-devel-debuginfo-12.14-150200.8.41.1 postgresql12-plperl-12.14-150200.8.41.1 postgresql12-plperl-debuginfo-12.14-150200.8.41.1 postgresql12-plpython-12.14-150200.8.41.1 postgresql12-plpython-debuginfo-12.14-150200.8.41.1 postgresql12-pltcl-12.14-150200.8.41.1 postgresql12-pltcl-debuginfo-12.14-150200.8.41.1 postgresql12-server-12.14-150200.8.41.1 postgresql12-server-debuginfo-12.14-150200.8.41.1 postgresql12-server-devel-12.14-150200.8.41.1 postgresql12-server-devel-debuginfo-12.14-150200.8.41.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): postgresql12-docs-12.14-150200.8.41.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): postgresql12-12.14-150200.8.41.1 postgresql12-contrib-12.14-150200.8.41.1 postgresql12-contrib-debuginfo-12.14-150200.8.41.1 postgresql12-debuginfo-12.14-150200.8.41.1 postgresql12-debugsource-12.14-150200.8.41.1 postgresql12-devel-12.14-150200.8.41.1 postgresql12-devel-debuginfo-12.14-150200.8.41.1 postgresql12-plperl-12.14-150200.8.41.1 postgresql12-plperl-debuginfo-12.14-150200.8.41.1 postgresql12-plpython-12.14-150200.8.41.1 postgresql12-plpython-debuginfo-12.14-150200.8.41.1 postgresql12-pltcl-12.14-150200.8.41.1 postgresql12-pltcl-debuginfo-12.14-150200.8.41.1 postgresql12-server-12.14-150200.8.41.1 postgresql12-server-debuginfo-12.14-150200.8.41.1 postgresql12-server-devel-12.14-150200.8.41.1 postgresql12-server-devel-debuginfo-12.14-150200.8.41.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): postgresql12-docs-12.14-150200.8.41.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): postgresql12-12.14-150200.8.41.1 postgresql12-contrib-12.14-150200.8.41.1 postgresql12-contrib-debuginfo-12.14-150200.8.41.1 postgresql12-debuginfo-12.14-150200.8.41.1 postgresql12-debugsource-12.14-150200.8.41.1 postgresql12-devel-12.14-150200.8.41.1 postgresql12-devel-debuginfo-12.14-150200.8.41.1 postgresql12-plperl-12.14-150200.8.41.1 postgresql12-plperl-debuginfo-12.14-150200.8.41.1 postgresql12-plpython-12.14-150200.8.41.1 postgresql12-plpython-debuginfo-12.14-150200.8.41.1 postgresql12-pltcl-12.14-150200.8.41.1 postgresql12-pltcl-debuginfo-12.14-150200.8.41.1 postgresql12-server-12.14-150200.8.41.1 postgresql12-server-debuginfo-12.14-150200.8.41.1 postgresql12-server-devel-12.14-150200.8.41.1 postgresql12-server-devel-debuginfo-12.14-150200.8.41.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): postgresql12-docs-12.14-150200.8.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): postgresql12-12.14-150200.8.41.1 postgresql12-contrib-12.14-150200.8.41.1 postgresql12-contrib-debuginfo-12.14-150200.8.41.1 postgresql12-debuginfo-12.14-150200.8.41.1 postgresql12-debugsource-12.14-150200.8.41.1 postgresql12-devel-12.14-150200.8.41.1 postgresql12-devel-debuginfo-12.14-150200.8.41.1 postgresql12-plperl-12.14-150200.8.41.1 postgresql12-plperl-debuginfo-12.14-150200.8.41.1 postgresql12-plpython-12.14-150200.8.41.1 postgresql12-plpython-debuginfo-12.14-150200.8.41.1 postgresql12-pltcl-12.14-150200.8.41.1 postgresql12-pltcl-debuginfo-12.14-150200.8.41.1 postgresql12-server-12.14-150200.8.41.1 postgresql12-server-debuginfo-12.14-150200.8.41.1 postgresql12-server-devel-12.14-150200.8.41.1 postgresql12-server-devel-debuginfo-12.14-150200.8.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): postgresql12-docs-12.14-150200.8.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): postgresql12-12.14-150200.8.41.1 postgresql12-contrib-12.14-150200.8.41.1 postgresql12-contrib-debuginfo-12.14-150200.8.41.1 postgresql12-debuginfo-12.14-150200.8.41.1 postgresql12-debugsource-12.14-150200.8.41.1 postgresql12-devel-12.14-150200.8.41.1 postgresql12-devel-debuginfo-12.14-150200.8.41.1 postgresql12-plperl-12.14-150200.8.41.1 postgresql12-plperl-debuginfo-12.14-150200.8.41.1 postgresql12-plpython-12.14-150200.8.41.1 postgresql12-plpython-debuginfo-12.14-150200.8.41.1 postgresql12-pltcl-12.14-150200.8.41.1 postgresql12-pltcl-debuginfo-12.14-150200.8.41.1 postgresql12-server-12.14-150200.8.41.1 postgresql12-server-debuginfo-12.14-150200.8.41.1 postgresql12-server-devel-12.14-150200.8.41.1 postgresql12-server-devel-debuginfo-12.14-150200.8.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): postgresql12-docs-12.14-150200.8.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): postgresql12-12.14-150200.8.41.1 postgresql12-contrib-12.14-150200.8.41.1 postgresql12-contrib-debuginfo-12.14-150200.8.41.1 postgresql12-debuginfo-12.14-150200.8.41.1 postgresql12-debugsource-12.14-150200.8.41.1 postgresql12-devel-12.14-150200.8.41.1 postgresql12-devel-debuginfo-12.14-150200.8.41.1 postgresql12-plperl-12.14-150200.8.41.1 postgresql12-plperl-debuginfo-12.14-150200.8.41.1 postgresql12-plpython-12.14-150200.8.41.1 postgresql12-plpython-debuginfo-12.14-150200.8.41.1 postgresql12-pltcl-12.14-150200.8.41.1 postgresql12-pltcl-debuginfo-12.14-150200.8.41.1 postgresql12-server-12.14-150200.8.41.1 postgresql12-server-debuginfo-12.14-150200.8.41.1 postgresql12-server-devel-12.14-150200.8.41.1 postgresql12-server-devel-debuginfo-12.14-150200.8.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): postgresql12-docs-12.14-150200.8.41.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): postgresql12-12.14-150200.8.41.1 postgresql12-contrib-12.14-150200.8.41.1 postgresql12-contrib-debuginfo-12.14-150200.8.41.1 postgresql12-debuginfo-12.14-150200.8.41.1 postgresql12-debugsource-12.14-150200.8.41.1 postgresql12-devel-12.14-150200.8.41.1 postgresql12-devel-debuginfo-12.14-150200.8.41.1 postgresql12-plperl-12.14-150200.8.41.1 postgresql12-plperl-debuginfo-12.14-150200.8.41.1 postgresql12-plpython-12.14-150200.8.41.1 postgresql12-plpython-debuginfo-12.14-150200.8.41.1 postgresql12-pltcl-12.14-150200.8.41.1 postgresql12-pltcl-debuginfo-12.14-150200.8.41.1 postgresql12-server-12.14-150200.8.41.1 postgresql12-server-debuginfo-12.14-150200.8.41.1 postgresql12-server-devel-12.14-150200.8.41.1 postgresql12-server-devel-debuginfo-12.14-150200.8.41.1 - SUSE Enterprise Storage 7.1 (noarch): postgresql12-docs-12.14-150200.8.41.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): postgresql12-12.14-150200.8.41.1 postgresql12-contrib-12.14-150200.8.41.1 postgresql12-contrib-debuginfo-12.14-150200.8.41.1 postgresql12-debuginfo-12.14-150200.8.41.1 postgresql12-debugsource-12.14-150200.8.41.1 postgresql12-devel-12.14-150200.8.41.1 postgresql12-devel-debuginfo-12.14-150200.8.41.1 postgresql12-plperl-12.14-150200.8.41.1 postgresql12-plperl-debuginfo-12.14-150200.8.41.1 postgresql12-plpython-12.14-150200.8.41.1 postgresql12-plpython-debuginfo-12.14-150200.8.41.1 postgresql12-pltcl-12.14-150200.8.41.1 postgresql12-pltcl-debuginfo-12.14-150200.8.41.1 postgresql12-server-12.14-150200.8.41.1 postgresql12-server-debuginfo-12.14-150200.8.41.1 postgresql12-server-devel-12.14-150200.8.41.1 postgresql12-server-devel-debuginfo-12.14-150200.8.41.1 - SUSE Enterprise Storage 7 (noarch): postgresql12-docs-12.14-150200.8.41.1 References: https://www.suse.com/security/cve/CVE-2022-41862.html https://bugzilla.suse.com/1208102 From sle-updates at lists.suse.com Mon Feb 20 14:17:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Feb 2023 15:17:14 +0100 (CET) Subject: SUSE-RU-2023:0452-1: moderate: Recommended update for build Message-ID: <20230220141714.76592FD89@maintenance.suse.de> SUSE Recommended Update: Recommended update for build ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0452-1 Rating: moderate References: PED-3410 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for build fixes the following issues: build was updated to the current version: - CycloneDX SBOM support added - added support for generating VCS url information into rpms - SPDX SBOM generation for container and product builds - Revert & Redo "Better filetype detection for temp changes files" - Fix typo in glibc hwcaps supplements - Implement lua string macros - configure mkbaselibs to create glibc-hwcaps baselibs as well - Better filetype detection for temp changes files - Add hook to run checks after mkbaselibs run - Delete leftover multilinedefine variable definition - Support multiline macros in the config's macro sections - Support #!BuildConstraint lines - Support #!BuildTarget in spec files to set the build target (as workaround of broken BuildArch in rpm since 2001) - Support a regexp for file renames - Set home to /root when running build time services - INCOMPATIBLE CHANGE: get rid off the power8 cpu limitation (#889) on powerpc - Add handling of non-compressed tar when creating Debian archive for DSC 3.0 - Add automatic build-in-place detection - Support dist/package subdir builds in pbuild - Skip iothreads on QEMU 7.1.0 - Fix permissions of /dev/pts/ptmx - Add license to container package list output - initial SP5 build configurations - vm-type:qemu use virtio on x86_64 - Improve installation of obs-docker-support for multi-stage builds - Tweak ARG handling in dockerfile parser - fixed Undefined subroutine &PBuild::Job::ls issue - Add missing dependencies from vc as Recommends - sync factory build config - build-recipe-livebuild: run as root - vm_kill_kvm: Use SIGKILL after 3 minutes if the kvm process is not going away - Zip: Allow extraction of symlink targets - Convert obsolete egrep/fgrep calls to grep -E/-F - Add RemoteAsset support for Dockerfile based builds - new image format: mkosi - Support stacked container builds - Revert "build-vm-kvm: enable l3-cache on i386/x86_64 builds" - handling of non-compressed tar when creating Debian archive for DSC 3.0 - kvm: exclude powerpc from io_uring, enable iothreads always (#829) - kvm: enable more performant I/O also for s390(x) (#828) - Changelog patching when building DSC format 3.0. (#831) - support for building from slsa provenance files Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-452=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-452=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-452=1 Package List: - openSUSE Leap 15.4 (noarch): build-20230215-150200.15.1 build-initvm-aarch64-20230215-150200.15.1 build-initvm-powerpc64le-20230215-150200.15.1 build-initvm-s390x-20230215-150200.15.1 build-initvm-x86_64-20230215-150200.15.1 build-mkbaselibs-20230215-150200.15.1 build-mkdrpms-20230215-150200.15.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): build-20230215-150200.15.1 build-mkbaselibs-20230215-150200.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): build-20230215-150200.15.1 build-mkbaselibs-20230215-150200.15.1 References: From sle-updates at lists.suse.com Mon Feb 20 14:17:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Feb 2023 15:17:52 +0100 (CET) Subject: SUSE-SU-2023:0453-1: critical: Security update for clamav Message-ID: <20230220141752.6D9E2FD89@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0453-1 Rating: critical References: #1208363 #1208365 Cross-References: CVE-2023-20032 CVE-2023-20052 CVSS scores: CVE-2023-20032 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2023-20052 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for clamav fixes the following issues: - CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser (bsc#1208363). - CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser (bsc#1208365). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-453=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-453=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-453=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-453=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-453=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): clamav-0.103.8-33.53.1 clamav-debuginfo-0.103.8-33.53.1 clamav-debugsource-0.103.8-33.53.1 - SUSE OpenStack Cloud 9 (x86_64): clamav-0.103.8-33.53.1 clamav-debuginfo-0.103.8-33.53.1 clamav-debugsource-0.103.8-33.53.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): clamav-0.103.8-33.53.1 clamav-debuginfo-0.103.8-33.53.1 clamav-debugsource-0.103.8-33.53.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): clamav-0.103.8-33.53.1 clamav-debuginfo-0.103.8-33.53.1 clamav-debugsource-0.103.8-33.53.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): clamav-0.103.8-33.53.1 clamav-debuginfo-0.103.8-33.53.1 clamav-debugsource-0.103.8-33.53.1 References: https://www.suse.com/security/cve/CVE-2023-20032.html https://www.suse.com/security/cve/CVE-2023-20052.html https://bugzilla.suse.com/1208363 https://bugzilla.suse.com/1208365 From sle-updates at lists.suse.com Mon Feb 20 17:18:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Feb 2023 18:18:18 +0100 (CET) Subject: SUSE-SU-2023:0456-1: important: Security update for ucode-intel Message-ID: <20230220171818.CEA6AFD89@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0456-1 Rating: important References: #1208275 #1208276 #1208277 Cross-References: CVE-2022-21216 CVE-2022-33196 CVE-2022-38090 CVSS scores: CVE-2022-21216 (NVD) : 7.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L CVE-2022-21216 (SUSE): 7.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L CVE-2022-33196 (NVD) : 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N CVE-2022-33196 (SUSE): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N CVE-2022-38090 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVE-2022-38090 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20230214 release. Security issues fixed: - CVE-2022-38090: Security updates for [INTEL-SA-00767](https://www.intel.com/content/www/us/en/security-center/ad visory/intel-sa-00767.html) (bsc#1208275) - CVE-2022-33196: Security updates for [INTEL-SA-00738](https://www.intel.com/content/www/us/en/security-center/ad visory/intel-sa-00738.html) (bsc#1208276) - CVE-2022-21216: Security updates for [INTEL-SA-00700](https://www.intel.com/content/www/us/en/security-center/ad visory/intel-sa-00700.html) (bsc#1208277) - New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SPR-SP | E2 | 06-8f-05/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-HBM | B3 | 06-8f-08/10 | | 2c000170 | Xeon Max | RPL-P 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-H 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-02/07 | | 0000410e | Core Gen13 - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-97-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12 | CLX-SP | B0 | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2 | CPX-SP | A1 | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-D | B0 | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3 | JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105 | LKF | B2/B3 | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11 | RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13 | SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-456=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): ucode-intel-20230214-3.49.1 ucode-intel-debuginfo-20230214-3.49.1 ucode-intel-debugsource-20230214-3.49.1 References: https://www.suse.com/security/cve/CVE-2022-21216.html https://www.suse.com/security/cve/CVE-2022-33196.html https://www.suse.com/security/cve/CVE-2022-38090.html https://bugzilla.suse.com/1208275 https://bugzilla.suse.com/1208276 https://bugzilla.suse.com/1208277 From sle-updates at lists.suse.com Mon Feb 20 17:19:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Feb 2023 18:19:04 +0100 (CET) Subject: SUSE-SU-2023:0460-1: important: Security update for prometheus-ha_cluster_exporter Message-ID: <20230220171904.C176AFD89@maintenance.suse.de> SUSE Security Update: Security update for prometheus-ha_cluster_exporter ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0460-1 Rating: important References: #1208046 #1208047 Cross-References: CVE-2022-46146 CVSS scores: CVE-2022-46146 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-46146 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for prometheus-ha_cluster_exporter fixes the following issues: Updated to version 1.3.1: - CVE-2022-46146: Fixed authentication bypass via cache poisoning in prometheus/exporter-toolkit (bsc#1208046, bsc#1208047). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2023-460=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (aarch64 ppc64le s390x x86_64): prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-150000.1.24.1 References: https://www.suse.com/security/cve/CVE-2022-46146.html https://bugzilla.suse.com/1208046 https://bugzilla.suse.com/1208047 From sle-updates at lists.suse.com Mon Feb 20 17:19:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Feb 2023 18:19:50 +0100 (CET) Subject: SUSE-SU-2023:0454-1: important: Security update for ucode-intel Message-ID: <20230220171950.43CB8FD89@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0454-1 Rating: important References: #1208275 #1208276 #1208277 Cross-References: CVE-2022-21216 CVE-2022-33196 CVE-2022-38090 CVSS scores: CVE-2022-21216 (NVD) : 7.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L CVE-2022-21216 (SUSE): 7.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L CVE-2022-33196 (NVD) : 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N CVE-2022-33196 (SUSE): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N CVE-2022-38090 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVE-2022-38090 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20230214 release. Security issues fixed: - CVE-2022-38090: Security updates for [INTEL-SA-00767](https://www.intel.com/content/www/us/en/security-center/ad visory/intel-sa-00767.html) (bsc#1208275) - CVE-2022-33196: Security updates for [INTEL-SA-00738](https://www.intel.com/content/www/us/en/security-center/ad visory/intel-sa-00738.html) (bsc#1208276) - CVE-2022-21216: Security updates for [INTEL-SA-00700](https://www.intel.com/content/www/us/en/security-center/ad visory/intel-sa-00700.html) (bsc#1208277) - New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SPR-SP | E2 | 06-8f-05/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-HBM | B3 | 06-8f-08/10 | | 2c000170 | Xeon Max | RPL-P 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-H 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-02/07 | | 0000410e | Core Gen13 - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-97-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12 | CLX-SP | B0 | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2 | CPX-SP | A1 | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-D | B0 | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3 | JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105 | LKF | B2/B3 | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11 | RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13 | SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-454=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-454=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-454=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): ucode-intel-20230214-150100.3.217.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): ucode-intel-20230214-150100.3.217.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): ucode-intel-20230214-150100.3.217.1 - SUSE CaaS Platform 4.0 (x86_64): ucode-intel-20230214-150100.3.217.1 References: https://www.suse.com/security/cve/CVE-2022-21216.html https://www.suse.com/security/cve/CVE-2022-33196.html https://www.suse.com/security/cve/CVE-2022-38090.html https://bugzilla.suse.com/1208275 https://bugzilla.suse.com/1208276 https://bugzilla.suse.com/1208277 From sle-updates at lists.suse.com Mon Feb 20 17:21:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Feb 2023 18:21:11 +0100 (CET) Subject: SUSE-SU-2023:0461-1: important: Security update for MozillaFirefox Message-ID: <20230220172111.8A918FD89@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0461-1 Rating: important References: #1208138 #1208144 Cross-References: CVE-2023-0767 CVE-2023-25728 CVE-2023-25729 CVE-2023-25730 CVE-2023-25732 CVE-2023-25734 CVE-2023-25735 CVE-2023-25737 CVE-2023-25738 CVE-2023-25739 CVE-2023-25742 CVE-2023-25743 CVE-2023-25744 CVE-2023-25746 CVSS scores: CVE-2023-0767 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Updated to version 102.8.0 ESR (bsc#1208144): - CVE-2023-25728: Fixed content security policy leak in violation reports using iframes. - CVE-2023-25730: Fixed screen hijack via browser fullscreen mode. - CVE-2023-25743: Fixed Fullscreen notification not being shown in Firefox Focus. - CVE-2023-0767: Fixed arbitrary memory write via PKCS 12 in NSS. - CVE-2023-25735: Fixed potential use-after-free from compartment mismatch in SpiderMonkey. - CVE-2023-25737: Fixed invalid downcast in SVGUtils::SetupStrokeGeometry. - CVE-2023-25738: Fixed printing on Windows which could potentially crash Firefox with some device drivers. - CVE-2023-25739: Fixed use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext. - CVE-2023-25729: Fixed extensions opening external schemes without user knowledge. - CVE-2023-25732: Fixed out of bounds memory write from EncodeInputStream. - CVE-2023-25734: Fixed opening local .url files that causes unexpected network loads. - CVE-2023-25742: Fixed tab crash by Web Crypto ImportKey. - CVE-2023-25744: Fixed Memory safety bugs. - CVE-2023-25746: Fixed Memory safety bugs. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-461=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-461=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-461=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-461=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-461=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-461=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-461=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-461=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-461=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-461=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-461=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-461=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.8.0-150200.152.78.1 MozillaFirefox-branding-upstream-102.8.0-150200.152.78.1 MozillaFirefox-debuginfo-102.8.0-150200.152.78.1 MozillaFirefox-debugsource-102.8.0-150200.152.78.1 MozillaFirefox-devel-102.8.0-150200.152.78.1 MozillaFirefox-translations-common-102.8.0-150200.152.78.1 MozillaFirefox-translations-other-102.8.0-150200.152.78.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): MozillaFirefox-102.8.0-150200.152.78.1 MozillaFirefox-debuginfo-102.8.0-150200.152.78.1 MozillaFirefox-debugsource-102.8.0-150200.152.78.1 MozillaFirefox-devel-102.8.0-150200.152.78.1 MozillaFirefox-translations-common-102.8.0-150200.152.78.1 MozillaFirefox-translations-other-102.8.0-150200.152.78.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): MozillaFirefox-102.8.0-150200.152.78.1 MozillaFirefox-debuginfo-102.8.0-150200.152.78.1 MozillaFirefox-debugsource-102.8.0-150200.152.78.1 MozillaFirefox-devel-102.8.0-150200.152.78.1 MozillaFirefox-translations-common-102.8.0-150200.152.78.1 MozillaFirefox-translations-other-102.8.0-150200.152.78.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.8.0-150200.152.78.1 MozillaFirefox-debuginfo-102.8.0-150200.152.78.1 MozillaFirefox-debugsource-102.8.0-150200.152.78.1 MozillaFirefox-translations-common-102.8.0-150200.152.78.1 MozillaFirefox-translations-other-102.8.0-150200.152.78.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le x86_64): MozillaFirefox-devel-102.8.0-150200.152.78.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.8.0-150200.152.78.1 MozillaFirefox-debuginfo-102.8.0-150200.152.78.1 MozillaFirefox-debugsource-102.8.0-150200.152.78.1 MozillaFirefox-devel-102.8.0-150200.152.78.1 MozillaFirefox-translations-common-102.8.0-150200.152.78.1 MozillaFirefox-translations-other-102.8.0-150200.152.78.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): MozillaFirefox-102.8.0-150200.152.78.1 MozillaFirefox-debuginfo-102.8.0-150200.152.78.1 MozillaFirefox-debugsource-102.8.0-150200.152.78.1 MozillaFirefox-devel-102.8.0-150200.152.78.1 MozillaFirefox-translations-common-102.8.0-150200.152.78.1 MozillaFirefox-translations-other-102.8.0-150200.152.78.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.8.0-150200.152.78.1 MozillaFirefox-debuginfo-102.8.0-150200.152.78.1 MozillaFirefox-debugsource-102.8.0-150200.152.78.1 MozillaFirefox-translations-common-102.8.0-150200.152.78.1 MozillaFirefox-translations-other-102.8.0-150200.152.78.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le x86_64): MozillaFirefox-devel-102.8.0-150200.152.78.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): MozillaFirefox-102.8.0-150200.152.78.1 MozillaFirefox-debuginfo-102.8.0-150200.152.78.1 MozillaFirefox-debugsource-102.8.0-150200.152.78.1 MozillaFirefox-devel-102.8.0-150200.152.78.1 MozillaFirefox-translations-common-102.8.0-150200.152.78.1 MozillaFirefox-translations-other-102.8.0-150200.152.78.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): MozillaFirefox-102.8.0-150200.152.78.1 MozillaFirefox-debuginfo-102.8.0-150200.152.78.1 MozillaFirefox-debugsource-102.8.0-150200.152.78.1 MozillaFirefox-devel-102.8.0-150200.152.78.1 MozillaFirefox-translations-common-102.8.0-150200.152.78.1 MozillaFirefox-translations-other-102.8.0-150200.152.78.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): MozillaFirefox-102.8.0-150200.152.78.1 MozillaFirefox-debuginfo-102.8.0-150200.152.78.1 MozillaFirefox-debugsource-102.8.0-150200.152.78.1 MozillaFirefox-devel-102.8.0-150200.152.78.1 MozillaFirefox-translations-common-102.8.0-150200.152.78.1 MozillaFirefox-translations-other-102.8.0-150200.152.78.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): MozillaFirefox-102.8.0-150200.152.78.1 MozillaFirefox-debuginfo-102.8.0-150200.152.78.1 MozillaFirefox-debugsource-102.8.0-150200.152.78.1 MozillaFirefox-devel-102.8.0-150200.152.78.1 MozillaFirefox-translations-common-102.8.0-150200.152.78.1 MozillaFirefox-translations-other-102.8.0-150200.152.78.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): MozillaFirefox-102.8.0-150200.152.78.1 MozillaFirefox-debuginfo-102.8.0-150200.152.78.1 MozillaFirefox-debugsource-102.8.0-150200.152.78.1 MozillaFirefox-devel-102.8.0-150200.152.78.1 MozillaFirefox-translations-common-102.8.0-150200.152.78.1 MozillaFirefox-translations-other-102.8.0-150200.152.78.1 References: https://www.suse.com/security/cve/CVE-2023-0767.html https://www.suse.com/security/cve/CVE-2023-25728.html https://www.suse.com/security/cve/CVE-2023-25729.html https://www.suse.com/security/cve/CVE-2023-25730.html https://www.suse.com/security/cve/CVE-2023-25732.html https://www.suse.com/security/cve/CVE-2023-25734.html https://www.suse.com/security/cve/CVE-2023-25735.html https://www.suse.com/security/cve/CVE-2023-25737.html https://www.suse.com/security/cve/CVE-2023-25738.html https://www.suse.com/security/cve/CVE-2023-25739.html https://www.suse.com/security/cve/CVE-2023-25742.html https://www.suse.com/security/cve/CVE-2023-25743.html https://www.suse.com/security/cve/CVE-2023-25744.html https://www.suse.com/security/cve/CVE-2023-25746.html https://bugzilla.suse.com/1208138 https://bugzilla.suse.com/1208144 From sle-updates at lists.suse.com Mon Feb 20 17:22:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Feb 2023 18:22:35 +0100 (CET) Subject: SUSE-RU-2023:0457-1: moderate: Recommended update for scap-security-guide Message-ID: <20230220172235.ED3A0FD89@maintenance.suse.de> SUSE Recommended Update: Recommended update for scap-security-guide ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0457-1 Rating: moderate References: ECO-3319 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 SUSE Manager Tools for SLE Micro 5 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for scap-security-guide fixes the following issues: scap-security-guide was updated to 0.1.66 (jsc#ECO-3319) - Ubuntu 22.04 CIS - OL7 stig v2r9 update - Bump OL8 STIG version to V1R4 - Update RHEL7 STIG to V3R10 - Update RHEL8 STIG to V1R9 - Introduce CIS RHEL9 profiles - also various SUSE profile fixes were done Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-457=1 - SUSE Manager Tools for SLE Micro 5: zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2023-457=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-457=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-457=1 Package List: - openSUSE Leap 15.4 (noarch): scap-security-guide-0.1.66-150000.1.56.1 scap-security-guide-debian-0.1.66-150000.1.56.1 scap-security-guide-redhat-0.1.66-150000.1.56.1 scap-security-guide-ubuntu-0.1.66-150000.1.56.1 - SUSE Manager Tools for SLE Micro 5 (noarch): scap-security-guide-0.1.66-150000.1.56.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): scap-security-guide-0.1.66-150000.1.56.1 scap-security-guide-debian-0.1.66-150000.1.56.1 scap-security-guide-redhat-0.1.66-150000.1.56.1 scap-security-guide-ubuntu-0.1.66-150000.1.56.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): scap-security-guide-0.1.66-150000.1.56.1 scap-security-guide-debian-0.1.66-150000.1.56.1 scap-security-guide-redhat-0.1.66-150000.1.56.1 scap-security-guide-ubuntu-0.1.66-150000.1.56.1 References: From sle-updates at lists.suse.com Mon Feb 20 17:23:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Feb 2023 18:23:21 +0100 (CET) Subject: SUSE-SU-2023:0455-1: important: Security update for ucode-intel Message-ID: <20230220172321.065FEFD89@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0455-1 Rating: important References: #1208275 #1208276 #1208277 Cross-References: CVE-2022-21216 CVE-2022-33196 CVE-2022-38090 CVSS scores: CVE-2022-21216 (NVD) : 7.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L CVE-2022-21216 (SUSE): 7.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L CVE-2022-33196 (NVD) : 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N CVE-2022-33196 (SUSE): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N CVE-2022-38090 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVE-2022-38090 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20230214 release. Security issues fixed: - CVE-2022-38090: Security updates for [INTEL-SA-00767](https://www.intel.com/content/www/us/en/security-center/ad visory/intel-sa-00767.html) (bsc#1208275) - CVE-2022-33196: Security updates for [INTEL-SA-00738](https://www.intel.com/content/www/us/en/security-center/ad visory/intel-sa-00738.html) (bsc#1208276) - CVE-2022-21216: Security updates for [INTEL-SA-00700](https://www.intel.com/content/www/us/en/security-center/ad visory/intel-sa-00700.html) (bsc#1208277) - New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SPR-SP | E2 | 06-8f-05/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-HBM | B3 | 06-8f-08/10 | | 2c000170 | Xeon Max | RPL-P 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-H 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-02/07 | | 0000410e | Core Gen13 - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-97-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12 | CLX-SP | B0 | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2 | CPX-SP | A1 | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-D | B0 | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3 | JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105 | LKF | B2/B3 | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11 | RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13 | SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-455=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-455=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-455=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-455=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-455=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ucode-intel-20230214-13.104.1 ucode-intel-debuginfo-20230214-13.104.1 ucode-intel-debugsource-20230214-13.104.1 - SUSE OpenStack Cloud 9 (x86_64): ucode-intel-20230214-13.104.1 ucode-intel-debuginfo-20230214-13.104.1 ucode-intel-debugsource-20230214-13.104.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): ucode-intel-20230214-13.104.1 ucode-intel-debuginfo-20230214-13.104.1 ucode-intel-debugsource-20230214-13.104.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): ucode-intel-20230214-13.104.1 ucode-intel-debuginfo-20230214-13.104.1 ucode-intel-debugsource-20230214-13.104.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ucode-intel-20230214-13.104.1 ucode-intel-debuginfo-20230214-13.104.1 ucode-intel-debugsource-20230214-13.104.1 References: https://www.suse.com/security/cve/CVE-2022-21216.html https://www.suse.com/security/cve/CVE-2022-33196.html https://www.suse.com/security/cve/CVE-2022-38090.html https://bugzilla.suse.com/1208275 https://bugzilla.suse.com/1208276 https://bugzilla.suse.com/1208277 From sle-updates at lists.suse.com Mon Feb 20 20:17:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Feb 2023 21:17:02 +0100 (CET) Subject: SUSE-SU-2023:0463-1: moderate: Security update for tar Message-ID: <20230220201702.9D032FD89@maintenance.suse.de> SUSE Security Update: Security update for tar ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0463-1 Rating: moderate References: #1202436 #1207753 Cross-References: CVE-2022-48303 CVSS scores: CVE-2022-48303 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-48303 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-463=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-463=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-463=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-463=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-463=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-463=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-463=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-463=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): tar-1.34-150000.3.31.1 tar-debuginfo-1.34-150000.3.31.1 tar-debugsource-1.34-150000.3.31.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): tar-1.34-150000.3.31.1 tar-debuginfo-1.34-150000.3.31.1 tar-debugsource-1.34-150000.3.31.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): tar-1.34-150000.3.31.1 tar-debuginfo-1.34-150000.3.31.1 tar-debugsource-1.34-150000.3.31.1 tar-rmt-1.34-150000.3.31.1 tar-rmt-debuginfo-1.34-150000.3.31.1 tar-tests-1.34-150000.3.31.1 tar-tests-debuginfo-1.34-150000.3.31.1 - openSUSE Leap 15.4 (noarch): tar-backup-scripts-1.34-150000.3.31.1 tar-doc-1.34-150000.3.31.1 tar-lang-1.34-150000.3.31.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): tar-lang-1.34-150000.3.31.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): tar-1.34-150000.3.31.1 tar-debuginfo-1.34-150000.3.31.1 tar-debugsource-1.34-150000.3.31.1 tar-rmt-1.34-150000.3.31.1 tar-rmt-debuginfo-1.34-150000.3.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): tar-1.34-150000.3.31.1 tar-debuginfo-1.34-150000.3.31.1 tar-debugsource-1.34-150000.3.31.1 tar-rmt-1.34-150000.3.31.1 tar-rmt-debuginfo-1.34-150000.3.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): tar-lang-1.34-150000.3.31.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): tar-1.34-150000.3.31.1 tar-debuginfo-1.34-150000.3.31.1 tar-debugsource-1.34-150000.3.31.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): tar-1.34-150000.3.31.1 tar-debuginfo-1.34-150000.3.31.1 tar-debugsource-1.34-150000.3.31.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): tar-1.34-150000.3.31.1 tar-debuginfo-1.34-150000.3.31.1 tar-debugsource-1.34-150000.3.31.1 References: https://www.suse.com/security/cve/CVE-2022-48303.html https://bugzilla.suse.com/1202436 https://bugzilla.suse.com/1207753 From sle-updates at lists.suse.com Mon Feb 20 20:18:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Feb 2023 21:18:00 +0100 (CET) Subject: SUSE-RU-2023:0464-1: moderate: Recommended update for systemd Message-ID: <20230220201800.D7027FD89@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2023:0464-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-464=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-464=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-464=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-464=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): libsystemd0-249.15-150400.8.22.1 libsystemd0-debuginfo-249.15-150400.8.22.1 libudev1-249.15-150400.8.22.1 libudev1-debuginfo-249.15-150400.8.22.1 systemd-249.15-150400.8.22.1 systemd-container-249.15-150400.8.22.1 systemd-container-debuginfo-249.15-150400.8.22.1 systemd-debuginfo-249.15-150400.8.22.1 systemd-debugsource-249.15-150400.8.22.1 systemd-journal-remote-249.15-150400.8.22.1 systemd-journal-remote-debuginfo-249.15-150400.8.22.1 systemd-sysvinit-249.15-150400.8.22.1 udev-249.15-150400.8.22.1 udev-debuginfo-249.15-150400.8.22.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libsystemd0-249.15-150400.8.22.1 libsystemd0-debuginfo-249.15-150400.8.22.1 libudev1-249.15-150400.8.22.1 libudev1-debuginfo-249.15-150400.8.22.1 nss-myhostname-249.15-150400.8.22.1 nss-myhostname-debuginfo-249.15-150400.8.22.1 nss-systemd-249.15-150400.8.22.1 nss-systemd-debuginfo-249.15-150400.8.22.1 systemd-249.15-150400.8.22.1 systemd-container-249.15-150400.8.22.1 systemd-container-debuginfo-249.15-150400.8.22.1 systemd-coredump-249.15-150400.8.22.1 systemd-coredump-debuginfo-249.15-150400.8.22.1 systemd-debuginfo-249.15-150400.8.22.1 systemd-debugsource-249.15-150400.8.22.1 systemd-devel-249.15-150400.8.22.1 systemd-doc-249.15-150400.8.22.1 systemd-experimental-249.15-150400.8.22.1 systemd-experimental-debuginfo-249.15-150400.8.22.1 systemd-journal-remote-249.15-150400.8.22.1 systemd-journal-remote-debuginfo-249.15-150400.8.22.1 systemd-network-249.15-150400.8.22.1 systemd-network-debuginfo-249.15-150400.8.22.1 systemd-portable-249.15-150400.8.22.1 systemd-portable-debuginfo-249.15-150400.8.22.1 systemd-sysvinit-249.15-150400.8.22.1 systemd-testsuite-249.15-150400.8.22.1 systemd-testsuite-debuginfo-249.15-150400.8.22.1 udev-249.15-150400.8.22.1 udev-debuginfo-249.15-150400.8.22.1 - openSUSE Leap 15.4 (noarch): systemd-lang-249.15-150400.8.22.1 - openSUSE Leap 15.4 (x86_64): libsystemd0-32bit-249.15-150400.8.22.1 libsystemd0-32bit-debuginfo-249.15-150400.8.22.1 libudev1-32bit-249.15-150400.8.22.1 libudev1-32bit-debuginfo-249.15-150400.8.22.1 nss-myhostname-32bit-249.15-150400.8.22.1 nss-myhostname-32bit-debuginfo-249.15-150400.8.22.1 systemd-32bit-249.15-150400.8.22.1 systemd-32bit-debuginfo-249.15-150400.8.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libsystemd0-249.15-150400.8.22.1 libsystemd0-debuginfo-249.15-150400.8.22.1 libudev1-249.15-150400.8.22.1 libudev1-debuginfo-249.15-150400.8.22.1 systemd-249.15-150400.8.22.1 systemd-container-249.15-150400.8.22.1 systemd-container-debuginfo-249.15-150400.8.22.1 systemd-coredump-249.15-150400.8.22.1 systemd-coredump-debuginfo-249.15-150400.8.22.1 systemd-debuginfo-249.15-150400.8.22.1 systemd-debugsource-249.15-150400.8.22.1 systemd-devel-249.15-150400.8.22.1 systemd-doc-249.15-150400.8.22.1 systemd-sysvinit-249.15-150400.8.22.1 udev-249.15-150400.8.22.1 udev-debuginfo-249.15-150400.8.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): systemd-lang-249.15-150400.8.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libsystemd0-32bit-249.15-150400.8.22.1 libsystemd0-32bit-debuginfo-249.15-150400.8.22.1 libudev1-32bit-249.15-150400.8.22.1 libudev1-32bit-debuginfo-249.15-150400.8.22.1 systemd-32bit-249.15-150400.8.22.1 systemd-32bit-debuginfo-249.15-150400.8.22.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libsystemd0-249.15-150400.8.22.1 libsystemd0-debuginfo-249.15-150400.8.22.1 libudev1-249.15-150400.8.22.1 libudev1-debuginfo-249.15-150400.8.22.1 systemd-249.15-150400.8.22.1 systemd-container-249.15-150400.8.22.1 systemd-container-debuginfo-249.15-150400.8.22.1 systemd-debuginfo-249.15-150400.8.22.1 systemd-debugsource-249.15-150400.8.22.1 systemd-journal-remote-249.15-150400.8.22.1 systemd-journal-remote-debuginfo-249.15-150400.8.22.1 systemd-sysvinit-249.15-150400.8.22.1 udev-249.15-150400.8.22.1 udev-debuginfo-249.15-150400.8.22.1 References: From sle-updates at lists.suse.com Mon Feb 20 23:17:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 00:17:43 +0100 (CET) Subject: SUSE-SU-2023:0465-1: important: Security update for prometheus-ha_cluster_exporter Message-ID: <20230220231743.D1448FD89@maintenance.suse.de> SUSE Security Update: Security update for prometheus-ha_cluster_exporter ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0465-1 Rating: important References: #1208046 #1208047 Cross-References: CVE-2022-46146 CVSS scores: CVE-2022-46146 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-46146 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for prometheus-ha_cluster_exporter fixes the following issues: Updated to version 1.3.1: - CVE-2022-46146: Fixed authentication bypass via cache poisoning in prometheus/exporter-toolkit (bsc#1208046, bsc#1208047). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-465=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-465=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2023-465=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2023-465=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-150200.3.21.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (aarch64 ppc64le s390x x86_64): prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-150200.3.21.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (aarch64 ppc64le s390x x86_64): prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-150200.3.21.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (aarch64 ppc64le s390x x86_64): prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-150200.3.21.1 References: https://www.suse.com/security/cve/CVE-2022-46146.html https://bugzilla.suse.com/1208046 https://bugzilla.suse.com/1208047 From sle-updates at lists.suse.com Tue Feb 21 08:03:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 09:03:44 +0100 (CET) Subject: SUSE-CU-2023:405-1: Recommended update of suse/389-ds Message-ID: <20230221080344.97E83FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:405-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-19.23 , suse/389-ds:latest Container Release : 19.23 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - libsystemd0-249.15-150400.8.22.1 updated - container:sles15-image-15.0.0-27.14.36 updated From sle-updates at lists.suse.com Tue Feb 21 08:04:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 09:04:13 +0100 (CET) Subject: SUSE-CU-2023:406-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230221080413.7F382FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:406-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-27.94 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-27.94 Container Release : 27.94 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - libsystemd0-249.15-150400.8.22.1 updated - container:sles15-image-15.0.0-27.14.36 updated From sle-updates at lists.suse.com Tue Feb 21 08:04:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 09:04:48 +0100 (CET) Subject: SUSE-CU-2023:407-1: Recommended update of bci/dotnet-sdk Message-ID: <20230221080448.71E9DFCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:407-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-35.93 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-35.93 Container Release : 35.93 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - libsystemd0-249.15-150400.8.22.1 updated - container:sles15-image-15.0.0-27.14.36 updated From sle-updates at lists.suse.com Tue Feb 21 08:05:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 09:05:19 +0100 (CET) Subject: SUSE-CU-2023:408-1: Recommended update of bci/dotnet-runtime Message-ID: <20230221080519.F0379FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:408-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-34.92 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-34.92 Container Release : 34.92 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - libsystemd0-249.15-150400.8.22.1 updated - container:sles15-image-15.0.0-27.14.36 updated From sle-updates at lists.suse.com Tue Feb 21 08:05:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 09:05:41 +0100 (CET) Subject: SUSE-CU-2023:409-1: Recommended update of bci/golang Message-ID: <20230221080541.56070FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:409-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-20.21 , bci/golang:latest Container Release : 20.21 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - libudev1-249.15-150400.8.22.1 updated - libsystemd0-249.15-150400.8.22.1 updated - container:sles15-image-15.0.0-27.14.36 updated From sle-updates at lists.suse.com Tue Feb 21 08:06:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 09:06:08 +0100 (CET) Subject: SUSE-CU-2023:410-1: Recommended update of bci/nodejs Message-ID: <20230221080608.9BD14FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:410-1 Container Tags : bci/node:14 , bci/node:14-36.36 , bci/nodejs:14 , bci/nodejs:14-36.36 Container Release : 36.36 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - libudev1-249.15-150400.8.22.1 updated - libsystemd0-249.15-150400.8.22.1 updated - container:sles15-image-15.0.0-27.14.36 updated From sle-updates at lists.suse.com Tue Feb 21 08:06:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 09:06:30 +0100 (CET) Subject: SUSE-CU-2023:411-1: Recommended update of bci/nodejs Message-ID: <20230221080630.5988DFCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:411-1 Container Tags : bci/node:16 , bci/node:16-13.19 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-13.19 , bci/nodejs:latest Container Release : 13.19 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - libudev1-249.15-150400.8.22.1 updated - libsystemd0-249.15-150400.8.22.1 updated - container:sles15-image-15.0.0-27.14.36 updated From sle-updates at lists.suse.com Tue Feb 21 08:07:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 09:07:06 +0100 (CET) Subject: SUSE-CU-2023:412-1: Recommended update of bci/openjdk-devel Message-ID: <20230221080706.9314DFCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:412-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-38.80 Container Release : 38.80 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - libudev1-249.15-150400.8.22.1 updated - libsystemd0-249.15-150400.8.22.1 updated - container:bci-openjdk-11-15.4.11-34.38 updated From sle-updates at lists.suse.com Tue Feb 21 08:07:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 09:07:36 +0100 (CET) Subject: SUSE-CU-2023:413-1: Recommended update of bci/openjdk Message-ID: <20230221080736.5C581FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:413-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-34.38 Container Release : 34.38 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - libsystemd0-249.15-150400.8.22.1 updated - container:sles15-image-15.0.0-27.14.36 updated From sle-updates at lists.suse.com Tue Feb 21 08:07:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 09:07:48 +0100 (CET) Subject: SUSE-CU-2023:414-1: Recommended update of bci/openjdk-devel Message-ID: <20230221080748.3EE10FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:414-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-13.44 , bci/openjdk-devel:latest Container Release : 13.44 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - libudev1-249.15-150400.8.22.1 updated - libsystemd0-249.15-150400.8.22.1 updated - container:bci-openjdk-17-15.4.17-12.23 updated From sle-updates at lists.suse.com Tue Feb 21 08:07:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 09:07:57 +0100 (CET) Subject: SUSE-CU-2023:415-1: Recommended update of bci/openjdk Message-ID: <20230221080757.2739CFCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:415-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.23 , bci/openjdk:latest Container Release : 12.23 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - libsystemd0-249.15-150400.8.22.1 updated - container:sles15-image-15.0.0-27.14.36 updated From sle-updates at lists.suse.com Tue Feb 21 08:08:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 09:08:38 +0100 (CET) Subject: SUSE-CU-2023:416-1: Recommended update of suse/pcp Message-ID: <20230221080838.4A558FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:416-1 Container Tags : suse/pcp:5 , suse/pcp:5-12.35 , suse/pcp:5.2 , suse/pcp:5.2-12.35 , suse/pcp:5.2.2 , suse/pcp:5.2.2-12.35 , suse/pcp:latest Container Release : 12.35 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - libudev1-249.15-150400.8.22.1 updated - libsystemd0-249.15-150400.8.22.1 updated - systemd-249.15-150400.8.22.1 updated - container:bci-bci-init-15.4-15.4-25.16 updated From sle-updates at lists.suse.com Tue Feb 21 08:09:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 09:09:03 +0100 (CET) Subject: SUSE-CU-2023:417-1: Recommended update of bci/python Message-ID: <20230221080903.7E646FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:417-1 Container Tags : bci/python:3 , bci/python:3-11.21 , bci/python:3.10 , bci/python:3.10-11.21 , bci/python:latest Container Release : 11.21 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - libudev1-249.15-150400.8.22.1 updated - libsystemd0-249.15-150400.8.22.1 updated - container:sles15-image-15.0.0-27.14.36 updated From sle-updates at lists.suse.com Tue Feb 21 08:09:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 09:09:31 +0100 (CET) Subject: SUSE-CU-2023:418-1: Recommended update of bci/python Message-ID: <20230221080931.93425FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:418-1 Container Tags : bci/python:3 , bci/python:3-34.22 , bci/python:3.6 , bci/python:3.6-34.22 Container Release : 34.22 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - libudev1-249.15-150400.8.22.1 updated - libsystemd0-249.15-150400.8.22.1 updated - container:sles15-image-15.0.0-27.14.36 updated From sle-updates at lists.suse.com Tue Feb 21 08:09:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 09:09:58 +0100 (CET) Subject: SUSE-CU-2023:419-1: Recommended update of bci/ruby Message-ID: <20230221080958.B1B00FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:419-1 Container Tags : bci/ruby:2 , bci/ruby:2-33.20 , bci/ruby:2.5 , bci/ruby:2.5-33.20 , bci/ruby:latest Container Release : 33.20 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - libudev1-249.15-150400.8.22.1 updated - libsystemd0-249.15-150400.8.22.1 updated - container:sles15-image-15.0.0-27.14.36 updated From sle-updates at lists.suse.com Tue Feb 21 08:10:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 09:10:06 +0100 (CET) Subject: SUSE-CU-2023:420-1: Recommended update of bci/rust Message-ID: <20230221081006.906E9FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:420-1 Container Tags : bci/rust:1.65 , bci/rust:1.65-13.19 Container Release : 13.19 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - libsystemd0-249.15-150400.8.22.1 updated - container:sles15-image-15.0.0-27.14.36 updated From sle-updates at lists.suse.com Tue Feb 21 08:10:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 09:10:28 +0100 (CET) Subject: SUSE-CU-2023:421-1: Recommended update of suse/sle15 Message-ID: <20230221081028.A0D8EFCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:421-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.36 , suse/sle15:15.4 , suse/sle15:15.4.27.14.36 Container Release : 27.14.36 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - libsystemd0-249.15-150400.8.22.1 updated - libudev1-249.15-150400.8.22.1 updated From meissner at suse.de Tue Feb 21 10:04:00 2023 From: meissner at suse.de (Marcus Meissner) Date: Tue, 21 Feb 2023 11:04:00 +0100 Subject: Formatting changes for textual update notices Message-ID: <20230221100359.GL26231@suse.de> Hi, SUSE has done changes to its update notice infrastructure that will go live today. The change will provide visually better HTML on https://www.suse.com/support/update/ and also brings some formatting changes to the E-Mail based advisories as they now get generated from the HTML. The content of the notices stays the same. For security information, if you are parsing the text e-mails or html pages, please update your parsers to the new format or switch to one of the security automation data formats we currently offer, OVAL, CVRF 1.1, 1.2 or CSAF 2.0 (not yet documented). Please refer to https://www.suse.com/support/security/ for information about these formats.) For questions about this change, feel free to reach out to me, your SUSE support representative, or security at suse.de. Sincerely, Marcus Meissner -- Marcus Meissner (he/him), Distinguished Engineer / Senior Project Manager Security SUSE Software Solutions Germany GmbH, Frankenstrasse 146, 90461 Nuernberg, Germany GF: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman, HRB 36809, AG Nuernberg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Digital signature URL: From sle-updates at lists.suse.com Tue Feb 21 12:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 12:30:01 -0000 Subject: SUSE-FU-2023:0472-1: moderate: Feature update for nvptx-tools Message-ID: <167698260175.5481.15972450926944817643@smelt2.suse.de> # Feature update for nvptx-tools Announcement ID: SUSE-FU-2023:0472-1 Rating: moderate References: Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 6 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for nvptx-tools fixes the following issues: Update nvptx-tools (jsc#SLE-25047): * Add fixes which deal with CUDA 11 dropping support for NVIDIA Kepler sm_30 and sm_32 * Add command line tools `nvptx-none-run` and `nvptx-none-run-single` ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-472=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-472=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-472=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-472=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-472=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-472=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-472=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-472=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-472=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-472=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-472=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-472=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-472=1 * SUSE Enterprise Storage 6 zypper in -t patch SUSE-Storage-6-2023-472=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-472=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-472=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * nvptx-tools-debuginfo-1.0-150000.4.6.1 * nvptx-tools-debugsource-1.0-150000.4.6.1 * nvptx-tools-1.0-150000.4.6.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * nvptx-tools-debuginfo-1.0-150000.4.6.1 * nvptx-tools-debugsource-1.0-150000.4.6.1 * nvptx-tools-1.0-150000.4.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * nvptx-tools-debuginfo-1.0-150000.4.6.1 * nvptx-tools-debugsource-1.0-150000.4.6.1 * nvptx-tools-1.0-150000.4.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nvptx-tools-debuginfo-1.0-150000.4.6.1 * nvptx-tools-debugsource-1.0-150000.4.6.1 * nvptx-tools-1.0-150000.4.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nvptx-tools-debuginfo-1.0-150000.4.6.1 * nvptx-tools-debugsource-1.0-150000.4.6.1 * nvptx-tools-1.0-150000.4.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nvptx-tools-debuginfo-1.0-150000.4.6.1 * nvptx-tools-debugsource-1.0-150000.4.6.1 * nvptx-tools-1.0-150000.4.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * nvptx-tools-debuginfo-1.0-150000.4.6.1 * nvptx-tools-debugsource-1.0-150000.4.6.1 * nvptx-tools-1.0-150000.4.6.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * nvptx-tools-debuginfo-1.0-150000.4.6.1 * nvptx-tools-debugsource-1.0-150000.4.6.1 * nvptx-tools-1.0-150000.4.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nvptx-tools-debuginfo-1.0-150000.4.6.1 * nvptx-tools-debugsource-1.0-150000.4.6.1 * nvptx-tools-1.0-150000.4.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * nvptx-tools-debuginfo-1.0-150000.4.6.1 * nvptx-tools-debugsource-1.0-150000.4.6.1 * nvptx-tools-1.0-150000.4.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * nvptx-tools-debuginfo-1.0-150000.4.6.1 * nvptx-tools-debugsource-1.0-150000.4.6.1 * nvptx-tools-1.0-150000.4.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * nvptx-tools-debuginfo-1.0-150000.4.6.1 * nvptx-tools-debugsource-1.0-150000.4.6.1 * nvptx-tools-1.0-150000.4.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * nvptx-tools-debuginfo-1.0-150000.4.6.1 * nvptx-tools-debugsource-1.0-150000.4.6.1 * nvptx-tools-1.0-150000.4.6.1 * SUSE Enterprise Storage 6 (aarch64 x86_64) * nvptx-tools-debuginfo-1.0-150000.4.6.1 * nvptx-tools-debugsource-1.0-150000.4.6.1 * nvptx-tools-1.0-150000.4.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nvptx-tools-debuginfo-1.0-150000.4.6.1 * nvptx-tools-debugsource-1.0-150000.4.6.1 * nvptx-tools-1.0-150000.4.6.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * nvptx-tools-debuginfo-1.0-150000.4.6.1 * nvptx-tools-debugsource-1.0-150000.4.6.1 * nvptx-tools-1.0-150000.4.6.1 * SUSE CaaS Platform 4.0 (x86_64) * nvptx-tools-debuginfo-1.0-150000.4.6.1 * nvptx-tools-debugsource-1.0-150000.4.6.1 * nvptx-tools-1.0-150000.4.6.1 ## References: * https://jira.suse.com/browse/SLE-25047 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 21 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 12:30:04 -0000 Subject: SUSE-SU-2023:0471-1: critical: Security update for clamav Message-ID: <167698260441.5481.3397459919468602325@smelt2.suse.de> # Security update for clamav Announcement ID: SUSE-SU-2023:0471-1 Rating: critical References: * #1208363 * #1208365 Cross-References: * CVE-2023-20032 * CVE-2023-20052 CVSS scores: * CVE-2023-20032 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20052 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for clamav fixes the following issues: * CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser (bsc#1208363). * CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser (bsc#1208365). ## Patch Instructions: To install this SUSE Critical update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-471=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-471=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-471=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * clamav-debuginfo-0.103.8-3.24.1 * clamav-debugsource-0.103.8-3.24.1 * clamav-0.103.8-3.24.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * clamav-debuginfo-0.103.8-3.24.1 * clamav-debugsource-0.103.8-3.24.1 * clamav-0.103.8-3.24.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * clamav-debuginfo-0.103.8-3.24.1 * clamav-debugsource-0.103.8-3.24.1 * clamav-0.103.8-3.24.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20032.html * https://www.suse.com/security/cve/CVE-2023-20052.html * https://bugzilla.suse.com/show_bug.cgi?id=1208363 * https://bugzilla.suse.com/show_bug.cgi?id=1208365 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 21 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 12:30:07 -0000 Subject: SUSE-SU-2023:0470-1: critical: Security update for clamav Message-ID: <167698260701.5481.9856489551614324508@smelt2.suse.de> # Security update for clamav Announcement ID: SUSE-SU-2023:0470-1 Rating: critical References: * #1208363 * #1208365 Cross-References: * CVE-2023-20032 * CVE-2023-20052 CVSS scores: * CVE-2023-20032 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20052 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for clamav fixes the following issues: * CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser (bsc#1208363). * CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser (bsc#1208365). ## Patch Instructions: To install this SUSE Critical update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-470=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-470=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-470=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-470=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-470=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-470=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-470=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-470=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-470=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-470=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-470=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-470=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-470=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-470=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-470=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-470=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-470=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-470=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * clamav-debuginfo-0.103.8-150000.3.44.1 * clamav-0.103.8-150000.3.44.1 * libfreshclam2-debuginfo-0.103.8-150000.3.44.1 * clamav-devel-0.103.8-150000.3.44.1 * libclamav9-debuginfo-0.103.8-150000.3.44.1 * libfreshclam2-0.103.8-150000.3.44.1 * clamav-debugsource-0.103.8-150000.3.44.1 * libclamav9-0.103.8-150000.3.44.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * clamav-debuginfo-0.103.8-150000.3.44.1 * clamav-0.103.8-150000.3.44.1 * libfreshclam2-debuginfo-0.103.8-150000.3.44.1 * clamav-devel-0.103.8-150000.3.44.1 * libclamav9-debuginfo-0.103.8-150000.3.44.1 * libfreshclam2-0.103.8-150000.3.44.1 * clamav-debugsource-0.103.8-150000.3.44.1 * libclamav9-0.103.8-150000.3.44.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * clamav-debuginfo-0.103.8-150000.3.44.1 * clamav-0.103.8-150000.3.44.1 * libfreshclam2-debuginfo-0.103.8-150000.3.44.1 * clamav-devel-0.103.8-150000.3.44.1 * libclamav9-debuginfo-0.103.8-150000.3.44.1 * libfreshclam2-0.103.8-150000.3.44.1 * clamav-debugsource-0.103.8-150000.3.44.1 * libclamav9-0.103.8-150000.3.44.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * clamav-debuginfo-0.103.8-150000.3.44.1 * clamav-0.103.8-150000.3.44.1 * libfreshclam2-debuginfo-0.103.8-150000.3.44.1 * clamav-devel-0.103.8-150000.3.44.1 * libclamav9-debuginfo-0.103.8-150000.3.44.1 * libfreshclam2-0.103.8-150000.3.44.1 * clamav-debugsource-0.103.8-150000.3.44.1 * libclamav9-0.103.8-150000.3.44.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * clamav-debuginfo-0.103.8-150000.3.44.1 * clamav-0.103.8-150000.3.44.1 * libfreshclam2-debuginfo-0.103.8-150000.3.44.1 * clamav-devel-0.103.8-150000.3.44.1 * libclamav9-debuginfo-0.103.8-150000.3.44.1 * libfreshclam2-0.103.8-150000.3.44.1 * clamav-debugsource-0.103.8-150000.3.44.1 * libclamav9-0.103.8-150000.3.44.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * clamav-debuginfo-0.103.8-150000.3.44.1 * clamav-0.103.8-150000.3.44.1 * libfreshclam2-debuginfo-0.103.8-150000.3.44.1 * clamav-devel-0.103.8-150000.3.44.1 * libclamav9-debuginfo-0.103.8-150000.3.44.1 * libfreshclam2-0.103.8-150000.3.44.1 * clamav-debugsource-0.103.8-150000.3.44.1 * libclamav9-0.103.8-150000.3.44.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * clamav-debuginfo-0.103.8-150000.3.44.1 * clamav-0.103.8-150000.3.44.1 * libfreshclam2-debuginfo-0.103.8-150000.3.44.1 * clamav-devel-0.103.8-150000.3.44.1 * libclamav9-debuginfo-0.103.8-150000.3.44.1 * libfreshclam2-0.103.8-150000.3.44.1 * clamav-debugsource-0.103.8-150000.3.44.1 * libclamav9-0.103.8-150000.3.44.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * clamav-debuginfo-0.103.8-150000.3.44.1 * clamav-0.103.8-150000.3.44.1 * libfreshclam2-debuginfo-0.103.8-150000.3.44.1 * clamav-devel-0.103.8-150000.3.44.1 * libclamav9-debuginfo-0.103.8-150000.3.44.1 * libfreshclam2-0.103.8-150000.3.44.1 * clamav-debugsource-0.103.8-150000.3.44.1 * libclamav9-0.103.8-150000.3.44.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * clamav-debuginfo-0.103.8-150000.3.44.1 * clamav-0.103.8-150000.3.44.1 * libfreshclam2-debuginfo-0.103.8-150000.3.44.1 * clamav-devel-0.103.8-150000.3.44.1 * libclamav9-debuginfo-0.103.8-150000.3.44.1 * libfreshclam2-0.103.8-150000.3.44.1 * clamav-debugsource-0.103.8-150000.3.44.1 * libclamav9-0.103.8-150000.3.44.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * clamav-debuginfo-0.103.8-150000.3.44.1 * clamav-0.103.8-150000.3.44.1 * libfreshclam2-debuginfo-0.103.8-150000.3.44.1 * clamav-devel-0.103.8-150000.3.44.1 * libclamav9-debuginfo-0.103.8-150000.3.44.1 * libfreshclam2-0.103.8-150000.3.44.1 * clamav-debugsource-0.103.8-150000.3.44.1 * libclamav9-0.103.8-150000.3.44.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * clamav-debuginfo-0.103.8-150000.3.44.1 * clamav-0.103.8-150000.3.44.1 * libfreshclam2-debuginfo-0.103.8-150000.3.44.1 * clamav-devel-0.103.8-150000.3.44.1 * libclamav9-debuginfo-0.103.8-150000.3.44.1 * libfreshclam2-0.103.8-150000.3.44.1 * clamav-debugsource-0.103.8-150000.3.44.1 * libclamav9-0.103.8-150000.3.44.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * clamav-debuginfo-0.103.8-150000.3.44.1 * clamav-0.103.8-150000.3.44.1 * libfreshclam2-debuginfo-0.103.8-150000.3.44.1 * clamav-devel-0.103.8-150000.3.44.1 * libclamav9-debuginfo-0.103.8-150000.3.44.1 * libfreshclam2-0.103.8-150000.3.44.1 * clamav-debugsource-0.103.8-150000.3.44.1 * libclamav9-0.103.8-150000.3.44.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * clamav-debuginfo-0.103.8-150000.3.44.1 * clamav-0.103.8-150000.3.44.1 * libfreshclam2-debuginfo-0.103.8-150000.3.44.1 * clamav-devel-0.103.8-150000.3.44.1 * libclamav9-debuginfo-0.103.8-150000.3.44.1 * libfreshclam2-0.103.8-150000.3.44.1 * clamav-debugsource-0.103.8-150000.3.44.1 * libclamav9-0.103.8-150000.3.44.1 * SUSE Manager Proxy 4.2 (x86_64) * clamav-debuginfo-0.103.8-150000.3.44.1 * clamav-0.103.8-150000.3.44.1 * libfreshclam2-debuginfo-0.103.8-150000.3.44.1 * clamav-devel-0.103.8-150000.3.44.1 * libclamav9-debuginfo-0.103.8-150000.3.44.1 * libfreshclam2-0.103.8-150000.3.44.1 * clamav-debugsource-0.103.8-150000.3.44.1 * libclamav9-0.103.8-150000.3.44.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * clamav-debuginfo-0.103.8-150000.3.44.1 * clamav-0.103.8-150000.3.44.1 * libfreshclam2-debuginfo-0.103.8-150000.3.44.1 * clamav-devel-0.103.8-150000.3.44.1 * libclamav9-debuginfo-0.103.8-150000.3.44.1 * libfreshclam2-0.103.8-150000.3.44.1 * clamav-debugsource-0.103.8-150000.3.44.1 * libclamav9-0.103.8-150000.3.44.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * clamav-debuginfo-0.103.8-150000.3.44.1 * clamav-0.103.8-150000.3.44.1 * libfreshclam2-debuginfo-0.103.8-150000.3.44.1 * clamav-devel-0.103.8-150000.3.44.1 * libclamav9-debuginfo-0.103.8-150000.3.44.1 * libfreshclam2-0.103.8-150000.3.44.1 * clamav-debugsource-0.103.8-150000.3.44.1 * libclamav9-0.103.8-150000.3.44.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * clamav-debuginfo-0.103.8-150000.3.44.1 * clamav-0.103.8-150000.3.44.1 * libfreshclam2-debuginfo-0.103.8-150000.3.44.1 * clamav-devel-0.103.8-150000.3.44.1 * libclamav9-debuginfo-0.103.8-150000.3.44.1 * libfreshclam2-0.103.8-150000.3.44.1 * clamav-debugsource-0.103.8-150000.3.44.1 * libclamav9-0.103.8-150000.3.44.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * clamav-debuginfo-0.103.8-150000.3.44.1 * clamav-0.103.8-150000.3.44.1 * libfreshclam2-debuginfo-0.103.8-150000.3.44.1 * clamav-devel-0.103.8-150000.3.44.1 * libclamav9-debuginfo-0.103.8-150000.3.44.1 * libfreshclam2-0.103.8-150000.3.44.1 * clamav-debugsource-0.103.8-150000.3.44.1 * libclamav9-0.103.8-150000.3.44.1 * SUSE CaaS Platform 4.0 (x86_64) * clamav-debuginfo-0.103.8-150000.3.44.1 * clamav-0.103.8-150000.3.44.1 * libfreshclam2-debuginfo-0.103.8-150000.3.44.1 * clamav-devel-0.103.8-150000.3.44.1 * libclamav9-debuginfo-0.103.8-150000.3.44.1 * libfreshclam2-0.103.8-150000.3.44.1 * clamav-debugsource-0.103.8-150000.3.44.1 * libclamav9-0.103.8-150000.3.44.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20032.html * https://www.suse.com/security/cve/CVE-2023-20052.html * https://bugzilla.suse.com/show_bug.cgi?id=1208363 * https://bugzilla.suse.com/show_bug.cgi?id=1208365 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 21 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 12:30:09 -0000 Subject: SUSE-SU-2023:0469-1: important: Security update for MozillaFirefox Message-ID: <167698260991.5481.10149301766634666447@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:0469-1 Rating: important References: * #1208138 * #1208144 Cross-References: * CVE-2023-0767 * CVE-2023-25728 * CVE-2023-25729 * CVE-2023-25730 * CVE-2023-25732 * CVE-2023-25734 * CVE-2023-25735 * CVE-2023-25737 * CVE-2023-25738 * CVE-2023-25739 * CVE-2023-25742 * CVE-2023-25743 * CVE-2023-25744 * CVE-2023-25746 CVSS scores: * CVE-2023-0767 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves 14 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Updated to version 102.8.0 ESR (bsc#1208144): * CVE-2023-25728: Fixed content security policy leak in violation reports using iframes. * CVE-2023-25730: Fixed screen hijack via browser fullscreen mode. * CVE-2023-25743: Fixed Fullscreen notification not being shown in Firefox Focus. * CVE-2023-0767: Fixed arbitrary memory write via PKCS 12 in NSS. * CVE-2023-25735: Fixed potential use-after-free from compartment mismatch in SpiderMonkey. * CVE-2023-25737: Fixed invalid downcast in SVGUtils::SetupStrokeGeometry. * CVE-2023-25738: Fixed printing on Windows which could potentially crash Firefox with some device drivers. * CVE-2023-25739: Fixed use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext. * CVE-2023-25729: Fixed extensions opening external schemes without user knowledge. * CVE-2023-25732: Fixed out of bounds memory write from EncodeInputStream. * CVE-2023-25734: Fixed opening local .url files that causes unexpected network loads. * CVE-2023-25742: Fixed tab crash by Web Crypto ImportKey. * CVE-2023-25744: Fixed Memory safety bugs. * CVE-2023-25746: Fixed Memory safety bugs. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-469=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-469=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-469=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * MozillaFirefox-devel-102.8.0-150000.150.76.1 * MozillaFirefox-debuginfo-102.8.0-150000.150.76.1 * MozillaFirefox-debugsource-102.8.0-150000.150.76.1 * MozillaFirefox-102.8.0-150000.150.76.1 * MozillaFirefox-translations-other-102.8.0-150000.150.76.1 * MozillaFirefox-translations-common-102.8.0-150000.150.76.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-devel-102.8.0-150000.150.76.1 * MozillaFirefox-debuginfo-102.8.0-150000.150.76.1 * MozillaFirefox-debugsource-102.8.0-150000.150.76.1 * MozillaFirefox-102.8.0-150000.150.76.1 * MozillaFirefox-translations-other-102.8.0-150000.150.76.1 * MozillaFirefox-translations-common-102.8.0-150000.150.76.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * MozillaFirefox-devel-102.8.0-150000.150.76.1 * MozillaFirefox-debuginfo-102.8.0-150000.150.76.1 * MozillaFirefox-debugsource-102.8.0-150000.150.76.1 * MozillaFirefox-102.8.0-150000.150.76.1 * MozillaFirefox-translations-other-102.8.0-150000.150.76.1 * MozillaFirefox-translations-common-102.8.0-150000.150.76.1 * SUSE CaaS Platform 4.0 (x86_64) * MozillaFirefox-devel-102.8.0-150000.150.76.1 * MozillaFirefox-debuginfo-102.8.0-150000.150.76.1 * MozillaFirefox-debugsource-102.8.0-150000.150.76.1 * MozillaFirefox-102.8.0-150000.150.76.1 * MozillaFirefox-translations-other-102.8.0-150000.150.76.1 * MozillaFirefox-translations-common-102.8.0-150000.150.76.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0767.html * https://www.suse.com/security/cve/CVE-2023-25728.html * https://www.suse.com/security/cve/CVE-2023-25729.html * https://www.suse.com/security/cve/CVE-2023-25730.html * https://www.suse.com/security/cve/CVE-2023-25732.html * https://www.suse.com/security/cve/CVE-2023-25734.html * https://www.suse.com/security/cve/CVE-2023-25735.html * https://www.suse.com/security/cve/CVE-2023-25737.html * https://www.suse.com/security/cve/CVE-2023-25738.html * https://www.suse.com/security/cve/CVE-2023-25739.html * https://www.suse.com/security/cve/CVE-2023-25742.html * https://www.suse.com/security/cve/CVE-2023-25743.html * https://www.suse.com/security/cve/CVE-2023-25744.html * https://www.suse.com/security/cve/CVE-2023-25746.html * https://bugzilla.suse.com/show_bug.cgi?id=1208138 * https://bugzilla.suse.com/show_bug.cgi?id=1208144 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 21 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 12:30:12 -0000 Subject: SUSE-SU-2023:0468-1: important: Security update for mozilla-nss Message-ID: <167698261224.5481.15080050583230954098@smelt2.suse.de> # Security update for mozilla-nss Announcement ID: SUSE-SU-2023:0468-1 Rating: important References: * #1208138 Cross-References: * CVE-2023-0767 CVSS scores: * CVE-2023-0767 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 (bsc#1208138): * CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-468=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-468=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-468=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-468=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-468=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-468=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-468=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-468=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-468=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-468=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libsoftokn3-hmac-32bit-3.79.4-58.94.1 * libfreebl3-3.79.4-58.94.1 * mozilla-nss-certs-32bit-3.79.4-58.94.1 * libfreebl3-hmac-3.79.4-58.94.1 * libsoftokn3-debuginfo-32bit-3.79.4-58.94.1 * mozilla-nss-sysinit-debuginfo-3.79.4-58.94.1 * mozilla-nss-debuginfo-32bit-3.79.4-58.94.1 * mozilla-nss-certs-debuginfo-32bit-3.79.4-58.94.1 * libfreebl3-hmac-32bit-3.79.4-58.94.1 * mozilla-nss-devel-3.79.4-58.94.1 * libsoftokn3-32bit-3.79.4-58.94.1 * mozilla-nss-certs-debuginfo-3.79.4-58.94.1 * mozilla-nss-3.79.4-58.94.1 * mozilla-nss-certs-3.79.4-58.94.1 * mozilla-nss-sysinit-3.79.4-58.94.1 * mozilla-nss-debugsource-3.79.4-58.94.1 * mozilla-nss-tools-3.79.4-58.94.1 * libsoftokn3-3.79.4-58.94.1 * libsoftokn3-debuginfo-3.79.4-58.94.1 * mozilla-nss-debuginfo-3.79.4-58.94.1 * libfreebl3-debuginfo-32bit-3.79.4-58.94.1 * libsoftokn3-hmac-3.79.4-58.94.1 * libfreebl3-32bit-3.79.4-58.94.1 * mozilla-nss-sysinit-debuginfo-32bit-3.79.4-58.94.1 * libfreebl3-debuginfo-3.79.4-58.94.1 * mozilla-nss-32bit-3.79.4-58.94.1 * mozilla-nss-tools-debuginfo-3.79.4-58.94.1 * mozilla-nss-sysinit-32bit-3.79.4-58.94.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libsoftokn3-hmac-32bit-3.79.4-58.94.1 * libfreebl3-3.79.4-58.94.1 * mozilla-nss-certs-32bit-3.79.4-58.94.1 * libfreebl3-hmac-3.79.4-58.94.1 * libsoftokn3-debuginfo-32bit-3.79.4-58.94.1 * mozilla-nss-sysinit-debuginfo-3.79.4-58.94.1 * mozilla-nss-debuginfo-32bit-3.79.4-58.94.1 * mozilla-nss-certs-debuginfo-32bit-3.79.4-58.94.1 * libfreebl3-hmac-32bit-3.79.4-58.94.1 * mozilla-nss-devel-3.79.4-58.94.1 * libsoftokn3-32bit-3.79.4-58.94.1 * mozilla-nss-certs-debuginfo-3.79.4-58.94.1 * mozilla-nss-3.79.4-58.94.1 * mozilla-nss-certs-3.79.4-58.94.1 * mozilla-nss-sysinit-3.79.4-58.94.1 * mozilla-nss-debugsource-3.79.4-58.94.1 * mozilla-nss-tools-3.79.4-58.94.1 * libsoftokn3-3.79.4-58.94.1 * libsoftokn3-debuginfo-3.79.4-58.94.1 * mozilla-nss-debuginfo-3.79.4-58.94.1 * libfreebl3-debuginfo-32bit-3.79.4-58.94.1 * libsoftokn3-hmac-3.79.4-58.94.1 * libfreebl3-32bit-3.79.4-58.94.1 * mozilla-nss-sysinit-debuginfo-32bit-3.79.4-58.94.1 * libfreebl3-debuginfo-3.79.4-58.94.1 * mozilla-nss-32bit-3.79.4-58.94.1 * mozilla-nss-tools-debuginfo-3.79.4-58.94.1 * mozilla-nss-sysinit-32bit-3.79.4-58.94.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * mozilla-nss-debuginfo-3.79.4-58.94.1 * mozilla-nss-3.79.4-58.94.1 * mozilla-nss-certs-3.79.4-58.94.1 * mozilla-nss-devel-3.79.4-58.94.1 * libsoftokn3-hmac-3.79.4-58.94.1 * libfreebl3-3.79.4-58.94.1 * libfreebl3-debuginfo-3.79.4-58.94.1 * libfreebl3-hmac-3.79.4-58.94.1 * mozilla-nss-certs-debuginfo-3.79.4-58.94.1 * mozilla-nss-sysinit-3.79.4-58.94.1 * mozilla-nss-sysinit-debuginfo-3.79.4-58.94.1 * mozilla-nss-tools-debuginfo-3.79.4-58.94.1 * mozilla-nss-debugsource-3.79.4-58.94.1 * mozilla-nss-tools-3.79.4-58.94.1 * libsoftokn3-3.79.4-58.94.1 * libsoftokn3-debuginfo-3.79.4-58.94.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libfreebl3-debuginfo-32bit-3.79.4-58.94.1 * libfreebl3-hmac-32bit-3.79.4-58.94.1 * mozilla-nss-certs-debuginfo-32bit-3.79.4-58.94.1 * mozilla-nss-sysinit-32bit-3.79.4-58.94.1 * libsoftokn3-hmac-32bit-3.79.4-58.94.1 * libfreebl3-32bit-3.79.4-58.94.1 * mozilla-nss-certs-32bit-3.79.4-58.94.1 * mozilla-nss-sysinit-debuginfo-32bit-3.79.4-58.94.1 * libsoftokn3-debuginfo-32bit-3.79.4-58.94.1 * mozilla-nss-32bit-3.79.4-58.94.1 * mozilla-nss-debuginfo-32bit-3.79.4-58.94.1 * libsoftokn3-32bit-3.79.4-58.94.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * mozilla-nss-debuginfo-3.79.4-58.94.1 * mozilla-nss-devel-3.79.4-58.94.1 * mozilla-nss-debugsource-3.79.4-58.94.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libsoftokn3-hmac-32bit-3.79.4-58.94.1 * libfreebl3-3.79.4-58.94.1 * mozilla-nss-certs-32bit-3.79.4-58.94.1 * libfreebl3-hmac-3.79.4-58.94.1 * libsoftokn3-debuginfo-32bit-3.79.4-58.94.1 * mozilla-nss-sysinit-debuginfo-3.79.4-58.94.1 * mozilla-nss-debuginfo-32bit-3.79.4-58.94.1 * mozilla-nss-certs-debuginfo-32bit-3.79.4-58.94.1 * libfreebl3-hmac-32bit-3.79.4-58.94.1 * libsoftokn3-32bit-3.79.4-58.94.1 * mozilla-nss-certs-debuginfo-3.79.4-58.94.1 * mozilla-nss-3.79.4-58.94.1 * mozilla-nss-certs-3.79.4-58.94.1 * mozilla-nss-sysinit-3.79.4-58.94.1 * mozilla-nss-debugsource-3.79.4-58.94.1 * mozilla-nss-tools-3.79.4-58.94.1 * libsoftokn3-3.79.4-58.94.1 * libsoftokn3-debuginfo-3.79.4-58.94.1 * mozilla-nss-debuginfo-3.79.4-58.94.1 * libfreebl3-debuginfo-32bit-3.79.4-58.94.1 * libsoftokn3-hmac-3.79.4-58.94.1 * libfreebl3-32bit-3.79.4-58.94.1 * mozilla-nss-sysinit-debuginfo-32bit-3.79.4-58.94.1 * libfreebl3-debuginfo-3.79.4-58.94.1 * mozilla-nss-32bit-3.79.4-58.94.1 * mozilla-nss-tools-debuginfo-3.79.4-58.94.1 * mozilla-nss-sysinit-32bit-3.79.4-58.94.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * mozilla-nss-debuginfo-3.79.4-58.94.1 * mozilla-nss-3.79.4-58.94.1 * mozilla-nss-certs-3.79.4-58.94.1 * mozilla-nss-devel-3.79.4-58.94.1 * libsoftokn3-hmac-3.79.4-58.94.1 * libfreebl3-3.79.4-58.94.1 * libfreebl3-debuginfo-3.79.4-58.94.1 * libfreebl3-hmac-3.79.4-58.94.1 * mozilla-nss-certs-debuginfo-3.79.4-58.94.1 * mozilla-nss-sysinit-3.79.4-58.94.1 * mozilla-nss-sysinit-debuginfo-3.79.4-58.94.1 * mozilla-nss-tools-debuginfo-3.79.4-58.94.1 * mozilla-nss-debugsource-3.79.4-58.94.1 * mozilla-nss-tools-3.79.4-58.94.1 * libsoftokn3-3.79.4-58.94.1 * libsoftokn3-debuginfo-3.79.4-58.94.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libfreebl3-debuginfo-32bit-3.79.4-58.94.1 * libfreebl3-hmac-32bit-3.79.4-58.94.1 * mozilla-nss-certs-debuginfo-32bit-3.79.4-58.94.1 * mozilla-nss-sysinit-32bit-3.79.4-58.94.1 * libsoftokn3-hmac-32bit-3.79.4-58.94.1 * libfreebl3-32bit-3.79.4-58.94.1 * mozilla-nss-certs-32bit-3.79.4-58.94.1 * mozilla-nss-sysinit-debuginfo-32bit-3.79.4-58.94.1 * libsoftokn3-debuginfo-32bit-3.79.4-58.94.1 * mozilla-nss-32bit-3.79.4-58.94.1 * mozilla-nss-debuginfo-32bit-3.79.4-58.94.1 * libsoftokn3-32bit-3.79.4-58.94.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * mozilla-nss-debuginfo-3.79.4-58.94.1 * mozilla-nss-3.79.4-58.94.1 * mozilla-nss-certs-3.79.4-58.94.1 * mozilla-nss-devel-3.79.4-58.94.1 * libsoftokn3-hmac-3.79.4-58.94.1 * libfreebl3-3.79.4-58.94.1 * libfreebl3-debuginfo-3.79.4-58.94.1 * libfreebl3-hmac-3.79.4-58.94.1 * mozilla-nss-certs-debuginfo-3.79.4-58.94.1 * mozilla-nss-sysinit-3.79.4-58.94.1 * mozilla-nss-sysinit-debuginfo-3.79.4-58.94.1 * mozilla-nss-tools-debuginfo-3.79.4-58.94.1 * mozilla-nss-debugsource-3.79.4-58.94.1 * mozilla-nss-tools-3.79.4-58.94.1 * libsoftokn3-3.79.4-58.94.1 * libsoftokn3-debuginfo-3.79.4-58.94.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libfreebl3-debuginfo-32bit-3.79.4-58.94.1 * libfreebl3-hmac-32bit-3.79.4-58.94.1 * mozilla-nss-certs-debuginfo-32bit-3.79.4-58.94.1 * mozilla-nss-sysinit-32bit-3.79.4-58.94.1 * libsoftokn3-hmac-32bit-3.79.4-58.94.1 * libfreebl3-32bit-3.79.4-58.94.1 * mozilla-nss-certs-32bit-3.79.4-58.94.1 * mozilla-nss-sysinit-debuginfo-32bit-3.79.4-58.94.1 * libsoftokn3-debuginfo-32bit-3.79.4-58.94.1 * mozilla-nss-32bit-3.79.4-58.94.1 * mozilla-nss-debuginfo-32bit-3.79.4-58.94.1 * libsoftokn3-32bit-3.79.4-58.94.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * mozilla-nss-debuginfo-3.79.4-58.94.1 * mozilla-nss-3.79.4-58.94.1 * mozilla-nss-certs-3.79.4-58.94.1 * mozilla-nss-devel-3.79.4-58.94.1 * libsoftokn3-hmac-3.79.4-58.94.1 * libfreebl3-3.79.4-58.94.1 * libfreebl3-debuginfo-3.79.4-58.94.1 * libfreebl3-hmac-3.79.4-58.94.1 * mozilla-nss-certs-debuginfo-3.79.4-58.94.1 * mozilla-nss-sysinit-3.79.4-58.94.1 * mozilla-nss-sysinit-debuginfo-3.79.4-58.94.1 * mozilla-nss-tools-debuginfo-3.79.4-58.94.1 * mozilla-nss-debugsource-3.79.4-58.94.1 * mozilla-nss-tools-3.79.4-58.94.1 * libsoftokn3-3.79.4-58.94.1 * libsoftokn3-debuginfo-3.79.4-58.94.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libfreebl3-debuginfo-32bit-3.79.4-58.94.1 * libfreebl3-hmac-32bit-3.79.4-58.94.1 * mozilla-nss-certs-debuginfo-32bit-3.79.4-58.94.1 * mozilla-nss-sysinit-32bit-3.79.4-58.94.1 * libsoftokn3-hmac-32bit-3.79.4-58.94.1 * libfreebl3-32bit-3.79.4-58.94.1 * mozilla-nss-certs-32bit-3.79.4-58.94.1 * mozilla-nss-sysinit-debuginfo-32bit-3.79.4-58.94.1 * libsoftokn3-debuginfo-32bit-3.79.4-58.94.1 * mozilla-nss-32bit-3.79.4-58.94.1 * mozilla-nss-debuginfo-32bit-3.79.4-58.94.1 * libsoftokn3-32bit-3.79.4-58.94.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * mozilla-nss-debuginfo-3.79.4-58.94.1 * mozilla-nss-3.79.4-58.94.1 * mozilla-nss-certs-3.79.4-58.94.1 * mozilla-nss-devel-3.79.4-58.94.1 * libsoftokn3-hmac-3.79.4-58.94.1 * libfreebl3-3.79.4-58.94.1 * libfreebl3-debuginfo-3.79.4-58.94.1 * libfreebl3-hmac-3.79.4-58.94.1 * mozilla-nss-certs-debuginfo-3.79.4-58.94.1 * mozilla-nss-sysinit-3.79.4-58.94.1 * mozilla-nss-sysinit-debuginfo-3.79.4-58.94.1 * mozilla-nss-tools-debuginfo-3.79.4-58.94.1 * mozilla-nss-debugsource-3.79.4-58.94.1 * mozilla-nss-tools-3.79.4-58.94.1 * libsoftokn3-3.79.4-58.94.1 * libsoftokn3-debuginfo-3.79.4-58.94.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libfreebl3-debuginfo-32bit-3.79.4-58.94.1 * libfreebl3-hmac-32bit-3.79.4-58.94.1 * mozilla-nss-certs-debuginfo-32bit-3.79.4-58.94.1 * mozilla-nss-sysinit-32bit-3.79.4-58.94.1 * libsoftokn3-hmac-32bit-3.79.4-58.94.1 * libfreebl3-32bit-3.79.4-58.94.1 * mozilla-nss-certs-32bit-3.79.4-58.94.1 * mozilla-nss-sysinit-debuginfo-32bit-3.79.4-58.94.1 * libsoftokn3-debuginfo-32bit-3.79.4-58.94.1 * mozilla-nss-32bit-3.79.4-58.94.1 * mozilla-nss-debuginfo-32bit-3.79.4-58.94.1 * libsoftokn3-32bit-3.79.4-58.94.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * mozilla-nss-debuginfo-3.79.4-58.94.1 * mozilla-nss-3.79.4-58.94.1 * mozilla-nss-certs-3.79.4-58.94.1 * mozilla-nss-devel-3.79.4-58.94.1 * libsoftokn3-hmac-3.79.4-58.94.1 * libfreebl3-3.79.4-58.94.1 * libfreebl3-debuginfo-3.79.4-58.94.1 * libfreebl3-hmac-3.79.4-58.94.1 * mozilla-nss-certs-debuginfo-3.79.4-58.94.1 * mozilla-nss-sysinit-3.79.4-58.94.1 * mozilla-nss-sysinit-debuginfo-3.79.4-58.94.1 * mozilla-nss-tools-debuginfo-3.79.4-58.94.1 * mozilla-nss-debugsource-3.79.4-58.94.1 * mozilla-nss-tools-3.79.4-58.94.1 * libsoftokn3-3.79.4-58.94.1 * libsoftokn3-debuginfo-3.79.4-58.94.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libfreebl3-debuginfo-32bit-3.79.4-58.94.1 * libfreebl3-hmac-32bit-3.79.4-58.94.1 * mozilla-nss-certs-debuginfo-32bit-3.79.4-58.94.1 * mozilla-nss-sysinit-32bit-3.79.4-58.94.1 * libsoftokn3-hmac-32bit-3.79.4-58.94.1 * libfreebl3-32bit-3.79.4-58.94.1 * mozilla-nss-certs-32bit-3.79.4-58.94.1 * mozilla-nss-sysinit-debuginfo-32bit-3.79.4-58.94.1 * libsoftokn3-debuginfo-32bit-3.79.4-58.94.1 * mozilla-nss-32bit-3.79.4-58.94.1 * mozilla-nss-debuginfo-32bit-3.79.4-58.94.1 * libsoftokn3-32bit-3.79.4-58.94.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0767.html * https://bugzilla.suse.com/show_bug.cgi?id=1208138 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 21 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 12:30:14 -0000 Subject: SUSE-SU-2023:0467-1: important: Security update for prometheus-ha_cluster_exporter Message-ID: <167698261456.5481.16972977508065185724@smelt2.suse.de> # Security update for prometheus-ha_cluster_exporter Announcement ID: SUSE-SU-2023:0467-1 Rating: important References: * #1208046 * #1208047 Cross-References: * CVE-2022-46146 CVSS scores: * CVE-2022-46146 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-46146 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for prometheus-ha_cluster_exporter fixes the following issues: Updated to version 1.3.1: * CVE-2022-46146: Fixed authentication bypass via cache poisoning in prometheus/exporter-toolkit (bsc#1208046, bsc#1208047). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-467=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SAP-12-SP5-2023-467=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-4.26.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-4.26.1 ## References: * https://www.suse.com/security/cve/CVE-2022-46146.html * https://bugzilla.suse.com/show_bug.cgi?id=1208046 * https://bugzilla.suse.com/show_bug.cgi?id=1208047 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 21 12:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 12:30:17 -0000 Subject: SUSE-SU-2023:0466-1: important: Security update for MozillaFirefox Message-ID: <167698261767.5481.2202053918971132019@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:0466-1 Rating: important References: * #1208138 * #1208144 Cross-References: * CVE-2023-0767 * CVE-2023-25728 * CVE-2023-25729 * CVE-2023-25730 * CVE-2023-25732 * CVE-2023-25734 * CVE-2023-25735 * CVE-2023-25737 * CVE-2023-25738 * CVE-2023-25739 * CVE-2023-25742 * CVE-2023-25743 * CVE-2023-25744 * CVE-2023-25746 CVSS scores: * CVE-2023-0767 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves 14 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Updated to version 102.8.0 ESR (bsc#1208144): * CVE-2023-25728: Fixed content security policy leak in violation reports using iframes. * CVE-2023-25730: Fixed screen hijack via browser fullscreen mode. * CVE-2023-25743: Fixed Fullscreen notification not being shown in Firefox Focus. * CVE-2023-0767: Fixed arbitrary memory write via PKCS 12 in NSS. * CVE-2023-25735: Fixed potential use-after-free from compartment mismatch in SpiderMonkey. * CVE-2023-25737: Fixed invalid downcast in SVGUtils::SetupStrokeGeometry. * CVE-2023-25738: Fixed printing on Windows which could potentially crash Firefox with some device drivers. * CVE-2023-25739: Fixed use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext. * CVE-2023-25729: Fixed extensions opening external schemes without user knowledge. * CVE-2023-25732: Fixed out of bounds memory write from EncodeInputStream. * CVE-2023-25734: Fixed opening local .url files that causes unexpected network loads. * CVE-2023-25742: Fixed tab crash by Web Crypto ImportKey. * CVE-2023-25744: Fixed Memory safety bugs. * CVE-2023-25746: Fixed Memory safety bugs. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-466=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-466=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-466=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-466=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-466=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-466=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-466=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-466=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-466=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-466=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * MozillaFirefox-debuginfo-102.8.0-112.150.1 * MozillaFirefox-debugsource-102.8.0-112.150.1 * MozillaFirefox-102.8.0-112.150.1 * MozillaFirefox-devel-102.8.0-112.150.1 * MozillaFirefox-translations-common-102.8.0-112.150.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * MozillaFirefox-debuginfo-102.8.0-112.150.1 * MozillaFirefox-debugsource-102.8.0-112.150.1 * MozillaFirefox-102.8.0-112.150.1 * MozillaFirefox-devel-102.8.0-112.150.1 * MozillaFirefox-translations-common-102.8.0-112.150.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * MozillaFirefox-debuginfo-102.8.0-112.150.1 * MozillaFirefox-debugsource-102.8.0-112.150.1 * MozillaFirefox-102.8.0-112.150.1 * MozillaFirefox-devel-102.8.0-112.150.1 * MozillaFirefox-translations-common-102.8.0-112.150.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-102.8.0-112.150.1 * MozillaFirefox-devel-102.8.0-112.150.1 * MozillaFirefox-debuginfo-102.8.0-112.150.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * MozillaFirefox-debuginfo-102.8.0-112.150.1 * MozillaFirefox-debugsource-102.8.0-112.150.1 * MozillaFirefox-102.8.0-112.150.1 * MozillaFirefox-devel-102.8.0-112.150.1 * MozillaFirefox-translations-common-102.8.0-112.150.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * MozillaFirefox-debuginfo-102.8.0-112.150.1 * MozillaFirefox-debugsource-102.8.0-112.150.1 * MozillaFirefox-102.8.0-112.150.1 * MozillaFirefox-devel-102.8.0-112.150.1 * MozillaFirefox-translations-common-102.8.0-112.150.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-102.8.0-112.150.1 * MozillaFirefox-debugsource-102.8.0-112.150.1 * MozillaFirefox-102.8.0-112.150.1 * MozillaFirefox-devel-102.8.0-112.150.1 * MozillaFirefox-translations-common-102.8.0-112.150.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * MozillaFirefox-debuginfo-102.8.0-112.150.1 * MozillaFirefox-debugsource-102.8.0-112.150.1 * MozillaFirefox-102.8.0-112.150.1 * MozillaFirefox-devel-102.8.0-112.150.1 * MozillaFirefox-translations-common-102.8.0-112.150.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-102.8.0-112.150.1 * MozillaFirefox-debugsource-102.8.0-112.150.1 * MozillaFirefox-102.8.0-112.150.1 * MozillaFirefox-devel-102.8.0-112.150.1 * MozillaFirefox-translations-common-102.8.0-112.150.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * MozillaFirefox-debuginfo-102.8.0-112.150.1 * MozillaFirefox-debugsource-102.8.0-112.150.1 * MozillaFirefox-102.8.0-112.150.1 * MozillaFirefox-devel-102.8.0-112.150.1 * MozillaFirefox-translations-common-102.8.0-112.150.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0767.html * https://www.suse.com/security/cve/CVE-2023-25728.html * https://www.suse.com/security/cve/CVE-2023-25729.html * https://www.suse.com/security/cve/CVE-2023-25730.html * https://www.suse.com/security/cve/CVE-2023-25732.html * https://www.suse.com/security/cve/CVE-2023-25734.html * https://www.suse.com/security/cve/CVE-2023-25735.html * https://www.suse.com/security/cve/CVE-2023-25737.html * https://www.suse.com/security/cve/CVE-2023-25738.html * https://www.suse.com/security/cve/CVE-2023-25739.html * https://www.suse.com/security/cve/CVE-2023-25742.html * https://www.suse.com/security/cve/CVE-2023-25743.html * https://www.suse.com/security/cve/CVE-2023-25744.html * https://www.suse.com/security/cve/CVE-2023-25746.html * https://bugzilla.suse.com/show_bug.cgi?id=1208138 * https://bugzilla.suse.com/show_bug.cgi?id=1208144 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 21 12:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 12:30:19 -0000 Subject: SUSE-SU-2023:0465-1: important: Security update for prometheus-ha_cluster_exporter Message-ID: <167698261991.5481.8550559196178986966@smelt2.suse.de> # Security update for prometheus-ha_cluster_exporter Announcement ID: SUSE-SU-2023:0465-1 Rating: important References: * #1208046 * #1208047 Cross-References: * CVE-2022-46146 CVSS scores: * CVE-2022-46146 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-46146 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SAP Applications Module 15-SP2 * SAP Applications Module 15-SP3 * SAP Applications Module 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for prometheus-ha_cluster_exporter fixes the following issues: Updated to version 1.3.1: * CVE-2022-46146: Fixed authentication bypass via cache poisoning in prometheus/exporter-toolkit (bsc#1208046, bsc#1208047). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-465=1 * SAP Applications Module 15-SP2 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2023-465=1 * SAP Applications Module 15-SP3 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2023-465=1 * SAP Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-465=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-150200.3.21.1 * SAP Applications Module 15-SP2 (aarch64 ppc64le s390x x86_64) * prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-150200.3.21.1 * SAP Applications Module 15-SP3 (aarch64 ppc64le s390x x86_64) * prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-150200.3.21.1 * SAP Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-150200.3.21.1 ## References: * https://www.suse.com/security/cve/CVE-2022-46146.html * https://bugzilla.suse.com/show_bug.cgi?id=1208046 * https://bugzilla.suse.com/show_bug.cgi?id=1208047 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 21 12:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 12:30:22 -0000 Subject: SUSE-RU-2023:0464-1: moderate: Recommended update for systemd Message-ID: <167698262223.5481.551931328660468902@smelt2.suse.de> # Recommended update for systemd Announcement ID: SUSE-RU-2023:0464-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for systemd fixes the following issues: * Merge of v249.15 * Drop workaround related to systemd-timesyncd that addressed a Factory issue. * Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). * Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. * machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. * Make sure we apply the presets on units shipped by systemd package. * systemd-testsuite: move the integration tests in a dedicated sub directory. * Move systemd-cryptenroll into udev package. ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-464=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-464=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-464=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-464=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-464=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * systemd-journal-remote-debuginfo-249.15-150400.8.22.1 * udev-249.15-150400.8.22.1 * systemd-249.15-150400.8.22.1 * systemd-container-249.15-150400.8.22.1 * systemd-debuginfo-249.15-150400.8.22.1 * systemd-journal-remote-249.15-150400.8.22.1 * libudev1-249.15-150400.8.22.1 * libsystemd0-debuginfo-249.15-150400.8.22.1 * systemd-container-debuginfo-249.15-150400.8.22.1 * udev-debuginfo-249.15-150400.8.22.1 * systemd-sysvinit-249.15-150400.8.22.1 * libsystemd0-249.15-150400.8.22.1 * systemd-debugsource-249.15-150400.8.22.1 * libudev1-debuginfo-249.15-150400.8.22.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * systemd-journal-remote-debuginfo-249.15-150400.8.22.1 * systemd-coredump-249.15-150400.8.22.1 * nss-systemd-249.15-150400.8.22.1 * systemd-249.15-150400.8.22.1 * systemd-journal-remote-249.15-150400.8.22.1 * libudev1-249.15-150400.8.22.1 * systemd-portable-249.15-150400.8.22.1 * systemd-experimental-249.15-150400.8.22.1 * nss-systemd-debuginfo-249.15-150400.8.22.1 * systemd-debugsource-249.15-150400.8.22.1 * systemd-portable-debuginfo-249.15-150400.8.22.1 * systemd-testsuite-249.15-150400.8.22.1 * nss-myhostname-debuginfo-249.15-150400.8.22.1 * systemd-container-249.15-150400.8.22.1 * libsystemd0-debuginfo-249.15-150400.8.22.1 * systemd-experimental-debuginfo-249.15-150400.8.22.1 * systemd-network-249.15-150400.8.22.1 * udev-debuginfo-249.15-150400.8.22.1 * systemd-sysvinit-249.15-150400.8.22.1 * nss-myhostname-249.15-150400.8.22.1 * udev-249.15-150400.8.22.1 * systemd-doc-249.15-150400.8.22.1 * systemd-debuginfo-249.15-150400.8.22.1 * systemd-testsuite-debuginfo-249.15-150400.8.22.1 * systemd-coredump-debuginfo-249.15-150400.8.22.1 * systemd-container-debuginfo-249.15-150400.8.22.1 * systemd-network-debuginfo-249.15-150400.8.22.1 * libsystemd0-249.15-150400.8.22.1 * systemd-devel-249.15-150400.8.22.1 * libudev1-debuginfo-249.15-150400.8.22.1 * openSUSE Leap 15.4 (x86_64) * systemd-32bit-249.15-150400.8.22.1 * libsystemd0-32bit-debuginfo-249.15-150400.8.22.1 * libudev1-32bit-249.15-150400.8.22.1 * libudev1-32bit-debuginfo-249.15-150400.8.22.1 * libsystemd0-32bit-249.15-150400.8.22.1 * systemd-32bit-debuginfo-249.15-150400.8.22.1 * nss-myhostname-32bit-debuginfo-249.15-150400.8.22.1 * nss-myhostname-32bit-249.15-150400.8.22.1 * openSUSE Leap 15.4 (noarch) * systemd-lang-249.15-150400.8.22.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * systemd-journal-remote-debuginfo-249.15-150400.8.22.1 * udev-249.15-150400.8.22.1 * systemd-249.15-150400.8.22.1 * systemd-container-249.15-150400.8.22.1 * systemd-debuginfo-249.15-150400.8.22.1 * systemd-journal-remote-249.15-150400.8.22.1 * libudev1-249.15-150400.8.22.1 * libsystemd0-debuginfo-249.15-150400.8.22.1 * systemd-container-debuginfo-249.15-150400.8.22.1 * udev-debuginfo-249.15-150400.8.22.1 * systemd-sysvinit-249.15-150400.8.22.1 * libsystemd0-249.15-150400.8.22.1 * systemd-debugsource-249.15-150400.8.22.1 * libudev1-debuginfo-249.15-150400.8.22.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * systemd-journal-remote-debuginfo-249.15-150400.8.22.1 * udev-249.15-150400.8.22.1 * systemd-249.15-150400.8.22.1 * systemd-container-249.15-150400.8.22.1 * systemd-debuginfo-249.15-150400.8.22.1 * systemd-journal-remote-249.15-150400.8.22.1 * libudev1-249.15-150400.8.22.1 * libsystemd0-debuginfo-249.15-150400.8.22.1 * systemd-container-debuginfo-249.15-150400.8.22.1 * udev-debuginfo-249.15-150400.8.22.1 * systemd-sysvinit-249.15-150400.8.22.1 * libsystemd0-249.15-150400.8.22.1 * systemd-debugsource-249.15-150400.8.22.1 * libudev1-debuginfo-249.15-150400.8.22.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * systemd-coredump-249.15-150400.8.22.1 * udev-249.15-150400.8.22.1 * systemd-249.15-150400.8.22.1 * systemd-doc-249.15-150400.8.22.1 * systemd-container-249.15-150400.8.22.1 * systemd-debuginfo-249.15-150400.8.22.1 * systemd-coredump-debuginfo-249.15-150400.8.22.1 * libudev1-249.15-150400.8.22.1 * libsystemd0-debuginfo-249.15-150400.8.22.1 * systemd-container-debuginfo-249.15-150400.8.22.1 * udev-debuginfo-249.15-150400.8.22.1 * systemd-sysvinit-249.15-150400.8.22.1 * libsystemd0-249.15-150400.8.22.1 * systemd-debugsource-249.15-150400.8.22.1 * systemd-devel-249.15-150400.8.22.1 * libudev1-debuginfo-249.15-150400.8.22.1 * Basesystem Module 15-SP4 (noarch) * systemd-lang-249.15-150400.8.22.1 * Basesystem Module 15-SP4 (x86_64) * libsystemd0-32bit-debuginfo-249.15-150400.8.22.1 * libudev1-32bit-249.15-150400.8.22.1 * libudev1-32bit-debuginfo-249.15-150400.8.22.1 * libsystemd0-32bit-249.15-150400.8.22.1 * systemd-32bit-debuginfo-249.15-150400.8.22.1 * systemd-32bit-249.15-150400.8.22.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 21 12:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 12:30:25 -0000 Subject: SUSE-SU-2023:0463-1: moderate: Security update for tar Message-ID: <167698262502.5481.10602535347573008715@smelt2.suse.de> # Security update for tar Announcement ID: SUSE-SU-2023:0463-1 Rating: moderate References: * #1202436 * #1207753 Cross-References: * CVE-2022-48303 CVSS scores: * CVE-2022-48303 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2022-48303 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for tar fixes the following issues: * CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: * Fix hang when unpacking test tarball (bsc#1202436). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-463=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-463=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-463=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-463=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-463=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-463=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-463=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-463=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-463=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * tar-debuginfo-1.34-150000.3.31.1 * tar-1.34-150000.3.31.1 * tar-debugsource-1.34-150000.3.31.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * tar-debuginfo-1.34-150000.3.31.1 * tar-tests-1.34-150000.3.31.1 * tar-tests-debuginfo-1.34-150000.3.31.1 * tar-rmt-1.34-150000.3.31.1 * tar-debugsource-1.34-150000.3.31.1 * tar-rmt-debuginfo-1.34-150000.3.31.1 * tar-1.34-150000.3.31.1 * openSUSE Leap 15.4 (noarch) * tar-backup-scripts-1.34-150000.3.31.1 * tar-lang-1.34-150000.3.31.1 * tar-doc-1.34-150000.3.31.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * tar-debuginfo-1.34-150000.3.31.1 * tar-1.34-150000.3.31.1 * tar-debugsource-1.34-150000.3.31.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * tar-debuginfo-1.34-150000.3.31.1 * tar-1.34-150000.3.31.1 * tar-debugsource-1.34-150000.3.31.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * tar-debuginfo-1.34-150000.3.31.1 * tar-rmt-1.34-150000.3.31.1 * tar-debugsource-1.34-150000.3.31.1 * tar-rmt-debuginfo-1.34-150000.3.31.1 * tar-1.34-150000.3.31.1 * Basesystem Module 15-SP4 (noarch) * tar-lang-1.34-150000.3.31.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * tar-debuginfo-1.34-150000.3.31.1 * tar-rmt-1.34-150000.3.31.1 * tar-debugsource-1.34-150000.3.31.1 * tar-rmt-debuginfo-1.34-150000.3.31.1 * tar-1.34-150000.3.31.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * tar-lang-1.34-150000.3.31.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * tar-debuginfo-1.34-150000.3.31.1 * tar-1.34-150000.3.31.1 * tar-debugsource-1.34-150000.3.31.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * tar-debuginfo-1.34-150000.3.31.1 * tar-1.34-150000.3.31.1 * tar-debugsource-1.34-150000.3.31.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * tar-debuginfo-1.34-150000.3.31.1 * tar-1.34-150000.3.31.1 * tar-debugsource-1.34-150000.3.31.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48303.html * https://bugzilla.suse.com/show_bug.cgi?id=1202436 * https://bugzilla.suse.com/show_bug.cgi?id=1207753 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 21 12:30:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 12:30:27 -0000 Subject: SUSE-SU-2023:0461-1: important: Security update for MozillaFirefox Message-ID: <167698262795.5481.951256218122682558@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:0461-1 Rating: important References: * #1208138 * #1208144 Cross-References: * CVE-2023-0767 * CVE-2023-25728 * CVE-2023-25729 * CVE-2023-25730 * CVE-2023-25732 * CVE-2023-25734 * CVE-2023-25735 * CVE-2023-25737 * CVE-2023-25738 * CVE-2023-25739 * CVE-2023-25742 * CVE-2023-25743 * CVE-2023-25744 * CVE-2023-25746 CVSS scores: * CVE-2023-0767 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 14 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Updated to version 102.8.0 ESR (bsc#1208144): * CVE-2023-25728: Fixed content security policy leak in violation reports using iframes. * CVE-2023-25730: Fixed screen hijack via browser fullscreen mode. * CVE-2023-25743: Fixed Fullscreen notification not being shown in Firefox Focus. * CVE-2023-0767: Fixed arbitrary memory write via PKCS 12 in NSS. * CVE-2023-25735: Fixed potential use-after-free from compartment mismatch in SpiderMonkey. * CVE-2023-25737: Fixed invalid downcast in SVGUtils::SetupStrokeGeometry. * CVE-2023-25738: Fixed printing on Windows which could potentially crash Firefox with some device drivers. * CVE-2023-25739: Fixed use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext. * CVE-2023-25729: Fixed extensions opening external schemes without user knowledge. * CVE-2023-25732: Fixed out of bounds memory write from EncodeInputStream. * CVE-2023-25734: Fixed opening local .url files that causes unexpected network loads. * CVE-2023-25742: Fixed tab crash by Web Crypto ImportKey. * CVE-2023-25744: Fixed Memory safety bugs. * CVE-2023-25746: Fixed Memory safety bugs. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-461=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-461=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-461=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-461=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-461=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-461=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-461=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-461=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-461=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-461=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-461=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-461=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-devel-102.8.0-150200.152.78.1 * MozillaFirefox-branding-upstream-102.8.0-150200.152.78.1 * MozillaFirefox-translations-common-102.8.0-150200.152.78.1 * MozillaFirefox-translations-other-102.8.0-150200.152.78.1 * MozillaFirefox-102.8.0-150200.152.78.1 * MozillaFirefox-debugsource-102.8.0-150200.152.78.1 * MozillaFirefox-debuginfo-102.8.0-150200.152.78.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-102.8.0-150200.152.78.1 * MozillaFirefox-translations-other-102.8.0-150200.152.78.1 * MozillaFirefox-102.8.0-150200.152.78.1 * MozillaFirefox-debugsource-102.8.0-150200.152.78.1 * MozillaFirefox-debuginfo-102.8.0-150200.152.78.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le x86_64) * MozillaFirefox-devel-102.8.0-150200.152.78.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * MozillaFirefox-devel-102.8.0-150200.152.78.1 * MozillaFirefox-translations-common-102.8.0-150200.152.78.1 * MozillaFirefox-translations-other-102.8.0-150200.152.78.1 * MozillaFirefox-102.8.0-150200.152.78.1 * MozillaFirefox-debugsource-102.8.0-150200.152.78.1 * MozillaFirefox-debuginfo-102.8.0-150200.152.78.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * MozillaFirefox-devel-102.8.0-150200.152.78.1 * MozillaFirefox-translations-common-102.8.0-150200.152.78.1 * MozillaFirefox-translations-other-102.8.0-150200.152.78.1 * MozillaFirefox-102.8.0-150200.152.78.1 * MozillaFirefox-debugsource-102.8.0-150200.152.78.1 * MozillaFirefox-debuginfo-102.8.0-150200.152.78.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * MozillaFirefox-devel-102.8.0-150200.152.78.1 * MozillaFirefox-translations-common-102.8.0-150200.152.78.1 * MozillaFirefox-translations-other-102.8.0-150200.152.78.1 * MozillaFirefox-102.8.0-150200.152.78.1 * MozillaFirefox-debugsource-102.8.0-150200.152.78.1 * MozillaFirefox-debuginfo-102.8.0-150200.152.78.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * MozillaFirefox-devel-102.8.0-150200.152.78.1 * MozillaFirefox-translations-common-102.8.0-150200.152.78.1 * MozillaFirefox-translations-other-102.8.0-150200.152.78.1 * MozillaFirefox-102.8.0-150200.152.78.1 * MozillaFirefox-debugsource-102.8.0-150200.152.78.1 * MozillaFirefox-debuginfo-102.8.0-150200.152.78.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-devel-102.8.0-150200.152.78.1 * MozillaFirefox-translations-common-102.8.0-150200.152.78.1 * MozillaFirefox-translations-other-102.8.0-150200.152.78.1 * MozillaFirefox-102.8.0-150200.152.78.1 * MozillaFirefox-debugsource-102.8.0-150200.152.78.1 * MozillaFirefox-debuginfo-102.8.0-150200.152.78.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-102.8.0-150200.152.78.1 * MozillaFirefox-translations-other-102.8.0-150200.152.78.1 * MozillaFirefox-102.8.0-150200.152.78.1 * MozillaFirefox-debugsource-102.8.0-150200.152.78.1 * MozillaFirefox-debuginfo-102.8.0-150200.152.78.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le x86_64) * MozillaFirefox-devel-102.8.0-150200.152.78.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * MozillaFirefox-devel-102.8.0-150200.152.78.1 * MozillaFirefox-translations-common-102.8.0-150200.152.78.1 * MozillaFirefox-translations-other-102.8.0-150200.152.78.1 * MozillaFirefox-102.8.0-150200.152.78.1 * MozillaFirefox-debugsource-102.8.0-150200.152.78.1 * MozillaFirefox-debuginfo-102.8.0-150200.152.78.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * MozillaFirefox-devel-102.8.0-150200.152.78.1 * MozillaFirefox-translations-common-102.8.0-150200.152.78.1 * MozillaFirefox-translations-other-102.8.0-150200.152.78.1 * MozillaFirefox-102.8.0-150200.152.78.1 * MozillaFirefox-debugsource-102.8.0-150200.152.78.1 * MozillaFirefox-debuginfo-102.8.0-150200.152.78.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * MozillaFirefox-devel-102.8.0-150200.152.78.1 * MozillaFirefox-translations-common-102.8.0-150200.152.78.1 * MozillaFirefox-translations-other-102.8.0-150200.152.78.1 * MozillaFirefox-102.8.0-150200.152.78.1 * MozillaFirefox-debugsource-102.8.0-150200.152.78.1 * MozillaFirefox-debuginfo-102.8.0-150200.152.78.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * MozillaFirefox-devel-102.8.0-150200.152.78.1 * MozillaFirefox-translations-common-102.8.0-150200.152.78.1 * MozillaFirefox-translations-other-102.8.0-150200.152.78.1 * MozillaFirefox-102.8.0-150200.152.78.1 * MozillaFirefox-debugsource-102.8.0-150200.152.78.1 * MozillaFirefox-debuginfo-102.8.0-150200.152.78.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0767.html * https://www.suse.com/security/cve/CVE-2023-25728.html * https://www.suse.com/security/cve/CVE-2023-25729.html * https://www.suse.com/security/cve/CVE-2023-25730.html * https://www.suse.com/security/cve/CVE-2023-25732.html * https://www.suse.com/security/cve/CVE-2023-25734.html * https://www.suse.com/security/cve/CVE-2023-25735.html * https://www.suse.com/security/cve/CVE-2023-25737.html * https://www.suse.com/security/cve/CVE-2023-25738.html * https://www.suse.com/security/cve/CVE-2023-25739.html * https://www.suse.com/security/cve/CVE-2023-25742.html * https://www.suse.com/security/cve/CVE-2023-25743.html * https://www.suse.com/security/cve/CVE-2023-25744.html * https://www.suse.com/security/cve/CVE-2023-25746.html * https://bugzilla.suse.com/show_bug.cgi?id=1208138 * https://bugzilla.suse.com/show_bug.cgi?id=1208144 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 21 12:30:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 12:30:30 -0000 Subject: SUSE-SU-2023:0460-1: important: Security update for prometheus-ha_cluster_exporter Message-ID: <167698263001.5481.8496953922888408523@smelt2.suse.de> # Security update for prometheus-ha_cluster_exporter Announcement ID: SUSE-SU-2023:0460-1 Rating: important References: * #1208046 * #1208047 Cross-References: * CVE-2022-46146 CVSS scores: * CVE-2022-46146 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-46146 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SAP Applications Module 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for prometheus-ha_cluster_exporter fixes the following issues: Updated to version 1.3.1: * CVE-2022-46146: Fixed authentication bypass via cache poisoning in prometheus/exporter-toolkit (bsc#1208046, bsc#1208047). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SAP Applications Module 15-SP1 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2023-460=1 ## Package List: * SAP Applications Module 15-SP1 (aarch64 ppc64le s390x x86_64) * prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-150000.1.24.1 ## References: * https://www.suse.com/security/cve/CVE-2022-46146.html * https://bugzilla.suse.com/show_bug.cgi?id=1208046 * https://bugzilla.suse.com/show_bug.cgi?id=1208047 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 21 12:30:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 12:30:31 -0000 Subject: SUSE-RU-2023:0457-1: moderate: Recommended update for scap-security-guide Message-ID: <167698263148.5481.8424139151080301756@smelt2.suse.de> # Recommended update for scap-security-guide Announcement ID: SUSE-RU-2023:0457-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for scap-security-guide fixes the following issues: scap-security-guide was updated to 0.1.66 (jsc#ECO-3319) * Ubuntu 22.04 CIS * OL7 stig v2r9 update * Bump OL8 STIG version to V1R4 * Update RHEL7 STIG to V3R10 * Update RHEL8 STIG to V1R9 * Introduce CIS RHEL9 profiles * also various SUSE profile fixes were done ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-457=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2023-457=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-457=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-457=1 ## Package List: * openSUSE Leap 15.4 (noarch) * scap-security-guide-0.1.66-150000.1.56.1 * scap-security-guide-ubuntu-0.1.66-150000.1.56.1 * scap-security-guide-debian-0.1.66-150000.1.56.1 * scap-security-guide-redhat-0.1.66-150000.1.56.1 * SUSE Manager Client Tools for SLE Micro 5 (noarch) * scap-security-guide-0.1.66-150000.1.56.1 * Basesystem Module 15-SP4 (noarch) * scap-security-guide-0.1.66-150000.1.56.1 * scap-security-guide-ubuntu-0.1.66-150000.1.56.1 * scap-security-guide-debian-0.1.66-150000.1.56.1 * scap-security-guide-redhat-0.1.66-150000.1.56.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * scap-security-guide-0.1.66-150000.1.56.1 * scap-security-guide-ubuntu-0.1.66-150000.1.56.1 * scap-security-guide-debian-0.1.66-150000.1.56.1 * scap-security-guide-redhat-0.1.66-150000.1.56.1 ## References: * https://jira.suse.com/browse/ECO-3319 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 21 14:06:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 15:06:17 +0100 (CET) Subject: SUSE-SU-2023:0466-1: important: Security update for MozillaFirefox Message-ID: <20230221140617.AAB20FD89@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0466-1 Rating: important References: #1208138 #1208144 Cross-References: CVE-2023-0767 CVE-2023-25728 CVE-2023-25729 CVE-2023-25730 CVE-2023-25732 CVE-2023-25734 CVE-2023-25735 CVE-2023-25737 CVE-2023-25738 CVE-2023-25739 CVE-2023-25742 CVE-2023-25743 CVE-2023-25744 CVE-2023-25746 CVSS scores: CVE-2023-0767 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Updated to version 102.8.0 ESR (bsc#1208144): - CVE-2023-25728: Fixed content security policy leak in violation reports using iframes. - CVE-2023-25730: Fixed screen hijack via browser fullscreen mode. - CVE-2023-25743: Fixed Fullscreen notification not being shown in Firefox Focus. - CVE-2023-0767: Fixed arbitrary memory write via PKCS 12 in NSS. - CVE-2023-25735: Fixed potential use-after-free from compartment mismatch in SpiderMonkey. - CVE-2023-25737: Fixed invalid downcast in SVGUtils::SetupStrokeGeometry. - CVE-2023-25738: Fixed printing on Windows which could potentially crash Firefox with some device drivers. - CVE-2023-25739: Fixed use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext. - CVE-2023-25729: Fixed extensions opening external schemes without user knowledge. - CVE-2023-25732: Fixed out of bounds memory write from EncodeInputStream. - CVE-2023-25734: Fixed opening local .url files that causes unexpected network loads. - CVE-2023-25742: Fixed tab crash by Web Crypto ImportKey. - CVE-2023-25744: Fixed Memory safety bugs. - CVE-2023-25746: Fixed Memory safety bugs. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-466=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-466=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-466=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-466=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-466=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-102.8.0-112.150.1 MozillaFirefox-debugsource-102.8.0-112.150.1 MozillaFirefox-devel-102.8.0-112.150.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-102.8.0-112.150.1 MozillaFirefox-debuginfo-102.8.0-112.150.1 MozillaFirefox-debugsource-102.8.0-112.150.1 MozillaFirefox-devel-102.8.0-112.150.1 MozillaFirefox-translations-common-102.8.0-112.150.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.8.0-112.150.1 MozillaFirefox-debuginfo-102.8.0-112.150.1 MozillaFirefox-debugsource-102.8.0-112.150.1 MozillaFirefox-devel-102.8.0-112.150.1 MozillaFirefox-translations-common-102.8.0-112.150.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.8.0-112.150.1 MozillaFirefox-debuginfo-102.8.0-112.150.1 MozillaFirefox-debugsource-102.8.0-112.150.1 MozillaFirefox-devel-102.8.0-112.150.1 MozillaFirefox-translations-common-102.8.0-112.150.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-102.8.0-112.150.1 MozillaFirefox-debuginfo-102.8.0-112.150.1 MozillaFirefox-debugsource-102.8.0-112.150.1 MozillaFirefox-devel-102.8.0-112.150.1 MozillaFirefox-translations-common-102.8.0-112.150.1 References: https://www.suse.com/security/cve/CVE-2023-0767.html https://www.suse.com/security/cve/CVE-2023-25728.html https://www.suse.com/security/cve/CVE-2023-25729.html https://www.suse.com/security/cve/CVE-2023-25730.html https://www.suse.com/security/cve/CVE-2023-25732.html https://www.suse.com/security/cve/CVE-2023-25734.html https://www.suse.com/security/cve/CVE-2023-25735.html https://www.suse.com/security/cve/CVE-2023-25737.html https://www.suse.com/security/cve/CVE-2023-25738.html https://www.suse.com/security/cve/CVE-2023-25739.html https://www.suse.com/security/cve/CVE-2023-25742.html https://www.suse.com/security/cve/CVE-2023-25743.html https://www.suse.com/security/cve/CVE-2023-25744.html https://www.suse.com/security/cve/CVE-2023-25746.html https://bugzilla.suse.com/1208138 https://bugzilla.suse.com/1208144 From sle-updates at lists.suse.com Tue Feb 21 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 16:30:02 -0000 Subject: SUSE-SU-2018:4127-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) Message-ID: <167699700282.6841.6225170513832305761@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) Announcement ID: SUSE-SU-2018:4127-1 Rating: important References: * #1097356 Cross-References: * CVE-2018-5848 CVSS scores: * CVE-2018-5848 ( SUSE ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2018-5848 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 ESPOS 12-SP2 * SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.4.120-92_70 fixes one issue. The following security issue was fixed: * CVE-2018-5848: Fixed an unsigned integer overflow in wmi_set_ie. This could lead to a buffer overflow (bsc#1097356). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP2 zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2930=1 SUSE-SLE- SAP-12-SP2-2018-2931=1 SUSE-SLE-SAP-12-SP2-2018-2932=1 SUSE-SLE- SAP-12-SP2-2018-2933=1 SUSE-SLE-SAP-12-SP2-2018-2934=1 SUSE-SLE- SAP-12-SP2-2018-2935=1 SUSE-SLE-SAP-12-SP2-2018-2936=1 * SUSE Linux Enterprise Server 12 SP2 ESPOS 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-ESPOS-2018-2936=1 SUSE-SLE- SERVER-12-SP2-ESPOS-2018-2930=1 SUSE-SLE-SERVER-12-SP2-ESPOS-2018-2931=1 SUSE- SLE-SERVER-12-SP2-ESPOS-2018-2932=1 SUSE-SLE-SERVER-12-SP2-ESPOS-2018-2933=1 SUSE-SLE-SERVER-12-SP2-ESPOS-2018-2934=1 SUSE-SLE- SERVER-12-SP2-ESPOS-2018-2935=1 * SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2936=1 SUSE-SLE- SERVER-12-SP2-2018-2930=1 SUSE-SLE-SERVER-12-SP2-2018-2931=1 SUSE-SLE- SERVER-12-SP2-2018-2932=1 SUSE-SLE-SERVER-12-SP2-2018-2933=1 SUSE-SLE- SERVER-12-SP2-2018-2934=1 SUSE-SLE-SERVER-12-SP2-2018-2935=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP2 (x86_64) * kgraft-patch-4_4_103-92_53-default-12-2.1 * kgraft-patch-4_4_114-92_67-default-10-2.1 * kgraft-patch-4_4_103-92_56-default-12-2.1 * kgraft-patch-4_4_121-92_73-default-8-2.1 * kgraft-patch-4_4_120-92_70-default-9-2.1 * kgraft-patch-4_4_114-92_64-default-10-2.1 * kgraft-patch-4_4_121-92_80-default-8-2.1 * SUSE Linux Enterprise Server 12 SP2 ESPOS 12-SP2 (x86_64) * kgraft-patch-4_4_103-92_53-default-12-2.1 * kgraft-patch-4_4_114-92_67-default-10-2.1 * kgraft-patch-4_4_103-92_56-default-12-2.1 * kgraft-patch-4_4_121-92_73-default-8-2.1 * kgraft-patch-4_4_120-92_70-default-9-2.1 * kgraft-patch-4_4_114-92_64-default-10-2.1 * kgraft-patch-4_4_121-92_80-default-8-2.1 * SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2 (x86_64) * kgraft-patch-4_4_103-92_53-default-12-2.1 * kgraft-patch-4_4_114-92_67-default-10-2.1 * kgraft-patch-4_4_103-92_56-default-12-2.1 * kgraft-patch-4_4_121-92_73-default-8-2.1 * kgraft-patch-4_4_120-92_70-default-9-2.1 * kgraft-patch-4_4_114-92_64-default-10-2.1 * kgraft-patch-4_4_121-92_80-default-8-2.1 ## References: * https://www.suse.com/security/cve/CVE-2018-5848.html * https://bugzilla.suse.com/show_bug.cgi?id=1097356 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 21 20:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2023 20:30:03 -0000 Subject: SUSE-RU-2023:0473-1: moderate: Recommended update for libica, openssl-ibmca, openCryptoki Message-ID: <167701140342.30689.5969253484537922072@smelt2.suse.de> # Recommended update for libica, openssl-ibmca, openCryptoki Announcement ID: SUSE-RU-2023:0473-1 Rating: moderate References: * #1202365 Affected Products: * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains four features and has one recommended fix can now be installed. ## Description: This update for libica fixes the following issues: libica was upgraded to version 4.2.0 (jsc#PED-581, bsc#1202365). Note that the major library versions was changed from libica.so.3 to libica.so.4. Features: * Display build info via icainfo -v * New API function ica_get_build_version() * Display fips indication via icainfo -f * New API function ica_get_fips_indicator() * New API function ica_aes_gcm_initialize_fips() * New API function ica_aes_gcm_kma_get_iv() * New API function ica_get_msa_level() Upgrade to version 4.1.1 (jsc#PED-581, bsc#1202365). v4.1.1: * Fix aes-xts multi-part operations v4.1.0 * FIPS: make libica FIPS 140-3 compliant * New API function ica_ecdsa_sign_ex() * New icainfo output option -r Upgraded to version 4.0.3 (jsc#PED-581, jsc#PED-621, jsc#PED-629) v4.0.3 * Reduce the number of open file descriptors * Various bug fixes v4.0.2 * Various bug fixes v4.0.1 * Various bug fixes * Compute HMAC from installed library v4.0.0 * NO_SW_FALLBACKS is now the default for libica.so * Removed deprecated API functions including tests * Introduced 'const' for some API function parameters * icastats: new parm -k to display detailed counters This update also provides rebuilds of openssl-ibmca and openCryptoki against the new libica. openssl-ibmca was updated: * Upgraded to version 2.3.1 (jsc#PED-597) * Adjustments for libica 4.1.0 * First version including the provider * Fix for engine build without OpenSSL 3.0 sources * Fix PKEY segfault with OpenSSL 3.0 * Build against libica 4.0 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-473=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-473=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * openCryptoki-3.17.0-150400.4.8.1 * openCryptoki-64bit-debuginfo-3.17.0-150400.4.8.1 * openCryptoki-64bit-3.17.0-150400.4.8.1 * openCryptoki-debuginfo-3.17.0-150400.4.8.1 * openCryptoki-debugsource-3.17.0-150400.4.8.1 * openCryptoki-devel-3.17.0-150400.4.8.1 * openSUSE Leap 15.4 (s390x) * libica-devel-4.2.0-150400.3.3.1 * libica-devel-static-4.2.0-150400.3.3.1 * openssl-ibmca-debugsource-2.3.1-150400.4.3.1 * libica-tools-debuginfo-4.2.0-150400.3.3.1 * openssl-ibmca-2.3.1-150400.4.3.1 * libica-debugsource-4.2.0-150400.3.3.1 * libica4-4.2.0-150400.3.3.1 * libica4-debuginfo-4.2.0-150400.3.3.1 * openssl-ibmca-debuginfo-2.3.1-150400.4.3.1 * libica-tools-4.2.0-150400.3.3.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openCryptoki-debuginfo-3.17.0-150400.4.8.1 * openCryptoki-3.17.0-150400.4.8.1 * openCryptoki-debugsource-3.17.0-150400.4.8.1 * Server Applications Module 15-SP4 (ppc64le s390x) * openCryptoki-64bit-3.17.0-150400.4.8.1 * openCryptoki-64bit-debuginfo-3.17.0-150400.4.8.1 * Server Applications Module 15-SP4 (ppc64le s390x x86_64) * openCryptoki-devel-3.17.0-150400.4.8.1 * Server Applications Module 15-SP4 (s390x) * libica-devel-4.2.0-150400.3.3.1 * libica-devel-static-4.2.0-150400.3.3.1 * openssl-ibmca-debugsource-2.3.1-150400.4.3.1 * libica-tools-debuginfo-4.2.0-150400.3.3.1 * openssl-ibmca-2.3.1-150400.4.3.1 * libica-debugsource-4.2.0-150400.3.3.1 * libica4-4.2.0-150400.3.3.1 * libica4-debuginfo-4.2.0-150400.3.3.1 * openssl-ibmca-debuginfo-2.3.1-150400.4.3.1 * libica-tools-4.2.0-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1202365 * https://jira.suse.com/browse/PED-581 * https://jira.suse.com/browse/PED-597 * https://jira.suse.com/browse/PED-621 * https://jira.suse.com/browse/PED-629 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Feb 22 08:02:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2023 09:02:37 +0100 (CET) Subject: SUSE-CU-2023:426-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20230222080237.225F5F479@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:426-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.82 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.82 Severity : moderate Type : security References : 1202436 1207753 CVE-2022-48303 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - systemd-249.15-150400.8.22.1 updated - tar-1.34-150000.3.31.1 updated From sle-updates at lists.suse.com Wed Feb 22 08:02:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2023 09:02:46 +0100 (CET) Subject: SUSE-CU-2023:427-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230222080246.EF64AF479@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:427-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-3.2.59 , suse/sle-micro/5.4/toolbox:latest Container Release : 3.2.59 Severity : moderate Type : security References : 1202436 1207753 CVE-2022-48303 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - systemd-249.15-150400.8.22.1 updated - tar-1.34-150000.3.31.1 updated From sle-updates at lists.suse.com Wed Feb 22 08:03:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2023 09:03:55 +0100 (CET) Subject: SUSE-CU-2023:428-1: Security update of bci/dotnet-aspnet Message-ID: <20230222080355.2C6BDF479@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:428-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-29.1 , bci/dotnet-aspnet:6.0.14 , bci/dotnet-aspnet:6.0.14-29.1 Container Release : 29.1 Severity : moderate Type : security References : 1041090 1049382 1116658 1136234 1155141 1173404 1173409 1173410 1173471 1174465 1176547 1177955 1178807 1178943 1178944 1179025 1179203 1181122 1181644 1181872 1182790 1193951 CVE-2020-21913 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:927-1 Released: Tue Mar 23 14:07:06 2021 Summary: Recommended update for libreoffice Type: recommended Severity: moderate References: 1041090,1049382,1116658,1136234,1155141,1173404,1173409,1173410,1173471,1174465,1176547,1177955,1178807,1178943,1178944,1179025,1179203,1181122,1181644,1181872,1182790 This update for libreoffice provides the upgrade from version 6.4.5.2 to 7.1.1.2 (jsc#ECO-3150, bsc#1182790) libreoffice: - Image shown with different aspect ratio (bsc#1176547) - Text changes are reproducibly lost on PPTX with SmartArt (bsc#1181644) - Adjust to new Box2D and enable KDE on SUSE Linux Enterprise 15-SP3 or newer (jsc#ECO-3375) - Wrong bullet points in Impress (bsc#1174465) - SmartArt: text wrongly aligned, background boxes not quite right (bsc#1177955) - Update the SUSE color palette to reflect the new SUSE branding. (bsc#1181122, bsc#1173471) - SUSE Mint - SUSE Midnight Blue - SUSE Waterhole Blue - SUSE Persimmon - Fix a crash opening a PPTX. (bsc#1179025) - Fix text box from PowerPoint renders vertically instead of horizontally (bsc#1178807) - Shadow effects for table completely missing (bsc#1178944, bsc#1178943) - Disable firebird integration for the time being (bsc#1179203) - Fixes hang on Writer on scrolling/saving of a document (bsc#1136234) - Wrong rendering of bulleted lists in PPTX document (bsc#1155141) - Sidebar: paragraph widget: numeric fields become inactive/unaccessible after saving (bsc#1173404) - Crash of Writer opening any document having 'invalid' python file in home directory (bsc#1116658) libixion: Update to 0.16.1: - fixed a build issue on 32-bit linux platforms, caused by slicing of integer string ID values. - worked around floating point rounding errors which prevented two theoretically-equal numeric values from being evaluated as equal in test code. - added new function to allow printing of single formula tokens. - added method for setting cached results on formula cells in model_context. - changed the model_context design to ensure that all sheets are of the same size. - added an accessor method to formula_model_access interface (and implicitly in model_context) that directly returns a string value from cell. - added cell_access class for querying of cell states without knowing its type ahead of time. - added document class which provides a layer on top of model_context, to abstract away the handling of formula calculations. - deprecated model_context::erase_cell() in favor of empty_cell(). - added support for 3D references - references that contain multiple sheets. - added support for the exponent (^) and concatenation (&) operators. - fixed incorrect handling of range references containing whole columns such as A:A. - added support for unordered range references - range references whose start row or column is greater than their end position counterparts, such as A3:A1. - fixed a bug that prevented nested formula functions from working properly. - implemented Calc A1 style reference resolver. - formula results now directly store the string values when the results are of string type. They previously stored string ID values after interning the original strings. - Removed build-time dependency on spdlog. libmwaw: Update to 0.3.17: - add a parser for Jazz(Lotus) writer and spreasheet files. The writer parser can only be called if the file still contains its resource fork - add a parser for Canvas 3 and 3.5 files - AppleWorks parser: try to retrieve more Windows presentation - add a parser for Drawing Table files - add a parser for Canvas 2 files - API: add new reserved enums in MWAWDocument.hxx `MWAW_T_RESERVED10..MWAW_T_RESERVED29` and add a new define in libmwaw.hxx `MWAW_INTERFACE_VERSION` to check if these enums are defined - remove the QuarkXPress parser (must be in libqxp) - retrieve the annotation in MsWord 5 document - try to better understand RagTime 5-6 document libnumbertext: Update to 1.0.6 liborcus: Update to 0.16.1 - Add upstream changes to fix build with GCC 11 (bsc#1181872) libstaroffice: Update to 0.0.7: - fix `text:sender-lastname` when creating meta-data libwps: Update to 0.4.11: - XYWrite: add a parser to .fil v2 and v4 files - wks,wk1: correct some problems when retrieving cell's reference. glfw: New package provided on version 3.3.2: - See also: https://www.glfw.org/changelog.html - Sort list of input files to geany for reproducible builds (bsc#1049382, bsc#1041090) * Require pkgconfig(gl) for the devel package to supply needed include GL/gl.h * glfwFocusWindow could terminate on older WMs or without a WM * Creating an undecorated window could fail with BadMatch * Querying a disconnected monitor could segfault * Video modes with a duplicate screen area were discarded * The CMake files did not check for the XInput headers * Key names were not updated when the keyboard layout changed * Decorations could not be enabled after window creation * Content scale fallback value could be inconsistent * Disabled cursor mode was interrupted by indicator windows * Monitor physical dimensions could be reported as zero mm * Window position events were not emitted during resizing * Added on-demand loading of Vulkan and context creation API libraries * [X11] Bugfix: Window size limits were ignored if the minimum or maximum size was set to `GLFW_DONT_CARE` * [X11] Bugfix: Input focus was set before window was visible, causing BadMatch on some non-reparenting WMs * [X11] Bugfix: glfwGetWindowPos and glfwSetWindowPos operated on the window frame instead of the client area * [WGL] Added reporting of errors from `WGL_ARB_create_context` extension * [EGL] Added lib prefix matching between EGL and OpenGL ES library binaries * [EGL] Bugfix: Dynamically loaded entry points were not verified - Made build of geany-tags optional. Box2D: New package provided on version 2.4.1: * Extended distance joint to have a minimum and maximum limit. * `B2_USER_SETTINGS` and `b2_user_settings.h` can control user data, length units, and maximum polygon vertices. * Default user data is now uintptr_t instead of void* * b2FixtureDef::restitutionThreshold lets you set the restitution velocity threshold per fixture. * Collision * Chain and edge shape must now be one-sided to eliminate ghost collisions * Broad-phase optimizations * Added b2ShapeCast for linear shape casting * Dynamics * Joint limits are now predictive and not stateful * Experimental 2D cloth (rope) * b2Body::SetActive -> b2Body::SetEnabled * Better support for running multiple worlds * Handle zero density better * The body behaves like a static body * The body is drawn with a red color * Added translation limit to wheel joint * World dump now writes to box2d_dump.inl * Static bodies are never awake * All joints with spring-dampers now use stiffness and damping * Added utility functions to convert frequency and damping ratio to stiffness and damping * Polygon creation now computes the convex hull. * The convex hull code will merge vertices closer than dm_linearSlop. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3142-1 Released: Wed Sep 7 09:54:18 2022 Summary: Security update for icu Type: security Severity: moderate References: 1193951,CVE-2020-21913 This update for icu fixes the following issues: - CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free (bsc#1193951). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - libsystemd0-249.15-150400.8.22.1 updated - libicu65_1-ledata-65.1-150200.4.5.1 added - libicu-suse65_1-65.1-150200.4.5.1 added - container:sles15-image-15.0.0-27.14.36 updated - libicu69-69.1-7.3.2 removed - libicu69-ledata-69.1-7.3.2 removed From sle-updates at lists.suse.com Wed Feb 22 08:04:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2023 09:04:39 +0100 (CET) Subject: SUSE-CU-2023:430-1: Security update of bci/dotnet-sdk Message-ID: <20230222080439.2FC42F479@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:430-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-31.1 , bci/dotnet-sdk:6.0.14 , bci/dotnet-sdk:6.0.14-31.1 Container Release : 31.1 Severity : moderate Type : security References : 1041090 1049382 1116658 1136234 1155141 1173404 1173409 1173410 1173471 1174465 1176547 1177955 1178807 1178943 1178944 1179025 1179203 1181122 1181644 1181872 1182790 1193951 CVE-2020-21913 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:927-1 Released: Tue Mar 23 14:07:06 2021 Summary: Recommended update for libreoffice Type: recommended Severity: moderate References: 1041090,1049382,1116658,1136234,1155141,1173404,1173409,1173410,1173471,1174465,1176547,1177955,1178807,1178943,1178944,1179025,1179203,1181122,1181644,1181872,1182790 This update for libreoffice provides the upgrade from version 6.4.5.2 to 7.1.1.2 (jsc#ECO-3150, bsc#1182790) libreoffice: - Image shown with different aspect ratio (bsc#1176547) - Text changes are reproducibly lost on PPTX with SmartArt (bsc#1181644) - Adjust to new Box2D and enable KDE on SUSE Linux Enterprise 15-SP3 or newer (jsc#ECO-3375) - Wrong bullet points in Impress (bsc#1174465) - SmartArt: text wrongly aligned, background boxes not quite right (bsc#1177955) - Update the SUSE color palette to reflect the new SUSE branding. (bsc#1181122, bsc#1173471) - SUSE Mint - SUSE Midnight Blue - SUSE Waterhole Blue - SUSE Persimmon - Fix a crash opening a PPTX. (bsc#1179025) - Fix text box from PowerPoint renders vertically instead of horizontally (bsc#1178807) - Shadow effects for table completely missing (bsc#1178944, bsc#1178943) - Disable firebird integration for the time being (bsc#1179203) - Fixes hang on Writer on scrolling/saving of a document (bsc#1136234) - Wrong rendering of bulleted lists in PPTX document (bsc#1155141) - Sidebar: paragraph widget: numeric fields become inactive/unaccessible after saving (bsc#1173404) - Crash of Writer opening any document having 'invalid' python file in home directory (bsc#1116658) libixion: Update to 0.16.1: - fixed a build issue on 32-bit linux platforms, caused by slicing of integer string ID values. - worked around floating point rounding errors which prevented two theoretically-equal numeric values from being evaluated as equal in test code. - added new function to allow printing of single formula tokens. - added method for setting cached results on formula cells in model_context. - changed the model_context design to ensure that all sheets are of the same size. - added an accessor method to formula_model_access interface (and implicitly in model_context) that directly returns a string value from cell. - added cell_access class for querying of cell states without knowing its type ahead of time. - added document class which provides a layer on top of model_context, to abstract away the handling of formula calculations. - deprecated model_context::erase_cell() in favor of empty_cell(). - added support for 3D references - references that contain multiple sheets. - added support for the exponent (^) and concatenation (&) operators. - fixed incorrect handling of range references containing whole columns such as A:A. - added support for unordered range references - range references whose start row or column is greater than their end position counterparts, such as A3:A1. - fixed a bug that prevented nested formula functions from working properly. - implemented Calc A1 style reference resolver. - formula results now directly store the string values when the results are of string type. They previously stored string ID values after interning the original strings. - Removed build-time dependency on spdlog. libmwaw: Update to 0.3.17: - add a parser for Jazz(Lotus) writer and spreasheet files. The writer parser can only be called if the file still contains its resource fork - add a parser for Canvas 3 and 3.5 files - AppleWorks parser: try to retrieve more Windows presentation - add a parser for Drawing Table files - add a parser for Canvas 2 files - API: add new reserved enums in MWAWDocument.hxx `MWAW_T_RESERVED10..MWAW_T_RESERVED29` and add a new define in libmwaw.hxx `MWAW_INTERFACE_VERSION` to check if these enums are defined - remove the QuarkXPress parser (must be in libqxp) - retrieve the annotation in MsWord 5 document - try to better understand RagTime 5-6 document libnumbertext: Update to 1.0.6 liborcus: Update to 0.16.1 - Add upstream changes to fix build with GCC 11 (bsc#1181872) libstaroffice: Update to 0.0.7: - fix `text:sender-lastname` when creating meta-data libwps: Update to 0.4.11: - XYWrite: add a parser to .fil v2 and v4 files - wks,wk1: correct some problems when retrieving cell's reference. glfw: New package provided on version 3.3.2: - See also: https://www.glfw.org/changelog.html - Sort list of input files to geany for reproducible builds (bsc#1049382, bsc#1041090) * Require pkgconfig(gl) for the devel package to supply needed include GL/gl.h * glfwFocusWindow could terminate on older WMs or without a WM * Creating an undecorated window could fail with BadMatch * Querying a disconnected monitor could segfault * Video modes with a duplicate screen area were discarded * The CMake files did not check for the XInput headers * Key names were not updated when the keyboard layout changed * Decorations could not be enabled after window creation * Content scale fallback value could be inconsistent * Disabled cursor mode was interrupted by indicator windows * Monitor physical dimensions could be reported as zero mm * Window position events were not emitted during resizing * Added on-demand loading of Vulkan and context creation API libraries * [X11] Bugfix: Window size limits were ignored if the minimum or maximum size was set to `GLFW_DONT_CARE` * [X11] Bugfix: Input focus was set before window was visible, causing BadMatch on some non-reparenting WMs * [X11] Bugfix: glfwGetWindowPos and glfwSetWindowPos operated on the window frame instead of the client area * [WGL] Added reporting of errors from `WGL_ARB_create_context` extension * [EGL] Added lib prefix matching between EGL and OpenGL ES library binaries * [EGL] Bugfix: Dynamically loaded entry points were not verified - Made build of geany-tags optional. Box2D: New package provided on version 2.4.1: * Extended distance joint to have a minimum and maximum limit. * `B2_USER_SETTINGS` and `b2_user_settings.h` can control user data, length units, and maximum polygon vertices. * Default user data is now uintptr_t instead of void* * b2FixtureDef::restitutionThreshold lets you set the restitution velocity threshold per fixture. * Collision * Chain and edge shape must now be one-sided to eliminate ghost collisions * Broad-phase optimizations * Added b2ShapeCast for linear shape casting * Dynamics * Joint limits are now predictive and not stateful * Experimental 2D cloth (rope) * b2Body::SetActive -> b2Body::SetEnabled * Better support for running multiple worlds * Handle zero density better * The body behaves like a static body * The body is drawn with a red color * Added translation limit to wheel joint * World dump now writes to box2d_dump.inl * Static bodies are never awake * All joints with spring-dampers now use stiffness and damping * Added utility functions to convert frequency and damping ratio to stiffness and damping * Polygon creation now computes the convex hull. * The convex hull code will merge vertices closer than dm_linearSlop. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3142-1 Released: Wed Sep 7 09:54:18 2022 Summary: Security update for icu Type: security Severity: moderate References: 1193951,CVE-2020-21913 This update for icu fixes the following issues: - CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free (bsc#1193951). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - libsystemd0-249.15-150400.8.22.1 updated - libicu65_1-ledata-65.1-150200.4.5.1 added - libicu-suse65_1-65.1-150200.4.5.1 added - container:sles15-image-15.0.0-27.14.36 updated - libicu69-69.1-7.3.2 removed - libicu69-ledata-69.1-7.3.2 removed From sle-updates at lists.suse.com Wed Feb 22 08:05:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2023 09:05:19 +0100 (CET) Subject: SUSE-CU-2023:432-1: Security update of bci/dotnet-runtime Message-ID: <20230222080519.247BEF479@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:432-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-28.1 , bci/dotnet-runtime:6.0.14 , bci/dotnet-runtime:6.0.14-28.1 Container Release : 28.1 Severity : moderate Type : security References : 1041090 1049382 1116658 1136234 1155141 1173404 1173409 1173410 1173471 1174465 1176547 1177955 1178807 1178943 1178944 1179025 1179203 1181122 1181644 1181872 1182790 1193951 CVE-2020-21913 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:927-1 Released: Tue Mar 23 14:07:06 2021 Summary: Recommended update for libreoffice Type: recommended Severity: moderate References: 1041090,1049382,1116658,1136234,1155141,1173404,1173409,1173410,1173471,1174465,1176547,1177955,1178807,1178943,1178944,1179025,1179203,1181122,1181644,1181872,1182790 This update for libreoffice provides the upgrade from version 6.4.5.2 to 7.1.1.2 (jsc#ECO-3150, bsc#1182790) libreoffice: - Image shown with different aspect ratio (bsc#1176547) - Text changes are reproducibly lost on PPTX with SmartArt (bsc#1181644) - Adjust to new Box2D and enable KDE on SUSE Linux Enterprise 15-SP3 or newer (jsc#ECO-3375) - Wrong bullet points in Impress (bsc#1174465) - SmartArt: text wrongly aligned, background boxes not quite right (bsc#1177955) - Update the SUSE color palette to reflect the new SUSE branding. (bsc#1181122, bsc#1173471) - SUSE Mint - SUSE Midnight Blue - SUSE Waterhole Blue - SUSE Persimmon - Fix a crash opening a PPTX. (bsc#1179025) - Fix text box from PowerPoint renders vertically instead of horizontally (bsc#1178807) - Shadow effects for table completely missing (bsc#1178944, bsc#1178943) - Disable firebird integration for the time being (bsc#1179203) - Fixes hang on Writer on scrolling/saving of a document (bsc#1136234) - Wrong rendering of bulleted lists in PPTX document (bsc#1155141) - Sidebar: paragraph widget: numeric fields become inactive/unaccessible after saving (bsc#1173404) - Crash of Writer opening any document having 'invalid' python file in home directory (bsc#1116658) libixion: Update to 0.16.1: - fixed a build issue on 32-bit linux platforms, caused by slicing of integer string ID values. - worked around floating point rounding errors which prevented two theoretically-equal numeric values from being evaluated as equal in test code. - added new function to allow printing of single formula tokens. - added method for setting cached results on formula cells in model_context. - changed the model_context design to ensure that all sheets are of the same size. - added an accessor method to formula_model_access interface (and implicitly in model_context) that directly returns a string value from cell. - added cell_access class for querying of cell states without knowing its type ahead of time. - added document class which provides a layer on top of model_context, to abstract away the handling of formula calculations. - deprecated model_context::erase_cell() in favor of empty_cell(). - added support for 3D references - references that contain multiple sheets. - added support for the exponent (^) and concatenation (&) operators. - fixed incorrect handling of range references containing whole columns such as A:A. - added support for unordered range references - range references whose start row or column is greater than their end position counterparts, such as A3:A1. - fixed a bug that prevented nested formula functions from working properly. - implemented Calc A1 style reference resolver. - formula results now directly store the string values when the results are of string type. They previously stored string ID values after interning the original strings. - Removed build-time dependency on spdlog. libmwaw: Update to 0.3.17: - add a parser for Jazz(Lotus) writer and spreasheet files. The writer parser can only be called if the file still contains its resource fork - add a parser for Canvas 3 and 3.5 files - AppleWorks parser: try to retrieve more Windows presentation - add a parser for Drawing Table files - add a parser for Canvas 2 files - API: add new reserved enums in MWAWDocument.hxx `MWAW_T_RESERVED10..MWAW_T_RESERVED29` and add a new define in libmwaw.hxx `MWAW_INTERFACE_VERSION` to check if these enums are defined - remove the QuarkXPress parser (must be in libqxp) - retrieve the annotation in MsWord 5 document - try to better understand RagTime 5-6 document libnumbertext: Update to 1.0.6 liborcus: Update to 0.16.1 - Add upstream changes to fix build with GCC 11 (bsc#1181872) libstaroffice: Update to 0.0.7: - fix `text:sender-lastname` when creating meta-data libwps: Update to 0.4.11: - XYWrite: add a parser to .fil v2 and v4 files - wks,wk1: correct some problems when retrieving cell's reference. glfw: New package provided on version 3.3.2: - See also: https://www.glfw.org/changelog.html - Sort list of input files to geany for reproducible builds (bsc#1049382, bsc#1041090) * Require pkgconfig(gl) for the devel package to supply needed include GL/gl.h * glfwFocusWindow could terminate on older WMs or without a WM * Creating an undecorated window could fail with BadMatch * Querying a disconnected monitor could segfault * Video modes with a duplicate screen area were discarded * The CMake files did not check for the XInput headers * Key names were not updated when the keyboard layout changed * Decorations could not be enabled after window creation * Content scale fallback value could be inconsistent * Disabled cursor mode was interrupted by indicator windows * Monitor physical dimensions could be reported as zero mm * Window position events were not emitted during resizing * Added on-demand loading of Vulkan and context creation API libraries * [X11] Bugfix: Window size limits were ignored if the minimum or maximum size was set to `GLFW_DONT_CARE` * [X11] Bugfix: Input focus was set before window was visible, causing BadMatch on some non-reparenting WMs * [X11] Bugfix: glfwGetWindowPos and glfwSetWindowPos operated on the window frame instead of the client area * [WGL] Added reporting of errors from `WGL_ARB_create_context` extension * [EGL] Added lib prefix matching between EGL and OpenGL ES library binaries * [EGL] Bugfix: Dynamically loaded entry points were not verified - Made build of geany-tags optional. Box2D: New package provided on version 2.4.1: * Extended distance joint to have a minimum and maximum limit. * `B2_USER_SETTINGS` and `b2_user_settings.h` can control user data, length units, and maximum polygon vertices. * Default user data is now uintptr_t instead of void* * b2FixtureDef::restitutionThreshold lets you set the restitution velocity threshold per fixture. * Collision * Chain and edge shape must now be one-sided to eliminate ghost collisions * Broad-phase optimizations * Added b2ShapeCast for linear shape casting * Dynamics * Joint limits are now predictive and not stateful * Experimental 2D cloth (rope) * b2Body::SetActive -> b2Body::SetEnabled * Better support for running multiple worlds * Handle zero density better * The body behaves like a static body * The body is drawn with a red color * Added translation limit to wheel joint * World dump now writes to box2d_dump.inl * Static bodies are never awake * All joints with spring-dampers now use stiffness and damping * Added utility functions to convert frequency and damping ratio to stiffness and damping * Polygon creation now computes the convex hull. * The convex hull code will merge vertices closer than dm_linearSlop. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3142-1 Released: Wed Sep 7 09:54:18 2022 Summary: Security update for icu Type: security Severity: moderate References: 1193951,CVE-2020-21913 This update for icu fixes the following issues: - CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free (bsc#1193951). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - libsystemd0-249.15-150400.8.22.1 updated - libicu65_1-ledata-65.1-150200.4.5.1 added - libicu-suse65_1-65.1-150200.4.5.1 added - container:sles15-image-15.0.0-27.14.36 updated - libicu69-69.1-7.3.2 removed - libicu69-ledata-69.1-7.3.2 removed From sle-updates at lists.suse.com Wed Feb 22 08:05:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2023 09:05:52 +0100 (CET) Subject: SUSE-CU-2023:434-1: Recommended update of bci/golang Message-ID: <20230222080552.E6DAAF479@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:434-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-19.37 Container Release : 19.37 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - libudev1-249.15-150400.8.22.1 updated - libsystemd0-249.15-150400.8.22.1 updated - container:sles15-image-15.0.0-27.14.36 updated From sle-updates at lists.suse.com Wed Feb 22 08:06:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2023 09:06:26 +0100 (CET) Subject: SUSE-CU-2023:435-1: Recommended update of bci/bci-init Message-ID: <20230222080626.952EBF479@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:435-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.25.17 , bci/bci-init:latest Container Release : 25.17 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - libudev1-249.15-150400.8.22.1 updated - libsystemd0-249.15-150400.8.22.1 updated - systemd-249.15-150400.8.22.1 updated - container:sles15-image-15.0.0-27.14.36 updated From sle-updates at lists.suse.com Wed Feb 22 08:07:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2023 09:07:44 +0100 (CET) Subject: SUSE-CU-2023:438-1: Recommended update of bci/rust Message-ID: <20230222080744.2DC06F479@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:438-1 Container Tags : bci/rust:1.66 , bci/rust:1.66-3.6 Container Release : 3.6 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - libsystemd0-249.15-150400.8.22.1 updated - container:sles15-image-15.0.0-27.14.36 updated From sle-updates at lists.suse.com Wed Feb 22 08:07:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2023 09:07:52 +0100 (CET) Subject: SUSE-CU-2023:447-1: Recommended update of bci/bci-init Message-ID: <20230222080752.98F1DF479@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:447-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.3.1 Container Release : 3.1 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. The following package changes have been done: - libz1-1.2.13-150500.1.8 updated - libuuid1-2.37.4-150500.7.3 updated - libsmartcols1-2.37.4-150500.7.3 updated - libblkid1-2.37.4-150500.7.3 updated - libgcrypt20-1.9.4-150500.10.9 updated - libgcrypt20-hmac-1.9.4-150500.10.9 updated - libfdisk1-2.37.4-150500.7.3 updated - libudev1-249.15-150400.8.22.1 updated - libsystemd0-249.15-150400.8.22.1 updated - libopenssl1_1-1.1.1l-150500.12.2 updated - libopenssl1_1-hmac-1.1.1l-150500.12.2 updated - libmount1-2.37.4-150500.7.3 updated - krb5-1.20.1-150500.1.1 updated - sles-release-15.5-150500.28.14 updated - util-linux-2.37.4-150500.7.3 updated - systemd-249.15-150400.8.22.1 updated - container:sles15-image-15.0.0-33.2.27 updated From sle-updates at lists.suse.com Wed Feb 22 08:08:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2023 09:08:20 +0100 (CET) Subject: SUSE-CU-2023:457-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20230222080820.7A97CF479@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:457-1 Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.353 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.353 Severity : moderate Type : security References : 1202436 1207753 CVE-2022-48303 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). The following package changes have been done: - tar-1.34-150000.3.31.1 updated From sle-updates at lists.suse.com Wed Feb 22 08:08:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2023 09:08:38 +0100 (CET) Subject: SUSE-CU-2023:458-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230222080838.81CF7F479@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:458-1 Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.175 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.175 Severity : moderate Type : security References : 1202436 1207753 CVE-2022-48303 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). The following package changes have been done: - tar-1.34-150000.3.31.1 updated From sle-updates at lists.suse.com Wed Feb 22 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2023 12:30:04 -0000 Subject: SUSE-SU-2023:0476-1: important: Security update for php7 Message-ID: <167706900488.12095.13039019823838851488@smelt2.suse.de> # Security update for php7 Announcement ID: SUSE-SU-2023:0476-1 Rating: important References: * #1206958 * #1208366 * #1208367 * #1208388 Cross-References: * CVE-2022-31631 * CVE-2023-0567 * CVE-2023-0568 * CVE-2023-0662 CVSS scores: * CVE-2022-31631 ( SUSE ): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L * CVE-2023-0567 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0568 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-0568 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-0662 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0662 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves four vulnerabilities can now be installed. ## Description: This update for php7 fixes the following issues: * CVE-2022-31631: Fixed an issue where PDO::quote would return an unquoted string (bsc#1206958). * CVE-2023-0568: Fixed NULL byte off-by-one in php_check_specific_open_basedir (bnc#1208366). * CVE-2023-0662: Fixed DoS vulnerability when parsing multipart request body (bnc#1208367). * CVE-2023-0567: Fixed vulnerability where BCrypt hashes erroneously validate if the salt is cut short by `$` (bsc#1208388). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-476=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-476=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-476=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-476=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-476=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-476=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-476=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-476=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-476=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-476=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-476=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * php7-firebird-7.4.33-150200.3.51.1 * php7-firebird-debuginfo-7.4.33-150200.3.51.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * php7-sysvsem-debuginfo-7.4.33-150200.3.51.1 * php7-sqlite-7.4.33-150200.3.51.1 * php7-ftp-7.4.33-150200.3.51.1 * php7-json-7.4.33-150200.3.51.1 * php7-snmp-debuginfo-7.4.33-150200.3.51.1 * php7-odbc-debuginfo-7.4.33-150200.3.51.1 * php7-fpm-debuginfo-7.4.33-150200.3.51.1 * php7-gd-7.4.33-150200.3.51.1 * php7-posix-7.4.33-150200.3.51.1 * php7-dom-debuginfo-7.4.33-150200.3.51.1 * php7-curl-debuginfo-7.4.33-150200.3.51.1 * php7-pdo-debuginfo-7.4.33-150200.3.51.1 * php7-calendar-debuginfo-7.4.33-150200.3.51.1 * php7-xmlwriter-7.4.33-150200.3.51.1 * php7-pdo-7.4.33-150200.3.51.1 * php7-soap-debuginfo-7.4.33-150200.3.51.1 * php7-bz2-7.4.33-150200.3.51.1 * apache2-mod_php7-7.4.33-150200.3.51.1 * php7-devel-7.4.33-150200.3.51.1 * php7-zip-debuginfo-7.4.33-150200.3.51.1 * php7-ldap-debuginfo-7.4.33-150200.3.51.1 * php7-json-debuginfo-7.4.33-150200.3.51.1 * php7-fastcgi-7.4.33-150200.3.51.1 * apache2-mod_php7-debuginfo-7.4.33-150200.3.51.1 * php7-intl-7.4.33-150200.3.51.1 * php7-shmop-7.4.33-150200.3.51.1 * php7-sysvshm-7.4.33-150200.3.51.1 * php7-tokenizer-debuginfo-7.4.33-150200.3.51.1 * php7-bz2-debuginfo-7.4.33-150200.3.51.1 * php7-mysql-7.4.33-150200.3.51.1 * php7-ctype-debuginfo-7.4.33-150200.3.51.1 * php7-opcache-7.4.33-150200.3.51.1 * php7-sodium-debuginfo-7.4.33-150200.3.51.1 * php7-dba-debuginfo-7.4.33-150200.3.51.1 * php7-ftp-debuginfo-7.4.33-150200.3.51.1 * php7-sysvshm-debuginfo-7.4.33-150200.3.51.1 * php7-odbc-7.4.33-150200.3.51.1 * php7-opcache-debuginfo-7.4.33-150200.3.51.1 * php7-exif-debuginfo-7.4.33-150200.3.51.1 * php7-7.4.33-150200.3.51.1 * php7-sysvmsg-7.4.33-150200.3.51.1 * php7-zlib-debuginfo-7.4.33-150200.3.51.1 * php7-fileinfo-debuginfo-7.4.33-150200.3.51.1 * php7-fileinfo-7.4.33-150200.3.51.1 * php7-enchant-7.4.33-150200.3.51.1 * php7-debugsource-7.4.33-150200.3.51.1 * php7-openssl-7.4.33-150200.3.51.1 * php7-tidy-debuginfo-7.4.33-150200.3.51.1 * php7-pcntl-7.4.33-150200.3.51.1 * php7-tokenizer-7.4.33-150200.3.51.1 * php7-xmlwriter-debuginfo-7.4.33-150200.3.51.1 * php7-ctype-7.4.33-150200.3.51.1 * php7-xmlrpc-debuginfo-7.4.33-150200.3.51.1 * php7-fastcgi-debuginfo-7.4.33-150200.3.51.1 * php7-sysvsem-7.4.33-150200.3.51.1 * php7-enchant-debuginfo-7.4.33-150200.3.51.1 * php7-iconv-debuginfo-7.4.33-150200.3.51.1 * php7-sockets-debuginfo-7.4.33-150200.3.51.1 * php7-zlib-7.4.33-150200.3.51.1 * php7-sysvmsg-debuginfo-7.4.33-150200.3.51.1 * php7-xsl-debuginfo-7.4.33-150200.3.51.1 * php7-shmop-debuginfo-7.4.33-150200.3.51.1 * php7-gmp-7.4.33-150200.3.51.1 * php7-pgsql-debuginfo-7.4.33-150200.3.51.1 * php7-gettext-debuginfo-7.4.33-150200.3.51.1 * php7-mbstring-7.4.33-150200.3.51.1 * php7-xmlreader-debuginfo-7.4.33-150200.3.51.1 * php7-debuginfo-7.4.33-150200.3.51.1 * php7-ldap-7.4.33-150200.3.51.1 * php7-bcmath-7.4.33-150200.3.51.1 * php7-bcmath-debuginfo-7.4.33-150200.3.51.1 * php7-sockets-7.4.33-150200.3.51.1 * php7-gd-debuginfo-7.4.33-150200.3.51.1 * php7-mysql-debuginfo-7.4.33-150200.3.51.1 * php7-pcntl-debuginfo-7.4.33-150200.3.51.1 * php7-xmlreader-7.4.33-150200.3.51.1 * php7-openssl-debuginfo-7.4.33-150200.3.51.1 * php7-soap-7.4.33-150200.3.51.1 * php7-mbstring-debuginfo-7.4.33-150200.3.51.1 * php7-gmp-debuginfo-7.4.33-150200.3.51.1 * php7-exif-7.4.33-150200.3.51.1 * php7-intl-debuginfo-7.4.33-150200.3.51.1 * php7-dba-7.4.33-150200.3.51.1 * php7-iconv-7.4.33-150200.3.51.1 * php7-pgsql-7.4.33-150200.3.51.1 * php7-tidy-7.4.33-150200.3.51.1 * php7-readline-debuginfo-7.4.33-150200.3.51.1 * php7-curl-7.4.33-150200.3.51.1 * php7-zip-7.4.33-150200.3.51.1 * php7-calendar-7.4.33-150200.3.51.1 * php7-dom-7.4.33-150200.3.51.1 * php7-snmp-7.4.33-150200.3.51.1 * php7-phar-debuginfo-7.4.33-150200.3.51.1 * php7-sodium-7.4.33-150200.3.51.1 * php7-posix-debuginfo-7.4.33-150200.3.51.1 * php7-gettext-7.4.33-150200.3.51.1 * php7-phar-7.4.33-150200.3.51.1 * php7-xsl-7.4.33-150200.3.51.1 * php7-sqlite-debuginfo-7.4.33-150200.3.51.1 * php7-fpm-7.4.33-150200.3.51.1 * php7-readline-7.4.33-150200.3.51.1 * php7-xmlrpc-7.4.33-150200.3.51.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * php7-sysvsem-debuginfo-7.4.33-150200.3.51.1 * php7-sqlite-7.4.33-150200.3.51.1 * php7-ftp-7.4.33-150200.3.51.1 * php7-json-7.4.33-150200.3.51.1 * php7-snmp-debuginfo-7.4.33-150200.3.51.1 * php7-odbc-debuginfo-7.4.33-150200.3.51.1 * php7-fpm-debuginfo-7.4.33-150200.3.51.1 * php7-gd-7.4.33-150200.3.51.1 * php7-posix-7.4.33-150200.3.51.1 * php7-dom-debuginfo-7.4.33-150200.3.51.1 * php7-curl-debuginfo-7.4.33-150200.3.51.1 * php7-pdo-debuginfo-7.4.33-150200.3.51.1 * php7-calendar-debuginfo-7.4.33-150200.3.51.1 * php7-xmlwriter-7.4.33-150200.3.51.1 * php7-pdo-7.4.33-150200.3.51.1 * php7-soap-debuginfo-7.4.33-150200.3.51.1 * php7-bz2-7.4.33-150200.3.51.1 * apache2-mod_php7-7.4.33-150200.3.51.1 * php7-devel-7.4.33-150200.3.51.1 * php7-zip-debuginfo-7.4.33-150200.3.51.1 * php7-ldap-debuginfo-7.4.33-150200.3.51.1 * php7-json-debuginfo-7.4.33-150200.3.51.1 * php7-fastcgi-7.4.33-150200.3.51.1 * apache2-mod_php7-debuginfo-7.4.33-150200.3.51.1 * php7-intl-7.4.33-150200.3.51.1 * php7-shmop-7.4.33-150200.3.51.1 * php7-sysvshm-7.4.33-150200.3.51.1 * php7-tokenizer-debuginfo-7.4.33-150200.3.51.1 * php7-bz2-debuginfo-7.4.33-150200.3.51.1 * php7-mysql-7.4.33-150200.3.51.1 * php7-ctype-debuginfo-7.4.33-150200.3.51.1 * php7-opcache-7.4.33-150200.3.51.1 * php7-sodium-debuginfo-7.4.33-150200.3.51.1 * php7-dba-debuginfo-7.4.33-150200.3.51.1 * php7-ftp-debuginfo-7.4.33-150200.3.51.1 * php7-sysvshm-debuginfo-7.4.33-150200.3.51.1 * php7-odbc-7.4.33-150200.3.51.1 * php7-opcache-debuginfo-7.4.33-150200.3.51.1 * php7-exif-debuginfo-7.4.33-150200.3.51.1 * php7-7.4.33-150200.3.51.1 * php7-sysvmsg-7.4.33-150200.3.51.1 * php7-zlib-debuginfo-7.4.33-150200.3.51.1 * php7-fileinfo-debuginfo-7.4.33-150200.3.51.1 * php7-fileinfo-7.4.33-150200.3.51.1 * php7-enchant-7.4.33-150200.3.51.1 * php7-debugsource-7.4.33-150200.3.51.1 * php7-openssl-7.4.33-150200.3.51.1 * php7-tidy-debuginfo-7.4.33-150200.3.51.1 * php7-pcntl-7.4.33-150200.3.51.1 * php7-tokenizer-7.4.33-150200.3.51.1 * php7-xmlwriter-debuginfo-7.4.33-150200.3.51.1 * php7-ctype-7.4.33-150200.3.51.1 * php7-xmlrpc-debuginfo-7.4.33-150200.3.51.1 * php7-fastcgi-debuginfo-7.4.33-150200.3.51.1 * php7-sysvsem-7.4.33-150200.3.51.1 * php7-enchant-debuginfo-7.4.33-150200.3.51.1 * php7-iconv-debuginfo-7.4.33-150200.3.51.1 * php7-sockets-debuginfo-7.4.33-150200.3.51.1 * php7-zlib-7.4.33-150200.3.51.1 * php7-sysvmsg-debuginfo-7.4.33-150200.3.51.1 * php7-xsl-debuginfo-7.4.33-150200.3.51.1 * php7-shmop-debuginfo-7.4.33-150200.3.51.1 * php7-gmp-7.4.33-150200.3.51.1 * php7-pgsql-debuginfo-7.4.33-150200.3.51.1 * php7-gettext-debuginfo-7.4.33-150200.3.51.1 * php7-mbstring-7.4.33-150200.3.51.1 * php7-xmlreader-debuginfo-7.4.33-150200.3.51.1 * php7-debuginfo-7.4.33-150200.3.51.1 * php7-ldap-7.4.33-150200.3.51.1 * php7-bcmath-7.4.33-150200.3.51.1 * php7-bcmath-debuginfo-7.4.33-150200.3.51.1 * php7-sockets-7.4.33-150200.3.51.1 * php7-gd-debuginfo-7.4.33-150200.3.51.1 * php7-mysql-debuginfo-7.4.33-150200.3.51.1 * php7-pcntl-debuginfo-7.4.33-150200.3.51.1 * php7-xmlreader-7.4.33-150200.3.51.1 * php7-openssl-debuginfo-7.4.33-150200.3.51.1 * php7-soap-7.4.33-150200.3.51.1 * php7-mbstring-debuginfo-7.4.33-150200.3.51.1 * php7-gmp-debuginfo-7.4.33-150200.3.51.1 * php7-exif-7.4.33-150200.3.51.1 * php7-intl-debuginfo-7.4.33-150200.3.51.1 * php7-dba-7.4.33-150200.3.51.1 * php7-iconv-7.4.33-150200.3.51.1 * php7-pgsql-7.4.33-150200.3.51.1 * php7-tidy-7.4.33-150200.3.51.1 * php7-readline-debuginfo-7.4.33-150200.3.51.1 * php7-curl-7.4.33-150200.3.51.1 * php7-zip-7.4.33-150200.3.51.1 * php7-calendar-7.4.33-150200.3.51.1 * php7-dom-7.4.33-150200.3.51.1 * php7-snmp-7.4.33-150200.3.51.1 * php7-phar-debuginfo-7.4.33-150200.3.51.1 * php7-sodium-7.4.33-150200.3.51.1 * php7-posix-debuginfo-7.4.33-150200.3.51.1 * php7-gettext-7.4.33-150200.3.51.1 * php7-phar-7.4.33-150200.3.51.1 * php7-xsl-7.4.33-150200.3.51.1 * php7-sqlite-debuginfo-7.4.33-150200.3.51.1 * php7-fpm-7.4.33-150200.3.51.1 * php7-readline-7.4.33-150200.3.51.1 * php7-xmlrpc-7.4.33-150200.3.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * php7-sysvsem-debuginfo-7.4.33-150200.3.51.1 * php7-sqlite-7.4.33-150200.3.51.1 * php7-ftp-7.4.33-150200.3.51.1 * php7-json-7.4.33-150200.3.51.1 * php7-snmp-debuginfo-7.4.33-150200.3.51.1 * php7-odbc-debuginfo-7.4.33-150200.3.51.1 * php7-fpm-debuginfo-7.4.33-150200.3.51.1 * php7-gd-7.4.33-150200.3.51.1 * php7-posix-7.4.33-150200.3.51.1 * php7-dom-debuginfo-7.4.33-150200.3.51.1 * php7-curl-debuginfo-7.4.33-150200.3.51.1 * php7-pdo-debuginfo-7.4.33-150200.3.51.1 * php7-calendar-debuginfo-7.4.33-150200.3.51.1 * php7-xmlwriter-7.4.33-150200.3.51.1 * php7-pdo-7.4.33-150200.3.51.1 * php7-soap-debuginfo-7.4.33-150200.3.51.1 * php7-bz2-7.4.33-150200.3.51.1 * apache2-mod_php7-7.4.33-150200.3.51.1 * php7-devel-7.4.33-150200.3.51.1 * php7-zip-debuginfo-7.4.33-150200.3.51.1 * php7-ldap-debuginfo-7.4.33-150200.3.51.1 * php7-json-debuginfo-7.4.33-150200.3.51.1 * php7-fastcgi-7.4.33-150200.3.51.1 * apache2-mod_php7-debuginfo-7.4.33-150200.3.51.1 * php7-intl-7.4.33-150200.3.51.1 * php7-shmop-7.4.33-150200.3.51.1 * php7-sysvshm-7.4.33-150200.3.51.1 * php7-tokenizer-debuginfo-7.4.33-150200.3.51.1 * php7-bz2-debuginfo-7.4.33-150200.3.51.1 * php7-mysql-7.4.33-150200.3.51.1 * php7-ctype-debuginfo-7.4.33-150200.3.51.1 * php7-opcache-7.4.33-150200.3.51.1 * php7-sodium-debuginfo-7.4.33-150200.3.51.1 * php7-dba-debuginfo-7.4.33-150200.3.51.1 * php7-ftp-debuginfo-7.4.33-150200.3.51.1 * php7-sysvshm-debuginfo-7.4.33-150200.3.51.1 * php7-odbc-7.4.33-150200.3.51.1 * php7-opcache-debuginfo-7.4.33-150200.3.51.1 * php7-exif-debuginfo-7.4.33-150200.3.51.1 * php7-7.4.33-150200.3.51.1 * php7-sysvmsg-7.4.33-150200.3.51.1 * php7-zlib-debuginfo-7.4.33-150200.3.51.1 * php7-fileinfo-debuginfo-7.4.33-150200.3.51.1 * php7-fileinfo-7.4.33-150200.3.51.1 * php7-enchant-7.4.33-150200.3.51.1 * php7-debugsource-7.4.33-150200.3.51.1 * php7-openssl-7.4.33-150200.3.51.1 * php7-tidy-debuginfo-7.4.33-150200.3.51.1 * php7-pcntl-7.4.33-150200.3.51.1 * php7-tokenizer-7.4.33-150200.3.51.1 * php7-xmlwriter-debuginfo-7.4.33-150200.3.51.1 * php7-ctype-7.4.33-150200.3.51.1 * php7-xmlrpc-debuginfo-7.4.33-150200.3.51.1 * php7-fastcgi-debuginfo-7.4.33-150200.3.51.1 * php7-sysvsem-7.4.33-150200.3.51.1 * php7-enchant-debuginfo-7.4.33-150200.3.51.1 * php7-iconv-debuginfo-7.4.33-150200.3.51.1 * php7-sockets-debuginfo-7.4.33-150200.3.51.1 * php7-zlib-7.4.33-150200.3.51.1 * php7-sysvmsg-debuginfo-7.4.33-150200.3.51.1 * php7-xsl-debuginfo-7.4.33-150200.3.51.1 * php7-shmop-debuginfo-7.4.33-150200.3.51.1 * php7-gmp-7.4.33-150200.3.51.1 * php7-pgsql-debuginfo-7.4.33-150200.3.51.1 * php7-gettext-debuginfo-7.4.33-150200.3.51.1 * php7-mbstring-7.4.33-150200.3.51.1 * php7-xmlreader-debuginfo-7.4.33-150200.3.51.1 * php7-debuginfo-7.4.33-150200.3.51.1 * php7-ldap-7.4.33-150200.3.51.1 * php7-bcmath-7.4.33-150200.3.51.1 * php7-bcmath-debuginfo-7.4.33-150200.3.51.1 * php7-sockets-7.4.33-150200.3.51.1 * php7-gd-debuginfo-7.4.33-150200.3.51.1 * php7-mysql-debuginfo-7.4.33-150200.3.51.1 * php7-pcntl-debuginfo-7.4.33-150200.3.51.1 * php7-xmlreader-7.4.33-150200.3.51.1 * php7-openssl-debuginfo-7.4.33-150200.3.51.1 * php7-soap-7.4.33-150200.3.51.1 * php7-mbstring-debuginfo-7.4.33-150200.3.51.1 * php7-gmp-debuginfo-7.4.33-150200.3.51.1 * php7-exif-7.4.33-150200.3.51.1 * php7-intl-debuginfo-7.4.33-150200.3.51.1 * php7-dba-7.4.33-150200.3.51.1 * php7-iconv-7.4.33-150200.3.51.1 * php7-pgsql-7.4.33-150200.3.51.1 * php7-tidy-7.4.33-150200.3.51.1 * php7-readline-debuginfo-7.4.33-150200.3.51.1 * php7-curl-7.4.33-150200.3.51.1 * php7-zip-7.4.33-150200.3.51.1 * php7-calendar-7.4.33-150200.3.51.1 * php7-dom-7.4.33-150200.3.51.1 * php7-snmp-7.4.33-150200.3.51.1 * php7-phar-debuginfo-7.4.33-150200.3.51.1 * php7-sodium-7.4.33-150200.3.51.1 * php7-posix-debuginfo-7.4.33-150200.3.51.1 * php7-gettext-7.4.33-150200.3.51.1 * php7-phar-7.4.33-150200.3.51.1 * php7-xsl-7.4.33-150200.3.51.1 * php7-sqlite-debuginfo-7.4.33-150200.3.51.1 * php7-fpm-7.4.33-150200.3.51.1 * php7-readline-7.4.33-150200.3.51.1 * php7-xmlrpc-7.4.33-150200.3.51.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * php7-sysvsem-debuginfo-7.4.33-150200.3.51.1 * php7-sqlite-7.4.33-150200.3.51.1 * php7-ftp-7.4.33-150200.3.51.1 * php7-json-7.4.33-150200.3.51.1 * php7-snmp-debuginfo-7.4.33-150200.3.51.1 * php7-odbc-debuginfo-7.4.33-150200.3.51.1 * php7-fpm-debuginfo-7.4.33-150200.3.51.1 * php7-gd-7.4.33-150200.3.51.1 * php7-posix-7.4.33-150200.3.51.1 * php7-dom-debuginfo-7.4.33-150200.3.51.1 * php7-curl-debuginfo-7.4.33-150200.3.51.1 * php7-pdo-debuginfo-7.4.33-150200.3.51.1 * php7-calendar-debuginfo-7.4.33-150200.3.51.1 * php7-xmlwriter-7.4.33-150200.3.51.1 * php7-pdo-7.4.33-150200.3.51.1 * php7-soap-debuginfo-7.4.33-150200.3.51.1 * php7-bz2-7.4.33-150200.3.51.1 * apache2-mod_php7-7.4.33-150200.3.51.1 * php7-devel-7.4.33-150200.3.51.1 * php7-zip-debuginfo-7.4.33-150200.3.51.1 * php7-ldap-debuginfo-7.4.33-150200.3.51.1 * php7-json-debuginfo-7.4.33-150200.3.51.1 * php7-fastcgi-7.4.33-150200.3.51.1 * apache2-mod_php7-debuginfo-7.4.33-150200.3.51.1 * php7-intl-7.4.33-150200.3.51.1 * php7-shmop-7.4.33-150200.3.51.1 * php7-sysvshm-7.4.33-150200.3.51.1 * php7-tokenizer-debuginfo-7.4.33-150200.3.51.1 * php7-bz2-debuginfo-7.4.33-150200.3.51.1 * php7-mysql-7.4.33-150200.3.51.1 * php7-ctype-debuginfo-7.4.33-150200.3.51.1 * php7-opcache-7.4.33-150200.3.51.1 * php7-sodium-debuginfo-7.4.33-150200.3.51.1 * php7-dba-debuginfo-7.4.33-150200.3.51.1 * php7-ftp-debuginfo-7.4.33-150200.3.51.1 * php7-sysvshm-debuginfo-7.4.33-150200.3.51.1 * php7-odbc-7.4.33-150200.3.51.1 * php7-opcache-debuginfo-7.4.33-150200.3.51.1 * php7-exif-debuginfo-7.4.33-150200.3.51.1 * php7-7.4.33-150200.3.51.1 * php7-sysvmsg-7.4.33-150200.3.51.1 * php7-zlib-debuginfo-7.4.33-150200.3.51.1 * php7-fileinfo-debuginfo-7.4.33-150200.3.51.1 * php7-fileinfo-7.4.33-150200.3.51.1 * php7-enchant-7.4.33-150200.3.51.1 * php7-debugsource-7.4.33-150200.3.51.1 * php7-openssl-7.4.33-150200.3.51.1 * php7-tidy-debuginfo-7.4.33-150200.3.51.1 * php7-pcntl-7.4.33-150200.3.51.1 * php7-tokenizer-7.4.33-150200.3.51.1 * php7-xmlwriter-debuginfo-7.4.33-150200.3.51.1 * php7-ctype-7.4.33-150200.3.51.1 * php7-xmlrpc-debuginfo-7.4.33-150200.3.51.1 * php7-fastcgi-debuginfo-7.4.33-150200.3.51.1 * php7-sysvsem-7.4.33-150200.3.51.1 * php7-enchant-debuginfo-7.4.33-150200.3.51.1 * php7-iconv-debuginfo-7.4.33-150200.3.51.1 * php7-sockets-debuginfo-7.4.33-150200.3.51.1 * php7-zlib-7.4.33-150200.3.51.1 * php7-sysvmsg-debuginfo-7.4.33-150200.3.51.1 * php7-xsl-debuginfo-7.4.33-150200.3.51.1 * php7-shmop-debuginfo-7.4.33-150200.3.51.1 * php7-gmp-7.4.33-150200.3.51.1 * php7-pgsql-debuginfo-7.4.33-150200.3.51.1 * php7-gettext-debuginfo-7.4.33-150200.3.51.1 * php7-mbstring-7.4.33-150200.3.51.1 * php7-xmlreader-debuginfo-7.4.33-150200.3.51.1 * php7-debuginfo-7.4.33-150200.3.51.1 * php7-ldap-7.4.33-150200.3.51.1 * php7-bcmath-7.4.33-150200.3.51.1 * php7-bcmath-debuginfo-7.4.33-150200.3.51.1 * php7-sockets-7.4.33-150200.3.51.1 * php7-gd-debuginfo-7.4.33-150200.3.51.1 * php7-mysql-debuginfo-7.4.33-150200.3.51.1 * php7-pcntl-debuginfo-7.4.33-150200.3.51.1 * php7-xmlreader-7.4.33-150200.3.51.1 * php7-openssl-debuginfo-7.4.33-150200.3.51.1 * php7-soap-7.4.33-150200.3.51.1 * php7-mbstring-debuginfo-7.4.33-150200.3.51.1 * php7-gmp-debuginfo-7.4.33-150200.3.51.1 * php7-exif-7.4.33-150200.3.51.1 * php7-intl-debuginfo-7.4.33-150200.3.51.1 * php7-dba-7.4.33-150200.3.51.1 * php7-iconv-7.4.33-150200.3.51.1 * php7-pgsql-7.4.33-150200.3.51.1 * php7-tidy-7.4.33-150200.3.51.1 * php7-readline-debuginfo-7.4.33-150200.3.51.1 * php7-curl-7.4.33-150200.3.51.1 * php7-zip-7.4.33-150200.3.51.1 * php7-calendar-7.4.33-150200.3.51.1 * php7-dom-7.4.33-150200.3.51.1 * php7-snmp-7.4.33-150200.3.51.1 * php7-phar-debuginfo-7.4.33-150200.3.51.1 * php7-sodium-7.4.33-150200.3.51.1 * php7-posix-debuginfo-7.4.33-150200.3.51.1 * php7-gettext-7.4.33-150200.3.51.1 * php7-phar-7.4.33-150200.3.51.1 * php7-xsl-7.4.33-150200.3.51.1 * php7-sqlite-debuginfo-7.4.33-150200.3.51.1 * php7-fpm-7.4.33-150200.3.51.1 * php7-readline-7.4.33-150200.3.51.1 * php7-xmlrpc-7.4.33-150200.3.51.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * php7-sysvsem-debuginfo-7.4.33-150200.3.51.1 * php7-sqlite-7.4.33-150200.3.51.1 * php7-ftp-7.4.33-150200.3.51.1 * php7-json-7.4.33-150200.3.51.1 * php7-snmp-debuginfo-7.4.33-150200.3.51.1 * php7-odbc-debuginfo-7.4.33-150200.3.51.1 * php7-fpm-debuginfo-7.4.33-150200.3.51.1 * php7-gd-7.4.33-150200.3.51.1 * php7-posix-7.4.33-150200.3.51.1 * php7-dom-debuginfo-7.4.33-150200.3.51.1 * php7-curl-debuginfo-7.4.33-150200.3.51.1 * php7-pdo-debuginfo-7.4.33-150200.3.51.1 * php7-calendar-debuginfo-7.4.33-150200.3.51.1 * php7-xmlwriter-7.4.33-150200.3.51.1 * php7-pdo-7.4.33-150200.3.51.1 * php7-soap-debuginfo-7.4.33-150200.3.51.1 * php7-bz2-7.4.33-150200.3.51.1 * apache2-mod_php7-7.4.33-150200.3.51.1 * php7-devel-7.4.33-150200.3.51.1 * php7-zip-debuginfo-7.4.33-150200.3.51.1 * php7-ldap-debuginfo-7.4.33-150200.3.51.1 * php7-json-debuginfo-7.4.33-150200.3.51.1 * php7-fastcgi-7.4.33-150200.3.51.1 * apache2-mod_php7-debuginfo-7.4.33-150200.3.51.1 * php7-intl-7.4.33-150200.3.51.1 * php7-shmop-7.4.33-150200.3.51.1 * php7-sysvshm-7.4.33-150200.3.51.1 * php7-tokenizer-debuginfo-7.4.33-150200.3.51.1 * php7-bz2-debuginfo-7.4.33-150200.3.51.1 * php7-mysql-7.4.33-150200.3.51.1 * php7-ctype-debuginfo-7.4.33-150200.3.51.1 * php7-opcache-7.4.33-150200.3.51.1 * php7-sodium-debuginfo-7.4.33-150200.3.51.1 * php7-dba-debuginfo-7.4.33-150200.3.51.1 * php7-ftp-debuginfo-7.4.33-150200.3.51.1 * php7-sysvshm-debuginfo-7.4.33-150200.3.51.1 * php7-odbc-7.4.33-150200.3.51.1 * php7-opcache-debuginfo-7.4.33-150200.3.51.1 * php7-exif-debuginfo-7.4.33-150200.3.51.1 * php7-7.4.33-150200.3.51.1 * php7-sysvmsg-7.4.33-150200.3.51.1 * php7-zlib-debuginfo-7.4.33-150200.3.51.1 * php7-fileinfo-debuginfo-7.4.33-150200.3.51.1 * php7-fileinfo-7.4.33-150200.3.51.1 * php7-enchant-7.4.33-150200.3.51.1 * php7-debugsource-7.4.33-150200.3.51.1 * php7-openssl-7.4.33-150200.3.51.1 * php7-tidy-debuginfo-7.4.33-150200.3.51.1 * php7-pcntl-7.4.33-150200.3.51.1 * php7-tokenizer-7.4.33-150200.3.51.1 * php7-xmlwriter-debuginfo-7.4.33-150200.3.51.1 * php7-ctype-7.4.33-150200.3.51.1 * php7-xmlrpc-debuginfo-7.4.33-150200.3.51.1 * php7-fastcgi-debuginfo-7.4.33-150200.3.51.1 * php7-sysvsem-7.4.33-150200.3.51.1 * php7-enchant-debuginfo-7.4.33-150200.3.51.1 * php7-iconv-debuginfo-7.4.33-150200.3.51.1 * php7-sockets-debuginfo-7.4.33-150200.3.51.1 * php7-zlib-7.4.33-150200.3.51.1 * php7-sysvmsg-debuginfo-7.4.33-150200.3.51.1 * php7-xsl-debuginfo-7.4.33-150200.3.51.1 * php7-shmop-debuginfo-7.4.33-150200.3.51.1 * php7-gmp-7.4.33-150200.3.51.1 * php7-pgsql-debuginfo-7.4.33-150200.3.51.1 * php7-gettext-debuginfo-7.4.33-150200.3.51.1 * php7-mbstring-7.4.33-150200.3.51.1 * php7-xmlreader-debuginfo-7.4.33-150200.3.51.1 * php7-debuginfo-7.4.33-150200.3.51.1 * php7-ldap-7.4.33-150200.3.51.1 * php7-bcmath-7.4.33-150200.3.51.1 * php7-bcmath-debuginfo-7.4.33-150200.3.51.1 * php7-sockets-7.4.33-150200.3.51.1 * php7-gd-debuginfo-7.4.33-150200.3.51.1 * php7-mysql-debuginfo-7.4.33-150200.3.51.1 * php7-pcntl-debuginfo-7.4.33-150200.3.51.1 * php7-xmlreader-7.4.33-150200.3.51.1 * php7-openssl-debuginfo-7.4.33-150200.3.51.1 * php7-soap-7.4.33-150200.3.51.1 * php7-mbstring-debuginfo-7.4.33-150200.3.51.1 * php7-gmp-debuginfo-7.4.33-150200.3.51.1 * php7-exif-7.4.33-150200.3.51.1 * php7-intl-debuginfo-7.4.33-150200.3.51.1 * php7-dba-7.4.33-150200.3.51.1 * php7-iconv-7.4.33-150200.3.51.1 * php7-pgsql-7.4.33-150200.3.51.1 * php7-tidy-7.4.33-150200.3.51.1 * php7-readline-debuginfo-7.4.33-150200.3.51.1 * php7-curl-7.4.33-150200.3.51.1 * php7-zip-7.4.33-150200.3.51.1 * php7-calendar-7.4.33-150200.3.51.1 * php7-dom-7.4.33-150200.3.51.1 * php7-snmp-7.4.33-150200.3.51.1 * php7-phar-debuginfo-7.4.33-150200.3.51.1 * php7-sodium-7.4.33-150200.3.51.1 * php7-posix-debuginfo-7.4.33-150200.3.51.1 * php7-gettext-7.4.33-150200.3.51.1 * php7-phar-7.4.33-150200.3.51.1 * php7-xsl-7.4.33-150200.3.51.1 * php7-sqlite-debuginfo-7.4.33-150200.3.51.1 * php7-fpm-7.4.33-150200.3.51.1 * php7-readline-7.4.33-150200.3.51.1 * php7-xmlrpc-7.4.33-150200.3.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * php7-sysvsem-debuginfo-7.4.33-150200.3.51.1 * php7-sqlite-7.4.33-150200.3.51.1 * php7-ftp-7.4.33-150200.3.51.1 * php7-json-7.4.33-150200.3.51.1 * php7-snmp-debuginfo-7.4.33-150200.3.51.1 * php7-odbc-debuginfo-7.4.33-150200.3.51.1 * php7-fpm-debuginfo-7.4.33-150200.3.51.1 * php7-gd-7.4.33-150200.3.51.1 * php7-posix-7.4.33-150200.3.51.1 * php7-dom-debuginfo-7.4.33-150200.3.51.1 * php7-curl-debuginfo-7.4.33-150200.3.51.1 * php7-pdo-debuginfo-7.4.33-150200.3.51.1 * php7-calendar-debuginfo-7.4.33-150200.3.51.1 * php7-xmlwriter-7.4.33-150200.3.51.1 * php7-pdo-7.4.33-150200.3.51.1 * php7-soap-debuginfo-7.4.33-150200.3.51.1 * php7-bz2-7.4.33-150200.3.51.1 * apache2-mod_php7-7.4.33-150200.3.51.1 * php7-devel-7.4.33-150200.3.51.1 * php7-zip-debuginfo-7.4.33-150200.3.51.1 * php7-ldap-debuginfo-7.4.33-150200.3.51.1 * php7-json-debuginfo-7.4.33-150200.3.51.1 * php7-fastcgi-7.4.33-150200.3.51.1 * apache2-mod_php7-debuginfo-7.4.33-150200.3.51.1 * php7-intl-7.4.33-150200.3.51.1 * php7-shmop-7.4.33-150200.3.51.1 * php7-sysvshm-7.4.33-150200.3.51.1 * php7-tokenizer-debuginfo-7.4.33-150200.3.51.1 * php7-bz2-debuginfo-7.4.33-150200.3.51.1 * php7-mysql-7.4.33-150200.3.51.1 * php7-ctype-debuginfo-7.4.33-150200.3.51.1 * php7-opcache-7.4.33-150200.3.51.1 * php7-sodium-debuginfo-7.4.33-150200.3.51.1 * php7-dba-debuginfo-7.4.33-150200.3.51.1 * php7-ftp-debuginfo-7.4.33-150200.3.51.1 * php7-sysvshm-debuginfo-7.4.33-150200.3.51.1 * php7-odbc-7.4.33-150200.3.51.1 * php7-opcache-debuginfo-7.4.33-150200.3.51.1 * php7-exif-debuginfo-7.4.33-150200.3.51.1 * php7-7.4.33-150200.3.51.1 * php7-sysvmsg-7.4.33-150200.3.51.1 * php7-zlib-debuginfo-7.4.33-150200.3.51.1 * php7-fileinfo-debuginfo-7.4.33-150200.3.51.1 * php7-fileinfo-7.4.33-150200.3.51.1 * php7-enchant-7.4.33-150200.3.51.1 * php7-debugsource-7.4.33-150200.3.51.1 * php7-openssl-7.4.33-150200.3.51.1 * php7-tidy-debuginfo-7.4.33-150200.3.51.1 * php7-pcntl-7.4.33-150200.3.51.1 * php7-tokenizer-7.4.33-150200.3.51.1 * php7-xmlwriter-debuginfo-7.4.33-150200.3.51.1 * php7-ctype-7.4.33-150200.3.51.1 * php7-xmlrpc-debuginfo-7.4.33-150200.3.51.1 * php7-fastcgi-debuginfo-7.4.33-150200.3.51.1 * php7-sysvsem-7.4.33-150200.3.51.1 * php7-enchant-debuginfo-7.4.33-150200.3.51.1 * php7-iconv-debuginfo-7.4.33-150200.3.51.1 * php7-sockets-debuginfo-7.4.33-150200.3.51.1 * php7-zlib-7.4.33-150200.3.51.1 * php7-sysvmsg-debuginfo-7.4.33-150200.3.51.1 * php7-xsl-debuginfo-7.4.33-150200.3.51.1 * php7-shmop-debuginfo-7.4.33-150200.3.51.1 * php7-gmp-7.4.33-150200.3.51.1 * php7-pgsql-debuginfo-7.4.33-150200.3.51.1 * php7-gettext-debuginfo-7.4.33-150200.3.51.1 * php7-mbstring-7.4.33-150200.3.51.1 * php7-xmlreader-debuginfo-7.4.33-150200.3.51.1 * php7-debuginfo-7.4.33-150200.3.51.1 * php7-ldap-7.4.33-150200.3.51.1 * php7-bcmath-7.4.33-150200.3.51.1 * php7-bcmath-debuginfo-7.4.33-150200.3.51.1 * php7-sockets-7.4.33-150200.3.51.1 * php7-gd-debuginfo-7.4.33-150200.3.51.1 * php7-mysql-debuginfo-7.4.33-150200.3.51.1 * php7-pcntl-debuginfo-7.4.33-150200.3.51.1 * php7-xmlreader-7.4.33-150200.3.51.1 * php7-openssl-debuginfo-7.4.33-150200.3.51.1 * php7-soap-7.4.33-150200.3.51.1 * php7-mbstring-debuginfo-7.4.33-150200.3.51.1 * php7-gmp-debuginfo-7.4.33-150200.3.51.1 * php7-exif-7.4.33-150200.3.51.1 * php7-intl-debuginfo-7.4.33-150200.3.51.1 * php7-dba-7.4.33-150200.3.51.1 * php7-iconv-7.4.33-150200.3.51.1 * php7-pgsql-7.4.33-150200.3.51.1 * php7-tidy-7.4.33-150200.3.51.1 * php7-readline-debuginfo-7.4.33-150200.3.51.1 * php7-curl-7.4.33-150200.3.51.1 * php7-zip-7.4.33-150200.3.51.1 * php7-calendar-7.4.33-150200.3.51.1 * php7-dom-7.4.33-150200.3.51.1 * php7-snmp-7.4.33-150200.3.51.1 * php7-phar-debuginfo-7.4.33-150200.3.51.1 * php7-sodium-7.4.33-150200.3.51.1 * php7-posix-debuginfo-7.4.33-150200.3.51.1 * php7-gettext-7.4.33-150200.3.51.1 * php7-phar-7.4.33-150200.3.51.1 * php7-xsl-7.4.33-150200.3.51.1 * php7-sqlite-debuginfo-7.4.33-150200.3.51.1 * php7-fpm-7.4.33-150200.3.51.1 * php7-readline-7.4.33-150200.3.51.1 * php7-xmlrpc-7.4.33-150200.3.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * php7-sysvsem-debuginfo-7.4.33-150200.3.51.1 * php7-sqlite-7.4.33-150200.3.51.1 * php7-ftp-7.4.33-150200.3.51.1 * php7-json-7.4.33-150200.3.51.1 * php7-snmp-debuginfo-7.4.33-150200.3.51.1 * php7-odbc-debuginfo-7.4.33-150200.3.51.1 * php7-fpm-debuginfo-7.4.33-150200.3.51.1 * php7-gd-7.4.33-150200.3.51.1 * php7-posix-7.4.33-150200.3.51.1 * php7-dom-debuginfo-7.4.33-150200.3.51.1 * php7-curl-debuginfo-7.4.33-150200.3.51.1 * php7-pdo-debuginfo-7.4.33-150200.3.51.1 * php7-calendar-debuginfo-7.4.33-150200.3.51.1 * php7-xmlwriter-7.4.33-150200.3.51.1 * php7-pdo-7.4.33-150200.3.51.1 * php7-soap-debuginfo-7.4.33-150200.3.51.1 * php7-bz2-7.4.33-150200.3.51.1 * apache2-mod_php7-7.4.33-150200.3.51.1 * php7-devel-7.4.33-150200.3.51.1 * php7-zip-debuginfo-7.4.33-150200.3.51.1 * php7-ldap-debuginfo-7.4.33-150200.3.51.1 * php7-json-debuginfo-7.4.33-150200.3.51.1 * php7-fastcgi-7.4.33-150200.3.51.1 * apache2-mod_php7-debuginfo-7.4.33-150200.3.51.1 * php7-intl-7.4.33-150200.3.51.1 * php7-shmop-7.4.33-150200.3.51.1 * php7-sysvshm-7.4.33-150200.3.51.1 * php7-tokenizer-debuginfo-7.4.33-150200.3.51.1 * php7-bz2-debuginfo-7.4.33-150200.3.51.1 * php7-mysql-7.4.33-150200.3.51.1 * php7-ctype-debuginfo-7.4.33-150200.3.51.1 * php7-opcache-7.4.33-150200.3.51.1 * php7-sodium-debuginfo-7.4.33-150200.3.51.1 * php7-dba-debuginfo-7.4.33-150200.3.51.1 * php7-ftp-debuginfo-7.4.33-150200.3.51.1 * php7-sysvshm-debuginfo-7.4.33-150200.3.51.1 * php7-odbc-7.4.33-150200.3.51.1 * php7-opcache-debuginfo-7.4.33-150200.3.51.1 * php7-exif-debuginfo-7.4.33-150200.3.51.1 * php7-7.4.33-150200.3.51.1 * php7-sysvmsg-7.4.33-150200.3.51.1 * php7-zlib-debuginfo-7.4.33-150200.3.51.1 * php7-fileinfo-debuginfo-7.4.33-150200.3.51.1 * php7-fileinfo-7.4.33-150200.3.51.1 * php7-enchant-7.4.33-150200.3.51.1 * php7-debugsource-7.4.33-150200.3.51.1 * php7-openssl-7.4.33-150200.3.51.1 * php7-tidy-debuginfo-7.4.33-150200.3.51.1 * php7-pcntl-7.4.33-150200.3.51.1 * php7-tokenizer-7.4.33-150200.3.51.1 * php7-xmlwriter-debuginfo-7.4.33-150200.3.51.1 * php7-ctype-7.4.33-150200.3.51.1 * php7-xmlrpc-debuginfo-7.4.33-150200.3.51.1 * php7-fastcgi-debuginfo-7.4.33-150200.3.51.1 * php7-sysvsem-7.4.33-150200.3.51.1 * php7-enchant-debuginfo-7.4.33-150200.3.51.1 * php7-iconv-debuginfo-7.4.33-150200.3.51.1 * php7-sockets-debuginfo-7.4.33-150200.3.51.1 * php7-zlib-7.4.33-150200.3.51.1 * php7-sysvmsg-debuginfo-7.4.33-150200.3.51.1 * php7-xsl-debuginfo-7.4.33-150200.3.51.1 * php7-shmop-debuginfo-7.4.33-150200.3.51.1 * php7-gmp-7.4.33-150200.3.51.1 * php7-pgsql-debuginfo-7.4.33-150200.3.51.1 * php7-gettext-debuginfo-7.4.33-150200.3.51.1 * php7-mbstring-7.4.33-150200.3.51.1 * php7-xmlreader-debuginfo-7.4.33-150200.3.51.1 * php7-debuginfo-7.4.33-150200.3.51.1 * php7-ldap-7.4.33-150200.3.51.1 * php7-bcmath-7.4.33-150200.3.51.1 * php7-bcmath-debuginfo-7.4.33-150200.3.51.1 * php7-sockets-7.4.33-150200.3.51.1 * php7-gd-debuginfo-7.4.33-150200.3.51.1 * php7-mysql-debuginfo-7.4.33-150200.3.51.1 * php7-pcntl-debuginfo-7.4.33-150200.3.51.1 * php7-xmlreader-7.4.33-150200.3.51.1 * php7-openssl-debuginfo-7.4.33-150200.3.51.1 * php7-soap-7.4.33-150200.3.51.1 * php7-mbstring-debuginfo-7.4.33-150200.3.51.1 * php7-gmp-debuginfo-7.4.33-150200.3.51.1 * php7-exif-7.4.33-150200.3.51.1 * php7-intl-debuginfo-7.4.33-150200.3.51.1 * php7-dba-7.4.33-150200.3.51.1 * php7-iconv-7.4.33-150200.3.51.1 * php7-pgsql-7.4.33-150200.3.51.1 * php7-tidy-7.4.33-150200.3.51.1 * php7-readline-debuginfo-7.4.33-150200.3.51.1 * php7-curl-7.4.33-150200.3.51.1 * php7-zip-7.4.33-150200.3.51.1 * php7-calendar-7.4.33-150200.3.51.1 * php7-dom-7.4.33-150200.3.51.1 * php7-snmp-7.4.33-150200.3.51.1 * php7-phar-debuginfo-7.4.33-150200.3.51.1 * php7-sodium-7.4.33-150200.3.51.1 * php7-posix-debuginfo-7.4.33-150200.3.51.1 * php7-gettext-7.4.33-150200.3.51.1 * php7-phar-7.4.33-150200.3.51.1 * php7-xsl-7.4.33-150200.3.51.1 * php7-sqlite-debuginfo-7.4.33-150200.3.51.1 * php7-fpm-7.4.33-150200.3.51.1 * php7-readline-7.4.33-150200.3.51.1 * php7-xmlrpc-7.4.33-150200.3.51.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * php7-sysvsem-debuginfo-7.4.33-150200.3.51.1 * php7-sqlite-7.4.33-150200.3.51.1 * php7-ftp-7.4.33-150200.3.51.1 * php7-json-7.4.33-150200.3.51.1 * php7-snmp-debuginfo-7.4.33-150200.3.51.1 * php7-odbc-debuginfo-7.4.33-150200.3.51.1 * php7-fpm-debuginfo-7.4.33-150200.3.51.1 * php7-gd-7.4.33-150200.3.51.1 * php7-posix-7.4.33-150200.3.51.1 * php7-dom-debuginfo-7.4.33-150200.3.51.1 * php7-curl-debuginfo-7.4.33-150200.3.51.1 * php7-pdo-debuginfo-7.4.33-150200.3.51.1 * php7-calendar-debuginfo-7.4.33-150200.3.51.1 * php7-xmlwriter-7.4.33-150200.3.51.1 * php7-pdo-7.4.33-150200.3.51.1 * php7-soap-debuginfo-7.4.33-150200.3.51.1 * php7-bz2-7.4.33-150200.3.51.1 * apache2-mod_php7-7.4.33-150200.3.51.1 * php7-devel-7.4.33-150200.3.51.1 * php7-zip-debuginfo-7.4.33-150200.3.51.1 * php7-ldap-debuginfo-7.4.33-150200.3.51.1 * php7-json-debuginfo-7.4.33-150200.3.51.1 * php7-fastcgi-7.4.33-150200.3.51.1 * apache2-mod_php7-debuginfo-7.4.33-150200.3.51.1 * php7-intl-7.4.33-150200.3.51.1 * php7-shmop-7.4.33-150200.3.51.1 * php7-sysvshm-7.4.33-150200.3.51.1 * php7-tokenizer-debuginfo-7.4.33-150200.3.51.1 * php7-bz2-debuginfo-7.4.33-150200.3.51.1 * php7-mysql-7.4.33-150200.3.51.1 * php7-ctype-debuginfo-7.4.33-150200.3.51.1 * php7-opcache-7.4.33-150200.3.51.1 * php7-sodium-debuginfo-7.4.33-150200.3.51.1 * php7-dba-debuginfo-7.4.33-150200.3.51.1 * php7-ftp-debuginfo-7.4.33-150200.3.51.1 * php7-sysvshm-debuginfo-7.4.33-150200.3.51.1 * php7-odbc-7.4.33-150200.3.51.1 * php7-opcache-debuginfo-7.4.33-150200.3.51.1 * php7-exif-debuginfo-7.4.33-150200.3.51.1 * php7-7.4.33-150200.3.51.1 * php7-sysvmsg-7.4.33-150200.3.51.1 * php7-zlib-debuginfo-7.4.33-150200.3.51.1 * php7-fileinfo-debuginfo-7.4.33-150200.3.51.1 * php7-fileinfo-7.4.33-150200.3.51.1 * php7-enchant-7.4.33-150200.3.51.1 * php7-debugsource-7.4.33-150200.3.51.1 * php7-openssl-7.4.33-150200.3.51.1 * php7-tidy-debuginfo-7.4.33-150200.3.51.1 * php7-pcntl-7.4.33-150200.3.51.1 * php7-tokenizer-7.4.33-150200.3.51.1 * php7-xmlwriter-debuginfo-7.4.33-150200.3.51.1 * php7-ctype-7.4.33-150200.3.51.1 * php7-xmlrpc-debuginfo-7.4.33-150200.3.51.1 * php7-fastcgi-debuginfo-7.4.33-150200.3.51.1 * php7-sysvsem-7.4.33-150200.3.51.1 * php7-enchant-debuginfo-7.4.33-150200.3.51.1 * php7-iconv-debuginfo-7.4.33-150200.3.51.1 * php7-sockets-debuginfo-7.4.33-150200.3.51.1 * php7-zlib-7.4.33-150200.3.51.1 * php7-sysvmsg-debuginfo-7.4.33-150200.3.51.1 * php7-xsl-debuginfo-7.4.33-150200.3.51.1 * php7-shmop-debuginfo-7.4.33-150200.3.51.1 * php7-gmp-7.4.33-150200.3.51.1 * php7-pgsql-debuginfo-7.4.33-150200.3.51.1 * php7-gettext-debuginfo-7.4.33-150200.3.51.1 * php7-mbstring-7.4.33-150200.3.51.1 * php7-xmlreader-debuginfo-7.4.33-150200.3.51.1 * php7-debuginfo-7.4.33-150200.3.51.1 * php7-ldap-7.4.33-150200.3.51.1 * php7-bcmath-7.4.33-150200.3.51.1 * php7-bcmath-debuginfo-7.4.33-150200.3.51.1 * php7-sockets-7.4.33-150200.3.51.1 * php7-gd-debuginfo-7.4.33-150200.3.51.1 * php7-mysql-debuginfo-7.4.33-150200.3.51.1 * php7-pcntl-debuginfo-7.4.33-150200.3.51.1 * php7-xmlreader-7.4.33-150200.3.51.1 * php7-openssl-debuginfo-7.4.33-150200.3.51.1 * php7-soap-7.4.33-150200.3.51.1 * php7-mbstring-debuginfo-7.4.33-150200.3.51.1 * php7-gmp-debuginfo-7.4.33-150200.3.51.1 * php7-exif-7.4.33-150200.3.51.1 * php7-intl-debuginfo-7.4.33-150200.3.51.1 * php7-dba-7.4.33-150200.3.51.1 * php7-iconv-7.4.33-150200.3.51.1 * php7-pgsql-7.4.33-150200.3.51.1 * php7-tidy-7.4.33-150200.3.51.1 * php7-readline-debuginfo-7.4.33-150200.3.51.1 * php7-curl-7.4.33-150200.3.51.1 * php7-zip-7.4.33-150200.3.51.1 * php7-calendar-7.4.33-150200.3.51.1 * php7-dom-7.4.33-150200.3.51.1 * php7-snmp-7.4.33-150200.3.51.1 * php7-phar-debuginfo-7.4.33-150200.3.51.1 * php7-sodium-7.4.33-150200.3.51.1 * php7-posix-debuginfo-7.4.33-150200.3.51.1 * php7-gettext-7.4.33-150200.3.51.1 * php7-phar-7.4.33-150200.3.51.1 * php7-xsl-7.4.33-150200.3.51.1 * php7-sqlite-debuginfo-7.4.33-150200.3.51.1 * php7-fpm-7.4.33-150200.3.51.1 * php7-readline-7.4.33-150200.3.51.1 * php7-xmlrpc-7.4.33-150200.3.51.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * php7-sysvsem-debuginfo-7.4.33-150200.3.51.1 * php7-sqlite-7.4.33-150200.3.51.1 * php7-ftp-7.4.33-150200.3.51.1 * php7-json-7.4.33-150200.3.51.1 * php7-snmp-debuginfo-7.4.33-150200.3.51.1 * php7-odbc-debuginfo-7.4.33-150200.3.51.1 * php7-fpm-debuginfo-7.4.33-150200.3.51.1 * php7-gd-7.4.33-150200.3.51.1 * php7-posix-7.4.33-150200.3.51.1 * php7-dom-debuginfo-7.4.33-150200.3.51.1 * php7-curl-debuginfo-7.4.33-150200.3.51.1 * php7-pdo-debuginfo-7.4.33-150200.3.51.1 * php7-calendar-debuginfo-7.4.33-150200.3.51.1 * php7-xmlwriter-7.4.33-150200.3.51.1 * php7-pdo-7.4.33-150200.3.51.1 * php7-soap-debuginfo-7.4.33-150200.3.51.1 * php7-bz2-7.4.33-150200.3.51.1 * apache2-mod_php7-7.4.33-150200.3.51.1 * php7-devel-7.4.33-150200.3.51.1 * php7-zip-debuginfo-7.4.33-150200.3.51.1 * php7-ldap-debuginfo-7.4.33-150200.3.51.1 * php7-json-debuginfo-7.4.33-150200.3.51.1 * php7-fastcgi-7.4.33-150200.3.51.1 * apache2-mod_php7-debuginfo-7.4.33-150200.3.51.1 * php7-intl-7.4.33-150200.3.51.1 * php7-shmop-7.4.33-150200.3.51.1 * php7-sysvshm-7.4.33-150200.3.51.1 * php7-tokenizer-debuginfo-7.4.33-150200.3.51.1 * php7-bz2-debuginfo-7.4.33-150200.3.51.1 * php7-mysql-7.4.33-150200.3.51.1 * php7-ctype-debuginfo-7.4.33-150200.3.51.1 * php7-opcache-7.4.33-150200.3.51.1 * php7-sodium-debuginfo-7.4.33-150200.3.51.1 * php7-dba-debuginfo-7.4.33-150200.3.51.1 * php7-ftp-debuginfo-7.4.33-150200.3.51.1 * php7-sysvshm-debuginfo-7.4.33-150200.3.51.1 * php7-odbc-7.4.33-150200.3.51.1 * php7-opcache-debuginfo-7.4.33-150200.3.51.1 * php7-exif-debuginfo-7.4.33-150200.3.51.1 * php7-7.4.33-150200.3.51.1 * php7-sysvmsg-7.4.33-150200.3.51.1 * php7-zlib-debuginfo-7.4.33-150200.3.51.1 * php7-fileinfo-debuginfo-7.4.33-150200.3.51.1 * php7-fileinfo-7.4.33-150200.3.51.1 * php7-enchant-7.4.33-150200.3.51.1 * php7-debugsource-7.4.33-150200.3.51.1 * php7-openssl-7.4.33-150200.3.51.1 * php7-tidy-debuginfo-7.4.33-150200.3.51.1 * php7-pcntl-7.4.33-150200.3.51.1 * php7-tokenizer-7.4.33-150200.3.51.1 * php7-xmlwriter-debuginfo-7.4.33-150200.3.51.1 * php7-ctype-7.4.33-150200.3.51.1 * php7-xmlrpc-debuginfo-7.4.33-150200.3.51.1 * php7-fastcgi-debuginfo-7.4.33-150200.3.51.1 * php7-sysvsem-7.4.33-150200.3.51.1 * php7-enchant-debuginfo-7.4.33-150200.3.51.1 * php7-iconv-debuginfo-7.4.33-150200.3.51.1 * php7-sockets-debuginfo-7.4.33-150200.3.51.1 * php7-zlib-7.4.33-150200.3.51.1 * php7-sysvmsg-debuginfo-7.4.33-150200.3.51.1 * php7-xsl-debuginfo-7.4.33-150200.3.51.1 * php7-shmop-debuginfo-7.4.33-150200.3.51.1 * php7-gmp-7.4.33-150200.3.51.1 * php7-pgsql-debuginfo-7.4.33-150200.3.51.1 * php7-gettext-debuginfo-7.4.33-150200.3.51.1 * php7-mbstring-7.4.33-150200.3.51.1 * php7-xmlreader-debuginfo-7.4.33-150200.3.51.1 * php7-debuginfo-7.4.33-150200.3.51.1 * php7-ldap-7.4.33-150200.3.51.1 * php7-bcmath-7.4.33-150200.3.51.1 * php7-bcmath-debuginfo-7.4.33-150200.3.51.1 * php7-sockets-7.4.33-150200.3.51.1 * php7-gd-debuginfo-7.4.33-150200.3.51.1 * php7-mysql-debuginfo-7.4.33-150200.3.51.1 * php7-pcntl-debuginfo-7.4.33-150200.3.51.1 * php7-xmlreader-7.4.33-150200.3.51.1 * php7-openssl-debuginfo-7.4.33-150200.3.51.1 * php7-soap-7.4.33-150200.3.51.1 * php7-mbstring-debuginfo-7.4.33-150200.3.51.1 * php7-gmp-debuginfo-7.4.33-150200.3.51.1 * php7-exif-7.4.33-150200.3.51.1 * php7-intl-debuginfo-7.4.33-150200.3.51.1 * php7-dba-7.4.33-150200.3.51.1 * php7-iconv-7.4.33-150200.3.51.1 * php7-pgsql-7.4.33-150200.3.51.1 * php7-tidy-7.4.33-150200.3.51.1 * php7-readline-debuginfo-7.4.33-150200.3.51.1 * php7-curl-7.4.33-150200.3.51.1 * php7-zip-7.4.33-150200.3.51.1 * php7-calendar-7.4.33-150200.3.51.1 * php7-dom-7.4.33-150200.3.51.1 * php7-snmp-7.4.33-150200.3.51.1 * php7-phar-debuginfo-7.4.33-150200.3.51.1 * php7-sodium-7.4.33-150200.3.51.1 * php7-posix-debuginfo-7.4.33-150200.3.51.1 * php7-gettext-7.4.33-150200.3.51.1 * php7-phar-7.4.33-150200.3.51.1 * php7-xsl-7.4.33-150200.3.51.1 * php7-sqlite-debuginfo-7.4.33-150200.3.51.1 * php7-fpm-7.4.33-150200.3.51.1 * php7-readline-7.4.33-150200.3.51.1 * php7-xmlrpc-7.4.33-150200.3.51.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * php7-sysvsem-debuginfo-7.4.33-150200.3.51.1 * php7-sqlite-7.4.33-150200.3.51.1 * php7-ftp-7.4.33-150200.3.51.1 * php7-json-7.4.33-150200.3.51.1 * php7-snmp-debuginfo-7.4.33-150200.3.51.1 * php7-odbc-debuginfo-7.4.33-150200.3.51.1 * php7-fpm-debuginfo-7.4.33-150200.3.51.1 * php7-gd-7.4.33-150200.3.51.1 * php7-posix-7.4.33-150200.3.51.1 * php7-dom-debuginfo-7.4.33-150200.3.51.1 * php7-curl-debuginfo-7.4.33-150200.3.51.1 * php7-pdo-debuginfo-7.4.33-150200.3.51.1 * php7-calendar-debuginfo-7.4.33-150200.3.51.1 * php7-xmlwriter-7.4.33-150200.3.51.1 * php7-pdo-7.4.33-150200.3.51.1 * php7-soap-debuginfo-7.4.33-150200.3.51.1 * php7-bz2-7.4.33-150200.3.51.1 * apache2-mod_php7-7.4.33-150200.3.51.1 * php7-devel-7.4.33-150200.3.51.1 * php7-zip-debuginfo-7.4.33-150200.3.51.1 * php7-ldap-debuginfo-7.4.33-150200.3.51.1 * php7-json-debuginfo-7.4.33-150200.3.51.1 * php7-fastcgi-7.4.33-150200.3.51.1 * apache2-mod_php7-debuginfo-7.4.33-150200.3.51.1 * php7-intl-7.4.33-150200.3.51.1 * php7-shmop-7.4.33-150200.3.51.1 * php7-sysvshm-7.4.33-150200.3.51.1 * php7-tokenizer-debuginfo-7.4.33-150200.3.51.1 * php7-bz2-debuginfo-7.4.33-150200.3.51.1 * php7-mysql-7.4.33-150200.3.51.1 * php7-ctype-debuginfo-7.4.33-150200.3.51.1 * php7-opcache-7.4.33-150200.3.51.1 * php7-sodium-debuginfo-7.4.33-150200.3.51.1 * php7-dba-debuginfo-7.4.33-150200.3.51.1 * php7-ftp-debuginfo-7.4.33-150200.3.51.1 * php7-sysvshm-debuginfo-7.4.33-150200.3.51.1 * php7-odbc-7.4.33-150200.3.51.1 * php7-opcache-debuginfo-7.4.33-150200.3.51.1 * php7-exif-debuginfo-7.4.33-150200.3.51.1 * php7-7.4.33-150200.3.51.1 * php7-sysvmsg-7.4.33-150200.3.51.1 * php7-zlib-debuginfo-7.4.33-150200.3.51.1 * php7-fileinfo-debuginfo-7.4.33-150200.3.51.1 * php7-fileinfo-7.4.33-150200.3.51.1 * php7-enchant-7.4.33-150200.3.51.1 * php7-debugsource-7.4.33-150200.3.51.1 * php7-openssl-7.4.33-150200.3.51.1 * php7-tidy-debuginfo-7.4.33-150200.3.51.1 * php7-pcntl-7.4.33-150200.3.51.1 * php7-tokenizer-7.4.33-150200.3.51.1 * php7-xmlwriter-debuginfo-7.4.33-150200.3.51.1 * php7-ctype-7.4.33-150200.3.51.1 * php7-xmlrpc-debuginfo-7.4.33-150200.3.51.1 * php7-fastcgi-debuginfo-7.4.33-150200.3.51.1 * php7-sysvsem-7.4.33-150200.3.51.1 * php7-enchant-debuginfo-7.4.33-150200.3.51.1 * php7-iconv-debuginfo-7.4.33-150200.3.51.1 * php7-sockets-debuginfo-7.4.33-150200.3.51.1 * php7-zlib-7.4.33-150200.3.51.1 * php7-sysvmsg-debuginfo-7.4.33-150200.3.51.1 * php7-xsl-debuginfo-7.4.33-150200.3.51.1 * php7-shmop-debuginfo-7.4.33-150200.3.51.1 * php7-gmp-7.4.33-150200.3.51.1 * php7-pgsql-debuginfo-7.4.33-150200.3.51.1 * php7-gettext-debuginfo-7.4.33-150200.3.51.1 * php7-mbstring-7.4.33-150200.3.51.1 * php7-xmlreader-debuginfo-7.4.33-150200.3.51.1 * php7-debuginfo-7.4.33-150200.3.51.1 * php7-ldap-7.4.33-150200.3.51.1 * php7-bcmath-7.4.33-150200.3.51.1 * php7-bcmath-debuginfo-7.4.33-150200.3.51.1 * php7-sockets-7.4.33-150200.3.51.1 * php7-gd-debuginfo-7.4.33-150200.3.51.1 * php7-mysql-debuginfo-7.4.33-150200.3.51.1 * php7-pcntl-debuginfo-7.4.33-150200.3.51.1 * php7-xmlreader-7.4.33-150200.3.51.1 * php7-openssl-debuginfo-7.4.33-150200.3.51.1 * php7-soap-7.4.33-150200.3.51.1 * php7-mbstring-debuginfo-7.4.33-150200.3.51.1 * php7-gmp-debuginfo-7.4.33-150200.3.51.1 * php7-exif-7.4.33-150200.3.51.1 * php7-intl-debuginfo-7.4.33-150200.3.51.1 * php7-dba-7.4.33-150200.3.51.1 * php7-iconv-7.4.33-150200.3.51.1 * php7-pgsql-7.4.33-150200.3.51.1 * php7-tidy-7.4.33-150200.3.51.1 * php7-readline-debuginfo-7.4.33-150200.3.51.1 * php7-curl-7.4.33-150200.3.51.1 * php7-zip-7.4.33-150200.3.51.1 * php7-calendar-7.4.33-150200.3.51.1 * php7-dom-7.4.33-150200.3.51.1 * php7-snmp-7.4.33-150200.3.51.1 * php7-phar-debuginfo-7.4.33-150200.3.51.1 * php7-sodium-7.4.33-150200.3.51.1 * php7-posix-debuginfo-7.4.33-150200.3.51.1 * php7-gettext-7.4.33-150200.3.51.1 * php7-phar-7.4.33-150200.3.51.1 * php7-xsl-7.4.33-150200.3.51.1 * php7-sqlite-debuginfo-7.4.33-150200.3.51.1 * php7-fpm-7.4.33-150200.3.51.1 * php7-readline-7.4.33-150200.3.51.1 * php7-xmlrpc-7.4.33-150200.3.51.1 ## References: * https://www.suse.com/security/cve/CVE-2022-31631.html * https://www.suse.com/security/cve/CVE-2023-0567.html * https://www.suse.com/security/cve/CVE-2023-0568.html * https://www.suse.com/security/cve/CVE-2023-0662.html * https://bugzilla.suse.com/show_bug.cgi?id=1206958 * https://bugzilla.suse.com/show_bug.cgi?id=1208366 * https://bugzilla.suse.com/show_bug.cgi?id=1208367 * https://bugzilla.suse.com/show_bug.cgi?id=1208388 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Feb 22 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2023 12:30:09 -0000 Subject: SUSE-SU-2023:0475-1: moderate: Security update for gnutls Message-ID: <167706900943.12095.5980417584002088191@smelt2.suse.de> # Security update for gnutls Announcement ID: SUSE-SU-2023:0475-1 Rating: moderate References: * #1207183 * #1208143 * #1208146 Cross-References: * CVE-2023-0361 CVSS scores: * CVE-2023-0361 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has two fixes can now be installed. ## Description: This update for gnutls fixes the following issues: * CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143). * FIPS: Make the jitterentropy calls thread-safe (bsc#1208146). * FIPS: GnuTLS DH/ECDH PCT public key regeneration (bsc#1207183). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-475=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-475=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libgnutlsxx28-3.7.3-150400.4.27.1 * libgnutlsxx28-debuginfo-3.7.3-150400.4.27.1 * gnutls-guile-debuginfo-3.7.3-150400.4.27.1 * gnutls-debugsource-3.7.3-150400.4.27.1 * gnutls-guile-3.7.3-150400.4.27.1 * libgnutls-devel-3.7.3-150400.4.27.1 * libgnutls30-debuginfo-3.7.3-150400.4.27.1 * libgnutls30-3.7.3-150400.4.27.1 * gnutls-debuginfo-3.7.3-150400.4.27.1 * libgnutlsxx-devel-3.7.3-150400.4.27.1 * gnutls-3.7.3-150400.4.27.1 * libgnutls30-hmac-3.7.3-150400.4.27.1 * openSUSE Leap 15.4 (x86_64) * libgnutls30-32bit-debuginfo-3.7.3-150400.4.27.1 * libgnutls-devel-32bit-3.7.3-150400.4.27.1 * libgnutls30-32bit-3.7.3-150400.4.27.1 * libgnutls30-hmac-32bit-3.7.3-150400.4.27.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libgnutlsxx28-3.7.3-150400.4.27.1 * libgnutlsxx28-debuginfo-3.7.3-150400.4.27.1 * gnutls-debugsource-3.7.3-150400.4.27.1 * libgnutls-devel-3.7.3-150400.4.27.1 * libgnutls30-debuginfo-3.7.3-150400.4.27.1 * libgnutls30-3.7.3-150400.4.27.1 * gnutls-debuginfo-3.7.3-150400.4.27.1 * libgnutlsxx-devel-3.7.3-150400.4.27.1 * gnutls-3.7.3-150400.4.27.1 * libgnutls30-hmac-3.7.3-150400.4.27.1 * Basesystem Module 15-SP4 (x86_64) * libgnutls30-hmac-32bit-3.7.3-150400.4.27.1 * libgnutls30-32bit-debuginfo-3.7.3-150400.4.27.1 * libgnutls30-32bit-3.7.3-150400.4.27.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0361.html * https://bugzilla.suse.com/show_bug.cgi?id=1207183 * https://bugzilla.suse.com/show_bug.cgi?id=1208143 * https://bugzilla.suse.com/show_bug.cgi?id=1208146 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Feb 22 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2023 12:30:11 -0000 Subject: SUSE-RU-2023:0474-1: moderate: Recommended update for pdsh Message-ID: <167706901163.12095.13074308639464042066@smelt2.suse.de> # Recommended update for pdsh Announcement ID: SUSE-RU-2023:0474-1 Rating: moderate References: * #1206795 Affected Products: * HPC Module 15-SP3 * HPC Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 An update that has one recommended fix can now be installed. ## Description: This update for pdsh fixes the following issues: * Backport a number of features and fixes from the git master branch (bsc#1206795): Add '-C' option on Slurm plugin to restrict selected nodes to ones with the specified features present. Add option '-k' to the ssh plugin to fail faster on connection failures. Fix use of strchr. Dshbak: Fix uninitialized use of $tag on empty input. Dsh: Release a lock that is no longer used. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-474=1 * HPC Module 15-SP3 zypper in -t patch SUSE-SLE-Module-HPC-15-SP3-2023-474=1 * HPC Module 15-SP4 zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2023-474=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * pdsh-slurm-debuginfo-2.34-150300.38.1 * pdsh-2.34-150300.38.1 * pdsh-slurm_22_05-2.34-150300.38.1 * pdsh-slurm-2.34-150300.38.1 * pdsh-debugsource-2.34-150300.38.1 * pdsh-netgroup-debuginfo-2.34-150300.38.1 * pdsh_slurm_22_05-debugsource-2.34-150300.38.1 * pdsh-netgroup-2.34-150300.38.1 * pdsh-machines-2.34-150300.38.1 * pdsh-slurm_22_05-debuginfo-2.34-150300.38.1 * pdsh-genders-2.34-150300.38.1 * pdsh-machines-debuginfo-2.34-150300.38.1 * pdsh-debuginfo-2.34-150300.38.1 * pdsh-dshgroup-2.34-150300.38.1 * pdsh-dshgroup-debuginfo-2.34-150300.38.1 * pdsh-genders-debuginfo-2.34-150300.38.1 * HPC Module 15-SP3 (aarch64 x86_64) * pdsh-slurm-debuginfo-2.34-150300.38.1 * pdsh-2.34-150300.38.1 * pdsh-slurm_22_05-2.34-150300.38.1 * pdsh-slurm-2.34-150300.38.1 * pdsh-debugsource-2.34-150300.38.1 * pdsh-netgroup-debuginfo-2.34-150300.38.1 * pdsh_slurm_22_05-debugsource-2.34-150300.38.1 * pdsh-netgroup-2.34-150300.38.1 * pdsh-machines-2.34-150300.38.1 * pdsh-slurm_22_05-debuginfo-2.34-150300.38.1 * pdsh-genders-2.34-150300.38.1 * pdsh-machines-debuginfo-2.34-150300.38.1 * pdsh-debuginfo-2.34-150300.38.1 * pdsh-dshgroup-2.34-150300.38.1 * pdsh-dshgroup-debuginfo-2.34-150300.38.1 * pdsh-genders-debuginfo-2.34-150300.38.1 * HPC Module 15-SP4 (aarch64 x86_64) * pdsh-slurm-debuginfo-2.34-150300.38.1 * pdsh-2.34-150300.38.1 * pdsh-slurm_22_05-2.34-150300.38.1 * pdsh-slurm-2.34-150300.38.1 * pdsh-debugsource-2.34-150300.38.1 * pdsh-netgroup-debuginfo-2.34-150300.38.1 * pdsh_slurm_22_05-debugsource-2.34-150300.38.1 * pdsh-netgroup-2.34-150300.38.1 * pdsh-machines-2.34-150300.38.1 * pdsh-slurm_22_05-debuginfo-2.34-150300.38.1 * pdsh-genders-2.34-150300.38.1 * pdsh-machines-debuginfo-2.34-150300.38.1 * pdsh-debuginfo-2.34-150300.38.1 * pdsh-dshgroup-2.34-150300.38.1 * pdsh-dshgroup-debuginfo-2.34-150300.38.1 * pdsh-genders-debuginfo-2.34-150300.38.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206795 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Feb 22 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2023 16:30:03 -0000 Subject: SUSE-SU-2023:0480-1: important: Security update for poppler Message-ID: <167708340388.5903.12114766546767289799@smelt2.suse.de> # Security update for poppler Announcement ID: SUSE-SU-2023:0480-1 Rating: important References: * #1140877 * #1202692 Cross-References: * CVE-2019-13283 * CVE-2022-38784 CVSS scores: * CVE-2019-13283 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2019-13283 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-38784 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-38784 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves two vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder (bsc#1202692). * CVE-2019-13283: Fixed heap-based buffer over-read that could be triggered by sending a crafted PDF document to the pdftotext tool (bsc#1140877). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-480=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-480=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-480=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-480=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpoppler73-debuginfo-0.62.0-150000.4.9.1 * libpoppler73-0.62.0-150000.4.9.1 * openSUSE Leap 15.4 (x86_64) * libpoppler73-32bit-0.62.0-150000.4.9.1 * libpoppler73-32bit-debuginfo-0.62.0-150000.4.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libpoppler-glib8-0.62.0-150000.4.9.1 * poppler-tools-debuginfo-0.62.0-150000.4.9.1 * libpoppler73-debuginfo-0.62.0-150000.4.9.1 * poppler-tools-0.62.0-150000.4.9.1 * libpoppler-cpp0-0.62.0-150000.4.9.1 * libpoppler-cpp0-debuginfo-0.62.0-150000.4.9.1 * poppler-debugsource-0.62.0-150000.4.9.1 * libpoppler-glib-devel-0.62.0-150000.4.9.1 * libpoppler73-0.62.0-150000.4.9.1 * typelib-1_0-Poppler-0_18-0.62.0-150000.4.9.1 * libpoppler-devel-0.62.0-150000.4.9.1 * libpoppler-glib8-debuginfo-0.62.0-150000.4.9.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libpoppler-glib8-0.62.0-150000.4.9.1 * poppler-tools-debuginfo-0.62.0-150000.4.9.1 * libpoppler73-debuginfo-0.62.0-150000.4.9.1 * poppler-tools-0.62.0-150000.4.9.1 * libpoppler-cpp0-0.62.0-150000.4.9.1 * libpoppler-cpp0-debuginfo-0.62.0-150000.4.9.1 * poppler-debugsource-0.62.0-150000.4.9.1 * libpoppler-glib-devel-0.62.0-150000.4.9.1 * libpoppler73-0.62.0-150000.4.9.1 * typelib-1_0-Poppler-0_18-0.62.0-150000.4.9.1 * libpoppler-devel-0.62.0-150000.4.9.1 * libpoppler-glib8-debuginfo-0.62.0-150000.4.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libpoppler-glib8-0.62.0-150000.4.9.1 * poppler-tools-debuginfo-0.62.0-150000.4.9.1 * libpoppler73-debuginfo-0.62.0-150000.4.9.1 * poppler-tools-0.62.0-150000.4.9.1 * libpoppler-cpp0-0.62.0-150000.4.9.1 * libpoppler-cpp0-debuginfo-0.62.0-150000.4.9.1 * poppler-debugsource-0.62.0-150000.4.9.1 * libpoppler-glib-devel-0.62.0-150000.4.9.1 * libpoppler73-0.62.0-150000.4.9.1 * typelib-1_0-Poppler-0_18-0.62.0-150000.4.9.1 * libpoppler-devel-0.62.0-150000.4.9.1 * libpoppler-glib8-debuginfo-0.62.0-150000.4.9.1 * SUSE CaaS Platform 4.0 (x86_64) * libpoppler-glib8-0.62.0-150000.4.9.1 * poppler-tools-debuginfo-0.62.0-150000.4.9.1 * libpoppler73-debuginfo-0.62.0-150000.4.9.1 * poppler-tools-0.62.0-150000.4.9.1 * libpoppler-cpp0-0.62.0-150000.4.9.1 * libpoppler-cpp0-debuginfo-0.62.0-150000.4.9.1 * poppler-debugsource-0.62.0-150000.4.9.1 * libpoppler-glib-devel-0.62.0-150000.4.9.1 * libpoppler73-0.62.0-150000.4.9.1 * typelib-1_0-Poppler-0_18-0.62.0-150000.4.9.1 * libpoppler-devel-0.62.0-150000.4.9.1 * libpoppler-glib8-debuginfo-0.62.0-150000.4.9.1 ## References: * https://www.suse.com/security/cve/CVE-2019-13283.html * https://www.suse.com/security/cve/CVE-2022-38784.html * https://bugzilla.suse.com/show_bug.cgi?id=1140877 * https://bugzilla.suse.com/show_bug.cgi?id=1202692 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Feb 22 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2023 16:30:06 -0000 Subject: SUSE-SU-2023:0479-1: important: Security update for postgresql12 Message-ID: <167708340642.5903.15248817289011604271@smelt2.suse.de> # Security update for postgresql12 Announcement ID: SUSE-SU-2023:0479-1 Rating: important References: * #1205300 * #1208102 Cross-References: * CVE-2022-41862 CVSS scores: * CVE-2022-41862 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for postgresql12 fixes the following issues: Update to 12.14: * CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). * Update to 12.13 (bsc#1205300). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-479=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-479=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-479=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * postgresql12-plpython-debuginfo-12.14-150100.3.37.1 * libpq5-debuginfo-12.14-150100.3.37.1 * postgresql12-pltcl-debuginfo-12.14-150100.3.37.1 * postgresql12-server-devel-12.14-150100.3.37.1 * postgresql12-plperl-debuginfo-12.14-150100.3.37.1 * postgresql12-debuginfo-12.14-150100.3.37.1 * postgresql12-server-12.14-150100.3.37.1 * postgresql12-contrib-12.14-150100.3.37.1 * postgresql12-server-devel-debuginfo-12.14-150100.3.37.1 * postgresql12-12.14-150100.3.37.1 * postgresql12-contrib-debuginfo-12.14-150100.3.37.1 * postgresql12-devel-12.14-150100.3.37.1 * libecpg6-debuginfo-12.14-150100.3.37.1 * postgresql12-debugsource-12.14-150100.3.37.1 * postgresql12-plperl-12.14-150100.3.37.1 * postgresql12-server-debuginfo-12.14-150100.3.37.1 * postgresql12-devel-debuginfo-12.14-150100.3.37.1 * postgresql12-pltcl-12.14-150100.3.37.1 * libpq5-12.14-150100.3.37.1 * postgresql12-plpython-12.14-150100.3.37.1 * libecpg6-12.14-150100.3.37.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * postgresql12-docs-12.14-150100.3.37.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libpq5-32bit-debuginfo-12.14-150100.3.37.1 * libpq5-32bit-12.14-150100.3.37.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * postgresql12-plpython-debuginfo-12.14-150100.3.37.1 * libpq5-debuginfo-12.14-150100.3.37.1 * postgresql12-pltcl-debuginfo-12.14-150100.3.37.1 * postgresql12-server-devel-12.14-150100.3.37.1 * postgresql12-plperl-debuginfo-12.14-150100.3.37.1 * postgresql12-debuginfo-12.14-150100.3.37.1 * postgresql12-server-12.14-150100.3.37.1 * postgresql12-contrib-12.14-150100.3.37.1 * postgresql12-server-devel-debuginfo-12.14-150100.3.37.1 * postgresql12-12.14-150100.3.37.1 * postgresql12-contrib-debuginfo-12.14-150100.3.37.1 * postgresql12-devel-12.14-150100.3.37.1 * libecpg6-debuginfo-12.14-150100.3.37.1 * postgresql12-debugsource-12.14-150100.3.37.1 * postgresql12-plperl-12.14-150100.3.37.1 * postgresql12-server-debuginfo-12.14-150100.3.37.1 * postgresql12-devel-debuginfo-12.14-150100.3.37.1 * postgresql12-pltcl-12.14-150100.3.37.1 * libpq5-12.14-150100.3.37.1 * postgresql12-plpython-12.14-150100.3.37.1 * libecpg6-12.14-150100.3.37.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * postgresql12-docs-12.14-150100.3.37.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libpq5-32bit-debuginfo-12.14-150100.3.37.1 * libpq5-32bit-12.14-150100.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * postgresql12-plpython-debuginfo-12.14-150100.3.37.1 * libpq5-debuginfo-12.14-150100.3.37.1 * postgresql12-pltcl-debuginfo-12.14-150100.3.37.1 * postgresql12-server-devel-12.14-150100.3.37.1 * postgresql12-plperl-debuginfo-12.14-150100.3.37.1 * postgresql12-debuginfo-12.14-150100.3.37.1 * postgresql12-server-12.14-150100.3.37.1 * postgresql12-contrib-12.14-150100.3.37.1 * postgresql12-server-devel-debuginfo-12.14-150100.3.37.1 * postgresql12-12.14-150100.3.37.1 * postgresql12-contrib-debuginfo-12.14-150100.3.37.1 * postgresql12-devel-12.14-150100.3.37.1 * libecpg6-debuginfo-12.14-150100.3.37.1 * postgresql12-debugsource-12.14-150100.3.37.1 * postgresql12-plperl-12.14-150100.3.37.1 * postgresql12-server-debuginfo-12.14-150100.3.37.1 * postgresql12-devel-debuginfo-12.14-150100.3.37.1 * postgresql12-pltcl-12.14-150100.3.37.1 * libpq5-12.14-150100.3.37.1 * postgresql12-plpython-12.14-150100.3.37.1 * libecpg6-12.14-150100.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * postgresql12-docs-12.14-150100.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libpq5-32bit-debuginfo-12.14-150100.3.37.1 * libpq5-32bit-12.14-150100.3.37.1 * SUSE CaaS Platform 4.0 (x86_64) * postgresql12-plpython-debuginfo-12.14-150100.3.37.1 * libpq5-debuginfo-12.14-150100.3.37.1 * libpq5-32bit-debuginfo-12.14-150100.3.37.1 * postgresql12-pltcl-debuginfo-12.14-150100.3.37.1 * postgresql12-server-devel-12.14-150100.3.37.1 * postgresql12-plperl-debuginfo-12.14-150100.3.37.1 * postgresql12-debuginfo-12.14-150100.3.37.1 * postgresql12-server-12.14-150100.3.37.1 * postgresql12-contrib-12.14-150100.3.37.1 * postgresql12-server-devel-debuginfo-12.14-150100.3.37.1 * postgresql12-12.14-150100.3.37.1 * postgresql12-contrib-debuginfo-12.14-150100.3.37.1 * postgresql12-devel-12.14-150100.3.37.1 * libecpg6-debuginfo-12.14-150100.3.37.1 * postgresql12-debugsource-12.14-150100.3.37.1 * postgresql12-plperl-12.14-150100.3.37.1 * postgresql12-server-debuginfo-12.14-150100.3.37.1 * libpq5-32bit-12.14-150100.3.37.1 * postgresql12-devel-debuginfo-12.14-150100.3.37.1 * postgresql12-pltcl-12.14-150100.3.37.1 * libpq5-12.14-150100.3.37.1 * postgresql12-plpython-12.14-150100.3.37.1 * libecpg6-12.14-150100.3.37.1 * SUSE CaaS Platform 4.0 (noarch) * postgresql12-docs-12.14-150100.3.37.1 ## References: * https://www.suse.com/security/cve/CVE-2022-41862.html * https://bugzilla.suse.com/show_bug.cgi?id=1205300 * https://bugzilla.suse.com/show_bug.cgi?id=1208102 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Feb 22 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2023 16:30:09 -0000 Subject: SUSE-RU-2023:0478-1: moderate: Recommended update for python3-ec2imgutils Message-ID: <167708340998.5903.15906858577752664092@smelt2.suse.de> # Recommended update for python3-ec2imgutils Announcement ID: SUSE-RU-2023:0478-1 Rating: moderate References: * #1189649 * #1190538 * #1192298 * #1199722 Affected Products: * Public Cloud Module 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that has four recommended fixes can now be installed. ## Description: This update for python3-ec2imgutils fixes the following issues: * Update to version 10.0.1 * Follow up fix to (bsc#1199722) allow the user a choice of 2.0 and v2.0 as tpm versions on the command line * Update to version 10.0.0 (bsc#1199722) * Add --tpm-support as command line option and tpm_support to the API to register images that support NitroTPM * API change for ec2deprecateimg. It is now possible to deprecate an image without providing a successor image. * Add rpm-macros to build requirements in spec. * Update to version 9.0.4 (bsc#1192298) * Set a time out for the ssh connection to avoid hang in a multi threaded environment * Update to version 9.0.3 (bsc#1190538) * Support setting the boot mode for EC2 images, either to legacy-bios or uefi. Argument is optional, without it instance will use the default boot mode for the given instance type. * Update to version 9.0.2 (bsc#1189649) * In addition to tagging images in AWS also set them to deprecated in EC2. This allows the framework to hide the images from new users when images are no longer supposed to be used. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-478=1 ## Package List: * Public Cloud Module 15-SP1 (noarch) * python3-ec2imgutils-10.0.1-150100.3.23.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1189649 * https://bugzilla.suse.com/show_bug.cgi?id=1190538 * https://bugzilla.suse.com/show_bug.cgi?id=1192298 * https://bugzilla.suse.com/show_bug.cgi?id=1199722 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Feb 22 16:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2023 16:30:14 -0000 Subject: SUSE-RU-2023:0477-1: moderate: Recommended update for google-guest-configs Message-ID: <167708341408.5903.6604812141400624070@smelt2.suse.de> # Recommended update for google-guest-configs Announcement ID: SUSE-RU-2023:0477-1 Rating: moderate References: * #1195437 * #1195438 * #1204068 * #1204091 Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has four recommended fixes can now be installed. ## Description: This update for google-guest-configs fixes the following issues: * Add nvme-cli to Requires (bsc#1204068, bsc#1204091) * Update to version 20220211.00 (bsc#1195437, bsc#1195438) * Set NVMe-PD IO timeout to 4294967295. (#32) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-477=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-477=1 ## Package List: * openSUSE Leap 15.4 (noarch) * google-guest-configs-20220211.00-150400.13.3.1 * Public Cloud Module 15-SP4 (noarch) * google-guest-configs-20220211.00-150400.13.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1195437 * https://bugzilla.suse.com/show_bug.cgi?id=1195438 * https://bugzilla.suse.com/show_bug.cgi?id=1204068 * https://bugzilla.suse.com/show_bug.cgi?id=1204091 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Feb 23 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Feb 2023 08:30:03 -0000 Subject: SUSE-RU-2023:0481-1: moderate: Recommended update for yast2-sap-ha Message-ID: <167714100309.21894.12492452499730379177@smelt2.suse.de> # Recommended update for yast2-sap-ha Announcement ID: SUSE-RU-2023:0481-1 Rating: moderate References: * #1202979 * #1206601 Affected Products: * SAP Applications Module 15-SP2 * SAP Applications Module 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that has two recommended fixes can now be installed. ## Description: This update for yast2-sap-ha fixes the following issues: * Use ruby base64 to replace uuencode/uudecode. (bsc#1206601) * YaST2 HA Setup for SAP Products - cannot input several instance numbers. (bsc#1202979) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SAP Applications Module 15-SP1 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2023-481=1 * SAP Applications Module 15-SP2 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2023-481=1 ## Package List: * SAP Applications Module 15-SP1 (noarch) * yast2-sap-ha-1.0.18-150000.3.14.1 * SAP Applications Module 15-SP2 (noarch) * yast2-sap-ha-1.0.18-150000.3.14.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1202979 * https://bugzilla.suse.com/show_bug.cgi?id=1206601 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Feb 23 20:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Feb 2023 20:30:03 -0000 Subject: SUSE-RU-2022:1420-1: moderate: Recommended update for lifecycle-data-sle-module-live-patching Message-ID: <167718420347.17265.9442349990237190137@smelt2.suse.de> # Recommended update for lifecycle-data-sle-module-live-patching Announcement ID: SUSE-RU-2022:1420-1 Rating: moderate References: * #1020320 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Live Patching 15 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that has one recommended fix can now be installed. ## Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: Lifecycle data update. (bsc#1020320) * Added data for 4_12_14-150_83, 4_12_14-150_86, 4_12_14-197_105, 4_12_14-197_108, 5_3_18-150300_59_46, 5_3_18-150300_59_49, 5_3_18-150300_59_54, 5_3_18-24_102, 5_3_18-24_107. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2022-1420=1 * SUSE Linux Enterprise Live Patching 15 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-1420=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-1420=1 * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-1420=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1420=1 ## Package List: * openSUSE Leap 15.4 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.72.1 * SUSE Linux Enterprise Live Patching 15 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.72.1 * SUSE Linux Enterprise Live Patching 15-SP1 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.72.1 * SUSE Linux Enterprise Live Patching 15-SP2 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.72.1 * SUSE Linux Enterprise Live Patching 15-SP3 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.72.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1020320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Feb 23 20:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Feb 2023 20:30:05 -0000 Subject: SUSE-SU-2023:0496-1: moderate: Security update for poppler Message-ID: <167718420580.17265.18138473211806736465@smelt2.suse.de> # Security update for poppler Announcement ID: SUSE-SU-2023:0496-1 Rating: moderate References: * #1140877 Cross-References: * CVE-2019-13283 CVSS scores: * CVE-2019-13283 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2019-13283 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2019-13283: Fixed heap-based buffer over-read that could be triggered by sending a crafted PDF document to the pdftotext tool (bsc#1140877). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-496=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libpoppler44-0.24.4-14.23.1 * libpoppler44-debuginfo-0.24.4-14.23.1 ## References: * https://www.suse.com/security/cve/CVE-2019-13283.html * https://bugzilla.suse.com/show_bug.cgi?id=1140877 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Feb 23 20:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Feb 2023 20:30:08 -0000 Subject: SUSE-SU-2023:0495-1: important: Security update for poppler Message-ID: <167718420823.17265.6071659881208167833@smelt2.suse.de> # Security update for poppler Announcement ID: SUSE-SU-2023:0495-1 Rating: important References: * #1202692 Cross-References: * CVE-2022-38784 CVSS scores: * CVE-2022-38784 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-38784 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder (bsc#1202692). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-495=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-495=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-495=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * poppler-qt6-debugsource-22.01.0-150400.3.3.1 * libpoppler-qt5-devel-22.01.0-150400.3.3.1 * libpoppler-devel-22.01.0-150400.3.3.1 * poppler-qt5-debugsource-22.01.0-150400.3.3.1 * libpoppler117-debuginfo-22.01.0-150400.3.3.1 * libpoppler-glib8-22.01.0-150400.3.3.1 * typelib-1_0-Poppler-0_18-22.01.0-150400.3.3.1 * libpoppler-qt5-1-debuginfo-22.01.0-150400.3.3.1 * libpoppler-qt6-3-debuginfo-22.01.0-150400.3.3.1 * libpoppler-qt6-devel-22.01.0-150400.3.3.1 * libpoppler117-22.01.0-150400.3.3.1 * libpoppler-cpp0-22.01.0-150400.3.3.1 * libpoppler-cpp0-debuginfo-22.01.0-150400.3.3.1 * libpoppler-qt6-3-22.01.0-150400.3.3.1 * poppler-tools-debuginfo-22.01.0-150400.3.3.1 * libpoppler-glib8-debuginfo-22.01.0-150400.3.3.1 * libpoppler-qt5-1-22.01.0-150400.3.3.1 * libpoppler-glib-devel-22.01.0-150400.3.3.1 * poppler-debugsource-22.01.0-150400.3.3.1 * poppler-tools-22.01.0-150400.3.3.1 * openSUSE Leap 15.4 (x86_64) * libpoppler117-32bit-22.01.0-150400.3.3.1 * libpoppler117-32bit-debuginfo-22.01.0-150400.3.3.1 * libpoppler-glib8-32bit-debuginfo-22.01.0-150400.3.3.1 * libpoppler-qt5-1-32bit-22.01.0-150400.3.3.1 * libpoppler-qt5-1-32bit-debuginfo-22.01.0-150400.3.3.1 * libpoppler-cpp0-32bit-22.01.0-150400.3.3.1 * libpoppler-cpp0-32bit-debuginfo-22.01.0-150400.3.3.1 * libpoppler-glib8-32bit-22.01.0-150400.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libpoppler-devel-22.01.0-150400.3.3.1 * libpoppler117-debuginfo-22.01.0-150400.3.3.1 * libpoppler-glib8-22.01.0-150400.3.3.1 * typelib-1_0-Poppler-0_18-22.01.0-150400.3.3.1 * libpoppler117-22.01.0-150400.3.3.1 * libpoppler-cpp0-22.01.0-150400.3.3.1 * libpoppler-cpp0-debuginfo-22.01.0-150400.3.3.1 * poppler-tools-debuginfo-22.01.0-150400.3.3.1 * libpoppler-glib8-debuginfo-22.01.0-150400.3.3.1 * libpoppler-glib-devel-22.01.0-150400.3.3.1 * poppler-debugsource-22.01.0-150400.3.3.1 * poppler-tools-22.01.0-150400.3.3.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * libpoppler-qt5-devel-22.01.0-150400.3.3.1 * libpoppler-devel-22.01.0-150400.3.3.1 * poppler-qt5-debugsource-22.01.0-150400.3.3.1 * libpoppler-qt5-1-debuginfo-22.01.0-150400.3.3.1 * libpoppler-cpp0-22.01.0-150400.3.3.1 * libpoppler-cpp0-debuginfo-22.01.0-150400.3.3.1 * libpoppler-qt5-1-22.01.0-150400.3.3.1 * poppler-debugsource-22.01.0-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2022-38784.html * https://bugzilla.suse.com/show_bug.cgi?id=1202692 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Feb 23 20:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Feb 2023 20:30:11 -0000 Subject: SUSE-SU-2023:0494-1: important: Security update for poppler Message-ID: <167718421176.17265.6071988688726999674@smelt2.suse.de> # Security update for poppler Announcement ID: SUSE-SU-2023:0494-1 Rating: important References: * #1140877 * #1202692 Cross-References: * CVE-2019-13283 * CVE-2022-38784 CVSS scores: * CVE-2019-13283 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2019-13283 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-38784 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-38784 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves two vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder (bsc#1202692). * CVE-2019-13283: Fixed heap-based buffer over-read that could be triggered by sending a crafted PDF document to the pdftotext tool (bsc#1140877). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-494=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-494=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-494=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-494=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-494=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-494=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-494=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-494=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-494=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-494=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libpoppler-qt4-4-debuginfo-0.43.0-16.22.1 * poppler-tools-debuginfo-0.43.0-16.22.1 * libpoppler60-debuginfo-0.43.0-16.22.1 * libpoppler60-0.43.0-16.22.1 * poppler-debugsource-0.43.0-16.22.1 * libpoppler-qt4-4-0.43.0-16.22.1 * libpoppler-glib8-0.43.0-16.22.1 * libpoppler-glib8-debuginfo-0.43.0-16.22.1 * poppler-tools-0.43.0-16.22.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libpoppler-qt4-4-debuginfo-0.43.0-16.22.1 * poppler-tools-debuginfo-0.43.0-16.22.1 * libpoppler60-debuginfo-0.43.0-16.22.1 * libpoppler60-0.43.0-16.22.1 * poppler-debugsource-0.43.0-16.22.1 * libpoppler-qt4-4-0.43.0-16.22.1 * libpoppler-glib8-0.43.0-16.22.1 * libpoppler-glib8-debuginfo-0.43.0-16.22.1 * poppler-tools-0.43.0-16.22.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * libpoppler-qt4-4-debuginfo-0.43.0-16.22.1 * poppler-tools-debuginfo-0.43.0-16.22.1 * libpoppler60-debuginfo-0.43.0-16.22.1 * libpoppler60-0.43.0-16.22.1 * poppler-debugsource-0.43.0-16.22.1 * libpoppler-qt4-4-0.43.0-16.22.1 * libpoppler-glib8-0.43.0-16.22.1 * libpoppler-glib8-debuginfo-0.43.0-16.22.1 * poppler-tools-0.43.0-16.22.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libpoppler-devel-0.43.0-16.22.1 * libpoppler-glib-devel-0.43.0-16.22.1 * poppler-debugsource-0.43.0-16.22.1 * libpoppler-cpp0-0.43.0-16.22.1 * typelib-1_0-Poppler-0_18-0.43.0-16.22.1 * libpoppler-qt4-devel-0.43.0-16.22.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * libpoppler-cpp0-debuginfo-0.43.0-16.22.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libpoppler-qt4-4-debuginfo-0.43.0-16.22.1 * poppler-tools-debuginfo-0.43.0-16.22.1 * libpoppler60-debuginfo-0.43.0-16.22.1 * libpoppler60-0.43.0-16.22.1 * poppler-debugsource-0.43.0-16.22.1 * libpoppler-qt4-4-0.43.0-16.22.1 * libpoppler-glib8-0.43.0-16.22.1 * libpoppler-glib8-debuginfo-0.43.0-16.22.1 * poppler-tools-0.43.0-16.22.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * poppler-tools-debuginfo-0.43.0-16.22.1 * libpoppler60-debuginfo-0.43.0-16.22.1 * libpoppler60-0.43.0-16.22.1 * poppler-debugsource-0.43.0-16.22.1 * libpoppler-qt4-4-0.43.0-16.22.1 * libpoppler-glib8-0.43.0-16.22.1 * libpoppler-glib8-debuginfo-0.43.0-16.22.1 * poppler-tools-0.43.0-16.22.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libpoppler-qt4-4-debuginfo-0.43.0-16.22.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * poppler-tools-debuginfo-0.43.0-16.22.1 * libpoppler60-debuginfo-0.43.0-16.22.1 * libpoppler60-0.43.0-16.22.1 * poppler-debugsource-0.43.0-16.22.1 * libpoppler-qt4-4-0.43.0-16.22.1 * libpoppler-glib8-0.43.0-16.22.1 * libpoppler-glib8-debuginfo-0.43.0-16.22.1 * poppler-tools-0.43.0-16.22.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (ppc64le s390x x86_64) * libpoppler-qt4-4-debuginfo-0.43.0-16.22.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * poppler-tools-debuginfo-0.43.0-16.22.1 * libpoppler60-debuginfo-0.43.0-16.22.1 * libpoppler60-0.43.0-16.22.1 * poppler-debugsource-0.43.0-16.22.1 * libpoppler-qt4-4-0.43.0-16.22.1 * libpoppler-glib8-0.43.0-16.22.1 * libpoppler-glib8-debuginfo-0.43.0-16.22.1 * poppler-tools-0.43.0-16.22.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libpoppler-qt4-4-debuginfo-0.43.0-16.22.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * poppler-tools-debuginfo-0.43.0-16.22.1 * libpoppler60-debuginfo-0.43.0-16.22.1 * libpoppler60-0.43.0-16.22.1 * poppler-debugsource-0.43.0-16.22.1 * libpoppler-qt4-4-0.43.0-16.22.1 * libpoppler-glib8-0.43.0-16.22.1 * libpoppler-glib8-debuginfo-0.43.0-16.22.1 * poppler-tools-0.43.0-16.22.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le s390x x86_64) * libpoppler-qt4-4-debuginfo-0.43.0-16.22.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libpoppler-qt4-4-debuginfo-0.43.0-16.22.1 * poppler-tools-debuginfo-0.43.0-16.22.1 * libpoppler60-debuginfo-0.43.0-16.22.1 * libpoppler60-0.43.0-16.22.1 * poppler-debugsource-0.43.0-16.22.1 * libpoppler-qt4-4-0.43.0-16.22.1 * libpoppler-glib8-0.43.0-16.22.1 * libpoppler-glib8-debuginfo-0.43.0-16.22.1 * poppler-tools-0.43.0-16.22.1 ## References: * https://www.suse.com/security/cve/CVE-2019-13283.html * https://www.suse.com/security/cve/CVE-2022-38784.html * https://bugzilla.suse.com/show_bug.cgi?id=1140877 * https://bugzilla.suse.com/show_bug.cgi?id=1202692 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Feb 23 20:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Feb 2023 20:30:14 -0000 Subject: SUSE-SU-2023:0492-1: moderate: Security update for rubygem-activerecord-5_1 Message-ID: <167718421454.17265.13190399962659648339@smelt2.suse.de> # Security update for rubygem-activerecord-5_1 Announcement ID: SUSE-SU-2023:0492-1 Rating: moderate References: * #1207450 Cross-References: * CVE-2022-44566 CVSS scores: * CVE-2022-44566 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-44566 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for rubygem-activerecord-5_1 fixes the following issues: * CVE-2022-44566: Fixed possible denial of service vulnerability in ActiveRecord's PostgreSQL adapter (bsc#1207450). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-492=1 * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-492=1 * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-492=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-492=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-492=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-activerecord-5_1-5.1.4-150000.5.6.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-activerecord-5_1-5.1.4-150000.5.6.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-activerecord-5_1-5.1.4-150000.5.6.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-activerecord-5_1-5.1.4-150000.5.6.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-activerecord-5_1-5.1.4-150000.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2022-44566.html * https://bugzilla.suse.com/show_bug.cgi?id=1207450 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Feb 23 20:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Feb 2023 20:30:17 -0000 Subject: SUSE-RU-2023:0491-1: important: Recommended update for yast2-network Message-ID: <167718421775.17265.5599778250724204488@smelt2.suse.de> # Recommended update for yast2-network Announcement ID: SUSE-RU-2023:0491-1 Rating: important References: * #1206551 * #1207221 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for yast2-network fixes the following issues: * Fix the return of packages needed by the selected backend when running an autoinstallation (bsc#1207221) * Report a warning message for issues detected when the NETMASK or PREFIXLEN are invalid and allow the user to stop or to continue with the broken configuration (bsc#1206551) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-491=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-491=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-491=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-491=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-491=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-491=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-491=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-491=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-491=1 ## Package List: * openSUSE Leap 15.4 (noarch) * yast2-network-4.4.55-150400.3.15.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (noarch) * yast2-network-4.4.55-150400.3.15.1 * SUSE Linux Enterprise Server 15 SP4 (noarch) * yast2-network-4.4.55-150400.3.15.1 * SUSE Manager Server 4.3 (noarch) * yast2-network-4.4.55-150400.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * yast2-network-4.4.55-150400.3.15.1 * SUSE Linux Enterprise Desktop 15 SP4 (noarch) * yast2-network-4.4.55-150400.3.15.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * yast2-network-4.4.55-150400.3.15.1 * SUSE Manager Proxy 4.3 (noarch) * yast2-network-4.4.55-150400.3.15.1 * Basesystem Module 15-SP4 (noarch) * yast2-network-4.4.55-150400.3.15.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206551 * https://bugzilla.suse.com/show_bug.cgi?id=1207221 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Feb 23 20:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Feb 2023 20:30:21 -0000 Subject: SUSE-SU-2023:0490-1: important: Security update for webkit2gtk3 Message-ID: <167718422133.17265.4498561276952850630@smelt2.suse.de> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:0490-1 Rating: important References: * #1206750 * #1207997 * #1208328 Cross-References: * CVE-2022-42826 * CVE-2022-42852 * CVE-2022-42863 * CVE-2022-42867 * CVE-2022-46691 * CVE-2022-46692 * CVE-2022-46698 * CVE-2022-46699 * CVE-2022-46700 * CVE-2023-23517 * CVE-2023-23518 * CVE-2023-23529 CVSS scores: * CVE-2022-42826 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-42852 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2022-42852 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2022-42863 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-42863 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-42867 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-42867 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-46691 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-46691 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-46692 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2022-46692 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2022-46698 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2022-46698 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2022-46699 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-46699 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-46700 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-23517 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-23518 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-23529 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves 12 vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.38.5 (boo#1208328): * CVE-2023-23529: Fixed possible arbitrary code execution via maliciously crafted web content. Update to version 2.38.4 (boo#1207997): * CVE-2023-23517: Fixed web content processing that could have led to arbitrary code execution. * CVE-2023-23518: Fixed web content processing that could have led to arbitrary code execution. * CVE-2022-42826: Fixed a use-after-free issue that was caused by improper memory management. New CVE and bug references where added for already released updates: Update to version 2.38.3 (boo#1206750): * CVE-2022-42852: Fixed disclosure of process memory by improved memory handling. * CVE-2022-42867: Fixed a use after free issue was addressed with improved memory management. * CVE-2022-46692: Fixed bypass of Same Origin Policy through improved state management. * CVE-2022-46698: Fixed disclosure of sensitive user information with improved checks. * CVE-2022-46699: Fixed an arbitrary code execution caused by memory corruption. * CVE-2022-46700: Fixed a potential arbitrary code execution when processing maliciously crafted web content. Update to version 2.38.1: * CVE-2022-46691: Fixed a potential arbitrary code execution when processing maliciously crafted web content. Update to version 2.38.0: * CVE-2022-42863: Fixed a potential arbitrary code execution when processing maliciously crafted web content. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-490=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-490=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-490=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-490=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-490=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-490=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-490=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-490=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-490=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-490=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-490=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-490=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-490=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-490=1 ## Package List: * openSUSE Leap 15.4 (noarch) * libwebkit2gtk3-lang-2.38.5-150200.66.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * typelib-1_0-WebKit2-4_0-2.38.5-150200.66.1 * webkit2gtk3-debugsource-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-2.38.5-150200.66.1 * typelib-1_0-JavaScriptCore-4_0-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-2.38.5-150200.66.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.5-150200.66.1 * webkit2gtk3-devel-2.38.5-150200.66.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * libwebkit2gtk3-lang-2.38.5-150200.66.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * typelib-1_0-WebKit2-4_0-2.38.5-150200.66.1 * webkit2gtk3-debugsource-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-2.38.5-150200.66.1 * typelib-1_0-JavaScriptCore-4_0-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-2.38.5-150200.66.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.5-150200.66.1 * webkit2gtk3-devel-2.38.5-150200.66.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * libwebkit2gtk3-lang-2.38.5-150200.66.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * typelib-1_0-WebKit2-4_0-2.38.5-150200.66.1 * webkit2gtk3-debugsource-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-2.38.5-150200.66.1 * typelib-1_0-JavaScriptCore-4_0-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-2.38.5-150200.66.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.5-150200.66.1 * webkit2gtk3-devel-2.38.5-150200.66.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * libwebkit2gtk3-lang-2.38.5-150200.66.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * typelib-1_0-WebKit2-4_0-2.38.5-150200.66.1 * webkit2gtk3-debugsource-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-2.38.5-150200.66.1 * typelib-1_0-JavaScriptCore-4_0-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-2.38.5-150200.66.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.5-150200.66.1 * webkit2gtk3-devel-2.38.5-150200.66.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * libwebkit2gtk3-lang-2.38.5-150200.66.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit2-4_0-2.38.5-150200.66.1 * webkit2gtk3-debugsource-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-2.38.5-150200.66.1 * typelib-1_0-JavaScriptCore-4_0-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-2.38.5-150200.66.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.5-150200.66.1 * webkit2gtk3-devel-2.38.5-150200.66.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * libwebkit2gtk3-lang-2.38.5-150200.66.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit2-4_0-2.38.5-150200.66.1 * webkit2gtk3-debugsource-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-2.38.5-150200.66.1 * typelib-1_0-JavaScriptCore-4_0-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-2.38.5-150200.66.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.5-150200.66.1 * webkit2gtk3-devel-2.38.5-150200.66.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * libwebkit2gtk3-lang-2.38.5-150200.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * typelib-1_0-WebKit2-4_0-2.38.5-150200.66.1 * webkit2gtk3-debugsource-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-2.38.5-150200.66.1 * typelib-1_0-JavaScriptCore-4_0-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-2.38.5-150200.66.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.5-150200.66.1 * webkit2gtk3-devel-2.38.5-150200.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * libwebkit2gtk3-lang-2.38.5-150200.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * typelib-1_0-WebKit2-4_0-2.38.5-150200.66.1 * webkit2gtk3-debugsource-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-2.38.5-150200.66.1 * typelib-1_0-JavaScriptCore-4_0-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-2.38.5-150200.66.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.5-150200.66.1 * webkit2gtk3-devel-2.38.5-150200.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * libwebkit2gtk3-lang-2.38.5-150200.66.1 * SUSE Manager Proxy 4.2 (x86_64) * webkit2gtk3-debugsource-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-2.38.5-150200.66.1 * SUSE Manager Proxy 4.2 (noarch) * libwebkit2gtk3-lang-2.38.5-150200.66.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * webkit2gtk3-debugsource-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-2.38.5-150200.66.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * libwebkit2gtk3-lang-2.38.5-150200.66.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * webkit2gtk3-debugsource-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-2.38.5-150200.66.1 * SUSE Manager Server 4.2 (noarch) * libwebkit2gtk3-lang-2.38.5-150200.66.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * typelib-1_0-WebKit2-4_0-2.38.5-150200.66.1 * webkit2gtk3-debugsource-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-2.38.5-150200.66.1 * typelib-1_0-JavaScriptCore-4_0-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-2.38.5-150200.66.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.5-150200.66.1 * webkit2gtk3-devel-2.38.5-150200.66.1 * SUSE Enterprise Storage 7.1 (noarch) * libwebkit2gtk3-lang-2.38.5-150200.66.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * typelib-1_0-WebKit2-4_0-2.38.5-150200.66.1 * webkit2gtk3-debugsource-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.5-150200.66.1 * libwebkit2gtk-4_0-37-2.38.5-150200.66.1 * typelib-1_0-JavaScriptCore-4_0-2.38.5-150200.66.1 * libjavascriptcoregtk-4_0-18-2.38.5-150200.66.1 * webkit2gtk-4_0-injected-bundles-2.38.5-150200.66.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.5-150200.66.1 * webkit2gtk3-devel-2.38.5-150200.66.1 * SUSE Enterprise Storage 7 (noarch) * libwebkit2gtk3-lang-2.38.5-150200.66.1 ## References: * https://www.suse.com/security/cve/CVE-2022-42826.html * https://www.suse.com/security/cve/CVE-2022-42852.html * https://www.suse.com/security/cve/CVE-2022-42863.html * https://www.suse.com/security/cve/CVE-2022-42867.html * https://www.suse.com/security/cve/CVE-2022-46691.html * https://www.suse.com/security/cve/CVE-2022-46692.html * https://www.suse.com/security/cve/CVE-2022-46698.html * https://www.suse.com/security/cve/CVE-2022-46699.html * https://www.suse.com/security/cve/CVE-2022-46700.html * https://www.suse.com/security/cve/CVE-2023-23517.html * https://www.suse.com/security/cve/CVE-2023-23518.html * https://www.suse.com/security/cve/CVE-2023-23529.html * https://bugzilla.suse.com/show_bug.cgi?id=1206750 * https://bugzilla.suse.com/show_bug.cgi?id=1207997 * https://bugzilla.suse.com/show_bug.cgi?id=1208328 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Feb 23 20:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Feb 2023 20:30:25 -0000 Subject: SUSE-SU-2023:0489-1: important: Security update for webkit2gtk3 Message-ID: <167718422528.17265.1888722074558812532@smelt2.suse.de> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:0489-1 Rating: important References: * #1206750 * #1207997 * #1208328 Cross-References: * CVE-2022-42826 * CVE-2022-42852 * CVE-2022-42863 * CVE-2022-42867 * CVE-2022-46691 * CVE-2022-46692 * CVE-2022-46698 * CVE-2022-46699 * CVE-2022-46700 * CVE-2023-23517 * CVE-2023-23518 * CVE-2023-23529 CVSS scores: * CVE-2022-42826 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-42852 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2022-42852 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2022-42863 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-42863 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-42867 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-42867 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-46691 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-46691 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-46692 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2022-46692 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2022-46698 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2022-46698 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2022-46699 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-46699 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-46700 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-23517 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-23518 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-23529 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 12 vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.38.5 (boo#1208328): * CVE-2023-23529: Fixed possible arbitrary code execution via maliciously crafted web content. Update to version 2.38.4 (boo#1207997): * CVE-2023-23517: Fixed web content processing that could have led to arbitrary code execution. * CVE-2023-23518: Fixed web content processing that could have led to arbitrary code execution. * CVE-2022-42826: Fixed a use-after-free issue that was caused by improper memory management. New CVE and bug references where added for already released updates: Update to version 2.38.3 (boo#1206750): * CVE-2022-42852: Fixed disclosure of process memory by improved memory handling. * CVE-2022-42867: Fixed a use after free issue was addressed with improved memory management. * CVE-2022-46692: Fixed bypass of Same Origin Policy through improved state management. * CVE-2022-46698: Fixed disclosure of sensitive user information with improved checks. * CVE-2022-46699: Fixed an arbitrary code execution caused by memory corruption. * CVE-2022-46700: Fixed a potential arbitrary code execution when processing maliciously crafted web content. Update to version 2.38.1: * CVE-2022-46691: Fixed a potential arbitrary code execution when processing maliciously crafted web content. Update to version 2.38.0: * CVE-2022-42863: Fixed a potential arbitrary code execution when processing maliciously crafted web content. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-489=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-489=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-489=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-489=1 ## Package List: * openSUSE Leap 15.4 (noarch) * WebKit2GTK-5.0-lang-2.38.5-150400.4.34.2 * WebKit2GTK-4.0-lang-2.38.5-150400.4.34.2 * WebKit2GTK-4.1-lang-2.38.5-150400.4.34.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * typelib-1_0-JavaScriptCore-5_0-2.38.5-150400.4.34.2 * typelib-1_0-WebKit2-4_0-2.38.5-150400.4.34.2 * typelib-1_0-JavaScriptCore-4_0-2.38.5-150400.4.34.2 * typelib-1_0-JavaScriptCore-4_1-2.38.5-150400.4.34.2 * webkit2gtk-5_0-injected-bundles-2.38.5-150400.4.34.2 * webkit2gtk-4_1-injected-bundles-debuginfo-2.38.5-150400.4.34.2 * libjavascriptcoregtk-4_1-0-2.38.5-150400.4.34.2 * webkit2gtk4-debugsource-2.38.5-150400.4.34.2 * webkit2gtk3-debugsource-2.38.5-150400.4.34.2 * webkit2gtk3-minibrowser-debuginfo-2.38.5-150400.4.34.2 * webkit2gtk3-soup2-minibrowser-2.38.5-150400.4.34.2 * libjavascriptcoregtk-5_0-0-2.38.5-150400.4.34.2 * typelib-1_0-WebKit2WebExtension-5_0-2.38.5-150400.4.34.2 * webkit2gtk3-minibrowser-2.38.5-150400.4.34.2 * typelib-1_0-WebKit2-5_0-2.38.5-150400.4.34.2 * libwebkit2gtk-5_0-0-2.38.5-150400.4.34.2 * webkit-jsc-4-debuginfo-2.38.5-150400.4.34.2 * webkit-jsc-4.1-2.38.5-150400.4.34.2 * libjavascriptcoregtk-5_0-0-debuginfo-2.38.5-150400.4.34.2 * libjavascriptcoregtk-4_1-0-debuginfo-2.38.5-150400.4.34.2 * webkit-jsc-5.0-debuginfo-2.38.5-150400.4.34.2 * webkit2gtk4-minibrowser-2.38.5-150400.4.34.2 * webkit2gtk3-devel-2.38.5-150400.4.34.2 * webkit2gtk3-soup2-debugsource-2.38.5-150400.4.34.2 * typelib-1_0-WebKit2WebExtension-4_0-2.38.5-150400.4.34.2 * typelib-1_0-WebKit2-4_1-2.38.5-150400.4.34.2 * libjavascriptcoregtk-4_0-18-2.38.5-150400.4.34.2 * webkit2gtk3-soup2-minibrowser-debuginfo-2.38.5-150400.4.34.2 * webkit2gtk4-minibrowser-debuginfo-2.38.5-150400.4.34.2 * webkit2gtk-4_0-injected-bundles-2.38.5-150400.4.34.2 * webkit-jsc-4.1-debuginfo-2.38.5-150400.4.34.2 * webkit-jsc-4-2.38.5-150400.4.34.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.5-150400.4.34.2 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.5-150400.4.34.2 * libwebkit2gtk-5_0-0-debuginfo-2.38.5-150400.4.34.2 * typelib-1_0-WebKit2WebExtension-4_1-2.38.5-150400.4.34.2 * libwebkit2gtk-4_0-37-2.38.5-150400.4.34.2 * webkit2gtk-5_0-injected-bundles-debuginfo-2.38.5-150400.4.34.2 * webkit2gtk4-devel-2.38.5-150400.4.34.2 * libwebkit2gtk-4_0-37-debuginfo-2.38.5-150400.4.34.2 * webkit2gtk-4_1-injected-bundles-2.38.5-150400.4.34.2 * libwebkit2gtk-4_1-0-debuginfo-2.38.5-150400.4.34.2 * libwebkit2gtk-4_1-0-2.38.5-150400.4.34.2 * webkit-jsc-5.0-2.38.5-150400.4.34.2 * webkit2gtk3-soup2-devel-2.38.5-150400.4.34.2 * openSUSE Leap 15.4 (x86_64) * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.38.5-150400.4.34.2 * libjavascriptcoregtk-4_0-18-32bit-2.38.5-150400.4.34.2 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.38.5-150400.4.34.2 * libwebkit2gtk-4_0-37-32bit-2.38.5-150400.4.34.2 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.38.5-150400.4.34.2 * libwebkit2gtk-4_1-0-32bit-2.38.5-150400.4.34.2 * libjavascriptcoregtk-4_1-0-32bit-2.38.5-150400.4.34.2 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.38.5-150400.4.34.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit2-4_0-2.38.5-150400.4.34.2 * webkit2gtk-4_0-injected-bundles-2.38.5-150400.4.34.2 * typelib-1_0-JavaScriptCore-4_0-2.38.5-150400.4.34.2 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.5-150400.4.34.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.5-150400.4.34.2 * webkit2gtk3-soup2-debugsource-2.38.5-150400.4.34.2 * libwebkit2gtk-4_0-37-2.38.5-150400.4.34.2 * typelib-1_0-WebKit2WebExtension-4_0-2.38.5-150400.4.34.2 * libwebkit2gtk-4_0-37-debuginfo-2.38.5-150400.4.34.2 * libjavascriptcoregtk-4_0-18-2.38.5-150400.4.34.2 * webkit2gtk3-soup2-devel-2.38.5-150400.4.34.2 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-devel-2.38.5-150400.4.34.2 * typelib-1_0-JavaScriptCore-4_1-2.38.5-150400.4.34.2 * webkit2gtk-4_1-injected-bundles-debuginfo-2.38.5-150400.4.34.2 * typelib-1_0-WebKit2WebExtension-4_1-2.38.5-150400.4.34.2 * libjavascriptcoregtk-4_1-0-2.38.5-150400.4.34.2 * libwebkit2gtk-4_1-0-2.38.5-150400.4.34.2 * webkit2gtk3-debugsource-2.38.5-150400.4.34.2 * typelib-1_0-WebKit2-4_1-2.38.5-150400.4.34.2 * webkit2gtk-4_1-injected-bundles-2.38.5-150400.4.34.2 * libwebkit2gtk-4_1-0-debuginfo-2.38.5-150400.4.34.2 * libjavascriptcoregtk-4_1-0-debuginfo-2.38.5-150400.4.34.2 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * typelib-1_0-JavaScriptCore-5_0-2.38.5-150400.4.34.2 * webkit2gtk-5_0-injected-bundles-2.38.5-150400.4.34.2 * libjavascriptcoregtk-5_0-0-2.38.5-150400.4.34.2 * libwebkit2gtk-5_0-0-debuginfo-2.38.5-150400.4.34.2 * typelib-1_0-WebKit2-5_0-2.38.5-150400.4.34.2 * webkit2gtk4-debugsource-2.38.5-150400.4.34.2 * webkit2gtk-5_0-injected-bundles-debuginfo-2.38.5-150400.4.34.2 * libwebkit2gtk-5_0-0-2.38.5-150400.4.34.2 * libjavascriptcoregtk-5_0-0-debuginfo-2.38.5-150400.4.34.2 ## References: * https://www.suse.com/security/cve/CVE-2022-42826.html * https://www.suse.com/security/cve/CVE-2022-42852.html * https://www.suse.com/security/cve/CVE-2022-42863.html * https://www.suse.com/security/cve/CVE-2022-42867.html * https://www.suse.com/security/cve/CVE-2022-46691.html * https://www.suse.com/security/cve/CVE-2022-46692.html * https://www.suse.com/security/cve/CVE-2022-46698.html * https://www.suse.com/security/cve/CVE-2022-46699.html * https://www.suse.com/security/cve/CVE-2022-46700.html * https://www.suse.com/security/cve/CVE-2023-23517.html * https://www.suse.com/security/cve/CVE-2023-23518.html * https://www.suse.com/security/cve/CVE-2023-23529.html * https://bugzilla.suse.com/show_bug.cgi?id=1206750 * https://bugzilla.suse.com/show_bug.cgi?id=1207997 * https://bugzilla.suse.com/show_bug.cgi?id=1208328 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Feb 23 20:30:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Feb 2023 20:30:27 -0000 Subject: SUSE-SU-2023:0486-1: important: Security update for c-ares Message-ID: <167718422786.17265.5921680027731132297@smelt2.suse.de> # Security update for c-ares Announcement ID: SUSE-SU-2023:0486-1 Rating: important References: * #1208067 Cross-References: * CVE-2022-4904 CVSS scores: * CVE-2022-4904 ( SUSE ): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for c-ares fixes the following issues: Updated to version 1.19.0: * CVE-2022-4904: Fixed missing string length check in config_sortlist() (bsc#1208067). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-486=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-486=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-486=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-486=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-486=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-486=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-486=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-486=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-486=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-486=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-486=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-486=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-486=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-486=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-486=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-486=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-486=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-486=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-486=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-486=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-486=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-486=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-486=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-486=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * c-ares-debugsource-1.19.0-150000.3.20.1 * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 * c-ares-debugsource-1.19.0-150000.3.20.1 * c-ares-utils-1.19.0-150000.3.20.1 * c-ares-devel-1.19.0-150000.3.20.1 * c-ares-utils-debuginfo-1.19.0-150000.3.20.1 * openSUSE Leap 15.4 (x86_64) * libcares2-32bit-1.19.0-150000.3.20.1 * libcares2-32bit-debuginfo-1.19.0-150000.3.20.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * c-ares-debugsource-1.19.0-150000.3.20.1 * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * c-ares-debugsource-1.19.0-150000.3.20.1 * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * c-ares-devel-1.19.0-150000.3.20.1 * c-ares-debugsource-1.19.0-150000.3.20.1 * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * c-ares-devel-1.19.0-150000.3.20.1 * c-ares-debugsource-1.19.0-150000.3.20.1 * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * c-ares-devel-1.19.0-150000.3.20.1 * c-ares-debugsource-1.19.0-150000.3.20.1 * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * c-ares-devel-1.19.0-150000.3.20.1 * c-ares-debugsource-1.19.0-150000.3.20.1 * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * c-ares-devel-1.19.0-150000.3.20.1 * c-ares-debugsource-1.19.0-150000.3.20.1 * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * c-ares-devel-1.19.0-150000.3.20.1 * c-ares-debugsource-1.19.0-150000.3.20.1 * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * c-ares-devel-1.19.0-150000.3.20.1 * c-ares-debugsource-1.19.0-150000.3.20.1 * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * c-ares-devel-1.19.0-150000.3.20.1 * c-ares-debugsource-1.19.0-150000.3.20.1 * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * c-ares-devel-1.19.0-150000.3.20.1 * c-ares-debugsource-1.19.0-150000.3.20.1 * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * c-ares-devel-1.19.0-150000.3.20.1 * c-ares-debugsource-1.19.0-150000.3.20.1 * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * c-ares-devel-1.19.0-150000.3.20.1 * c-ares-debugsource-1.19.0-150000.3.20.1 * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * c-ares-devel-1.19.0-150000.3.20.1 * c-ares-debugsource-1.19.0-150000.3.20.1 * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 * SUSE Manager Proxy 4.2 (x86_64) * c-ares-devel-1.19.0-150000.3.20.1 * c-ares-debugsource-1.19.0-150000.3.20.1 * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * c-ares-devel-1.19.0-150000.3.20.1 * c-ares-debugsource-1.19.0-150000.3.20.1 * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * c-ares-devel-1.19.0-150000.3.20.1 * c-ares-debugsource-1.19.0-150000.3.20.1 * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * c-ares-devel-1.19.0-150000.3.20.1 * c-ares-debugsource-1.19.0-150000.3.20.1 * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * c-ares-devel-1.19.0-150000.3.20.1 * c-ares-debugsource-1.19.0-150000.3.20.1 * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 * SUSE CaaS Platform 4.0 (x86_64) * c-ares-devel-1.19.0-150000.3.20.1 * c-ares-debugsource-1.19.0-150000.3.20.1 * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * c-ares-debugsource-1.19.0-150000.3.20.1 * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * c-ares-debugsource-1.19.0-150000.3.20.1 * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * c-ares-debugsource-1.19.0-150000.3.20.1 * libcares2-debuginfo-1.19.0-150000.3.20.1 * libcares2-1.19.0-150000.3.20.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4904.html * https://bugzilla.suse.com/show_bug.cgi?id=1208067 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Feb 23 20:31:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Feb 2023 20:31:02 -0000 Subject: SUSE-SU-2023:0485-1: important: Security update for the Linux Kernel Message-ID: <167718426233.17265.11872677681899909571@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:0485-1 Rating: important References: * #1175995 * #1186449 * #1198971 * #1202712 * #1202713 * #1203332 * #1203693 * #1204356 * #1204514 * #1204662 * #1205149 * #1205397 * #1205495 * #1206602 * #1206635 * #1206640 * #1206641 * #1206642 * #1206643 * #1206645 * #1206646 * #1206648 * #1206649 * #1206677 * #1206698 * #1206784 * #1206855 * #1206858 * #1206873 * #1206876 * #1206877 * #1206878 * #1206880 * #1206882 * #1206883 * #1206884 * #1206885 * #1206887 * #1206888 * #1206890 * #1207036 * #1207092 * #1207093 * #1207094 * #1207097 * #1207102 * #1207103 * #1207104 * #1207107 * #1207108 * #1207134 * #1207168 * #1207186 * #1207195 * #1207237 * #1207773 * #1207795 * #1207875 * #1208108 Cross-References: * CVE-2022-36280 * CVE-2022-47929 * CVE-2023-0045 * CVE-2023-0266 * CVE-2023-0590 * CVE-2023-23454 CVSS scores: * CVE-2022-36280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36280 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-47929 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2022-47929 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0045 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0266 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0266 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Real Time 12 SP5 * SUSE Linux Enterprise Server 12 SP5 An update that solves six vulnerabilities, contains two features and has 53 fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-36280: Fixed an out-of-bounds memory access in vmwgfx driver causing denial of service (bsc#1203332). * CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bsc#1207237). * CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). * CVE-2023-0266: Fixed use-after-free in SNDRV that could have resulted in a priviledge escalation (bsc#1207134). * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). The following non-security bugs were fixed: * Added support for enabling livepatching related packages on -RT (jsc#PED-1706). * Added suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149). * Reverted "scsi: smartpqi: set force_blk_mq=1.(bsc#1205397)". * amiflop: clean up on errors during setup (git-fixes). * audit: ensure userspace is penalized the same as the kernel when under pressure (bsc#1204514). * audit: improve robustness of the audit queue handling (bsc#1204514). * bcache: fix super block seq numbers comparision in register_cache_set() (git-fixes). * blk-cgroup: Fix memleak on error path (git-fixes). * blk-cgroup: Pre-allocate tree node on blkg_conf_prep (git-fixes). * blk-cgroup: fix missing put device in error path from blkg_conf_pref() (git- fixes). * blk-mq: fix possible memleak when register 'hctx' failed (git-fixes). * blk-mq: insert request not through ->queue_rq into sw/scheduler queue (git- fixes). * blk-mq: move cancel of requeue_work into blk_mq_release (git-fixes). * blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() (git-fixes). * blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). * blktrace: break out of blktrace setup on concurrent calls (git-fixes). * blktrace: ensure our debugfs dir exists (git-fixes). * blktrace: fix endianness for blk_log_remap() (git-fixes). * blktrace: fix endianness in get_pdu_int() (git-fixes). * blktrace: use errno instead of bi_status (git-fixes). * block, bfq: fix overwrite of bfq_group pointer in bfq_find_set_group() (bsc#1175995,jsc#SLE-15608). * block, bfq: fix overwrite of bfq_group pointer in bfq_find_set_group() (git- fixes). * block, bfq: increase idling for weight-raised queues (git-fixes). * block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (bsc#1207102). * block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes). * block/bio-integrity: do not free 'buf' if bio_integrity_add_page() failed (git-fixes). * block/bio-integrity: fix a memory leak bug (git-fixes). * block/swim: Check drive type (git-fixes). * block/swim: Do not log an error message for an invalid ioctl (git-fixes). * block/swim: Fix IO error at end of medium (git-fixes). * block/swim: Rename macros to avoid inconsistent inverted logic (git-fixes). * block/swim: Select appropriate drive on device open (git-fixes). * block: Fix use-after-free issue accessing struct io_cq (git-fixes). * block: add a lower-level bio_add_page interface (git-fixes). * block: fix memleak when __blk_rq_map_user_iov() is failed (git-fixes). * block: only update parent bi_status when bio fail (git-fixes). * block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR (git-fixes). * brd: check and limit max_part par (git-fixes). * ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1207195). * compat_ioctl: block: handle BLKGETZONESZ/BLKGETNRZONES (git-fixes). * constraints: increase disk space for all architectures (bsc#1203693) * cryptoloop: add a deprecation warning (git-fixes). * dm bio record: save/restore bi_end_io and bi_integrity (git-fixes). * dm btree: add a defensive bounds check to insert_at() (git-fixes). * dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). * dm cache: Fix UAF in destroy() (git-fixes). * dm cache: set needs_check flag after aborting metadata (git-fixes). * dm crypt: use u64 instead of sector_t to store iv_offset (git-fixes). * dm flakey: Properly corrupt multi-page bios (git-fixes). * dm ioctl: fix misbehavior if list_versions races with module loading (git- fixes). * dm ioctl: prevent potential spectre v1 gadget (git-fixes). * dm kcopyd: Fix bug causing workqueue stalls (git-fixes). * dm raid: avoid bitmap with raid4/5/6 journal device (git-fixes). * dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). * dm space maps: do not reset space map allocation cursor when committing (git-fixes). * dm table: Remove BUG_ON(in_interrupt()) (git-fixes). * dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). * dm thin: Fix UAF in run_timer_softirq() (git-fixes). * dm thin: Use last transaction's pmd->root when commit failed (git-fixes). * dm thin: add sanity checks to thin-pool and external snapshot creation (git- fixes). * dm thin: resume even if in FAIL mode (git-fixes). * dm verity: skip verity work if I/O error when system is shutting down (git- fixes). * dm verity: use message limit for data block corruption message (git-fixes). * dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone (git-fixes). * dm: Use kzalloc for all structs with embedded biosets/mempools (git-fixes). * drbd: Change drbd_request_detach_interruptible's return type to int (git- fixes). * drbd: destroy workqueue when drbd device was freed (git-fixes). * drbd: do not block when adjusting "disk-options" while IO is frozen (git- fixes). * drbd: dynamically allocate shash descriptor (git-fixes). * drbd: fix potential silent data corruption (git-fixes). * drbd: fix print_st_err()'s prototype to match the definition (git-fixes). * drbd: ignore "all zero" peer volume sizes in handshake (git-fixes). * drbd: reject attach of unsuitable uuids even if connected (git-fixes). * drbd: remove usage of list iterator variable after loop (git-fixes). * drbd: use after free in drbd_create_device() (git-fixes). * drivers/block/zram/zram_drv.c: fix bug storing backing_dev (git-fixes). * drivers:md:fix a potential use-after-free bug (git-fixes). * ext4: Detect already used quota file early (bsc#1206873). * ext4: Fixup pages without buffers (bsc#1205495). * ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). * ext4: add reserved GDT blocks check (bsc#1202712). * ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). * ext4: avoid resizing to a partial cluster size (bsc#1206880). * ext4: clear mmp sequence number when remounting read-only (bsc#1207093). * ext4: continue to expand file system when the target size does not reach (bsc#1206882). * ext4: correct max_inline_xattr_value_size computing (bsc#1206878). * ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). * ext4: do not BUG if someone dirty pages without asking ext4 first (bsc#1207097). * ext4: fix a data race at inode->i_disksize (bsc#1206855). * ext4: fix argument checking in EXT4_IOC_MOVE_EXT (bsc#1207092). * ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). * ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). * ext4: fix race when reusing xattr blocks (bsc#1198971). * ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). * ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). * ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). * ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). * ext4: make ext4_lazyinit_thread freezable (bsc#1206885). * ext4: prohibit fstrim in norecovery mode (bsc#1207094). * ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713). * ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971). * ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). * ext4: use matching invalidatepage in ext4_writepage (bsc#1206858). * floppy: Add max size check for user space request (git-fixes). * fs/seq_file.c: simplify seq_file iteration code and interface * ftrace: Enable trampoline when rec count returns back to one (git-fixes). * ftrace: Fix NULL pointer dereference in free_ftrace_func_mapper() (git- fixes). * ftrace: Fix updating FTRACE_FL_TRAMP (git-fixes). * ftrace: fpid_next() should increase position index (git-fixes). * hid: betop: check shape of output reports (git-fixes, bsc#1207186). * hid: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes, bsc#1207186). * hid: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784). * iforce: restore old iforce_dump_packet (git-fixes). * input: convert autorepeat timer to use timer_setup() (git-fixes). * input: do not use WARN() in input_alloc_absinfo() (git-fixes). * input: i8042 - Add quirk for Fujitsu Lifebook T725 (git-fixes). * input: iforce - reformat the packet dump output (git-fixes). * input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes). Heavily modified, as prerequisites for taking it as is would utterly ruin kABI * input: replace hard coded string with **func** in pr_err() (git-fixes). * input: switch to using sizeof(*type) when allocating memory (git-fixes). * input: use seq_putc() in input_seq_print_bitmap() (git-fixes). * input: use seq_puts() in input_devices_seq_show() (git-fixes). * ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). * isofs: reject hardware sector size > 2048 bytes (bsc#1207103). * jbd2: use the correct print format (git-fixes). * kernel/hung_task.c: break RCU locks based on jiffies * kernel/hung_task.c: force console verbose before panic * kernel/hung_task.c: show all hung tasks before panic * kernel: hung_task.c: disable on suspend * kprobes, x86/alternatives: Use text_mutex to protect smp_alt_modules (git- fixes). * kprobes, x86/ptrace.h: Make regs_get_kernel_stack_nth() not fault on bad stack (git-fixes). * loop: Add LOOP_SET_DIRECT_IO to compat ioctl (git-fixes). * loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). * m68k/mac: Do not remap SWIM MMIO region (git-fixes). * mbcache: add functions to delete entry if unused (bsc#1198971). * mbcache: do not reclaim used entries (bsc#1198971). * md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes). * md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). * md: fix a crash in mempool_free (git-fixes). * md: protect md_unregister_thread from reentrancy (git-fixes). * memcg, THP, swap: make mem_cgroup_swapout() support THP * memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc() failure (bsc#1208108). * mm/filemap.c: clear page error before actual read (bsc#1206635). * mm: memcg: add __GFP_NOWARN in __memcg_schedule_kmem_cache_create() * mm: memcg: make sure memory.events is uptodate when waking pollers * mm: memcontrol: fix NR_WRITEBACK leak in memcg and system stats * mm: memcontrol: per-lruvec stats infrastructure * mm: writeback: use exact memcg dirty counts * module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). * module: set MODULE_STATE_GOING state when a module fails to load (git- fixes). * nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag (git-fixes). * nbd: Fix NULL pointer in flush_workqueue (git-fixes). * nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). * nbd: add a flush_workqueue in nbd_start_device (git-fixes). * nbd: add missing config put (git-fixes). * nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). * nbd: do not requeue the same request twice (git-fixes). * nbd: fix a block_device refcount leak in nbd_release (git-fixes). * nbd: fix crash when the blksize is zero (git-fixes). * nbd: fix io hung while disconnecting device (git-fixes). * nbd: fix max number of supported devs (git-fixes). * nbd: fix possible sysfs duplicate warning (git-fixes). * nbd: fix race between nbd_alloc_config() and module removal (git-fixes). * nbd: fix shutdown and recv work deadlock v2 (git-fixes). * nbd: handle racing with error'ed out commands (git-fixes). * nbd: handle unexpected replies better (git-fixes). * nbd: make the config put is called before the notifying the waiter (git- fixes). * nbd: verify socket is supported during setup (git-fixes). * nbd:fix memory leak in nbd_get_socket() (git-fixes). * net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). * net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). * net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). * null_blk: Handle null_add_dev() failures properly (git-fixes). * null_blk: fix spurious IO errors after failed past-wp access (git-fixes). * parisc: Fix HP SDC hpa address output (git-fixes). * parisc: Fix serio address output (git-fixes). * pci/aspm: Correct LTR_L1.2_THRESHOLD computation (git-fixes). * pci/aspm: Declare threshold_ns as u32, not u64 (git-fixes). * pci/sysfs: Fix double free in error path (git-fixes). * pci: Check for alloc failure in pci_request_irq() (git-fixes). * pci: Fix pci_device_is_present() for VFs by checking PF (git-fixes). * pci: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). * pci: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). * ps3disk: use the default segment boundary (git-fixes). * quota: Check next/prev free block number after reading from quota file (bsc#1206640). * quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF} quotactls (bsc#1207104). * rsxx: add missed destroy_workqueue calls in remove (git-fixes). * sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git- fixes). * sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git- fixes). * sbitmap: fix lockup while swapping (bsc#1206602). * scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). * scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git- fixes). * scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes). * scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). * scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). * scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). * scsi: ipr: Fix WARNING in ipr_init() (git-fixes). * scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). * scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). * scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git- fixes). * scsi: smartpqi: use processor ID for hwqueue for non-mq case . * scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). * scsi: target: core: Add CONTROL field for trace events (git-fixes). * sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). * struct dwc3: move new members to the end (git-fixes). * sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN (git-fixes). * swim: fix cleanup on setup error (git-fixes). * tracing/cfi: Fix cmp_entries_* functions signature mismatch (git-fixes). * tracing: Adding NULL checks for trace_array descriptor pointer (git-fixes). * tracing: Avoid adding tracer option before update_tracer_options (git- fixes). * tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes). * tracing: Fix a kmemleak false positive in tracing_map (git-fixes). * tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes). * tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes). * tracing: Fix stack trace event size (git-fixes). * tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git- fixes). * tracing: Make sure trace_printk() can output as soon as it can be used (git- fixes). * tracing: Set kernel_stack's caller size properly (git-fixes). * tracing: Use address-of operator on section symbols (git-fixes). * tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes). * trigger_next should increase position index (git-fixes). * udf: Avoid accessing uninitialized data on failed inode read (bsc#1206642). * udf: Check LVID earlier (bsc#1207108). * udf: Fix BUG on corrupted inode (bsc#1207107). * udf: Fix NULL pointer dereference in udf_symlink function (bsc#1206646). * udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). * udf: Fix free space reporting for metadata and virtual partitions (bsc#1206641). * udf: Limit sparing table size (bsc#1206643). * udf: fix silent AED tagLocation corruption (bsc#1206645). * udf_get_extendedattr() had no boundary checks (bsc#1206648). * usb: dwc3: Disable phy suspend after power-on reset (git-fixes). * usb: dwc3: core: Call dwc3_core_get_phy() before initializing phys (git- fixes). * usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init during suspend/resume (git-fixes). * usb: dwc3: core: initialize ULPI before trying to get the PHY (git-fixes). * virtio-blk: Fix memory leak among suspend/resume procedure (git-fixes). * virtio_console: break out of buf poll on remove (git-fixes). * virtio_console: eliminate anonymous module_init & module_exit (git-fixes). * x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk (git-fixes). * x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models (git- fixes). * x86/asm: Add instruction suffixes to bitops (git-fixes). * x86/asm: Remove unnecessary \n\t in front of CC_SET() from asm templates (git-fixes). * x86/bugs: Move the l1tf function and define pr_fmt properly (git-fixes). * x86/earlyprintk: Add a force option for pciserial device (git-fixes). * x86/entry/64: Add instruction suffix (git-fixes). * x86/fpu: Add might_fault() to user_insn() (git-fixes). * x86/hpet: Prevent potential NULL pointer dereference (git-fixes). * x86/kexec: Do not setup EFI info if EFI runtime is not enabled (git-fixes). * x86/mce-inject: Reset injection struct after injection (git-fixes). * x86/mce/mce-inject: Preset the MCE injection struct (git-fixes). * x86/mm: Do not leak kernel addresses (git-fixes). * x86/speculation: Add support for STIBP always-on preferred mode (git-fixes). * x86/speculation: Change misspelled STIPB to STIBP (git-fixes). * x86: boot: Fix EFI stub alignment (git-fixes). * xen-netfront: Fix hang on device removal (bsc#1206698). * zram: fix double free backing device (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 12 SP5 zypper in -t patch SUSE-SLE-RT-12-SP5-2023-485=1 ## Package List: * SUSE Linux Enterprise Real Time 12 SP5 (x86_64) * ocfs2-kmp-rt-4.12.14-10.115.1 * kernel-rt-base-4.12.14-10.115.1 * kernel-rt-debugsource-4.12.14-10.115.1 * gfs2-kmp-rt-debuginfo-4.12.14-10.115.1 * kernel-syms-rt-4.12.14-10.115.1 * kernel-rt-devel-4.12.14-10.115.1 * kernel-rt_debug-devel-4.12.14-10.115.1 * kernel-rt-base-debuginfo-4.12.14-10.115.1 * kernel-rt-devel-debuginfo-4.12.14-10.115.1 * gfs2-kmp-rt-4.12.14-10.115.1 * kernel-rt_debug-debuginfo-4.12.14-10.115.1 * ocfs2-kmp-rt-debuginfo-4.12.14-10.115.1 * cluster-md-kmp-rt-debuginfo-4.12.14-10.115.1 * kernel-rt_debug-devel-debuginfo-4.12.14-10.115.1 * dlm-kmp-rt-debuginfo-4.12.14-10.115.1 * cluster-md-kmp-rt-4.12.14-10.115.1 * kernel-rt-debuginfo-4.12.14-10.115.1 * dlm-kmp-rt-4.12.14-10.115.1 * kernel-rt_debug-debugsource-4.12.14-10.115.1 * SUSE Linux Enterprise Real Time 12 SP5 (noarch) * kernel-source-rt-4.12.14-10.115.1 * kernel-devel-rt-4.12.14-10.115.1 * SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64) * kernel-rt-4.12.14-10.115.1 * kernel-rt_debug-4.12.14-10.115.1 ## References: * https://www.suse.com/security/cve/CVE-2022-36280.html * https://www.suse.com/security/cve/CVE-2022-47929.html * https://www.suse.com/security/cve/CVE-2023-0045.html * https://www.suse.com/security/cve/CVE-2023-0266.html * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://bugzilla.suse.com/show_bug.cgi?id=1175995 * https://bugzilla.suse.com/show_bug.cgi?id=1186449 * https://bugzilla.suse.com/show_bug.cgi?id=1198971 * https://bugzilla.suse.com/show_bug.cgi?id=1202712 * https://bugzilla.suse.com/show_bug.cgi?id=1202713 * https://bugzilla.suse.com/show_bug.cgi?id=1203332 * https://bugzilla.suse.com/show_bug.cgi?id=1203693 * https://bugzilla.suse.com/show_bug.cgi?id=1204356 * https://bugzilla.suse.com/show_bug.cgi?id=1204514 * https://bugzilla.suse.com/show_bug.cgi?id=1204662 * https://bugzilla.suse.com/show_bug.cgi?id=1205149 * https://bugzilla.suse.com/show_bug.cgi?id=1205397 * https://bugzilla.suse.com/show_bug.cgi?id=1205495 * https://bugzilla.suse.com/show_bug.cgi?id=1206602 * https://bugzilla.suse.com/show_bug.cgi?id=1206635 * https://bugzilla.suse.com/show_bug.cgi?id=1206640 * https://bugzilla.suse.com/show_bug.cgi?id=1206641 * https://bugzilla.suse.com/show_bug.cgi?id=1206642 * https://bugzilla.suse.com/show_bug.cgi?id=1206643 * https://bugzilla.suse.com/show_bug.cgi?id=1206645 * https://bugzilla.suse.com/show_bug.cgi?id=1206646 * https://bugzilla.suse.com/show_bug.cgi?id=1206648 * https://bugzilla.suse.com/show_bug.cgi?id=1206649 * https://bugzilla.suse.com/show_bug.cgi?id=1206677 * https://bugzilla.suse.com/show_bug.cgi?id=1206698 * https://bugzilla.suse.com/show_bug.cgi?id=1206784 * https://bugzilla.suse.com/show_bug.cgi?id=1206855 * https://bugzilla.suse.com/show_bug.cgi?id=1206858 * https://bugzilla.suse.com/show_bug.cgi?id=1206873 * https://bugzilla.suse.com/show_bug.cgi?id=1206876 * https://bugzilla.suse.com/show_bug.cgi?id=1206877 * https://bugzilla.suse.com/show_bug.cgi?id=1206878 * https://bugzilla.suse.com/show_bug.cgi?id=1206880 * https://bugzilla.suse.com/show_bug.cgi?id=1206882 * https://bugzilla.suse.com/show_bug.cgi?id=1206883 * https://bugzilla.suse.com/show_bug.cgi?id=1206884 * https://bugzilla.suse.com/show_bug.cgi?id=1206885 * https://bugzilla.suse.com/show_bug.cgi?id=1206887 * https://bugzilla.suse.com/show_bug.cgi?id=1206888 * https://bugzilla.suse.com/show_bug.cgi?id=1206890 * https://bugzilla.suse.com/show_bug.cgi?id=1207036 * https://bugzilla.suse.com/show_bug.cgi?id=1207092 * https://bugzilla.suse.com/show_bug.cgi?id=1207093 * https://bugzilla.suse.com/show_bug.cgi?id=1207094 * https://bugzilla.suse.com/show_bug.cgi?id=1207097 * https://bugzilla.suse.com/show_bug.cgi?id=1207102 * https://bugzilla.suse.com/show_bug.cgi?id=1207103 * https://bugzilla.suse.com/show_bug.cgi?id=1207104 * https://bugzilla.suse.com/show_bug.cgi?id=1207107 * https://bugzilla.suse.com/show_bug.cgi?id=1207108 * https://bugzilla.suse.com/show_bug.cgi?id=1207134 * https://bugzilla.suse.com/show_bug.cgi?id=1207168 * https://bugzilla.suse.com/show_bug.cgi?id=1207186 * https://bugzilla.suse.com/show_bug.cgi?id=1207195 * https://bugzilla.suse.com/show_bug.cgi?id=1207237 * https://bugzilla.suse.com/show_bug.cgi?id=1207773 * https://bugzilla.suse.com/show_bug.cgi?id=1207795 * https://bugzilla.suse.com/show_bug.cgi?id=1207875 * https://bugzilla.suse.com/show_bug.cgi?id=1208108 * https://jira.suse.com/browse/PED-1706 * https://jira.suse.com/browse/SLE-15608 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Feb 23 20:31:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Feb 2023 20:31:05 -0000 Subject: SUSE-SU-2023:0484-1: important: Security update for pesign Message-ID: <167718426513.17265.15095921554331846252@smelt2.suse.de> # Security update for pesign Announcement ID: SUSE-SU-2023:0484-1 Rating: important References: * #1202933 Cross-References: * CVE-2022-3560 CVSS scores: * CVE-2022-3560 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-3560 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for pesign fixes the following issues: * CVE-2022-3560: Fixed pesign-authorize ExecStartPost script allowing privilege escalation from pesign to root (bsc#1202933). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-484=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-484=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-484=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-484=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-484=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-484=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-484=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-484=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-484=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-484=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-484=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-484=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-484=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-484=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-484=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-484=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-484=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-484=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * pesign-debuginfo-0.112-150000.4.15.1 * pesign-0.112-150000.4.15.1 * pesign-debugsource-0.112-150000.4.15.1 * Basesystem Module 15-SP4 (aarch64 x86_64) * pesign-debuginfo-0.112-150000.4.15.1 * pesign-0.112-150000.4.15.1 * pesign-debugsource-0.112-150000.4.15.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * pesign-debuginfo-0.112-150000.4.15.1 * pesign-0.112-150000.4.15.1 * pesign-debugsource-0.112-150000.4.15.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * pesign-debuginfo-0.112-150000.4.15.1 * pesign-0.112-150000.4.15.1 * pesign-debugsource-0.112-150000.4.15.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * pesign-debuginfo-0.112-150000.4.15.1 * pesign-0.112-150000.4.15.1 * pesign-debugsource-0.112-150000.4.15.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * pesign-debuginfo-0.112-150000.4.15.1 * pesign-0.112-150000.4.15.1 * pesign-debugsource-0.112-150000.4.15.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * pesign-debuginfo-0.112-150000.4.15.1 * pesign-0.112-150000.4.15.1 * pesign-debugsource-0.112-150000.4.15.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * pesign-debuginfo-0.112-150000.4.15.1 * pesign-0.112-150000.4.15.1 * pesign-debugsource-0.112-150000.4.15.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * pesign-debuginfo-0.112-150000.4.15.1 * pesign-0.112-150000.4.15.1 * pesign-debugsource-0.112-150000.4.15.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * pesign-debuginfo-0.112-150000.4.15.1 * pesign-0.112-150000.4.15.1 * pesign-debugsource-0.112-150000.4.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * pesign-debuginfo-0.112-150000.4.15.1 * pesign-0.112-150000.4.15.1 * pesign-debugsource-0.112-150000.4.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * pesign-debuginfo-0.112-150000.4.15.1 * pesign-0.112-150000.4.15.1 * pesign-debugsource-0.112-150000.4.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * pesign-debuginfo-0.112-150000.4.15.1 * pesign-0.112-150000.4.15.1 * pesign-debugsource-0.112-150000.4.15.1 * SUSE Manager Proxy 4.2 (x86_64) * pesign-debuginfo-0.112-150000.4.15.1 * pesign-0.112-150000.4.15.1 * pesign-debugsource-0.112-150000.4.15.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * pesign-debuginfo-0.112-150000.4.15.1 * pesign-0.112-150000.4.15.1 * pesign-debugsource-0.112-150000.4.15.1 * SUSE Manager Server 4.2 (x86_64) * pesign-debuginfo-0.112-150000.4.15.1 * pesign-0.112-150000.4.15.1 * pesign-debugsource-0.112-150000.4.15.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * pesign-debuginfo-0.112-150000.4.15.1 * pesign-0.112-150000.4.15.1 * pesign-debugsource-0.112-150000.4.15.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * pesign-debuginfo-0.112-150000.4.15.1 * pesign-0.112-150000.4.15.1 * pesign-debugsource-0.112-150000.4.15.1 * SUSE CaaS Platform 4.0 (x86_64) * pesign-debuginfo-0.112-150000.4.15.1 * pesign-0.112-150000.4.15.1 * pesign-debugsource-0.112-150000.4.15.1 ## References: * https://www.suse.com/security/cve/CVE-2022-3560.html * https://bugzilla.suse.com/show_bug.cgi?id=1202933 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Feb 23 20:31:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Feb 2023 20:31:07 -0000 Subject: SUSE-RU-2023:0483-1: important: Recommended update for pesign-obs-integration Message-ID: <167718426707.17265.7933077883566736190@smelt2.suse.de> # Recommended update for pesign-obs-integration Announcement ID: SUSE-RU-2023:0483-1 Rating: important References: * #1195805 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for pesign-obs-integration fixes the following issues: * Fix a filename issue in the scripts of the generated ueficert package (bsc#1195805) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-483=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-483=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-483=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * pesign-obs-integration-10.0-11.3.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * pesign-obs-integration-10.0-11.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * pesign-obs-integration-10.0-11.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1195805 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Feb 23 20:31:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Feb 2023 20:31:09 -0000 Subject: SUSE-SU-2023:0482-1: important: Security update for openssl-1_1-livepatches Message-ID: <167718426960.17265.7367257568819666269@smelt2.suse.de> # Security update for openssl-1_1-livepatches Announcement ID: SUSE-SU-2023:0482-1 Rating: important References: * #1207533 Cross-References: * CVE-2023-0286 CVSS scores: * CVE-2023-0286 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2023-0286 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1-livepatches fixes the following issues: * CVE-2023-0286: Fixed X.400 address type confusion in X.509 GeneralName via livepatch (bsc#1207533). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-482=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-482=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * openssl-1_1-livepatches-0.1-150400.3.3.1 * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * openssl-1_1-livepatches-0.1-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0286.html * https://bugzilla.suse.com/show_bug.cgi?id=1207533 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Feb 24 12:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Feb 2023 12:30:01 -0000 Subject: SUSE-RU-2023:0508-1: moderate: Recommended update for resource-agents Message-ID: <167724180187.28890.11620901184512644111@smelt2.suse.de> # Recommended update for resource-agents Announcement ID: SUSE-RU-2023:0508-1 Rating: moderate References: * #1206100 Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Manager Proxy 4.1 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Server 4.1 An update that contains two features and has one recommended fix can now be installed. ## Description: This update for resource-agents fixes the following issues: * Remove ocf_heartbeat_ZFS (jsc#PED-2841) * Improve scanner logic (bsc#1206100) * EFS Support in Filesystem OCF (jsc#PED-2794) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-508=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * ldirectord-4.4.0+git57.70549516-150200.3.65.1 * resource-agents-debugsource-4.4.0+git57.70549516-150200.3.65.1 * resource-agents-debuginfo-4.4.0+git57.70549516-150200.3.65.1 * resource-agents-4.4.0+git57.70549516-150200.3.65.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (noarch) * monitoring-plugins-metadata-4.4.0+git57.70549516-150200.3.65.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206100 * https://jira.suse.com/browse/PED-2794 * https://jira.suse.com/browse/PED-2841 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Feb 24 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Feb 2023 12:30:03 -0000 Subject: SUSE-RU-2023:0507-1: moderate: Recommended update for numatop Message-ID: <167724180301.28890.11439053204577297927@smelt2.suse.de> # Recommended update for numatop Announcement ID: SUSE-RU-2023:0507-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 6 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for numatop implements the following features: * update to version 2.3 * Add support for SPR CPUs (jsc#PED-2015) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-507=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-507=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-507=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-507=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-507=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-507=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-507=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-507=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-507=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-507=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-507=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-507=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-507=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-507=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-507=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-507=1 * SUSE Enterprise Storage 6 zypper in -t patch SUSE-Storage-6-2023-507=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-507=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-507=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (ppc64le x86_64) * numatop-2.3-150100.3.6.1 * numatop-debugsource-2.3-150100.3.6.1 * numatop-debuginfo-2.3-150100.3.6.1 * Basesystem Module 15-SP4 (ppc64le x86_64) * numatop-2.3-150100.3.6.1 * numatop-debugsource-2.3-150100.3.6.1 * numatop-debuginfo-2.3-150100.3.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * numatop-2.3-150100.3.6.1 * numatop-debugsource-2.3-150100.3.6.1 * numatop-debuginfo-2.3-150100.3.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * numatop-2.3-150100.3.6.1 * numatop-debugsource-2.3-150100.3.6.1 * numatop-debuginfo-2.3-150100.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * numatop-2.3-150100.3.6.1 * numatop-debugsource-2.3-150100.3.6.1 * numatop-debuginfo-2.3-150100.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * numatop-2.3-150100.3.6.1 * numatop-debugsource-2.3-150100.3.6.1 * numatop-debuginfo-2.3-150100.3.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * numatop-2.3-150100.3.6.1 * numatop-debugsource-2.3-150100.3.6.1 * numatop-debuginfo-2.3-150100.3.6.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (ppc64le x86_64) * numatop-2.3-150100.3.6.1 * numatop-debugsource-2.3-150100.3.6.1 * numatop-debuginfo-2.3-150100.3.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (ppc64le x86_64) * numatop-2.3-150100.3.6.1 * numatop-debugsource-2.3-150100.3.6.1 * numatop-debuginfo-2.3-150100.3.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le x86_64) * numatop-2.3-150100.3.6.1 * numatop-debugsource-2.3-150100.3.6.1 * numatop-debuginfo-2.3-150100.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * numatop-2.3-150100.3.6.1 * numatop-debugsource-2.3-150100.3.6.1 * numatop-debuginfo-2.3-150100.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * numatop-2.3-150100.3.6.1 * numatop-debugsource-2.3-150100.3.6.1 * numatop-debuginfo-2.3-150100.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * numatop-2.3-150100.3.6.1 * numatop-debugsource-2.3-150100.3.6.1 * numatop-debuginfo-2.3-150100.3.6.1 * SUSE Manager Proxy 4.2 (x86_64) * numatop-2.3-150100.3.6.1 * numatop-debugsource-2.3-150100.3.6.1 * numatop-debuginfo-2.3-150100.3.6.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * numatop-2.3-150100.3.6.1 * numatop-debugsource-2.3-150100.3.6.1 * numatop-debuginfo-2.3-150100.3.6.1 * SUSE Manager Server 4.2 (ppc64le x86_64) * numatop-2.3-150100.3.6.1 * numatop-debugsource-2.3-150100.3.6.1 * numatop-debuginfo-2.3-150100.3.6.1 * SUSE Enterprise Storage 6 (x86_64) * numatop-2.3-150100.3.6.1 * numatop-debugsource-2.3-150100.3.6.1 * numatop-debuginfo-2.3-150100.3.6.1 * SUSE Enterprise Storage 7.1 (x86_64) * numatop-2.3-150100.3.6.1 * numatop-debugsource-2.3-150100.3.6.1 * numatop-debuginfo-2.3-150100.3.6.1 * SUSE Enterprise Storage 7 (x86_64) * numatop-2.3-150100.3.6.1 * numatop-debugsource-2.3-150100.3.6.1 * numatop-debuginfo-2.3-150100.3.6.1 * SUSE CaaS Platform 4.0 (x86_64) * numatop-2.3-150100.3.6.1 * numatop-debugsource-2.3-150100.3.6.1 * numatop-debuginfo-2.3-150100.3.6.1 ## References: * https://jira.suse.com/browse/PED-2015 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Feb 24 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Feb 2023 12:30:07 -0000 Subject: SUSE-RU-2023:0506-1: moderate: Recommended update for grub2 Message-ID: <167724180750.28890.16766443017579031165@smelt2.suse.de> # Recommended update for grub2 Announcement ID: SUSE-RU-2023:0506-1 Rating: moderate References: * #1176134 * #1202838 * #1205200 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that has three recommended fixes can now be installed. ## Description: This update for grub2 fixes the following issues: * Make grub.cfg invariant to efi and legacy platforms (bsc#1205200) * Make linuxefi default command as linux (bsc#1176134, bsc#1202838) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-506=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-506=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-506=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-506=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-506=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-506=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-506=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-506=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * grub2-debugsource-2.02-156.1 * grub2-2.02-156.1 * grub2-x86_64-efi-2.02-156.1 * grub2-debuginfo-2.02-156.1 * grub2-i386-pc-2.02-156.1 * SUSE OpenStack Cloud 9 (noarch) * grub2-snapper-plugin-2.02-156.1 * grub2-x86_64-xen-2.02-156.1 * grub2-systemd-sleep-plugin-2.02-156.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * grub2-debugsource-2.02-156.1 * grub2-2.02-156.1 * grub2-x86_64-efi-2.02-156.1 * grub2-debuginfo-2.02-156.1 * grub2-i386-pc-2.02-156.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * grub2-snapper-plugin-2.02-156.1 * grub2-x86_64-xen-2.02-156.1 * grub2-systemd-sleep-plugin-2.02-156.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * grub2-debuginfo-2.02-156.1 * grub2-2.02-156.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le) * grub2-powerpc-ieee1275-2.02-156.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * grub2-snapper-plugin-2.02-156.1 * grub2-x86_64-xen-2.02-156.1 * grub2-systemd-sleep-plugin-2.02-156.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * grub2-debugsource-2.02-156.1 * grub2-x86_64-efi-2.02-156.1 * grub2-i386-pc-2.02-156.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * grub2-debugsource-2.02-156.1 * grub2-debuginfo-2.02-156.1 * grub2-2.02-156.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64) * grub2-arm64-efi-2.02-156.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * grub2-snapper-plugin-2.02-156.1 * grub2-x86_64-xen-2.02-156.1 * grub2-systemd-sleep-plugin-2.02-156.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * grub2-x86_64-efi-2.02-156.1 * grub2-i386-pc-2.02-156.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * grub2-debuginfo-2.02-156.1 * grub2-2.02-156.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64) * grub2-arm64-efi-2.02-156.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 s390x x86_64) * grub2-debugsource-2.02-156.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * grub2-snapper-plugin-2.02-156.1 * grub2-x86_64-xen-2.02-156.1 * grub2-systemd-sleep-plugin-2.02-156.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (ppc64le) * grub2-powerpc-ieee1275-2.02-156.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x) * grub2-s390x-emu-2.02-156.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (x86_64) * grub2-x86_64-efi-2.02-156.1 * grub2-i386-pc-2.02-156.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * grub2-debugsource-2.02-156.1 * grub2-debuginfo-2.02-156.1 * grub2-2.02-156.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64) * grub2-arm64-efi-2.02-156.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * grub2-snapper-plugin-2.02-156.1 * grub2-x86_64-xen-2.02-156.1 * grub2-systemd-sleep-plugin-2.02-156.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * grub2-x86_64-efi-2.02-156.1 * grub2-i386-pc-2.02-156.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * grub2-debuginfo-2.02-156.1 * grub2-2.02-156.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64) * grub2-arm64-efi-2.02-156.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 s390x x86_64) * grub2-debugsource-2.02-156.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * grub2-snapper-plugin-2.02-156.1 * grub2-x86_64-xen-2.02-156.1 * grub2-systemd-sleep-plugin-2.02-156.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le) * grub2-powerpc-ieee1275-2.02-156.1 * SUSE Linux Enterprise Server 12 SP5 (s390x) * grub2-s390x-emu-2.02-156.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * grub2-x86_64-efi-2.02-156.1 * grub2-i386-pc-2.02-156.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * grub2-debuginfo-2.02-156.1 * grub2-2.02-156.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le) * grub2-powerpc-ieee1275-2.02-156.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * grub2-snapper-plugin-2.02-156.1 * grub2-x86_64-xen-2.02-156.1 * grub2-systemd-sleep-plugin-2.02-156.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * grub2-debugsource-2.02-156.1 * grub2-x86_64-efi-2.02-156.1 * grub2-i386-pc-2.02-156.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1176134 * https://bugzilla.suse.com/show_bug.cgi?id=1202838 * https://bugzilla.suse.com/show_bug.cgi?id=1205200 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Feb 24 12:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Feb 2023 12:30:10 -0000 Subject: SUSE-RU-2023:0505-1: moderate: Recommended update for grub2 Message-ID: <167724181018.28890.6428576900864993411@smelt2.suse.de> # Recommended update for grub2 Announcement ID: SUSE-RU-2023:0505-1 Rating: moderate References: * #1205554 Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update for grub2 fixes the following issue: * Remove zfs modules (bsc#1205554) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-505=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-505=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-505=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-505=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * grub2-debuginfo-2.04-150200.9.71.1 * grub2-debugsource-2.04-150200.9.71.1 * grub2-2.04-150200.9.71.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * grub2-x86_64-efi-2.04-150200.9.71.1 * grub2-i386-pc-2.04-150200.9.71.1 * grub2-x86_64-xen-2.04-150200.9.71.1 * grub2-snapper-plugin-2.04-150200.9.71.1 * grub2-systemd-sleep-plugin-2.04-150200.9.71.1 * grub2-arm64-efi-2.04-150200.9.71.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * grub2-debuginfo-2.04-150200.9.71.1 * grub2-2.04-150200.9.71.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * grub2-i386-pc-2.04-150200.9.71.1 * grub2-x86_64-efi-2.04-150200.9.71.1 * grub2-arm64-efi-2.04-150200.9.71.1 * grub2-x86_64-xen-2.04-150200.9.71.1 * grub2-snapper-plugin-2.04-150200.9.71.1 * grub2-systemd-sleep-plugin-2.04-150200.9.71.1 * grub2-powerpc-ieee1275-2.04-150200.9.71.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 s390x x86_64) * grub2-debugsource-2.04-150200.9.71.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (s390x) * grub2-s390x-emu-2.04-150200.9.71.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * grub2-debuginfo-2.04-150200.9.71.1 * grub2-2.04-150200.9.71.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * grub2-i386-pc-2.04-150200.9.71.1 * grub2-x86_64-efi-2.04-150200.9.71.1 * grub2-arm64-efi-2.04-150200.9.71.1 * grub2-x86_64-xen-2.04-150200.9.71.1 * grub2-snapper-plugin-2.04-150200.9.71.1 * grub2-systemd-sleep-plugin-2.04-150200.9.71.1 * grub2-powerpc-ieee1275-2.04-150200.9.71.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * grub2-debugsource-2.04-150200.9.71.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * grub2-debuginfo-2.04-150200.9.71.1 * grub2-debugsource-2.04-150200.9.71.1 * grub2-2.04-150200.9.71.1 * SUSE Enterprise Storage 7 (noarch) * grub2-x86_64-efi-2.04-150200.9.71.1 * grub2-i386-pc-2.04-150200.9.71.1 * grub2-x86_64-xen-2.04-150200.9.71.1 * grub2-snapper-plugin-2.04-150200.9.71.1 * grub2-systemd-sleep-plugin-2.04-150200.9.71.1 * grub2-arm64-efi-2.04-150200.9.71.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1205554 * https://jira.suse.com/browse/PED-2951 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Feb 24 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Feb 2023 12:30:12 -0000 Subject: SUSE-RU-2023:0504-1: moderate: Recommended update for grub2 Message-ID: <167724181241.28890.16623376876575555384@smelt2.suse.de> # Recommended update for grub2 Announcement ID: SUSE-RU-2023:0504-1 Rating: moderate References: * #1205554 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update for grub2 fixes the following issue: * Remove zfs modules (bsc#1205554) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-504=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-504=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-504=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * grub2-2.02-150100.123.20.1 * grub2-debuginfo-2.02-150100.123.20.1 * grub2-debugsource-2.02-150100.123.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * grub2-x86_64-efi-2.02-150100.123.20.1 * grub2-i386-pc-2.02-150100.123.20.1 * grub2-systemd-sleep-plugin-2.02-150100.123.20.1 * grub2-arm64-efi-2.02-150100.123.20.1 * grub2-x86_64-xen-2.02-150100.123.20.1 * grub2-snapper-plugin-2.02-150100.123.20.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * grub2-2.02-150100.123.20.1 * grub2-debuginfo-2.02-150100.123.20.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * grub2-x86_64-efi-2.02-150100.123.20.1 * grub2-i386-pc-2.02-150100.123.20.1 * grub2-systemd-sleep-plugin-2.02-150100.123.20.1 * grub2-arm64-efi-2.02-150100.123.20.1 * grub2-powerpc-ieee1275-2.02-150100.123.20.1 * grub2-x86_64-xen-2.02-150100.123.20.1 * grub2-snapper-plugin-2.02-150100.123.20.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 s390x x86_64) * grub2-debugsource-2.02-150100.123.20.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x) * grub2-s390x-emu-2.02-150100.123.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * grub2-2.02-150100.123.20.1 * grub2-debuginfo-2.02-150100.123.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * grub2-x86_64-efi-2.02-150100.123.20.1 * grub2-i386-pc-2.02-150100.123.20.1 * grub2-systemd-sleep-plugin-2.02-150100.123.20.1 * grub2-powerpc-ieee1275-2.02-150100.123.20.1 * grub2-x86_64-xen-2.02-150100.123.20.1 * grub2-snapper-plugin-2.02-150100.123.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * grub2-debugsource-2.02-150100.123.20.1 * SUSE CaaS Platform 4.0 (x86_64) * grub2-2.02-150100.123.20.1 * grub2-debuginfo-2.02-150100.123.20.1 * grub2-debugsource-2.02-150100.123.20.1 * SUSE CaaS Platform 4.0 (noarch) * grub2-x86_64-efi-2.02-150100.123.20.1 * grub2-i386-pc-2.02-150100.123.20.1 * grub2-systemd-sleep-plugin-2.02-150100.123.20.1 * grub2-x86_64-xen-2.02-150100.123.20.1 * grub2-snapper-plugin-2.02-150100.123.20.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1205554 * https://jira.suse.com/browse/PED-2951 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Feb 24 12:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Feb 2023 12:30:13 -0000 Subject: SUSE-RU-2023:0503-1: moderate: Recommended update for resource-agents Message-ID: <167724181371.28890.11532749605159542533@smelt2.suse.de> # Recommended update for resource-agents Announcement ID: SUSE-RU-2023:0503-1 Rating: moderate References: * #1206100 Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that contains two features and has one recommended fix can now be installed. ## Description: This update for resource-agents fixes the following issues: * Remove ocf_heartbeat_ZFS (jsc#PED-2841) * Improve scanner logic (bsc#1206100) * EFS Support in Filesystem OCF (jsc#PED-2794) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-503=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * ldirectord-4.8.0+git30.d0077df0-150300.8.37.1 * resource-agents-debugsource-4.8.0+git30.d0077df0-150300.8.37.1 * resource-agents-4.8.0+git30.d0077df0-150300.8.37.1 * resource-agents-debuginfo-4.8.0+git30.d0077df0-150300.8.37.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (noarch) * monitoring-plugins-metadata-4.8.0+git30.d0077df0-150300.8.37.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206100 * https://jira.suse.com/browse/PED-2794 * https://jira.suse.com/browse/PED-2841 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Feb 24 12:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Feb 2023 12:30:15 -0000 Subject: SUSE-RU-2023:0502-1: moderate: Recommended update for resource-agents Message-ID: <167724181501.28890.8408646335325794915@smelt2.suse.de> # Recommended update for resource-agents Announcement ID: SUSE-RU-2023:0502-1 Rating: moderate References: * #1206100 Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP4 * SUSE Linux Enterprise High Availability Extension 12 SP5 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that contains two features and has one recommended fix can now be installed. ## Description: This update for resource-agents fixes the following issues: * Remove ocf_heartbeat_ZFS (jsc#PED-2841) * Improve scanner logic (bsc#1206100) * EFS Support in Filesystem OCF (jsc#PED-2794) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-HA-12-SP4-2023-502=1 * SUSE Linux Enterprise High Availability Extension 12 SP4 zypper in -t patch SUSE-SLE-HA-12-SP4-2023-502=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-502=1 * SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-502=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * resource-agents-debugsource-4.3.018.a7fb5035-3.104.1 * resource-agents-4.3.018.a7fb5035-3.104.1 * resource-agents-debuginfo-4.3.018.a7fb5035-3.104.1 * ldirectord-4.3.018.a7fb5035-3.104.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * monitoring-plugins-metadata-4.3.018.a7fb5035-3.104.1 * SUSE Linux Enterprise High Availability Extension 12 SP4 (ppc64le s390x x86_64) * resource-agents-debugsource-4.3.018.a7fb5035-3.104.1 * resource-agents-4.3.018.a7fb5035-3.104.1 * resource-agents-debuginfo-4.3.018.a7fb5035-3.104.1 * ldirectord-4.3.018.a7fb5035-3.104.1 * SUSE Linux Enterprise High Availability Extension 12 SP4 (noarch) * monitoring-plugins-metadata-4.3.018.a7fb5035-3.104.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * resource-agents-debugsource-4.3.018.a7fb5035-3.104.1 * resource-agents-4.3.018.a7fb5035-3.104.1 * resource-agents-debuginfo-4.3.018.a7fb5035-3.104.1 * ldirectord-4.3.018.a7fb5035-3.104.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * monitoring-plugins-metadata-4.3.018.a7fb5035-3.104.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64) * resource-agents-debugsource-4.3.018.a7fb5035-3.104.1 * resource-agents-4.3.018.a7fb5035-3.104.1 * resource-agents-debuginfo-4.3.018.a7fb5035-3.104.1 * ldirectord-4.3.018.a7fb5035-3.104.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (noarch) * monitoring-plugins-metadata-4.3.018.a7fb5035-3.104.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206100 * https://jira.suse.com/browse/PED-2794 * https://jira.suse.com/browse/PED-2841 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Feb 24 12:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Feb 2023 12:30:15 -0000 Subject: SUSE-RU-2023:0501-1: moderate: Recommended update for python-shaptools Message-ID: <167724181589.28890.3519352553507447436@smelt2.suse.de> # Recommended update for python-shaptools Announcement ID: SUSE-RU-2023:0501-1 Rating: moderate References: Affected Products: * SAP Applications Module 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that can now be installed. ## Description: This update for python-shaptools and salt-shaptools fixes the following issues: * python-shaptools Version 0.3.13: Add HANA add_hosts feature Forces Instance nr always with 2 positions filled with 0 Forces right formatting on HANA OS admin user. * salt-shaptools Version 0.3.17: Add HANA add_hosts feature Workaround to detect aws cloud_provider Do not raise exception on empty HANA query results Add module query to HANA Fix typo to fix uninstalled state Add cluster init support for OCFS2 device qdevice support: it can be created when initializing a cluster ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SAP Applications Module 15-SP1 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2023-501=1 ## Package List: * SAP Applications Module 15-SP1 (noarch) * python3-shaptools-0.3.13+git.1673855974.f208fad-150000.1.15.1 * salt-shaptools-0.3.17+git.1651504665.6e49c5b-150000.1.12.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Feb 24 12:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Feb 2023 12:30:17 -0000 Subject: SUSE-RU-2023:0500-1: moderate: Recommended update for resource-agents Message-ID: <167724181723.28890.1153879900054660360@smelt2.suse.de> # Recommended update for resource-agents Announcement ID: SUSE-RU-2023:0500-1 Rating: moderate References: * #1206100 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains two features and has one recommended fix can now be installed. ## Description: This update for resource-agents fixes the following issues: * Remove ocf_heartbeat_ZFS (jsc#PED-2841) * Improve scanner logic (bsc#1206100) * EFS Support in Filesystem OCF (jsc#PED-2794) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-500=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-500=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * resource-agents-debuginfo-4.10.0+git40.0f4de473-150400.3.16.1 * resource-agents-4.10.0+git40.0f4de473-150400.3.16.1 * resource-agents-debugsource-4.10.0+git40.0f4de473-150400.3.16.1 * ldirectord-4.10.0+git40.0f4de473-150400.3.16.1 * openSUSE Leap 15.4 (noarch) * monitoring-plugins-metadata-4.10.0+git40.0f4de473-150400.3.16.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * resource-agents-debuginfo-4.10.0+git40.0f4de473-150400.3.16.1 * resource-agents-4.10.0+git40.0f4de473-150400.3.16.1 * resource-agents-debugsource-4.10.0+git40.0f4de473-150400.3.16.1 * ldirectord-4.10.0+git40.0f4de473-150400.3.16.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (noarch) * monitoring-plugins-metadata-4.10.0+git40.0f4de473-150400.3.16.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206100 * https://jira.suse.com/browse/PED-2794 * https://jira.suse.com/browse/PED-2841 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Feb 24 12:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Feb 2023 12:30:18 -0000 Subject: SUSE-RU-2023:0499-1: moderate: Recommended update for python-shaptools Message-ID: <167724181848.28890.8365409164993677219@smelt2.suse.de> # Recommended update for python-shaptools Announcement ID: SUSE-RU-2023:0499-1 Rating: moderate References: Affected Products: * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that can now be installed. ## Description: This update for python-shaptools and salt-shaptools fixes the following issues: * python-shaptools Version 0.3.13: Add HANA add_hosts feature Forces Instance nr always with 2 positions filled with 0 Forces right formatting on HANA OS admin user. * salt-shaptools Version 0.3.17: Add HANA add_hosts feature Workaround to detect aws cloud_provider Do not raise exception on empty HANA query results Add module query to HANA Fix typo to fix uninstalled state Add cluster init support for OCFS2 device qdevice support: it can be created when initializing a cluster ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-499=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SAP-12-SP5-2023-499=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * salt-shaptools-0.3.17+git.1651504665.6e49c5b-4.13.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * python-shaptools-0.3.13+git.1673855974.f208fad-9.3.1 * salt-shaptools-0.3.17+git.1651504665.6e49c5b-4.13.1 * python3-shaptools-0.3.13+git.1673855974.f208fad-9.3.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Feb 24 12:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Feb 2023 12:30:21 -0000 Subject: SUSE-RU-2023:0498-1: moderate: Recommended update for cluster-glue Message-ID: <167724182101.28890.3991217907578388390@smelt2.suse.de> # Recommended update for cluster-glue Announcement ID: SUSE-RU-2023:0498-1 Rating: moderate References: * #1203635 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for cluster-glue fixes the following issues: * Fix ibmhmc stonith to be aware of HMC version (bsc#1203635) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-498=1 * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-498=1 * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-498=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-498=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-498=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libglue-devel-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * cluster-glue-debugsource-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * cluster-glue-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * libglue2-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * libglue-devel-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * libglue2-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * cluster-glue-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * openSUSE Leap 15.4 (x86_64) * libglue-devel-32bit-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * libglue2-32bit-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * libglue-devel-32bit-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * libglue2-32bit-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * libglue-devel-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * cluster-glue-debugsource-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * cluster-glue-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * libglue2-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * libglue-devel-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * libglue2-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * cluster-glue-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * libglue-devel-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * cluster-glue-debugsource-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * cluster-glue-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * libglue2-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * libglue-devel-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * libglue2-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * cluster-glue-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * libglue-devel-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * cluster-glue-debugsource-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * cluster-glue-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * libglue2-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * libglue-devel-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * libglue2-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * cluster-glue-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * libglue-devel-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * cluster-glue-debugsource-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * cluster-glue-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * libglue2-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * libglue-devel-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * libglue2-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 * cluster-glue-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1203635 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Feb 24 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Feb 2023 16:30:03 -0000 Subject: SUSE-SU-2023:0518-1: moderate: Security update for rubygem-activerecord-4_2 Message-ID: <167725620329.31466.109989279503699257@smelt2.suse.de> # Security update for rubygem-activerecord-4_2 Announcement ID: SUSE-SU-2023:0518-1 Rating: moderate References: * #1207450 Cross-References: * CVE-2022-44566 CVSS scores: * CVE-2022-44566 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-44566 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE OpenStack Cloud Crowbar 8 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for rubygem-activerecord-4_2 fixes the following issues: * CVE-2022-44566: Fixed a potential denial of service due to an inefficient comparison between integer and numeric values (bsc#1207450). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-518=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-518=1 ## Package List: * SUSE OpenStack Cloud Crowbar 8 (x86_64) * ruby2.1-rubygem-activerecord-4_2-4.2.9-6.9.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * ruby2.1-rubygem-activerecord-4_2-4.2.9-6.9.1 ## References: * https://www.suse.com/security/cve/CVE-2022-44566.html * https://bugzilla.suse.com/show_bug.cgi?id=1207450 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Feb 24 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Feb 2023 16:30:04 -0000 Subject: SUSE-RU-2023:0517-1: moderate: Recommended update for openhpi Message-ID: <167725620438.31466.10064440250338407723@smelt2.suse.de> # Recommended update for openhpi Announcement ID: SUSE-RU-2023:0517-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update of openhpi fixes the following issues: * rebuild against the new net-snmp (jsc#SLE-11203). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-517=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-517=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * openhpi-daemon-3.8.0-150400.10.2.1 * openhpi-clients-3.8.0-150400.10.2.1 * libopenhpi4-debuginfo-3.8.0-150400.10.2.1 * openhpi-3.8.0-150400.10.2.1 * openhpi-debugsource-3.8.0-150400.10.2.1 * openhpi-devel-3.8.0-150400.10.2.1 * libopenhpi4-3.8.0-150400.10.2.1 * openhpi-clients-debuginfo-3.8.0-150400.10.2.1 * openhpi-debuginfo-3.8.0-150400.10.2.1 * openhpi-daemon-debuginfo-3.8.0-150400.10.2.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openhpi-daemon-3.8.0-150400.10.2.1 * openhpi-clients-3.8.0-150400.10.2.1 * libopenhpi4-debuginfo-3.8.0-150400.10.2.1 * openhpi-3.8.0-150400.10.2.1 * openhpi-debugsource-3.8.0-150400.10.2.1 * openhpi-devel-3.8.0-150400.10.2.1 * libopenhpi4-3.8.0-150400.10.2.1 * openhpi-clients-debuginfo-3.8.0-150400.10.2.1 * openhpi-debuginfo-3.8.0-150400.10.2.1 * openhpi-daemon-debuginfo-3.8.0-150400.10.2.1 ## References: * https://jira.suse.com/browse/SLE-11203 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Feb 24 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Feb 2023 16:30:07 -0000 Subject: SUSE-SU-2023:0516-2: moderate: Security update for python-pip Message-ID: <167725620795.31466.10241796279992185360@smelt2.suse.de> # Security update for python-pip Announcement ID: SUSE-SU-2023:0516-2 Rating: moderate References: * #1176262 * #1195831 Cross-References: * CVE-2019-20916 CVSS scores: * CVE-2019-20916 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2019-20916 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 6 * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability, contains one feature and has one fix can now be installed. ## Description: This update for python-pip fixes the following issues: * Add wheel subpackage with the generated wheel for this package (bsc#1176262, CVE-2019-20916). * Make wheel a separate build run to avoid the setuptools/wheel build cycle. * Switch this package to use update-alternatives for all files in %{_bindir} so it doesn't collide with the versions on "the latest" versions of Python interpreter (jsc#SLE-18038, bsc#1195831). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-516=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-516=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-516=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-516=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-516=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-516=1 * SUSE Enterprise Storage 6 zypper in -t patch SUSE-Storage-6-2023-516=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-516=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * python2-pip-20.0.2-150100.6.18.1 * python3-pip-20.0.2-150100.6.18.1 * python3-pip-wheel-20.0.2-150100.6.18.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * python2-pip-20.0.2-150100.6.18.1 * python3-pip-20.0.2-150100.6.18.1 * python3-pip-wheel-20.0.2-150100.6.18.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * python2-pip-20.0.2-150100.6.18.1 * python3-pip-20.0.2-150100.6.18.1 * python3-pip-wheel-20.0.2-150100.6.18.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * python2-pip-20.0.2-150100.6.18.1 * python3-pip-20.0.2-150100.6.18.1 * python3-pip-wheel-20.0.2-150100.6.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * python2-pip-20.0.2-150100.6.18.1 * python3-pip-20.0.2-150100.6.18.1 * python3-pip-wheel-20.0.2-150100.6.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * python2-pip-20.0.2-150100.6.18.1 * python3-pip-20.0.2-150100.6.18.1 * python3-pip-wheel-20.0.2-150100.6.18.1 * SUSE Enterprise Storage 6 (noarch) * python2-pip-20.0.2-150100.6.18.1 * python3-pip-20.0.2-150100.6.18.1 * python3-pip-wheel-20.0.2-150100.6.18.1 * SUSE Enterprise Storage 7 (noarch) * python2-pip-20.0.2-150100.6.18.1 * python3-pip-20.0.2-150100.6.18.1 * python3-pip-wheel-20.0.2-150100.6.18.1 * SUSE CaaS Platform 4.0 (noarch) * python2-pip-20.0.2-150100.6.18.1 * python3-pip-20.0.2-150100.6.18.1 * python3-pip-wheel-20.0.2-150100.6.18.1 ## References: * https://www.suse.com/security/cve/CVE-2019-20916.html * https://bugzilla.suse.com/show_bug.cgi?id=1176262 * https://bugzilla.suse.com/show_bug.cgi?id=1195831 * https://jira.suse.com/browse/SLE-18038 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Feb 24 16:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Feb 2023 16:30:10 -0000 Subject: SUSE-SU-2023:0515-1: important: Security update for php74 Message-ID: <167725621055.31466.6666463079874106816@smelt2.suse.de> # Security update for php74 Announcement ID: SUSE-SU-2023:0515-1 Rating: important References: * #1208366 * #1208367 * #1208388 Cross-References: * CVE-2023-0567 * CVE-2023-0568 * CVE-2023-0662 CVSS scores: * CVE-2023-0567 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0568 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-0568 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-0662 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0662 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * Web and Scripting Module 12 An update that solves three vulnerabilities can now be installed. ## Description: This update for php74 fixes the following issues: * CVE-2023-0568: Fixed NULL byte off-by-one in php_check_specific_open_basedir (bnc#1208366). * CVE-2023-0662: Fixed DoS vulnerability when parsing multipart request body (bnc#1208367). * CVE-2023-0567: Fixed vulnerability where BCrypt hashes erroneously validate if the salt is cut short by `$` (bsc#1208388). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-515=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-515=1 ## Package List: * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * php74-mysql-7.4.33-1.53.1 * php74-fastcgi-debuginfo-7.4.33-1.53.1 * php74-bz2-7.4.33-1.53.1 * php74-readline-7.4.33-1.53.1 * php74-tokenizer-7.4.33-1.53.1 * php74-opcache-7.4.33-1.53.1 * php74-7.4.33-1.53.1 * php74-snmp-7.4.33-1.53.1 * php74-mysql-debuginfo-7.4.33-1.53.1 * php74-intl-debuginfo-7.4.33-1.53.1 * php74-xmlwriter-7.4.33-1.53.1 * php74-gettext-debuginfo-7.4.33-1.53.1 * php74-zlib-7.4.33-1.53.1 * php74-bcmath-7.4.33-1.53.1 * php74-openssl-7.4.33-1.53.1 * php74-sqlite-debuginfo-7.4.33-1.53.1 * php74-sqlite-7.4.33-1.53.1 * php74-enchant-debuginfo-7.4.33-1.53.1 * php74-intl-7.4.33-1.53.1 * php74-sodium-7.4.33-1.53.1 * php74-pdo-debuginfo-7.4.33-1.53.1 * php74-odbc-debuginfo-7.4.33-1.53.1 * php74-pgsql-7.4.33-1.53.1 * php74-debugsource-7.4.33-1.53.1 * php74-xmlwriter-debuginfo-7.4.33-1.53.1 * php74-gmp-debuginfo-7.4.33-1.53.1 * php74-odbc-7.4.33-1.53.1 * php74-exif-debuginfo-7.4.33-1.53.1 * php74-ftp-debuginfo-7.4.33-1.53.1 * php74-zlib-debuginfo-7.4.33-1.53.1 * php74-json-debuginfo-7.4.33-1.53.1 * php74-opcache-debuginfo-7.4.33-1.53.1 * php74-debuginfo-7.4.33-1.53.1 * php74-calendar-debuginfo-7.4.33-1.53.1 * php74-enchant-7.4.33-1.53.1 * php74-pdo-7.4.33-1.53.1 * php74-zip-7.4.33-1.53.1 * php74-gettext-7.4.33-1.53.1 * php74-xsl-7.4.33-1.53.1 * php74-soap-debuginfo-7.4.33-1.53.1 * php74-ctype-debuginfo-7.4.33-1.53.1 * php74-xmlreader-7.4.33-1.53.1 * php74-curl-7.4.33-1.53.1 * php74-gd-7.4.33-1.53.1 * php74-iconv-7.4.33-1.53.1 * php74-xmlreader-debuginfo-7.4.33-1.53.1 * php74-xmlrpc-debuginfo-7.4.33-1.53.1 * php74-zip-debuginfo-7.4.33-1.53.1 * apache2-mod_php74-7.4.33-1.53.1 * php74-fpm-debuginfo-7.4.33-1.53.1 * php74-tidy-debuginfo-7.4.33-1.53.1 * php74-pgsql-debuginfo-7.4.33-1.53.1 * php74-pcntl-debuginfo-7.4.33-1.53.1 * php74-dom-debuginfo-7.4.33-1.53.1 * php74-shmop-debuginfo-7.4.33-1.53.1 * php74-curl-debuginfo-7.4.33-1.53.1 * php74-ctype-7.4.33-1.53.1 * apache2-mod_php74-debuginfo-7.4.33-1.53.1 * php74-tidy-7.4.33-1.53.1 * php74-xsl-debuginfo-7.4.33-1.53.1 * php74-soap-7.4.33-1.53.1 * php74-json-7.4.33-1.53.1 * php74-bz2-debuginfo-7.4.33-1.53.1 * php74-ftp-7.4.33-1.53.1 * php74-phar-7.4.33-1.53.1 * php74-calendar-7.4.33-1.53.1 * php74-phar-debuginfo-7.4.33-1.53.1 * php74-pcntl-7.4.33-1.53.1 * php74-sockets-debuginfo-7.4.33-1.53.1 * php74-gd-debuginfo-7.4.33-1.53.1 * php74-gmp-7.4.33-1.53.1 * php74-posix-7.4.33-1.53.1 * php74-fileinfo-debuginfo-7.4.33-1.53.1 * php74-sodium-debuginfo-7.4.33-1.53.1 * php74-sysvsem-debuginfo-7.4.33-1.53.1 * php74-readline-debuginfo-7.4.33-1.53.1 * php74-sysvshm-debuginfo-7.4.33-1.53.1 * php74-dba-7.4.33-1.53.1 * php74-sysvshm-7.4.33-1.53.1 * php74-sysvmsg-7.4.33-1.53.1 * php74-dom-7.4.33-1.53.1 * php74-ldap-debuginfo-7.4.33-1.53.1 * php74-bcmath-debuginfo-7.4.33-1.53.1 * php74-fpm-7.4.33-1.53.1 * php74-iconv-debuginfo-7.4.33-1.53.1 * php74-fastcgi-7.4.33-1.53.1 * php74-mbstring-7.4.33-1.53.1 * php74-snmp-debuginfo-7.4.33-1.53.1 * php74-fileinfo-7.4.33-1.53.1 * php74-openssl-debuginfo-7.4.33-1.53.1 * php74-exif-7.4.33-1.53.1 * php74-shmop-7.4.33-1.53.1 * php74-posix-debuginfo-7.4.33-1.53.1 * php74-ldap-7.4.33-1.53.1 * php74-mbstring-debuginfo-7.4.33-1.53.1 * php74-sysvsem-7.4.33-1.53.1 * php74-dba-debuginfo-7.4.33-1.53.1 * php74-sysvmsg-debuginfo-7.4.33-1.53.1 * php74-xmlrpc-7.4.33-1.53.1 * php74-sockets-7.4.33-1.53.1 * php74-tokenizer-debuginfo-7.4.33-1.53.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * php74-devel-7.4.33-1.53.1 * php74-debugsource-7.4.33-1.53.1 * php74-debuginfo-7.4.33-1.53.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0567.html * https://www.suse.com/security/cve/CVE-2023-0568.html * https://www.suse.com/security/cve/CVE-2023-0662.html * https://bugzilla.suse.com/show_bug.cgi?id=1208366 * https://bugzilla.suse.com/show_bug.cgi?id=1208367 * https://bugzilla.suse.com/show_bug.cgi?id=1208388 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Feb 24 16:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Feb 2023 16:30:15 -0000 Subject: SUSE-SU-2023:0514-1: important: Security update for php7 Message-ID: <167725621538.31466.10904579789632861619@smelt2.suse.de> # Security update for php7 Announcement ID: SUSE-SU-2023:0514-1 Rating: important References: * #1208366 * #1208367 * #1208388 Cross-References: * CVE-2023-0567 * CVE-2023-0568 * CVE-2023-0662 CVSS scores: * CVE-2023-0567 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0568 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-0568 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-0662 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0662 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves three vulnerabilities can now be installed. ## Description: This update for php7 fixes the following issues: * CVE-2023-0568: Fixed NULL byte off-by-one in php_check_specific_open_basedir (bnc#1208366). * CVE-2023-0662: Fixed DoS vulnerability when parsing multipart request body (bnc#1208367). * CVE-2023-0567: Fixed vulnerability where BCrypt hashes erroneously validate if the salt is cut short by `$` (bsc#1208388). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-514=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-514=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-514=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-514=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * php7-wddx-debuginfo-7.2.34-150000.4.109.1 * php7-wddx-7.2.34-150000.4.109.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * php7-zlib-7.2.34-150000.4.109.1 * php7-snmp-debuginfo-7.2.34-150000.4.109.1 * php7-dba-7.2.34-150000.4.109.1 * php7-intl-debuginfo-7.2.34-150000.4.109.1 * php7-phar-7.2.34-150000.4.109.1 * php7-pcntl-7.2.34-150000.4.109.1 * php7-fpm-debuginfo-7.2.34-150000.4.109.1 * php7-gd-7.2.34-150000.4.109.1 * php7-sysvshm-debuginfo-7.2.34-150000.4.109.1 * php7-sockets-debuginfo-7.2.34-150000.4.109.1 * php7-wddx-debuginfo-7.2.34-150000.4.109.1 * php7-iconv-7.2.34-150000.4.109.1 * php7-soap-7.2.34-150000.4.109.1 * php7-tidy-7.2.34-150000.4.109.1 * php7-ctype-debuginfo-7.2.34-150000.4.109.1 * php7-openssl-debuginfo-7.2.34-150000.4.109.1 * php7-xmlrpc-7.2.34-150000.4.109.1 * php7-json-7.2.34-150000.4.109.1 * php7-json-debuginfo-7.2.34-150000.4.109.1 * php7-calendar-debuginfo-7.2.34-150000.4.109.1 * php7-ldap-7.2.34-150000.4.109.1 * php7-gettext-7.2.34-150000.4.109.1 * php7-tokenizer-7.2.34-150000.4.109.1 * php7-mysql-debuginfo-7.2.34-150000.4.109.1 * php7-zlib-debuginfo-7.2.34-150000.4.109.1 * php7-sysvsem-7.2.34-150000.4.109.1 * php7-debugsource-7.2.34-150000.4.109.1 * php7-shmop-7.2.34-150000.4.109.1 * php7-gmp-7.2.34-150000.4.109.1 * php7-posix-7.2.34-150000.4.109.1 * php7-ldap-debuginfo-7.2.34-150000.4.109.1 * php7-sysvmsg-7.2.34-150000.4.109.1 * php7-pcntl-debuginfo-7.2.34-150000.4.109.1 * php7-sqlite-7.2.34-150000.4.109.1 * apache2-mod_php7-debuginfo-7.2.34-150000.4.109.1 * php7-xmlwriter-7.2.34-150000.4.109.1 * php7-readline-7.2.34-150000.4.109.1 * php7-pdo-7.2.34-150000.4.109.1 * php7-exif-debuginfo-7.2.34-150000.4.109.1 * php7-curl-7.2.34-150000.4.109.1 * php7-dom-7.2.34-150000.4.109.1 * php7-posix-debuginfo-7.2.34-150000.4.109.1 * php7-intl-7.2.34-150000.4.109.1 * php7-dom-debuginfo-7.2.34-150000.4.109.1 * php7-mbstring-debuginfo-7.2.34-150000.4.109.1 * php7-openssl-7.2.34-150000.4.109.1 * php7-xmlwriter-debuginfo-7.2.34-150000.4.109.1 * php7-sockets-7.2.34-150000.4.109.1 * php7-xmlreader-debuginfo-7.2.34-150000.4.109.1 * php7-ftp-7.2.34-150000.4.109.1 * php7-curl-debuginfo-7.2.34-150000.4.109.1 * php7-phar-debuginfo-7.2.34-150000.4.109.1 * php7-zip-debuginfo-7.2.34-150000.4.109.1 * php7-gmp-debuginfo-7.2.34-150000.4.109.1 * php7-ftp-debuginfo-7.2.34-150000.4.109.1 * php7-xmlreader-7.2.34-150000.4.109.1 * php7-gd-debuginfo-7.2.34-150000.4.109.1 * php7-enchant-debuginfo-7.2.34-150000.4.109.1 * php7-tokenizer-debuginfo-7.2.34-150000.4.109.1 * php7-enchant-7.2.34-150000.4.109.1 * php7-fastcgi-7.2.34-150000.4.109.1 * php7-mysql-7.2.34-150000.4.109.1 * php7-pgsql-debuginfo-7.2.34-150000.4.109.1 * php7-opcache-7.2.34-150000.4.109.1 * php7-readline-debuginfo-7.2.34-150000.4.109.1 * php7-pgsql-7.2.34-150000.4.109.1 * php7-xsl-debuginfo-7.2.34-150000.4.109.1 * php7-bz2-debuginfo-7.2.34-150000.4.109.1 * php7-tidy-debuginfo-7.2.34-150000.4.109.1 * apache2-mod_php7-7.2.34-150000.4.109.1 * php7-calendar-7.2.34-150000.4.109.1 * php7-zip-7.2.34-150000.4.109.1 * php7-pdo-debuginfo-7.2.34-150000.4.109.1 * php7-wddx-7.2.34-150000.4.109.1 * php7-exif-7.2.34-150000.4.109.1 * php7-sodium-7.2.34-150000.4.109.1 * php7-odbc-debuginfo-7.2.34-150000.4.109.1 * php7-fastcgi-debuginfo-7.2.34-150000.4.109.1 * php7-odbc-7.2.34-150000.4.109.1 * php7-7.2.34-150000.4.109.1 * php7-opcache-debuginfo-7.2.34-150000.4.109.1 * php7-fileinfo-7.2.34-150000.4.109.1 * php7-sqlite-debuginfo-7.2.34-150000.4.109.1 * php7-ctype-7.2.34-150000.4.109.1 * php7-xmlrpc-debuginfo-7.2.34-150000.4.109.1 * php7-snmp-7.2.34-150000.4.109.1 * php7-xsl-7.2.34-150000.4.109.1 * php7-sysvsem-debuginfo-7.2.34-150000.4.109.1 * php7-fileinfo-debuginfo-7.2.34-150000.4.109.1 * php7-mbstring-7.2.34-150000.4.109.1 * php7-sysvshm-7.2.34-150000.4.109.1 * php7-gettext-debuginfo-7.2.34-150000.4.109.1 * php7-devel-7.2.34-150000.4.109.1 * php7-bcmath-debuginfo-7.2.34-150000.4.109.1 * php7-sodium-debuginfo-7.2.34-150000.4.109.1 * php7-bcmath-7.2.34-150000.4.109.1 * php7-dba-debuginfo-7.2.34-150000.4.109.1 * php7-bz2-7.2.34-150000.4.109.1 * php7-fpm-7.2.34-150000.4.109.1 * php7-sysvmsg-debuginfo-7.2.34-150000.4.109.1 * php7-soap-debuginfo-7.2.34-150000.4.109.1 * php7-iconv-debuginfo-7.2.34-150000.4.109.1 * php7-shmop-debuginfo-7.2.34-150000.4.109.1 * php7-debuginfo-7.2.34-150000.4.109.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * php7-pear-7.2.34-150000.4.109.1 * php7-pear-Archive_Tar-7.2.34-150000.4.109.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * php7-zlib-7.2.34-150000.4.109.1 * php7-snmp-debuginfo-7.2.34-150000.4.109.1 * php7-dba-7.2.34-150000.4.109.1 * php7-intl-debuginfo-7.2.34-150000.4.109.1 * php7-phar-7.2.34-150000.4.109.1 * php7-pcntl-7.2.34-150000.4.109.1 * php7-fpm-debuginfo-7.2.34-150000.4.109.1 * php7-gd-7.2.34-150000.4.109.1 * php7-sysvshm-debuginfo-7.2.34-150000.4.109.1 * php7-sockets-debuginfo-7.2.34-150000.4.109.1 * php7-wddx-debuginfo-7.2.34-150000.4.109.1 * php7-iconv-7.2.34-150000.4.109.1 * php7-soap-7.2.34-150000.4.109.1 * php7-tidy-7.2.34-150000.4.109.1 * php7-ctype-debuginfo-7.2.34-150000.4.109.1 * php7-openssl-debuginfo-7.2.34-150000.4.109.1 * php7-xmlrpc-7.2.34-150000.4.109.1 * php7-json-7.2.34-150000.4.109.1 * php7-json-debuginfo-7.2.34-150000.4.109.1 * php7-calendar-debuginfo-7.2.34-150000.4.109.1 * php7-ldap-7.2.34-150000.4.109.1 * php7-gettext-7.2.34-150000.4.109.1 * php7-tokenizer-7.2.34-150000.4.109.1 * php7-mysql-debuginfo-7.2.34-150000.4.109.1 * php7-zlib-debuginfo-7.2.34-150000.4.109.1 * php7-sysvsem-7.2.34-150000.4.109.1 * php7-debugsource-7.2.34-150000.4.109.1 * php7-shmop-7.2.34-150000.4.109.1 * php7-gmp-7.2.34-150000.4.109.1 * php7-posix-7.2.34-150000.4.109.1 * php7-ldap-debuginfo-7.2.34-150000.4.109.1 * php7-sysvmsg-7.2.34-150000.4.109.1 * php7-pcntl-debuginfo-7.2.34-150000.4.109.1 * php7-sqlite-7.2.34-150000.4.109.1 * apache2-mod_php7-debuginfo-7.2.34-150000.4.109.1 * php7-xmlwriter-7.2.34-150000.4.109.1 * php7-readline-7.2.34-150000.4.109.1 * php7-pdo-7.2.34-150000.4.109.1 * php7-exif-debuginfo-7.2.34-150000.4.109.1 * php7-curl-7.2.34-150000.4.109.1 * php7-dom-7.2.34-150000.4.109.1 * php7-posix-debuginfo-7.2.34-150000.4.109.1 * php7-intl-7.2.34-150000.4.109.1 * php7-dom-debuginfo-7.2.34-150000.4.109.1 * php7-mbstring-debuginfo-7.2.34-150000.4.109.1 * php7-openssl-7.2.34-150000.4.109.1 * php7-xmlwriter-debuginfo-7.2.34-150000.4.109.1 * php7-sockets-7.2.34-150000.4.109.1 * php7-xmlreader-debuginfo-7.2.34-150000.4.109.1 * php7-ftp-7.2.34-150000.4.109.1 * php7-curl-debuginfo-7.2.34-150000.4.109.1 * php7-phar-debuginfo-7.2.34-150000.4.109.1 * php7-zip-debuginfo-7.2.34-150000.4.109.1 * php7-gmp-debuginfo-7.2.34-150000.4.109.1 * php7-ftp-debuginfo-7.2.34-150000.4.109.1 * php7-xmlreader-7.2.34-150000.4.109.1 * php7-gd-debuginfo-7.2.34-150000.4.109.1 * php7-enchant-debuginfo-7.2.34-150000.4.109.1 * php7-tokenizer-debuginfo-7.2.34-150000.4.109.1 * php7-enchant-7.2.34-150000.4.109.1 * php7-fastcgi-7.2.34-150000.4.109.1 * php7-mysql-7.2.34-150000.4.109.1 * php7-pgsql-debuginfo-7.2.34-150000.4.109.1 * php7-opcache-7.2.34-150000.4.109.1 * php7-readline-debuginfo-7.2.34-150000.4.109.1 * php7-pgsql-7.2.34-150000.4.109.1 * php7-xsl-debuginfo-7.2.34-150000.4.109.1 * php7-bz2-debuginfo-7.2.34-150000.4.109.1 * php7-tidy-debuginfo-7.2.34-150000.4.109.1 * apache2-mod_php7-7.2.34-150000.4.109.1 * php7-calendar-7.2.34-150000.4.109.1 * php7-zip-7.2.34-150000.4.109.1 * php7-pdo-debuginfo-7.2.34-150000.4.109.1 * php7-wddx-7.2.34-150000.4.109.1 * php7-exif-7.2.34-150000.4.109.1 * php7-sodium-7.2.34-150000.4.109.1 * php7-odbc-debuginfo-7.2.34-150000.4.109.1 * php7-fastcgi-debuginfo-7.2.34-150000.4.109.1 * php7-odbc-7.2.34-150000.4.109.1 * php7-7.2.34-150000.4.109.1 * php7-opcache-debuginfo-7.2.34-150000.4.109.1 * php7-fileinfo-7.2.34-150000.4.109.1 * php7-sqlite-debuginfo-7.2.34-150000.4.109.1 * php7-ctype-7.2.34-150000.4.109.1 * php7-xmlrpc-debuginfo-7.2.34-150000.4.109.1 * php7-snmp-7.2.34-150000.4.109.1 * php7-xsl-7.2.34-150000.4.109.1 * php7-sysvsem-debuginfo-7.2.34-150000.4.109.1 * php7-fileinfo-debuginfo-7.2.34-150000.4.109.1 * php7-mbstring-7.2.34-150000.4.109.1 * php7-sysvshm-7.2.34-150000.4.109.1 * php7-gettext-debuginfo-7.2.34-150000.4.109.1 * php7-devel-7.2.34-150000.4.109.1 * php7-bcmath-debuginfo-7.2.34-150000.4.109.1 * php7-sodium-debuginfo-7.2.34-150000.4.109.1 * php7-bcmath-7.2.34-150000.4.109.1 * php7-dba-debuginfo-7.2.34-150000.4.109.1 * php7-bz2-7.2.34-150000.4.109.1 * php7-fpm-7.2.34-150000.4.109.1 * php7-sysvmsg-debuginfo-7.2.34-150000.4.109.1 * php7-soap-debuginfo-7.2.34-150000.4.109.1 * php7-iconv-debuginfo-7.2.34-150000.4.109.1 * php7-shmop-debuginfo-7.2.34-150000.4.109.1 * php7-debuginfo-7.2.34-150000.4.109.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * php7-pear-7.2.34-150000.4.109.1 * php7-pear-Archive_Tar-7.2.34-150000.4.109.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * php7-zlib-7.2.34-150000.4.109.1 * php7-snmp-debuginfo-7.2.34-150000.4.109.1 * php7-dba-7.2.34-150000.4.109.1 * php7-intl-debuginfo-7.2.34-150000.4.109.1 * php7-phar-7.2.34-150000.4.109.1 * php7-pcntl-7.2.34-150000.4.109.1 * php7-fpm-debuginfo-7.2.34-150000.4.109.1 * php7-gd-7.2.34-150000.4.109.1 * php7-sysvshm-debuginfo-7.2.34-150000.4.109.1 * php7-sockets-debuginfo-7.2.34-150000.4.109.1 * php7-wddx-debuginfo-7.2.34-150000.4.109.1 * php7-iconv-7.2.34-150000.4.109.1 * php7-soap-7.2.34-150000.4.109.1 * php7-tidy-7.2.34-150000.4.109.1 * php7-ctype-debuginfo-7.2.34-150000.4.109.1 * php7-openssl-debuginfo-7.2.34-150000.4.109.1 * php7-xmlrpc-7.2.34-150000.4.109.1 * php7-json-7.2.34-150000.4.109.1 * php7-json-debuginfo-7.2.34-150000.4.109.1 * php7-calendar-debuginfo-7.2.34-150000.4.109.1 * php7-ldap-7.2.34-150000.4.109.1 * php7-gettext-7.2.34-150000.4.109.1 * php7-tokenizer-7.2.34-150000.4.109.1 * php7-mysql-debuginfo-7.2.34-150000.4.109.1 * php7-zlib-debuginfo-7.2.34-150000.4.109.1 * php7-sysvsem-7.2.34-150000.4.109.1 * php7-debugsource-7.2.34-150000.4.109.1 * php7-shmop-7.2.34-150000.4.109.1 * php7-gmp-7.2.34-150000.4.109.1 * php7-posix-7.2.34-150000.4.109.1 * php7-ldap-debuginfo-7.2.34-150000.4.109.1 * php7-sysvmsg-7.2.34-150000.4.109.1 * php7-pcntl-debuginfo-7.2.34-150000.4.109.1 * php7-sqlite-7.2.34-150000.4.109.1 * apache2-mod_php7-debuginfo-7.2.34-150000.4.109.1 * php7-xmlwriter-7.2.34-150000.4.109.1 * php7-readline-7.2.34-150000.4.109.1 * php7-pdo-7.2.34-150000.4.109.1 * php7-exif-debuginfo-7.2.34-150000.4.109.1 * php7-curl-7.2.34-150000.4.109.1 * php7-dom-7.2.34-150000.4.109.1 * php7-posix-debuginfo-7.2.34-150000.4.109.1 * php7-intl-7.2.34-150000.4.109.1 * php7-dom-debuginfo-7.2.34-150000.4.109.1 * php7-mbstring-debuginfo-7.2.34-150000.4.109.1 * php7-openssl-7.2.34-150000.4.109.1 * php7-xmlwriter-debuginfo-7.2.34-150000.4.109.1 * php7-sockets-7.2.34-150000.4.109.1 * php7-xmlreader-debuginfo-7.2.34-150000.4.109.1 * php7-ftp-7.2.34-150000.4.109.1 * php7-curl-debuginfo-7.2.34-150000.4.109.1 * php7-phar-debuginfo-7.2.34-150000.4.109.1 * php7-zip-debuginfo-7.2.34-150000.4.109.1 * php7-gmp-debuginfo-7.2.34-150000.4.109.1 * php7-ftp-debuginfo-7.2.34-150000.4.109.1 * php7-xmlreader-7.2.34-150000.4.109.1 * php7-gd-debuginfo-7.2.34-150000.4.109.1 * php7-enchant-debuginfo-7.2.34-150000.4.109.1 * php7-tokenizer-debuginfo-7.2.34-150000.4.109.1 * php7-enchant-7.2.34-150000.4.109.1 * php7-fastcgi-7.2.34-150000.4.109.1 * php7-mysql-7.2.34-150000.4.109.1 * php7-pgsql-debuginfo-7.2.34-150000.4.109.1 * php7-opcache-7.2.34-150000.4.109.1 * php7-readline-debuginfo-7.2.34-150000.4.109.1 * php7-pgsql-7.2.34-150000.4.109.1 * php7-xsl-debuginfo-7.2.34-150000.4.109.1 * php7-bz2-debuginfo-7.2.34-150000.4.109.1 * php7-tidy-debuginfo-7.2.34-150000.4.109.1 * apache2-mod_php7-7.2.34-150000.4.109.1 * php7-calendar-7.2.34-150000.4.109.1 * php7-zip-7.2.34-150000.4.109.1 * php7-pdo-debuginfo-7.2.34-150000.4.109.1 * php7-wddx-7.2.34-150000.4.109.1 * php7-exif-7.2.34-150000.4.109.1 * php7-sodium-7.2.34-150000.4.109.1 * php7-odbc-debuginfo-7.2.34-150000.4.109.1 * php7-fastcgi-debuginfo-7.2.34-150000.4.109.1 * php7-odbc-7.2.34-150000.4.109.1 * php7-7.2.34-150000.4.109.1 * php7-opcache-debuginfo-7.2.34-150000.4.109.1 * php7-fileinfo-7.2.34-150000.4.109.1 * php7-sqlite-debuginfo-7.2.34-150000.4.109.1 * php7-ctype-7.2.34-150000.4.109.1 * php7-xmlrpc-debuginfo-7.2.34-150000.4.109.1 * php7-snmp-7.2.34-150000.4.109.1 * php7-xsl-7.2.34-150000.4.109.1 * php7-sysvsem-debuginfo-7.2.34-150000.4.109.1 * php7-fileinfo-debuginfo-7.2.34-150000.4.109.1 * php7-mbstring-7.2.34-150000.4.109.1 * php7-sysvshm-7.2.34-150000.4.109.1 * php7-gettext-debuginfo-7.2.34-150000.4.109.1 * php7-devel-7.2.34-150000.4.109.1 * php7-bcmath-debuginfo-7.2.34-150000.4.109.1 * php7-sodium-debuginfo-7.2.34-150000.4.109.1 * php7-bcmath-7.2.34-150000.4.109.1 * php7-dba-debuginfo-7.2.34-150000.4.109.1 * php7-bz2-7.2.34-150000.4.109.1 * php7-fpm-7.2.34-150000.4.109.1 * php7-sysvmsg-debuginfo-7.2.34-150000.4.109.1 * php7-soap-debuginfo-7.2.34-150000.4.109.1 * php7-iconv-debuginfo-7.2.34-150000.4.109.1 * php7-shmop-debuginfo-7.2.34-150000.4.109.1 * php7-debuginfo-7.2.34-150000.4.109.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * php7-pear-7.2.34-150000.4.109.1 * php7-pear-Archive_Tar-7.2.34-150000.4.109.1 * SUSE CaaS Platform 4.0 (x86_64) * php7-zlib-7.2.34-150000.4.109.1 * php7-snmp-debuginfo-7.2.34-150000.4.109.1 * php7-dba-7.2.34-150000.4.109.1 * php7-intl-debuginfo-7.2.34-150000.4.109.1 * php7-phar-7.2.34-150000.4.109.1 * php7-pcntl-7.2.34-150000.4.109.1 * php7-fpm-debuginfo-7.2.34-150000.4.109.1 * php7-gd-7.2.34-150000.4.109.1 * php7-sysvshm-debuginfo-7.2.34-150000.4.109.1 * php7-sockets-debuginfo-7.2.34-150000.4.109.1 * php7-wddx-debuginfo-7.2.34-150000.4.109.1 * php7-iconv-7.2.34-150000.4.109.1 * php7-soap-7.2.34-150000.4.109.1 * php7-tidy-7.2.34-150000.4.109.1 * php7-ctype-debuginfo-7.2.34-150000.4.109.1 * php7-openssl-debuginfo-7.2.34-150000.4.109.1 * php7-xmlrpc-7.2.34-150000.4.109.1 * php7-json-7.2.34-150000.4.109.1 * php7-json-debuginfo-7.2.34-150000.4.109.1 * php7-calendar-debuginfo-7.2.34-150000.4.109.1 * php7-ldap-7.2.34-150000.4.109.1 * php7-gettext-7.2.34-150000.4.109.1 * php7-tokenizer-7.2.34-150000.4.109.1 * php7-mysql-debuginfo-7.2.34-150000.4.109.1 * php7-zlib-debuginfo-7.2.34-150000.4.109.1 * php7-sysvsem-7.2.34-150000.4.109.1 * php7-debugsource-7.2.34-150000.4.109.1 * php7-shmop-7.2.34-150000.4.109.1 * php7-gmp-7.2.34-150000.4.109.1 * php7-posix-7.2.34-150000.4.109.1 * php7-ldap-debuginfo-7.2.34-150000.4.109.1 * php7-sysvmsg-7.2.34-150000.4.109.1 * php7-pcntl-debuginfo-7.2.34-150000.4.109.1 * php7-sqlite-7.2.34-150000.4.109.1 * apache2-mod_php7-debuginfo-7.2.34-150000.4.109.1 * php7-xmlwriter-7.2.34-150000.4.109.1 * php7-readline-7.2.34-150000.4.109.1 * php7-pdo-7.2.34-150000.4.109.1 * php7-exif-debuginfo-7.2.34-150000.4.109.1 * php7-curl-7.2.34-150000.4.109.1 * php7-dom-7.2.34-150000.4.109.1 * php7-posix-debuginfo-7.2.34-150000.4.109.1 * php7-intl-7.2.34-150000.4.109.1 * php7-dom-debuginfo-7.2.34-150000.4.109.1 * php7-mbstring-debuginfo-7.2.34-150000.4.109.1 * php7-openssl-7.2.34-150000.4.109.1 * php7-xmlwriter-debuginfo-7.2.34-150000.4.109.1 * php7-sockets-7.2.34-150000.4.109.1 * php7-xmlreader-debuginfo-7.2.34-150000.4.109.1 * php7-ftp-7.2.34-150000.4.109.1 * php7-curl-debuginfo-7.2.34-150000.4.109.1 * php7-phar-debuginfo-7.2.34-150000.4.109.1 * php7-zip-debuginfo-7.2.34-150000.4.109.1 * php7-gmp-debuginfo-7.2.34-150000.4.109.1 * php7-ftp-debuginfo-7.2.34-150000.4.109.1 * php7-xmlreader-7.2.34-150000.4.109.1 * php7-gd-debuginfo-7.2.34-150000.4.109.1 * php7-enchant-debuginfo-7.2.34-150000.4.109.1 * php7-tokenizer-debuginfo-7.2.34-150000.4.109.1 * php7-enchant-7.2.34-150000.4.109.1 * php7-fastcgi-7.2.34-150000.4.109.1 * php7-mysql-7.2.34-150000.4.109.1 * php7-pgsql-debuginfo-7.2.34-150000.4.109.1 * php7-opcache-7.2.34-150000.4.109.1 * php7-readline-debuginfo-7.2.34-150000.4.109.1 * php7-pgsql-7.2.34-150000.4.109.1 * php7-xsl-debuginfo-7.2.34-150000.4.109.1 * php7-bz2-debuginfo-7.2.34-150000.4.109.1 * php7-tidy-debuginfo-7.2.34-150000.4.109.1 * apache2-mod_php7-7.2.34-150000.4.109.1 * php7-calendar-7.2.34-150000.4.109.1 * php7-zip-7.2.34-150000.4.109.1 * php7-pdo-debuginfo-7.2.34-150000.4.109.1 * php7-wddx-7.2.34-150000.4.109.1 * php7-exif-7.2.34-150000.4.109.1 * php7-sodium-7.2.34-150000.4.109.1 * php7-odbc-debuginfo-7.2.34-150000.4.109.1 * php7-fastcgi-debuginfo-7.2.34-150000.4.109.1 * php7-odbc-7.2.34-150000.4.109.1 * php7-7.2.34-150000.4.109.1 * php7-opcache-debuginfo-7.2.34-150000.4.109.1 * php7-fileinfo-7.2.34-150000.4.109.1 * php7-sqlite-debuginfo-7.2.34-150000.4.109.1 * php7-ctype-7.2.34-150000.4.109.1 * php7-xmlrpc-debuginfo-7.2.34-150000.4.109.1 * php7-snmp-7.2.34-150000.4.109.1 * php7-xsl-7.2.34-150000.4.109.1 * php7-sysvsem-debuginfo-7.2.34-150000.4.109.1 * php7-fileinfo-debuginfo-7.2.34-150000.4.109.1 * php7-mbstring-7.2.34-150000.4.109.1 * php7-sysvshm-7.2.34-150000.4.109.1 * php7-gettext-debuginfo-7.2.34-150000.4.109.1 * php7-devel-7.2.34-150000.4.109.1 * php7-bcmath-debuginfo-7.2.34-150000.4.109.1 * php7-sodium-debuginfo-7.2.34-150000.4.109.1 * php7-bcmath-7.2.34-150000.4.109.1 * php7-dba-debuginfo-7.2.34-150000.4.109.1 * php7-bz2-7.2.34-150000.4.109.1 * php7-fpm-7.2.34-150000.4.109.1 * php7-sysvmsg-debuginfo-7.2.34-150000.4.109.1 * php7-soap-debuginfo-7.2.34-150000.4.109.1 * php7-iconv-debuginfo-7.2.34-150000.4.109.1 * php7-shmop-debuginfo-7.2.34-150000.4.109.1 * php7-debuginfo-7.2.34-150000.4.109.1 * SUSE CaaS Platform 4.0 (noarch) * php7-pear-7.2.34-150000.4.109.1 * php7-pear-Archive_Tar-7.2.34-150000.4.109.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0567.html * https://www.suse.com/security/cve/CVE-2023-0568.html * https://www.suse.com/security/cve/CVE-2023-0662.html * https://bugzilla.suse.com/show_bug.cgi?id=1208366 * https://bugzilla.suse.com/show_bug.cgi?id=1208367 * https://bugzilla.suse.com/show_bug.cgi?id=1208388 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Feb 24 16:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Feb 2023 16:30:19 -0000 Subject: SUSE-SU-2023:0513-1: important: Security update for php7 Message-ID: <167725621923.31466.11011496553754418921@smelt2.suse.de> # Security update for php7 Announcement ID: SUSE-SU-2023:0513-1 Rating: important References: * #1208366 * #1208367 * #1208388 Cross-References: * CVE-2023-0567 * CVE-2023-0568 * CVE-2023-0662 CVSS scores: * CVE-2023-0567 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0568 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-0568 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-0662 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0662 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Legacy Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves three vulnerabilities can now be installed. ## Description: This update for php7 fixes the following issues: * CVE-2023-0568: Fixed NULL byte off-by-one in php_check_specific_open_basedir (bnc#1208366). * CVE-2023-0662: Fixed DoS vulnerability when parsing multipart request body (bnc#1208367). * CVE-2023-0567: Fixed vulnerability where BCrypt hashes erroneously validate if the salt is cut short by `$` (bsc#1208388). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-513=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-513=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-513=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * php7-ctype-debuginfo-7.4.33-150400.4.19.1 * php7-ftp-debuginfo-7.4.33-150400.4.19.1 * php7-pgsql-7.4.33-150400.4.19.1 * php7-gettext-debuginfo-7.4.33-150400.4.19.1 * php7-test-7.4.33-150400.4.19.1 * php7-zlib-7.4.33-150400.4.19.1 * php7-sysvsem-debuginfo-7.4.33-150400.4.19.1 * php7-bcmath-debuginfo-7.4.33-150400.4.19.1 * php7-xmlrpc-7.4.33-150400.4.19.1 * php7-mbstring-debuginfo-7.4.33-150400.4.19.1 * php7-embed-debugsource-7.4.33-150400.4.19.1 * php7-soap-debuginfo-7.4.33-150400.4.19.1 * php7-debuginfo-7.4.33-150400.4.19.1 * php7-fpm-7.4.33-150400.4.19.1 * php7-readline-debuginfo-7.4.33-150400.4.19.1 * php7-readline-7.4.33-150400.4.19.1 * php7-iconv-debuginfo-7.4.33-150400.4.19.1 * php7-ldap-7.4.33-150400.4.19.1 * php7-xsl-debuginfo-7.4.33-150400.4.19.1 * php7-tidy-7.4.33-150400.4.19.1 * php7-opcache-7.4.33-150400.4.19.1 * php7-soap-7.4.33-150400.4.19.1 * php7-intl-debuginfo-7.4.33-150400.4.19.1 * php7-mysql-debuginfo-7.4.33-150400.4.19.1 * php7-xmlrpc-debuginfo-7.4.33-150400.4.19.1 * php7-sysvshm-7.4.33-150400.4.19.1 * php7-pcntl-7.4.33-150400.4.19.1 * php7-sysvshm-debuginfo-7.4.33-150400.4.19.1 * php7-zip-7.4.33-150400.4.19.1 * php7-shmop-7.4.33-150400.4.19.1 * php7-openssl-7.4.33-150400.4.19.1 * php7-intl-7.4.33-150400.4.19.1 * php7-mbstring-7.4.33-150400.4.19.1 * php7-sysvmsg-7.4.33-150400.4.19.1 * php7-pdo-7.4.33-150400.4.19.1 * php7-fpm-debugsource-7.4.33-150400.4.19.1 * php7-calendar-7.4.33-150400.4.19.1 * php7-ftp-7.4.33-150400.4.19.1 * php7-bz2-7.4.33-150400.4.19.1 * php7-gd-debuginfo-7.4.33-150400.4.19.1 * php7-xmlwriter-debuginfo-7.4.33-150400.4.19.1 * php7-fastcgi-debugsource-7.4.33-150400.4.19.1 * apache2-mod_php7-debugsource-7.4.33-150400.4.19.1 * php7-xmlreader-debuginfo-7.4.33-150400.4.19.1 * php7-bz2-debuginfo-7.4.33-150400.4.19.1 * php7-curl-7.4.33-150400.4.19.1 * php7-fastcgi-7.4.33-150400.4.19.1 * php7-bcmath-7.4.33-150400.4.19.1 * php7-fpm-debuginfo-7.4.33-150400.4.19.1 * php7-exif-7.4.33-150400.4.19.1 * php7-devel-7.4.33-150400.4.19.1 * php7-dom-7.4.33-150400.4.19.1 * php7-sockets-debuginfo-7.4.33-150400.4.19.1 * php7-sockets-7.4.33-150400.4.19.1 * php7-gmp-debuginfo-7.4.33-150400.4.19.1 * php7-phar-7.4.33-150400.4.19.1 * php7-pcntl-debuginfo-7.4.33-150400.4.19.1 * php7-dba-7.4.33-150400.4.19.1 * php7-json-7.4.33-150400.4.19.1 * php7-cli-7.4.33-150400.4.19.1 * php7-sysvmsg-debuginfo-7.4.33-150400.4.19.1 * php7-zip-debuginfo-7.4.33-150400.4.19.1 * php7-fastcgi-debuginfo-7.4.33-150400.4.19.1 * php7-sqlite-debuginfo-7.4.33-150400.4.19.1 * php7-enchant-7.4.33-150400.4.19.1 * php7-debugsource-7.4.33-150400.4.19.1 * php7-cli-debuginfo-7.4.33-150400.4.19.1 * php7-xmlwriter-7.4.33-150400.4.19.1 * php7-dom-debuginfo-7.4.33-150400.4.19.1 * php7-pgsql-debuginfo-7.4.33-150400.4.19.1 * php7-posix-debuginfo-7.4.33-150400.4.19.1 * php7-gmp-7.4.33-150400.4.19.1 * php7-snmp-7.4.33-150400.4.19.1 * php7-dba-debuginfo-7.4.33-150400.4.19.1 * php7-embed-7.4.33-150400.4.19.1 * php7-curl-debuginfo-7.4.33-150400.4.19.1 * php7-odbc-debuginfo-7.4.33-150400.4.19.1 * apache2-mod_php7-debuginfo-7.4.33-150400.4.19.1 * php7-gettext-7.4.33-150400.4.19.1 * php7-json-debuginfo-7.4.33-150400.4.19.1 * php7-zlib-debuginfo-7.4.33-150400.4.19.1 * php7-mysql-7.4.33-150400.4.19.1 * php7-embed-debuginfo-7.4.33-150400.4.19.1 * php7-opcache-debuginfo-7.4.33-150400.4.19.1 * php7-openssl-debuginfo-7.4.33-150400.4.19.1 * php7-shmop-debuginfo-7.4.33-150400.4.19.1 * php7-phar-debuginfo-7.4.33-150400.4.19.1 * php7-snmp-debuginfo-7.4.33-150400.4.19.1 * php7-sysvsem-7.4.33-150400.4.19.1 * php7-tidy-debuginfo-7.4.33-150400.4.19.1 * php7-xmlreader-7.4.33-150400.4.19.1 * php7-fileinfo-debuginfo-7.4.33-150400.4.19.1 * php7-sodium-7.4.33-150400.4.19.1 * php7-enchant-debuginfo-7.4.33-150400.4.19.1 * php7-7.4.33-150400.4.19.1 * php7-gd-7.4.33-150400.4.19.1 * apache2-mod_php7-7.4.33-150400.4.19.1 * php7-ctype-7.4.33-150400.4.19.1 * php7-odbc-7.4.33-150400.4.19.1 * php7-exif-debuginfo-7.4.33-150400.4.19.1 * php7-sqlite-7.4.33-150400.4.19.1 * php7-tokenizer-7.4.33-150400.4.19.1 * php7-iconv-7.4.33-150400.4.19.1 * php7-ldap-debuginfo-7.4.33-150400.4.19.1 * php7-calendar-debuginfo-7.4.33-150400.4.19.1 * php7-sodium-debuginfo-7.4.33-150400.4.19.1 * php7-xsl-7.4.33-150400.4.19.1 * php7-fileinfo-7.4.33-150400.4.19.1 * php7-posix-7.4.33-150400.4.19.1 * php7-pdo-debuginfo-7.4.33-150400.4.19.1 * php7-tokenizer-debuginfo-7.4.33-150400.4.19.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * php7-ctype-debuginfo-7.4.33-150400.4.19.1 * php7-ftp-debuginfo-7.4.33-150400.4.19.1 * php7-pgsql-7.4.33-150400.4.19.1 * php7-gettext-debuginfo-7.4.33-150400.4.19.1 * php7-zlib-7.4.33-150400.4.19.1 * php7-sysvsem-debuginfo-7.4.33-150400.4.19.1 * php7-bcmath-debuginfo-7.4.33-150400.4.19.1 * php7-xmlrpc-7.4.33-150400.4.19.1 * php7-mbstring-debuginfo-7.4.33-150400.4.19.1 * php7-soap-debuginfo-7.4.33-150400.4.19.1 * php7-debuginfo-7.4.33-150400.4.19.1 * php7-fpm-7.4.33-150400.4.19.1 * php7-readline-debuginfo-7.4.33-150400.4.19.1 * php7-readline-7.4.33-150400.4.19.1 * php7-iconv-debuginfo-7.4.33-150400.4.19.1 * php7-ldap-7.4.33-150400.4.19.1 * php7-xsl-debuginfo-7.4.33-150400.4.19.1 * php7-tidy-7.4.33-150400.4.19.1 * php7-opcache-7.4.33-150400.4.19.1 * php7-soap-7.4.33-150400.4.19.1 * php7-intl-debuginfo-7.4.33-150400.4.19.1 * php7-mysql-debuginfo-7.4.33-150400.4.19.1 * php7-xmlrpc-debuginfo-7.4.33-150400.4.19.1 * php7-sysvshm-7.4.33-150400.4.19.1 * php7-pcntl-7.4.33-150400.4.19.1 * php7-sysvshm-debuginfo-7.4.33-150400.4.19.1 * php7-zip-7.4.33-150400.4.19.1 * php7-shmop-7.4.33-150400.4.19.1 * php7-openssl-7.4.33-150400.4.19.1 * php7-intl-7.4.33-150400.4.19.1 * php7-mbstring-7.4.33-150400.4.19.1 * php7-sysvmsg-7.4.33-150400.4.19.1 * php7-pdo-7.4.33-150400.4.19.1 * php7-fpm-debugsource-7.4.33-150400.4.19.1 * php7-calendar-7.4.33-150400.4.19.1 * php7-ftp-7.4.33-150400.4.19.1 * php7-bz2-7.4.33-150400.4.19.1 * php7-gd-debuginfo-7.4.33-150400.4.19.1 * php7-xmlwriter-debuginfo-7.4.33-150400.4.19.1 * php7-fastcgi-debugsource-7.4.33-150400.4.19.1 * apache2-mod_php7-debugsource-7.4.33-150400.4.19.1 * php7-xmlreader-debuginfo-7.4.33-150400.4.19.1 * php7-bz2-debuginfo-7.4.33-150400.4.19.1 * php7-curl-7.4.33-150400.4.19.1 * php7-fastcgi-7.4.33-150400.4.19.1 * php7-bcmath-7.4.33-150400.4.19.1 * php7-fpm-debuginfo-7.4.33-150400.4.19.1 * php7-exif-7.4.33-150400.4.19.1 * php7-devel-7.4.33-150400.4.19.1 * php7-dom-7.4.33-150400.4.19.1 * php7-sockets-debuginfo-7.4.33-150400.4.19.1 * php7-sockets-7.4.33-150400.4.19.1 * php7-gmp-debuginfo-7.4.33-150400.4.19.1 * php7-phar-7.4.33-150400.4.19.1 * php7-pcntl-debuginfo-7.4.33-150400.4.19.1 * php7-dba-7.4.33-150400.4.19.1 * php7-json-7.4.33-150400.4.19.1 * php7-cli-7.4.33-150400.4.19.1 * php7-sysvmsg-debuginfo-7.4.33-150400.4.19.1 * php7-zip-debuginfo-7.4.33-150400.4.19.1 * php7-fastcgi-debuginfo-7.4.33-150400.4.19.1 * php7-sqlite-debuginfo-7.4.33-150400.4.19.1 * php7-enchant-7.4.33-150400.4.19.1 * php7-debugsource-7.4.33-150400.4.19.1 * php7-cli-debuginfo-7.4.33-150400.4.19.1 * php7-xmlwriter-7.4.33-150400.4.19.1 * php7-dom-debuginfo-7.4.33-150400.4.19.1 * php7-pgsql-debuginfo-7.4.33-150400.4.19.1 * php7-posix-debuginfo-7.4.33-150400.4.19.1 * php7-gmp-7.4.33-150400.4.19.1 * php7-snmp-7.4.33-150400.4.19.1 * php7-dba-debuginfo-7.4.33-150400.4.19.1 * php7-curl-debuginfo-7.4.33-150400.4.19.1 * php7-odbc-debuginfo-7.4.33-150400.4.19.1 * apache2-mod_php7-debuginfo-7.4.33-150400.4.19.1 * php7-gettext-7.4.33-150400.4.19.1 * php7-json-debuginfo-7.4.33-150400.4.19.1 * php7-zlib-debuginfo-7.4.33-150400.4.19.1 * php7-mysql-7.4.33-150400.4.19.1 * php7-opcache-debuginfo-7.4.33-150400.4.19.1 * php7-openssl-debuginfo-7.4.33-150400.4.19.1 * php7-shmop-debuginfo-7.4.33-150400.4.19.1 * php7-phar-debuginfo-7.4.33-150400.4.19.1 * php7-snmp-debuginfo-7.4.33-150400.4.19.1 * php7-sysvsem-7.4.33-150400.4.19.1 * php7-tidy-debuginfo-7.4.33-150400.4.19.1 * php7-xmlreader-7.4.33-150400.4.19.1 * php7-fileinfo-debuginfo-7.4.33-150400.4.19.1 * php7-sodium-7.4.33-150400.4.19.1 * php7-enchant-debuginfo-7.4.33-150400.4.19.1 * php7-7.4.33-150400.4.19.1 * php7-gd-7.4.33-150400.4.19.1 * apache2-mod_php7-7.4.33-150400.4.19.1 * php7-ctype-7.4.33-150400.4.19.1 * php7-odbc-7.4.33-150400.4.19.1 * php7-exif-debuginfo-7.4.33-150400.4.19.1 * php7-sqlite-7.4.33-150400.4.19.1 * php7-tokenizer-7.4.33-150400.4.19.1 * php7-iconv-7.4.33-150400.4.19.1 * php7-ldap-debuginfo-7.4.33-150400.4.19.1 * php7-calendar-debuginfo-7.4.33-150400.4.19.1 * php7-sodium-debuginfo-7.4.33-150400.4.19.1 * php7-xsl-7.4.33-150400.4.19.1 * php7-fileinfo-7.4.33-150400.4.19.1 * php7-posix-7.4.33-150400.4.19.1 * php7-pdo-debuginfo-7.4.33-150400.4.19.1 * php7-tokenizer-debuginfo-7.4.33-150400.4.19.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * php7-embed-debugsource-7.4.33-150400.4.19.1 * php7-embed-7.4.33-150400.4.19.1 * php7-embed-debuginfo-7.4.33-150400.4.19.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0567.html * https://www.suse.com/security/cve/CVE-2023-0568.html * https://www.suse.com/security/cve/CVE-2023-0662.html * https://bugzilla.suse.com/show_bug.cgi?id=1208366 * https://bugzilla.suse.com/show_bug.cgi?id=1208367 * https://bugzilla.suse.com/show_bug.cgi?id=1208388 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Feb 24 16:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Feb 2023 16:30:21 -0000 Subject: SUSE-SU-2023:0512-1: moderate: Security update for libraw Message-ID: <167725622117.31466.2172435141041181578@smelt2.suse.de> # Security update for libraw Announcement ID: SUSE-SU-2023:0512-1 Rating: moderate References: * #1208470 Cross-References: * CVE-2021-32142 CVSS scores: * CVE-2021-32142 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L Affected Products: * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for libraw fixes the following issues: * CVE-2021-32142: Fixed buffer overflow in the LibRaw_buffer_datastream:gets function (bsc#1208470). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-512=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-512=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-512=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libraw20-0.20.2-150400.3.3.1 * libraw-tools-0.20.2-150400.3.3.1 * libraw-devel-0.20.2-150400.3.3.1 * libraw-devel-static-0.20.2-150400.3.3.1 * libraw-debugsource-0.20.2-150400.3.3.1 * libraw20-debuginfo-0.20.2-150400.3.3.1 * libraw-tools-debuginfo-0.20.2-150400.3.3.1 * openSUSE Leap 15.4 (x86_64) * libraw20-32bit-0.20.2-150400.3.3.1 * libraw20-32bit-debuginfo-0.20.2-150400.3.3.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libraw20-0.20.2-150400.3.3.1 * libraw-debugsource-0.20.2-150400.3.3.1 * libraw20-debuginfo-0.20.2-150400.3.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * libraw-devel-0.20.2-150400.3.3.1 * libraw-debugsource-0.20.2-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2021-32142.html * https://bugzilla.suse.com/show_bug.cgi?id=1208470 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Feb 24 16:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Feb 2023 16:30:23 -0000 Subject: SUSE-SU-2023:0511-1: moderate: Security update for libraw Message-ID: <167725622300.31466.16170882190960255686@smelt2.suse.de> # Security update for libraw Announcement ID: SUSE-SU-2023:0511-1 Rating: moderate References: * #1208470 Cross-References: * CVE-2021-32142 CVSS scores: * CVE-2021-32142 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for libraw fixes the following issues: * CVE-2021-32142: Fixed buffer overflow in the LibRaw_buffer_datastream:gets function (bsc#1208470). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-511=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-511=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libraw-debuginfo-0.18.9-150000.3.17.1 * libraw16-0.18.9-150000.3.17.1 * libraw16-debuginfo-0.18.9-150000.3.17.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * libraw-debuginfo-0.18.9-150000.3.17.1 * libraw-debugsource-0.18.9-150000.3.17.1 * libraw16-0.18.9-150000.3.17.1 * libraw16-debuginfo-0.18.9-150000.3.17.1 ## References: * https://www.suse.com/security/cve/CVE-2021-32142.html * https://bugzilla.suse.com/show_bug.cgi?id=1208470 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Feb 24 16:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Feb 2023 16:30:24 -0000 Subject: SUSE-SU-2023:0510-1: moderate: Security update for libraw Message-ID: <167725622478.31466.7924743208746532266@smelt2.suse.de> # Security update for libraw Announcement ID: SUSE-SU-2023:0510-1 Rating: moderate References: * #1208470 Cross-References: * CVE-2021-32142 CVSS scores: * CVE-2021-32142 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libraw fixes the following issues: * CVE-2021-32142: Fixed buffer overflow in the LibRaw_buffer_datastream:gets function (bsc#1208470). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-510=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-510=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libraw9-debuginfo-0.15.4-36.1 * libraw-debugsource-0.15.4-36.1 * libraw-devel-0.15.4-36.1 * libraw9-0.15.4-36.1 * libraw-devel-static-0.15.4-36.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libraw9-debuginfo-0.15.4-36.1 * libraw9-0.15.4-36.1 * libraw-debugsource-0.15.4-36.1 ## References: * https://www.suse.com/security/cve/CVE-2021-32142.html * https://bugzilla.suse.com/show_bug.cgi?id=1208470 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Feb 24 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Feb 2023 20:30:02 -0000 Subject: SUSE-SU-2023:0519-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP4) Message-ID: <167727060233.20843.16059521518380503528@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP4) Announcement ID: SUSE-SU-2023:0519-1 Rating: important References: * #1206314 Cross-References: * CVE-2022-3564 CVSS scores: * CVE-2022-3564 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-3564 ( NVD ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Live Patching 12-SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.12.14-95_114 fixes one issue. The following security issue was fixed: * CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206314). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP4 zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-519=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-520=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-95_114-default-2-2.1 * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_131-default-2-150100.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-3564.html * https://bugzilla.suse.com/show_bug.cgi?id=1206314 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Feb 25 08:03:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 25 Feb 2023 09:03:09 +0100 (CET) Subject: SUSE-CU-2023:465-1: Security update of bci/nodejs Message-ID: <20230225080309.A9EE8F52D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:465-1 Container Tags : bci/node:14 , bci/node:14-36.38 , bci/nodejs:14 , bci/nodejs:14-36.38 Container Release : 36.38 Severity : important Type : security References : 1208067 CVE-2022-4904 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:486-1 Released: Thu Feb 23 10:38:13 2023 Summary: Security update for c-ares Type: security Severity: important References: 1208067,CVE-2022-4904 This update for c-ares fixes the following issues: Updated to version 1.19.0: - CVE-2022-4904: Fixed missing string length check in config_sortlist() (bsc#1208067). The following package changes have been done: - libcares2-1.19.0-150000.3.20.1 updated From sle-updates at lists.suse.com Sat Feb 25 08:03:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 25 Feb 2023 09:03:30 +0100 (CET) Subject: SUSE-CU-2023:466-1: Security update of bci/nodejs Message-ID: <20230225080330.09075F52D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:466-1 Container Tags : bci/node:16 , bci/node:16-14.2 , bci/nodejs:16 , bci/nodejs:16-14.2 Container Release : 14.2 Severity : important Type : security References : 1208067 CVE-2022-4904 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:486-1 Released: Thu Feb 23 10:38:13 2023 Summary: Security update for c-ares Type: security Severity: important References: 1208067,CVE-2022-4904 This update for c-ares fixes the following issues: Updated to version 1.19.0: - CVE-2022-4904: Fixed missing string length check in config_sortlist() (bsc#1208067). The following package changes have been done: - libcares2-1.19.0-150000.3.20.1 updated From sle-updates at lists.suse.com Sat Feb 25 08:03:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 25 Feb 2023 09:03:31 +0100 (CET) Subject: SUSE-CU-2023:467-1: Security update of bci/nodejs Message-ID: <20230225080331.6D306F52D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:467-1 Container Tags : bci/node:18 , bci/node:18-2.2 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-2.2 , bci/nodejs:latest Container Release : 2.2 Severity : important Type : security References : 1208067 CVE-2022-4904 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:486-1 Released: Thu Feb 23 10:38:13 2023 Summary: Security update for c-ares Type: security Severity: important References: 1208067,CVE-2022-4904 This update for c-ares fixes the following issues: Updated to version 1.19.0: - CVE-2022-4904: Fixed missing string length check in config_sortlist() (bsc#1208067). The following package changes have been done: - libcares2-1.19.0-150000.3.20.1 updated From sle-updates at lists.suse.com Mon Feb 27 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Feb 2023 08:30:02 -0000 Subject: SUSE-SU-2023:0523-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP3) Message-ID: <167748660277.29188.11582972810002570814@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:0523-1 Rating: important References: * #1207139 Cross-References: * CVE-2023-0179 CVSS scores: * CVE-2023-0179 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_106 fixes one issue. The following security issue was fixed: * CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207139). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-523=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_106-default-2-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0179.html * https://bugzilla.suse.com/show_bug.cgi?id=1207139 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Feb 27 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Feb 2023 08:30:05 -0000 Subject: SUSE-SU-2023:0522-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP3) Message-ID: <167748660558.29188.16083676544663846545@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:0522-1 Rating: important References: * #1206314 * #1207139 Cross-References: * CVE-2022-3564 * CVE-2023-0179 CVSS scores: * CVE-2022-3564 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-3564 ( NVD ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-0179 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_101 fixes several issues. The following security issues were fixed: * CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206314). * CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207139). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-522=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_101-default-4-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-3564.html * https://www.suse.com/security/cve/CVE-2023-0179.html * https://bugzilla.suse.com/show_bug.cgi?id=1206314 * https://bugzilla.suse.com/show_bug.cgi?id=1207139 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Feb 27 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Feb 2023 08:30:07 -0000 Subject: SUSE-SU-2023:0525-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP5) Message-ID: <167748660797.29188.9807330466455676950@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:0525-1 Rating: important References: * #1206314 Cross-References: * CVE-2022-3564 CVSS scores: * CVE-2022-3564 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-3564 ( NVD ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_139 fixes one issue. The following security issue was fixed: * CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206314). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-525=1 SUSE-SLE-Live- Patching-12-SP5-2023-524=1 * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-521=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_144-default-2-2.1 * kgraft-patch-4_12_14-122_139-default-3-2.1 * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_139-default-2-150200.2.1 * kernel-livepatch-5_3_18-150200_24_139-default-debuginfo-2-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_32-debugsource-2-150200.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-3564.html * https://bugzilla.suse.com/show_bug.cgi?id=1206314 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Feb 27 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Feb 2023 16:30:02 -0000 Subject: SUSE-SU-2023:0528-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP4) Message-ID: <167751540236.19451.15733695041412826659@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP4) Announcement ID: SUSE-SU-2023:0528-1 Rating: important References: * #1206314 Cross-References: * CVE-2022-3564 CVSS scores: * CVE-2022-3564 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-3564 ( NVD ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Live Patching 12-SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.12.14-95_93 fixes one issue. The following security issue was fixed: * CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206314). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP4 zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-528=1 SUSE-SLE-Live- Patching-12-SP4-2023-529=1 SUSE-SLE-Live-Patching-12-SP4-2023-530=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-531=1 SUSE-SLE-Live- Patching-12-SP5-2023-532=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-533=1 SUSE-SLE- Module-Live-Patching-15-SP1-2023-534=1 SUSE-SLE-Module-Live- Patching-15-SP1-2023-535=1 SUSE-SLE-Module-Live-Patching-15-SP1-2023-536=1 SUSE- SLE-Module-Live-Patching-15-SP1-2023-537=1 SUSE-SLE-Module-Live- Patching-15-SP1-2023-538=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-95_93-default-13-2.2 * kgraft-patch-4_12_14-95_111-default-4-2.1 * kgraft-patch-4_12_14-95_99-default-9-2.1 * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_127-default-7-2.1 * kgraft-patch-4_12_14-122_113-default-14-2.2 * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-197_108-default-13-150100.2.2 * kernel-livepatch-4_12_14-150100_197_117-default-7-150100.2.1 * kernel-livepatch-4_12_14-150100_197_123-default-4-150100.2.1 * kernel-livepatch-4_12_14-150100_197_120-default-7-150100.2.1 * kernel-livepatch-4_12_14-150100_197_114-default-9-150100.2.1 * kernel-livepatch-4_12_14-150100_197_126-default-4-150100.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-3564.html * https://bugzilla.suse.com/show_bug.cgi?id=1206314 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Feb 27 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Feb 2023 16:30:04 -0000 Subject: SUSE-SU-2023:0527-1: important: Security update for php8 Message-ID: <167751540487.19451.16538871330757272154@smelt2.suse.de> # Security update for php8 Announcement ID: SUSE-SU-2023:0527-1 Rating: important References: * #1208366 * #1208367 Cross-References: * CVE-2023-0568 * CVE-2023-0662 CVSS scores: * CVE-2023-0568 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-0568 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-0662 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0662 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for php8 fixes the following issues: php8 was updated to version 8.0.28: * CVE-2023-0568: Fixed NULL byte off-by-one in php_check_specific_open_basedir (bnc#1208366). * CVE-2023-0662: Fixed DoS vulnerability when parsing multipart request body (bnc#1208367). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-527=1 * Web and Scripting Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-527=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * php8-tokenizer-8.0.28-150400.4.26.1 * php8-zip-8.0.28-150400.4.26.1 * php8-calendar-8.0.28-150400.4.26.1 * php8-gd-debuginfo-8.0.28-150400.4.26.1 * php8-dom-debuginfo-8.0.28-150400.4.26.1 * php8-sodium-8.0.28-150400.4.26.1 * php8-dba-8.0.28-150400.4.26.1 * php8-soap-debuginfo-8.0.28-150400.4.26.1 * php8-gmp-debuginfo-8.0.28-150400.4.26.1 * php8-iconv-debuginfo-8.0.28-150400.4.26.1 * php8-posix-debuginfo-8.0.28-150400.4.26.1 * php8-embed-8.0.28-150400.4.26.1 * php8-sodium-debuginfo-8.0.28-150400.4.26.1 * php8-xmlreader-8.0.28-150400.4.26.1 * php8-tidy-debuginfo-8.0.28-150400.4.26.1 * php8-pgsql-debuginfo-8.0.28-150400.4.26.1 * php8-cli-8.0.28-150400.4.26.1 * php8-tokenizer-debuginfo-8.0.28-150400.4.26.1 * php8-zlib-debuginfo-8.0.28-150400.4.26.1 * php8-fastcgi-debuginfo-8.0.28-150400.4.26.1 * php8-xmlreader-debuginfo-8.0.28-150400.4.26.1 * php8-fileinfo-8.0.28-150400.4.26.1 * php8-iconv-8.0.28-150400.4.26.1 * php8-odbc-8.0.28-150400.4.26.1 * php8-mysql-debuginfo-8.0.28-150400.4.26.1 * php8-mysql-8.0.28-150400.4.26.1 * php8-ldap-debuginfo-8.0.28-150400.4.26.1 * php8-xmlwriter-debuginfo-8.0.28-150400.4.26.1 * php8-opcache-debuginfo-8.0.28-150400.4.26.1 * php8-readline-debuginfo-8.0.28-150400.4.26.1 * php8-gd-8.0.28-150400.4.26.1 * php8-fastcgi-debugsource-8.0.28-150400.4.26.1 * php8-ctype-debuginfo-8.0.28-150400.4.26.1 * php8-ftp-8.0.28-150400.4.26.1 * php8-openssl-8.0.28-150400.4.26.1 * php8-debugsource-8.0.28-150400.4.26.1 * php8-intl-debuginfo-8.0.28-150400.4.26.1 * php8-gettext-8.0.28-150400.4.26.1 * php8-xsl-8.0.28-150400.4.26.1 * php8-shmop-debuginfo-8.0.28-150400.4.26.1 * php8-ldap-8.0.28-150400.4.26.1 * php8-fpm-debugsource-8.0.28-150400.4.26.1 * php8-snmp-8.0.28-150400.4.26.1 * php8-gettext-debuginfo-8.0.28-150400.4.26.1 * php8-opcache-8.0.28-150400.4.26.1 * apache2-mod_php8-8.0.28-150400.4.26.1 * php8-pdo-debuginfo-8.0.28-150400.4.26.1 * php8-posix-8.0.28-150400.4.26.1 * php8-sockets-debuginfo-8.0.28-150400.4.26.1 * php8-bz2-8.0.28-150400.4.26.1 * php8-sysvmsg-8.0.28-150400.4.26.1 * php8-pcntl-debuginfo-8.0.28-150400.4.26.1 * php8-enchant-debuginfo-8.0.28-150400.4.26.1 * php8-sysvmsg-debuginfo-8.0.28-150400.4.26.1 * php8-exif-8.0.28-150400.4.26.1 * php8-xmlwriter-8.0.28-150400.4.26.1 * php8-odbc-debuginfo-8.0.28-150400.4.26.1 * php8-fpm-debuginfo-8.0.28-150400.4.26.1 * php8-mbstring-8.0.28-150400.4.26.1 * php8-cli-debuginfo-8.0.28-150400.4.26.1 * php8-sysvshm-debuginfo-8.0.28-150400.4.26.1 * php8-openssl-debuginfo-8.0.28-150400.4.26.1 * php8-soap-8.0.28-150400.4.26.1 * php8-test-8.0.28-150400.4.26.1 * php8-phar-8.0.28-150400.4.26.1 * php8-curl-debuginfo-8.0.28-150400.4.26.1 * php8-tidy-8.0.28-150400.4.26.1 * php8-mbstring-debuginfo-8.0.28-150400.4.26.1 * php8-sysvsem-debuginfo-8.0.28-150400.4.26.1 * php8-sockets-8.0.28-150400.4.26.1 * php8-devel-8.0.28-150400.4.26.1 * apache2-mod_php8-debugsource-8.0.28-150400.4.26.1 * php8-fastcgi-8.0.28-150400.4.26.1 * php8-intl-8.0.28-150400.4.26.1 * php8-snmp-debuginfo-8.0.28-150400.4.26.1 * php8-sysvsem-8.0.28-150400.4.26.1 * php8-8.0.28-150400.4.26.1 * php8-debuginfo-8.0.28-150400.4.26.1 * php8-phar-debuginfo-8.0.28-150400.4.26.1 * php8-readline-8.0.28-150400.4.26.1 * php8-calendar-debuginfo-8.0.28-150400.4.26.1 * php8-embed-debuginfo-8.0.28-150400.4.26.1 * php8-enchant-8.0.28-150400.4.26.1 * php8-pdo-8.0.28-150400.4.26.1 * php8-sysvshm-8.0.28-150400.4.26.1 * php8-shmop-8.0.28-150400.4.26.1 * php8-bcmath-debuginfo-8.0.28-150400.4.26.1 * php8-pcntl-8.0.28-150400.4.26.1 * php8-bcmath-8.0.28-150400.4.26.1 * php8-dba-debuginfo-8.0.28-150400.4.26.1 * php8-ftp-debuginfo-8.0.28-150400.4.26.1 * php8-embed-debugsource-8.0.28-150400.4.26.1 * php8-sqlite-debuginfo-8.0.28-150400.4.26.1 * php8-bz2-debuginfo-8.0.28-150400.4.26.1 * php8-fpm-8.0.28-150400.4.26.1 * php8-dom-8.0.28-150400.4.26.1 * php8-fileinfo-debuginfo-8.0.28-150400.4.26.1 * php8-gmp-8.0.28-150400.4.26.1 * php8-zip-debuginfo-8.0.28-150400.4.26.1 * apache2-mod_php8-debuginfo-8.0.28-150400.4.26.1 * php8-ctype-8.0.28-150400.4.26.1 * php8-exif-debuginfo-8.0.28-150400.4.26.1 * php8-curl-8.0.28-150400.4.26.1 * php8-pgsql-8.0.28-150400.4.26.1 * php8-xsl-debuginfo-8.0.28-150400.4.26.1 * php8-zlib-8.0.28-150400.4.26.1 * php8-sqlite-8.0.28-150400.4.26.1 * Web and Scripting Module 15-SP4 (aarch64 ppc64le s390x x86_64) * php8-tokenizer-8.0.28-150400.4.26.1 * php8-zip-8.0.28-150400.4.26.1 * php8-calendar-8.0.28-150400.4.26.1 * php8-gd-debuginfo-8.0.28-150400.4.26.1 * php8-dom-debuginfo-8.0.28-150400.4.26.1 * php8-sodium-8.0.28-150400.4.26.1 * php8-dba-8.0.28-150400.4.26.1 * php8-soap-debuginfo-8.0.28-150400.4.26.1 * php8-gmp-debuginfo-8.0.28-150400.4.26.1 * php8-iconv-debuginfo-8.0.28-150400.4.26.1 * php8-posix-debuginfo-8.0.28-150400.4.26.1 * php8-embed-8.0.28-150400.4.26.1 * php8-sodium-debuginfo-8.0.28-150400.4.26.1 * php8-xmlreader-8.0.28-150400.4.26.1 * php8-tidy-debuginfo-8.0.28-150400.4.26.1 * php8-pgsql-debuginfo-8.0.28-150400.4.26.1 * php8-cli-8.0.28-150400.4.26.1 * php8-tokenizer-debuginfo-8.0.28-150400.4.26.1 * php8-zlib-debuginfo-8.0.28-150400.4.26.1 * php8-fastcgi-debuginfo-8.0.28-150400.4.26.1 * php8-xmlreader-debuginfo-8.0.28-150400.4.26.1 * php8-fileinfo-8.0.28-150400.4.26.1 * php8-iconv-8.0.28-150400.4.26.1 * php8-odbc-8.0.28-150400.4.26.1 * php8-mysql-debuginfo-8.0.28-150400.4.26.1 * php8-mysql-8.0.28-150400.4.26.1 * php8-ldap-debuginfo-8.0.28-150400.4.26.1 * php8-xmlwriter-debuginfo-8.0.28-150400.4.26.1 * php8-opcache-debuginfo-8.0.28-150400.4.26.1 * php8-readline-debuginfo-8.0.28-150400.4.26.1 * php8-gd-8.0.28-150400.4.26.1 * php8-fastcgi-debugsource-8.0.28-150400.4.26.1 * php8-ctype-debuginfo-8.0.28-150400.4.26.1 * php8-ftp-8.0.28-150400.4.26.1 * php8-openssl-8.0.28-150400.4.26.1 * php8-debugsource-8.0.28-150400.4.26.1 * php8-intl-debuginfo-8.0.28-150400.4.26.1 * php8-gettext-8.0.28-150400.4.26.1 * php8-xsl-8.0.28-150400.4.26.1 * php8-shmop-debuginfo-8.0.28-150400.4.26.1 * php8-ldap-8.0.28-150400.4.26.1 * php8-fpm-debugsource-8.0.28-150400.4.26.1 * php8-snmp-8.0.28-150400.4.26.1 * php8-gettext-debuginfo-8.0.28-150400.4.26.1 * php8-opcache-8.0.28-150400.4.26.1 * apache2-mod_php8-8.0.28-150400.4.26.1 * php8-pdo-debuginfo-8.0.28-150400.4.26.1 * php8-posix-8.0.28-150400.4.26.1 * php8-sockets-debuginfo-8.0.28-150400.4.26.1 * php8-bz2-8.0.28-150400.4.26.1 * php8-sysvmsg-8.0.28-150400.4.26.1 * php8-pcntl-debuginfo-8.0.28-150400.4.26.1 * php8-enchant-debuginfo-8.0.28-150400.4.26.1 * php8-sysvmsg-debuginfo-8.0.28-150400.4.26.1 * php8-exif-8.0.28-150400.4.26.1 * php8-xmlwriter-8.0.28-150400.4.26.1 * php8-odbc-debuginfo-8.0.28-150400.4.26.1 * php8-fpm-debuginfo-8.0.28-150400.4.26.1 * php8-mbstring-8.0.28-150400.4.26.1 * php8-cli-debuginfo-8.0.28-150400.4.26.1 * php8-sysvshm-debuginfo-8.0.28-150400.4.26.1 * php8-openssl-debuginfo-8.0.28-150400.4.26.1 * php8-soap-8.0.28-150400.4.26.1 * php8-test-8.0.28-150400.4.26.1 * php8-phar-8.0.28-150400.4.26.1 * php8-curl-debuginfo-8.0.28-150400.4.26.1 * php8-tidy-8.0.28-150400.4.26.1 * php8-mbstring-debuginfo-8.0.28-150400.4.26.1 * php8-sysvsem-debuginfo-8.0.28-150400.4.26.1 * php8-sockets-8.0.28-150400.4.26.1 * php8-devel-8.0.28-150400.4.26.1 * apache2-mod_php8-debugsource-8.0.28-150400.4.26.1 * php8-fastcgi-8.0.28-150400.4.26.1 * php8-intl-8.0.28-150400.4.26.1 * php8-snmp-debuginfo-8.0.28-150400.4.26.1 * php8-sysvsem-8.0.28-150400.4.26.1 * php8-8.0.28-150400.4.26.1 * php8-debuginfo-8.0.28-150400.4.26.1 * php8-phar-debuginfo-8.0.28-150400.4.26.1 * php8-readline-8.0.28-150400.4.26.1 * php8-calendar-debuginfo-8.0.28-150400.4.26.1 * php8-embed-debuginfo-8.0.28-150400.4.26.1 * php8-enchant-8.0.28-150400.4.26.1 * php8-pdo-8.0.28-150400.4.26.1 * php8-sysvshm-8.0.28-150400.4.26.1 * php8-shmop-8.0.28-150400.4.26.1 * php8-bcmath-debuginfo-8.0.28-150400.4.26.1 * php8-pcntl-8.0.28-150400.4.26.1 * php8-bcmath-8.0.28-150400.4.26.1 * php8-dba-debuginfo-8.0.28-150400.4.26.1 * php8-ftp-debuginfo-8.0.28-150400.4.26.1 * php8-embed-debugsource-8.0.28-150400.4.26.1 * php8-sqlite-debuginfo-8.0.28-150400.4.26.1 * php8-bz2-debuginfo-8.0.28-150400.4.26.1 * php8-fpm-8.0.28-150400.4.26.1 * php8-dom-8.0.28-150400.4.26.1 * php8-fileinfo-debuginfo-8.0.28-150400.4.26.1 * php8-gmp-8.0.28-150400.4.26.1 * php8-zip-debuginfo-8.0.28-150400.4.26.1 * apache2-mod_php8-debuginfo-8.0.28-150400.4.26.1 * php8-ctype-8.0.28-150400.4.26.1 * php8-exif-debuginfo-8.0.28-150400.4.26.1 * php8-curl-8.0.28-150400.4.26.1 * php8-pgsql-8.0.28-150400.4.26.1 * php8-xsl-debuginfo-8.0.28-150400.4.26.1 * php8-zlib-8.0.28-150400.4.26.1 * php8-sqlite-8.0.28-150400.4.26.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0568.html * https://www.suse.com/security/cve/CVE-2023-0662.html * https://bugzilla.suse.com/show_bug.cgi?id=1208366 * https://bugzilla.suse.com/show_bug.cgi?id=1208367 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Feb 27 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Feb 2023 16:30:07 -0000 Subject: SUSE-SU-2023:0526-1: moderate: Security update for tpm2-0-tss Message-ID: <167751540723.19451.11815922100389548213@smelt2.suse.de> # Security update for tpm2-0-tss Announcement ID: SUSE-SU-2023:0526-1 Rating: moderate References: * #1207325 Cross-References: * CVE-2023-22745 CVSS scores: * CVE-2023-22745 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-22745 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for tpm2-0-tss fixes the following issues: * CVE-2023-22745: Fixed a memory safety issue that could be exploited by local attackers with TPM access (bsc#1207325). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-526=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-526=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-526=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-526=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-526=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libtss2-sys1-3.1.0-150400.3.3.1 * libtss2-tctildr0-debuginfo-3.1.0-150400.3.3.1 * libtss2-rc0-debuginfo-3.1.0-150400.3.3.1 * libtss2-mu0-debuginfo-3.1.0-150400.3.3.1 * tpm2-0-tss-debugsource-3.1.0-150400.3.3.1 * libtss2-esys0-3.1.0-150400.3.3.1 * libtss2-mu0-3.1.0-150400.3.3.1 * libtss2-fapi1-debuginfo-3.1.0-150400.3.3.1 * libtss2-esys0-debuginfo-3.1.0-150400.3.3.1 * libtss2-rc0-3.1.0-150400.3.3.1 * libtss2-sys1-debuginfo-3.1.0-150400.3.3.1 * tpm2-0-tss-3.1.0-150400.3.3.1 * libtss2-tctildr0-3.1.0-150400.3.3.1 * libtss2-tcti-device0-debuginfo-3.1.0-150400.3.3.1 * libtss2-tcti-device0-3.1.0-150400.3.3.1 * libtss2-fapi1-3.1.0-150400.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libtss2-tcti-pcap0-3.1.0-150400.3.3.1 * libtss2-tcti-pcap0-debuginfo-3.1.0-150400.3.3.1 * libtss2-fapi1-debuginfo-3.1.0-150400.3.3.1 * libtss2-esys0-debuginfo-3.1.0-150400.3.3.1 * tpm2-0-tss-3.1.0-150400.3.3.1 * libtss2-tcti-cmd0-debuginfo-3.1.0-150400.3.3.1 * libtss2-sys1-3.1.0-150400.3.3.1 * libtss2-mu0-debuginfo-3.1.0-150400.3.3.1 * libtss2-tcti-cmd0-3.1.0-150400.3.3.1 * libtss2-tcti-mssim0-3.1.0-150400.3.3.1 * libtss2-fapi1-3.1.0-150400.3.3.1 * tpm2-0-tss-debugsource-3.1.0-150400.3.3.1 * libtss2-tcti-swtpm0-3.1.0-150400.3.3.1 * libtss2-tctildr0-debuginfo-3.1.0-150400.3.3.1 * libtss2-rc0-debuginfo-3.1.0-150400.3.3.1 * libtss2-esys0-3.1.0-150400.3.3.1 * libtss2-mu0-3.1.0-150400.3.3.1 * libtss2-tcti-mssim0-debuginfo-3.1.0-150400.3.3.1 * libtss2-sys1-debuginfo-3.1.0-150400.3.3.1 * libtss2-rc0-3.1.0-150400.3.3.1 * libtss2-tcti-swtpm0-debuginfo-3.1.0-150400.3.3.1 * tpm2-0-tss-devel-3.1.0-150400.3.3.1 * libtss2-tctildr0-3.1.0-150400.3.3.1 * libtss2-tcti-device0-debuginfo-3.1.0-150400.3.3.1 * libtss2-tcti-device0-3.1.0-150400.3.3.1 * openSUSE Leap 15.4 (x86_64) * libtss2-tcti-mssim0-32bit-debuginfo-3.1.0-150400.3.3.1 * libtss2-rc0-32bit-debuginfo-3.1.0-150400.3.3.1 * libtss2-tcti-device0-32bit-3.1.0-150400.3.3.1 * libtss2-fapi1-32bit-debuginfo-3.1.0-150400.3.3.1 * libtss2-rc0-32bit-3.1.0-150400.3.3.1 * libtss2-esys0-32bit-3.1.0-150400.3.3.1 * libtss2-esys0-32bit-debuginfo-3.1.0-150400.3.3.1 * libtss2-tcti-swtpm0-32bit-debuginfo-3.1.0-150400.3.3.1 * libtss2-tcti-mssim0-32bit-3.1.0-150400.3.3.1 * libtss2-tcti-cmd0-32bit-3.1.0-150400.3.3.1 * libtss2-sys1-32bit-debuginfo-3.1.0-150400.3.3.1 * libtss2-mu0-32bit-3.1.0-150400.3.3.1 * libtss2-mu0-32bit-debuginfo-3.1.0-150400.3.3.1 * libtss2-fapi1-32bit-3.1.0-150400.3.3.1 * libtss2-tcti-swtpm0-32bit-3.1.0-150400.3.3.1 * libtss2-sys1-32bit-3.1.0-150400.3.3.1 * libtss2-tcti-device0-32bit-debuginfo-3.1.0-150400.3.3.1 * libtss2-tcti-cmd0-32bit-debuginfo-3.1.0-150400.3.3.1 * libtss2-tctildr0-32bit-debuginfo-3.1.0-150400.3.3.1 * libtss2-tctildr0-32bit-3.1.0-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libtss2-sys1-3.1.0-150400.3.3.1 * libtss2-tctildr0-debuginfo-3.1.0-150400.3.3.1 * libtss2-rc0-debuginfo-3.1.0-150400.3.3.1 * libtss2-mu0-debuginfo-3.1.0-150400.3.3.1 * tpm2-0-tss-debugsource-3.1.0-150400.3.3.1 * libtss2-esys0-3.1.0-150400.3.3.1 * libtss2-mu0-3.1.0-150400.3.3.1 * libtss2-fapi1-debuginfo-3.1.0-150400.3.3.1 * libtss2-esys0-debuginfo-3.1.0-150400.3.3.1 * libtss2-rc0-3.1.0-150400.3.3.1 * libtss2-sys1-debuginfo-3.1.0-150400.3.3.1 * tpm2-0-tss-3.1.0-150400.3.3.1 * libtss2-tctildr0-3.1.0-150400.3.3.1 * libtss2-tcti-device0-debuginfo-3.1.0-150400.3.3.1 * libtss2-tcti-device0-3.1.0-150400.3.3.1 * libtss2-fapi1-3.1.0-150400.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libtss2-sys1-3.1.0-150400.3.3.1 * libtss2-tctildr0-debuginfo-3.1.0-150400.3.3.1 * libtss2-rc0-debuginfo-3.1.0-150400.3.3.1 * libtss2-mu0-debuginfo-3.1.0-150400.3.3.1 * tpm2-0-tss-debugsource-3.1.0-150400.3.3.1 * libtss2-esys0-3.1.0-150400.3.3.1 * libtss2-mu0-3.1.0-150400.3.3.1 * libtss2-fapi1-debuginfo-3.1.0-150400.3.3.1 * libtss2-esys0-debuginfo-3.1.0-150400.3.3.1 * libtss2-rc0-3.1.0-150400.3.3.1 * libtss2-sys1-debuginfo-3.1.0-150400.3.3.1 * tpm2-0-tss-3.1.0-150400.3.3.1 * libtss2-tctildr0-3.1.0-150400.3.3.1 * libtss2-tcti-device0-debuginfo-3.1.0-150400.3.3.1 * libtss2-tcti-device0-3.1.0-150400.3.3.1 * libtss2-fapi1-3.1.0-150400.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libtss2-tcti-pcap0-3.1.0-150400.3.3.1 * libtss2-tcti-pcap0-debuginfo-3.1.0-150400.3.3.1 * libtss2-fapi1-debuginfo-3.1.0-150400.3.3.1 * libtss2-esys0-debuginfo-3.1.0-150400.3.3.1 * tpm2-0-tss-3.1.0-150400.3.3.1 * libtss2-tcti-cmd0-debuginfo-3.1.0-150400.3.3.1 * libtss2-sys1-3.1.0-150400.3.3.1 * libtss2-mu0-debuginfo-3.1.0-150400.3.3.1 * libtss2-tcti-cmd0-3.1.0-150400.3.3.1 * libtss2-tcti-mssim0-3.1.0-150400.3.3.1 * libtss2-fapi1-3.1.0-150400.3.3.1 * tpm2-0-tss-debugsource-3.1.0-150400.3.3.1 * libtss2-tcti-swtpm0-3.1.0-150400.3.3.1 * libtss2-tctildr0-debuginfo-3.1.0-150400.3.3.1 * libtss2-rc0-debuginfo-3.1.0-150400.3.3.1 * libtss2-esys0-3.1.0-150400.3.3.1 * libtss2-mu0-3.1.0-150400.3.3.1 * libtss2-tcti-mssim0-debuginfo-3.1.0-150400.3.3.1 * libtss2-sys1-debuginfo-3.1.0-150400.3.3.1 * libtss2-rc0-3.1.0-150400.3.3.1 * libtss2-tcti-swtpm0-debuginfo-3.1.0-150400.3.3.1 * tpm2-0-tss-devel-3.1.0-150400.3.3.1 * libtss2-tctildr0-3.1.0-150400.3.3.1 * libtss2-tcti-device0-debuginfo-3.1.0-150400.3.3.1 * libtss2-tcti-device0-3.1.0-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22745.html * https://bugzilla.suse.com/show_bug.cgi?id=1207325 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Feb 27 20:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Feb 2023 20:30:03 -0000 Subject: SUSE-SU-2023:0547-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP3) Message-ID: <167752980308.8466.9456701763195862220@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:0547-1 Rating: important References: * #1206314 * #1207139 Cross-References: * CVE-2022-3564 * CVE-2023-0179 CVSS scores: * CVE-2022-3564 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-3564 ( NVD ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-0179 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_54 fixes several issues. The following security issues were fixed: * CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206314). * CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207139). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-548=1 SUSE-SLE- Module-Live-Patching-15-SP3-2023-547=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_54-default-17-150300.2.2 * kernel-livepatch-5_3_18-150300_59_60-default-16-150300.2.2 ## References: * https://www.suse.com/security/cve/CVE-2022-3564.html * https://www.suse.com/security/cve/CVE-2023-0179.html * https://bugzilla.suse.com/show_bug.cgi?id=1206314 * https://bugzilla.suse.com/show_bug.cgi?id=1207139 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Feb 27 20:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Feb 2023 20:30:05 -0000 Subject: SUSE-SU-2023:0552-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP4) Message-ID: <167752980554.8466.8097929685635053877@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP4) Announcement ID: SUSE-SU-2023:0552-1 Rating: important References: * #1206314 Cross-References: * CVE-2022-3564 CVSS scores: * CVE-2022-3564 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-3564 ( NVD ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Live Patching 12-SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.12.14-95_105 fixes one issue. The following security issue was fixed: * CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206314). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP4 zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-552=1 SUSE-SLE-Live- Patching-12-SP4-2023-539=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-540=1 SUSE-SLE-Live- Patching-12-SP5-2023-541=1 SUSE-SLE-Live-Patching-12-SP5-2023-542=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-551=1 * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-550=1 SUSE-SLE- Module-Live-Patching-15-SP2-2023-543=1 SUSE-SLE-Module-Live- Patching-15-SP2-2023-544=1 SUSE-SLE-Module-Live-Patching-15-SP2-2023-545=1 SUSE- SLE-Module-Live-Patching-15-SP2-2023-546=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-95_105-default-7-2.1 * kgraft-patch-4_12_14-95_108-default-5-2.1 * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_124-default-9-2.1 * kgraft-patch-4_12_14-122_136-default-4-2.1 * kgraft-patch-4_12_14-122_130-default-7-2.1 * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_111-default-12-150100.2.2 * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_115-default-11-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_27-debugsource-11-150200.2.1 * kernel-livepatch-5_3_18-150200_24_129-default-5-150200.2.1 * kernel-livepatch-5_3_18-150200_24_126-default-debuginfo-8-150200.2.1 * kernel-livepatch-5_3_18-24_107-default-17-150200.2.2 * kernel-livepatch-SLE15-SP2_Update_30-debugsource-5-150200.2.1 * kernel-livepatch-5_3_18-150200_24_129-default-debuginfo-5-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_29-debugsource-8-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_31-debugsource-5-150200.2.1 * kernel-livepatch-5_3_18-150200_24_134-default-5-150200.2.1 * kernel-livepatch-5_3_18-150200_24_115-default-debuginfo-11-150200.2.1 * kernel-livepatch-5_3_18-150200_24_126-default-8-150200.2.1 * kernel-livepatch-5_3_18-24_107-default-debuginfo-17-150200.2.2 * kernel-livepatch-5_3_18-150200_24_134-default-debuginfo-5-150200.2.1 * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le x86_64) * kernel-livepatch-SLE15-SP2_Update_25-debugsource-17-150200.2.2 ## References: * https://www.suse.com/security/cve/CVE-2022-3564.html * https://bugzilla.suse.com/show_bug.cgi?id=1206314 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Feb 27 20:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Feb 2023 20:30:08 -0000 Subject: SUSE-SU-2023:0549-1: moderate: Security update for python3 Message-ID: <167752980817.8466.12473188645657370859@smelt2.suse.de> # Security update for python3 Announcement ID: SUSE-SU-2023:0549-1 Rating: moderate References: * #1205244 * #1208443 Cross-References: * CVE-2022-45061 CVSS scores: * CVE-2022-45061 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-45061 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for python3 fixes the following issues: * CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: * Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-549=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-549=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-549=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-549=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-549=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-549=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-549=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-549=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-549=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * python3-base-debuginfo-3.6.15-150300.10.40.1 * python3-core-debugsource-3.6.15-150300.10.40.1 * python3-3.6.15-150300.10.40.1 * python3-base-3.6.15-150300.10.40.1 * python3-debuginfo-3.6.15-150300.10.40.1 * python3-debugsource-3.6.15-150300.10.40.1 * libpython3_6m1_0-3.6.15-150300.10.40.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.40.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python3-3.6.15-150300.10.40.1 * python3-dbm-3.6.15-150300.10.40.1 * python3-debugsource-3.6.15-150300.10.40.1 * python3-idle-3.6.15-150300.10.40.1 * python3-doc-devhelp-3.6.15-150300.10.40.1 * python3-dbm-debuginfo-3.6.15-150300.10.40.1 * python3-base-3.6.15-150300.10.40.1 * python3-tk-debuginfo-3.6.15-150300.10.40.1 * libpython3_6m1_0-3.6.15-150300.10.40.1 * python3-curses-debuginfo-3.6.15-150300.10.40.1 * python3-devel-debuginfo-3.6.15-150300.10.40.1 * python3-testsuite-3.6.15-150300.10.40.1 * python3-doc-3.6.15-150300.10.40.1 * python3-debuginfo-3.6.15-150300.10.40.1 * python3-tools-3.6.15-150300.10.40.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.40.1 * python3-tk-3.6.15-150300.10.40.1 * python3-base-debuginfo-3.6.15-150300.10.40.1 * python3-core-debugsource-3.6.15-150300.10.40.1 * python3-devel-3.6.15-150300.10.40.1 * python3-testsuite-debuginfo-3.6.15-150300.10.40.1 * python3-curses-3.6.15-150300.10.40.1 * openSUSE Leap 15.4 (x86_64) * libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.40.1 * libpython3_6m1_0-32bit-3.6.15-150300.10.40.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * python3-base-debuginfo-3.6.15-150300.10.40.1 * python3-core-debugsource-3.6.15-150300.10.40.1 * python3-3.6.15-150300.10.40.1 * python3-base-3.6.15-150300.10.40.1 * python3-debuginfo-3.6.15-150300.10.40.1 * python3-debugsource-3.6.15-150300.10.40.1 * libpython3_6m1_0-3.6.15-150300.10.40.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.40.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * python3-base-debuginfo-3.6.15-150300.10.40.1 * python3-core-debugsource-3.6.15-150300.10.40.1 * python3-3.6.15-150300.10.40.1 * python3-base-3.6.15-150300.10.40.1 * python3-debuginfo-3.6.15-150300.10.40.1 * python3-debugsource-3.6.15-150300.10.40.1 * libpython3_6m1_0-3.6.15-150300.10.40.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.40.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-tk-3.6.15-150300.10.40.1 * python3-base-debuginfo-3.6.15-150300.10.40.1 * python3-core-debugsource-3.6.15-150300.10.40.1 * python3-3.6.15-150300.10.40.1 * python3-devel-3.6.15-150300.10.40.1 * python3-dbm-3.6.15-150300.10.40.1 * python3-base-3.6.15-150300.10.40.1 * python3-curses-3.6.15-150300.10.40.1 * python3-debuginfo-3.6.15-150300.10.40.1 * python3-tk-debuginfo-3.6.15-150300.10.40.1 * python3-debugsource-3.6.15-150300.10.40.1 * libpython3_6m1_0-3.6.15-150300.10.40.1 * python3-idle-3.6.15-150300.10.40.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.40.1 * python3-dbm-debuginfo-3.6.15-150300.10.40.1 * python3-curses-debuginfo-3.6.15-150300.10.40.1 * python3-devel-debuginfo-3.6.15-150300.10.40.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-tools-3.6.15-150300.10.40.1 * python3-core-debugsource-3.6.15-150300.10.40.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * python3-tk-3.6.15-150300.10.40.1 * python3-base-debuginfo-3.6.15-150300.10.40.1 * python3-core-debugsource-3.6.15-150300.10.40.1 * python3-3.6.15-150300.10.40.1 * python3-devel-3.6.15-150300.10.40.1 * python3-dbm-3.6.15-150300.10.40.1 * python3-base-3.6.15-150300.10.40.1 * python3-curses-3.6.15-150300.10.40.1 * python3-debuginfo-3.6.15-150300.10.40.1 * python3-tk-debuginfo-3.6.15-150300.10.40.1 * python3-debugsource-3.6.15-150300.10.40.1 * libpython3_6m1_0-3.6.15-150300.10.40.1 * python3-idle-3.6.15-150300.10.40.1 * python3-tools-3.6.15-150300.10.40.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.40.1 * python3-dbm-debuginfo-3.6.15-150300.10.40.1 * python3-curses-debuginfo-3.6.15-150300.10.40.1 * python3-devel-debuginfo-3.6.15-150300.10.40.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * python3-base-debuginfo-3.6.15-150300.10.40.1 * python3-core-debugsource-3.6.15-150300.10.40.1 * python3-3.6.15-150300.10.40.1 * python3-base-3.6.15-150300.10.40.1 * python3-debuginfo-3.6.15-150300.10.40.1 * python3-debugsource-3.6.15-150300.10.40.1 * libpython3_6m1_0-3.6.15-150300.10.40.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.40.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * python3-base-debuginfo-3.6.15-150300.10.40.1 * python3-core-debugsource-3.6.15-150300.10.40.1 * python3-3.6.15-150300.10.40.1 * python3-base-3.6.15-150300.10.40.1 * python3-debuginfo-3.6.15-150300.10.40.1 * python3-debugsource-3.6.15-150300.10.40.1 * libpython3_6m1_0-3.6.15-150300.10.40.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.40.1 ## References: * https://www.suse.com/security/cve/CVE-2022-45061.html * https://bugzilla.suse.com/show_bug.cgi?id=1205244 * https://bugzilla.suse.com/show_bug.cgi?id=1208443 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 28 08:03:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 09:03:27 +0100 (CET) Subject: SUSE-CU-2023:475-1: Security update of suse/389-ds Message-ID: <20230228080327.6FB4EF74A@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:475-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-19.25 , suse/389-ds:latest Container Release : 19.25 Severity : moderate Type : security References : 1205244 1208443 CVE-2022-45061 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:549-1 Released: Mon Feb 27 17:35:07 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1205244,1208443,CVE-2022-45061 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). The following package changes have been done: - python3-base-3.6.15-150300.10.40.1 updated - libpython3_6m1_0-3.6.15-150300.10.40.1 updated From sle-updates at lists.suse.com Tue Feb 28 08:03:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 09:03:56 +0100 (CET) Subject: SUSE-CU-2023:476-1: Security update of bci/nodejs Message-ID: <20230228080356.30C3EF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:476-1 Container Tags : bci/node:14 , bci/node:14-36.39 , bci/nodejs:14 , bci/nodejs:14-36.39 Container Release : 36.39 Severity : moderate Type : security References : 1205244 1208443 CVE-2022-45061 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:549-1 Released: Mon Feb 27 17:35:07 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1205244,1208443,CVE-2022-45061 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.40.1 updated - python3-base-3.6.15-150300.10.40.1 updated From sle-updates at lists.suse.com Tue Feb 28 08:04:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 09:04:27 +0100 (CET) Subject: SUSE-CU-2023:477-1: Security update of bci/python Message-ID: <20230228080427.2938BF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:477-1 Container Tags : bci/python:3 , bci/python:3-34.24 , bci/python:3.6 , bci/python:3.6-34.24 Container Release : 34.24 Severity : moderate Type : security References : 1205244 1208443 CVE-2022-45061 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:549-1 Released: Mon Feb 27 17:35:07 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1205244,1208443,CVE-2022-45061 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.40.1 updated - python3-base-3.6.15-150300.10.40.1 updated - python3-3.6.15-150300.10.40.1 updated - python3-devel-3.6.15-150300.10.40.1 updated From sle-updates at lists.suse.com Tue Feb 28 08:04:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 09:04:29 +0100 (CET) Subject: SUSE-CU-2023:478-1: Security update of suse/sles/15.5/cdi-apiserver Message-ID: <20230228080429.BD515F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-apiserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:478-1 Container Tags : suse/sles/15.5/cdi-apiserver:1.55.0 , suse/sles/15.5/cdi-apiserver:1.55.0-150500.3.10 , suse/sles/15.5/cdi-apiserver:1.55.0.17.139 Container Release : 17.139 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-apiserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libz1-1.2.13-150500.1.8 updated - libuuid1-2.37.4-150500.7.3 updated - libsmartcols1-2.37.4-150500.7.3 updated - libblkid1-2.37.4-150500.7.3 updated - libgcrypt20-1.9.4-150500.10.9 updated - libgcrypt20-hmac-1.9.4-150500.10.9 updated - libfdisk1-2.37.4-150500.7.3 updated - libopenssl1_1-1.1.1l-150500.12.2 updated - libopenssl1_1-hmac-1.1.1l-150500.12.2 updated - libmount1-2.37.4-150500.7.3 updated - krb5-1.20.1-150500.1.1 updated - libcurl4-7.79.1-150400.5.15.1 updated - sles-release-15.5-150500.29.1 updated - util-linux-2.37.4-150500.7.3 updated - containerized-data-importer-api-1.55.0-150500.3.10 updated - container:sles15-image-15.0.0-32.72 updated From sle-updates at lists.suse.com Tue Feb 28 08:04:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 09:04:31 +0100 (CET) Subject: SUSE-CU-2023:479-1: Security update of suse/sles/15.5/cdi-cloner Message-ID: <20230228080431.3C8F5F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-cloner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:479-1 Container Tags : suse/sles/15.5/cdi-cloner:1.55.0 , suse/sles/15.5/cdi-cloner:1.55.0-150500.3.10 , suse/sles/15.5/cdi-cloner:1.55.0.17.138 Container Release : 17.138 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-cloner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libz1-1.2.13-150500.1.8 updated - libuuid1-2.37.4-150500.7.3 updated - libsmartcols1-2.37.4-150500.7.3 updated - libblkid1-2.37.4-150500.7.3 updated - libgcrypt20-1.9.4-150500.10.9 updated - libgcrypt20-hmac-1.9.4-150500.10.9 updated - libfdisk1-2.37.4-150500.7.3 updated - libopenssl1_1-1.1.1l-150500.12.2 updated - libopenssl1_1-hmac-1.1.1l-150500.12.2 updated - libmount1-2.37.4-150500.7.3 updated - krb5-1.20.1-150500.1.1 updated - libcurl4-7.79.1-150400.5.15.1 updated - sles-release-15.5-150500.29.1 updated - util-linux-2.37.4-150500.7.3 updated - curl-7.79.1-150400.5.15.1 updated - containerized-data-importer-cloner-1.55.0-150500.3.10 updated - container:sles15-image-15.0.0-32.72 updated From sle-updates at lists.suse.com Tue Feb 28 08:04:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 09:04:32 +0100 (CET) Subject: SUSE-CU-2023:480-1: Security update of suse/sles/15.5/cdi-controller Message-ID: <20230228080432.A29DEF74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:480-1 Container Tags : suse/sles/15.5/cdi-controller:1.55.0 , suse/sles/15.5/cdi-controller:1.55.0-150500.3.10 , suse/sles/15.5/cdi-controller:1.55.0.17.139 Container Release : 17.139 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libz1-1.2.13-150500.1.8 updated - libuuid1-2.37.4-150500.7.3 updated - libsmartcols1-2.37.4-150500.7.3 updated - libblkid1-2.37.4-150500.7.3 updated - libgcrypt20-1.9.4-150500.10.9 updated - libgcrypt20-hmac-1.9.4-150500.10.9 updated - libfdisk1-2.37.4-150500.7.3 updated - libopenssl1_1-1.1.1l-150500.12.2 updated - libopenssl1_1-hmac-1.1.1l-150500.12.2 updated - libmount1-2.37.4-150500.7.3 updated - krb5-1.20.1-150500.1.1 updated - libcurl4-7.79.1-150400.5.15.1 updated - sles-release-15.5-150500.29.1 updated - util-linux-2.37.4-150500.7.3 updated - containerized-data-importer-controller-1.55.0-150500.3.10 updated - container:sles15-image-15.0.0-32.72 updated From sle-updates at lists.suse.com Tue Feb 28 08:04:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 09:04:34 +0100 (CET) Subject: SUSE-CU-2023:481-1: Security update of suse/sles/15.5/cdi-importer Message-ID: <20230228080434.37FCDF74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-importer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:481-1 Container Tags : suse/sles/15.5/cdi-importer:1.55.0 , suse/sles/15.5/cdi-importer:1.55.0-150500.3.10 , suse/sles/15.5/cdi-importer:1.55.0.17.185 Container Release : 17.185 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-importer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libz1-1.2.13-150500.1.8 updated - libuuid1-2.37.4-150500.7.3 updated - libsmartcols1-2.37.4-150500.7.3 updated - libblkid1-2.37.4-150500.7.3 updated - libgcrypt20-1.9.4-150500.10.9 updated - libgcrypt20-hmac-1.9.4-150500.10.9 updated - libfdisk1-2.37.4-150500.7.3 updated - libopenssl1_1-1.1.1l-150500.12.2 updated - libopenssl1_1-hmac-1.1.1l-150500.12.2 updated - libmount1-2.37.4-150500.7.3 updated - krb5-1.20.1-150500.1.1 updated - libcurl4-7.79.1-150400.5.15.1 updated - sles-release-15.5-150500.29.1 updated - util-linux-2.37.4-150500.7.3 updated - curl-7.79.1-150400.5.15.1 updated - libnettle8-3.8.1-150500.2.15 updated - qemu-block-curl-7.1.0-150500.45.1 updated - libhogweed6-3.8.1-150500.2.15 updated - qemu-tools-7.1.0-150500.45.1 updated - containerized-data-importer-importer-1.55.0-150500.3.10 updated - container:sles15-image-15.0.0-32.72 updated From sle-updates at lists.suse.com Tue Feb 28 08:04:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 09:04:35 +0100 (CET) Subject: SUSE-CU-2023:482-1: Security update of suse/sles/15.5/cdi-operator Message-ID: <20230228080435.A1F04F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:482-1 Container Tags : suse/sles/15.5/cdi-operator:1.55.0 , suse/sles/15.5/cdi-operator:1.55.0-150500.3.10 , suse/sles/15.5/cdi-operator:1.55.0.17.139 Container Release : 17.139 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libz1-1.2.13-150500.1.8 updated - libuuid1-2.37.4-150500.7.3 updated - libsmartcols1-2.37.4-150500.7.3 updated - libblkid1-2.37.4-150500.7.3 updated - libgcrypt20-1.9.4-150500.10.9 updated - libgcrypt20-hmac-1.9.4-150500.10.9 updated - libfdisk1-2.37.4-150500.7.3 updated - libopenssl1_1-1.1.1l-150500.12.2 updated - libopenssl1_1-hmac-1.1.1l-150500.12.2 updated - libmount1-2.37.4-150500.7.3 updated - krb5-1.20.1-150500.1.1 updated - libcurl4-7.79.1-150400.5.15.1 updated - sles-release-15.5-150500.29.1 updated - util-linux-2.37.4-150500.7.3 updated - containerized-data-importer-operator-1.55.0-150500.3.10 updated - container:sles15-image-15.0.0-32.72 updated From sle-updates at lists.suse.com Tue Feb 28 08:04:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 09:04:37 +0100 (CET) Subject: SUSE-CU-2023:483-1: Security update of suse/sles/15.5/cdi-uploadproxy Message-ID: <20230228080437.170C7F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-uploadproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:483-1 Container Tags : suse/sles/15.5/cdi-uploadproxy:1.55.0 , suse/sles/15.5/cdi-uploadproxy:1.55.0-150500.3.10 , suse/sles/15.5/cdi-uploadproxy:1.55.0.17.139 Container Release : 17.139 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-uploadproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libz1-1.2.13-150500.1.8 updated - libuuid1-2.37.4-150500.7.3 updated - libsmartcols1-2.37.4-150500.7.3 updated - libblkid1-2.37.4-150500.7.3 updated - libgcrypt20-1.9.4-150500.10.9 updated - libgcrypt20-hmac-1.9.4-150500.10.9 updated - libfdisk1-2.37.4-150500.7.3 updated - libopenssl1_1-1.1.1l-150500.12.2 updated - libopenssl1_1-hmac-1.1.1l-150500.12.2 updated - libmount1-2.37.4-150500.7.3 updated - krb5-1.20.1-150500.1.1 updated - libcurl4-7.79.1-150400.5.15.1 updated - sles-release-15.5-150500.29.1 updated - util-linux-2.37.4-150500.7.3 updated - containerized-data-importer-uploadproxy-1.55.0-150500.3.10 updated - container:sles15-image-15.0.0-32.72 updated From sle-updates at lists.suse.com Tue Feb 28 08:04:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 09:04:38 +0100 (CET) Subject: SUSE-CU-2023:484-1: Security update of suse/sles/15.5/cdi-uploadserver Message-ID: <20230228080438.81DFEF74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-uploadserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:484-1 Container Tags : suse/sles/15.5/cdi-uploadserver:1.55.0 , suse/sles/15.5/cdi-uploadserver:1.55.0-150500.3.10 , suse/sles/15.5/cdi-uploadserver:1.55.0.17.184 Container Release : 17.184 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-uploadserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libz1-1.2.13-150500.1.8 updated - libuuid1-2.37.4-150500.7.3 updated - libsmartcols1-2.37.4-150500.7.3 updated - libblkid1-2.37.4-150500.7.3 updated - libgcrypt20-1.9.4-150500.10.9 updated - libgcrypt20-hmac-1.9.4-150500.10.9 updated - libfdisk1-2.37.4-150500.7.3 updated - libopenssl1_1-1.1.1l-150500.12.2 updated - libopenssl1_1-hmac-1.1.1l-150500.12.2 updated - libmount1-2.37.4-150500.7.3 updated - krb5-1.20.1-150500.1.1 updated - libcurl4-7.79.1-150400.5.15.1 updated - sles-release-15.5-150500.29.1 updated - util-linux-2.37.4-150500.7.3 updated - curl-7.79.1-150400.5.15.1 updated - libnettle8-3.8.1-150500.2.15 updated - libhogweed6-3.8.1-150500.2.15 updated - qemu-tools-7.1.0-150500.45.1 updated - containerized-data-importer-uploadserver-1.55.0-150500.3.10 updated - container:sles15-image-15.0.0-32.72 updated From sle-updates at lists.suse.com Tue Feb 28 08:04:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 09:04:41 +0100 (CET) Subject: SUSE-CU-2023:485-1: Security update of suse/sles/15.5/virt-api Message-ID: <20230228080441.7502AF74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:485-1 Container Tags : suse/sles/15.5/virt-api:0.58.0 , suse/sles/15.5/virt-api:0.58.0-150500.4.9 , suse/sles/15.5/virt-api:0.58.0.17.162 Container Release : 17.162 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container suse/sles/15.5/virt-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libz1-1.2.13-150500.1.8 updated - libuuid1-2.37.4-150500.7.3 updated - libsmartcols1-2.37.4-150500.7.3 updated - libblkid1-2.37.4-150500.7.3 updated - libgcrypt20-1.9.4-150500.10.9 updated - libgcrypt20-hmac-1.9.4-150500.10.9 updated - libfdisk1-2.37.4-150500.7.3 updated - libopenssl1_1-1.1.1l-150500.12.2 updated - libopenssl1_1-hmac-1.1.1l-150500.12.2 updated - libmount1-2.37.4-150500.7.3 updated - krb5-1.20.1-150500.1.1 updated - libcurl4-7.79.1-150400.5.15.1 updated - sles-release-15.5-150500.29.1 updated - util-linux-2.37.4-150500.7.3 updated - kubevirt-virt-api-0.58.0-150500.4.9 updated - container:sles15-image-15.0.0-32.72 updated From sle-updates at lists.suse.com Tue Feb 28 08:04:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 09:04:43 +0100 (CET) Subject: SUSE-CU-2023:486-1: Security update of suse/sles/15.5/virt-controller Message-ID: <20230228080443.051D8F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:486-1 Container Tags : suse/sles/15.5/virt-controller:0.58.0 , suse/sles/15.5/virt-controller:0.58.0-150500.4.9 , suse/sles/15.5/virt-controller:0.58.0.17.162 Container Release : 17.162 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container suse/sles/15.5/virt-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libz1-1.2.13-150500.1.8 updated - libuuid1-2.37.4-150500.7.3 updated - libsmartcols1-2.37.4-150500.7.3 updated - libblkid1-2.37.4-150500.7.3 updated - libgcrypt20-1.9.4-150500.10.9 updated - libgcrypt20-hmac-1.9.4-150500.10.9 updated - libfdisk1-2.37.4-150500.7.3 updated - libopenssl1_1-1.1.1l-150500.12.2 updated - libopenssl1_1-hmac-1.1.1l-150500.12.2 updated - libmount1-2.37.4-150500.7.3 updated - krb5-1.20.1-150500.1.1 updated - libcurl4-7.79.1-150400.5.15.1 updated - sles-release-15.5-150500.29.1 updated - util-linux-2.37.4-150500.7.3 updated - kubevirt-virt-controller-0.58.0-150500.4.9 updated - container:sles15-image-15.0.0-32.72 updated From sle-updates at lists.suse.com Tue Feb 28 08:04:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 09:04:44 +0100 (CET) Subject: SUSE-CU-2023:487-1: Security update of suse/sles/15.5/virt-exportproxy Message-ID: <20230228080444.7228AF74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-exportproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:487-1 Container Tags : suse/sles/15.5/virt-exportproxy:0.58.0 , suse/sles/15.5/virt-exportproxy:0.58.0-150500.4.9 , suse/sles/15.5/virt-exportproxy:0.58.0.1.160 Container Release : 1.160 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container suse/sles/15.5/virt-exportproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libz1-1.2.13-150500.1.8 updated - libuuid1-2.37.4-150500.7.3 updated - libsmartcols1-2.37.4-150500.7.3 updated - libblkid1-2.37.4-150500.7.3 updated - libgcrypt20-1.9.4-150500.10.9 updated - libgcrypt20-hmac-1.9.4-150500.10.9 updated - libfdisk1-2.37.4-150500.7.3 updated - libopenssl1_1-1.1.1l-150500.12.2 updated - libopenssl1_1-hmac-1.1.1l-150500.12.2 updated - libmount1-2.37.4-150500.7.3 updated - krb5-1.20.1-150500.1.1 updated - libcurl4-7.79.1-150400.5.15.1 updated - sles-release-15.5-150500.29.1 updated - util-linux-2.37.4-150500.7.3 updated - kubevirt-virt-exportproxy-0.58.0-150500.4.9 updated - container:sles15-image-15.0.0-32.72 updated From sle-updates at lists.suse.com Tue Feb 28 08:04:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 09:04:45 +0100 (CET) Subject: SUSE-CU-2023:488-1: Security update of suse/sles/15.5/virt-exportserver Message-ID: <20230228080445.DDE91F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-exportserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:488-1 Container Tags : suse/sles/15.5/virt-exportserver:0.58.0 , suse/sles/15.5/virt-exportserver:0.58.0-150500.4.9 , suse/sles/15.5/virt-exportserver:0.58.0.1.160 Container Release : 1.160 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container suse/sles/15.5/virt-exportserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libz1-1.2.13-150500.1.8 updated - libuuid1-2.37.4-150500.7.3 updated - libsmartcols1-2.37.4-150500.7.3 updated - libblkid1-2.37.4-150500.7.3 updated - libgcrypt20-1.9.4-150500.10.9 updated - libgcrypt20-hmac-1.9.4-150500.10.9 updated - libfdisk1-2.37.4-150500.7.3 updated - libopenssl1_1-1.1.1l-150500.12.2 updated - libopenssl1_1-hmac-1.1.1l-150500.12.2 updated - libmount1-2.37.4-150500.7.3 updated - krb5-1.20.1-150500.1.1 updated - libcurl4-7.79.1-150400.5.15.1 updated - sles-release-15.5-150500.29.1 updated - util-linux-2.37.4-150500.7.3 updated - kubevirt-virt-exportserver-0.58.0-150500.4.9 updated - container:sles15-image-15.0.0-32.72 updated From sle-updates at lists.suse.com Tue Feb 28 08:04:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 09:04:47 +0100 (CET) Subject: SUSE-CU-2023:489-1: Security update of suse/sles/15.5/virt-handler Message-ID: <20230228080447.5D5EBF74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:489-1 Container Tags : suse/sles/15.5/virt-handler:0.58.0 , suse/sles/15.5/virt-handler:0.58.0-150500.4.9 , suse/sles/15.5/virt-handler:0.58.0.18.208 Container Release : 18.208 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container suse/sles/15.5/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libz1-1.2.13-150500.1.8 updated - libuuid1-2.37.4-150500.7.3 updated - libsmartcols1-2.37.4-150500.7.3 updated - libblkid1-2.37.4-150500.7.3 updated - libgcrypt20-1.9.4-150500.10.9 updated - libgcrypt20-hmac-1.9.4-150500.10.9 updated - libfdisk1-2.37.4-150500.7.3 updated - libopenssl1_1-1.1.1l-150500.12.2 updated - libopenssl1_1-hmac-1.1.1l-150500.12.2 updated - libmount1-2.37.4-150500.7.3 updated - krb5-1.20.1-150500.1.1 updated - libcurl4-7.79.1-150400.5.15.1 updated - sles-release-15.5-150500.29.1 updated - util-linux-2.37.4-150500.7.3 updated - curl-7.79.1-150400.5.15.1 updated - kubevirt-container-disk-0.58.0-150500.4.9 updated - kubevirt-virt-handler-0.58.0-150500.4.9 updated - libnettle8-3.8.1-150500.2.15 updated - libhogweed6-3.8.1-150500.2.15 updated - qemu-tools-7.1.0-150500.45.1 updated - container:sles15-image-15.0.0-32.72 updated From sle-updates at lists.suse.com Tue Feb 28 08:04:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 09:04:49 +0100 (CET) Subject: SUSE-CU-2023:490-1: Security update of suse/sles/15.5/virt-launcher Message-ID: <20230228080449.066B7F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:490-1 Container Tags : suse/sles/15.5/virt-launcher:0.58.0 , suse/sles/15.5/virt-launcher:0.58.0-150500.4.9 , suse/sles/15.5/virt-launcher:0.58.0.20.59 Container Release : 20.59 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container suse/sles/15.5/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libz1-1.2.13-150500.1.8 updated - libuuid1-2.37.4-150500.7.3 updated - libsmartcols1-2.37.4-150500.7.3 updated - libblkid1-2.37.4-150500.7.3 updated - libgcrypt20-1.9.4-150500.10.9 updated - libgcrypt20-hmac-1.9.4-150500.10.9 updated - libfdisk1-2.37.4-150500.7.3 updated - libopenssl1_1-1.1.1l-150500.12.2 updated - libopenssl1_1-hmac-1.1.1l-150500.12.2 updated - libmount1-2.37.4-150500.7.3 updated - krb5-1.20.1-150500.1.1 updated - libcurl4-7.79.1-150400.5.15.1 updated - sles-release-15.5-150500.29.1 updated - util-linux-2.37.4-150500.7.3 updated - curl-7.79.1-150400.5.15.1 updated - kubevirt-container-disk-0.58.0-150500.4.9 updated - libnettle8-3.8.1-150500.2.15 updated - qemu-accel-tcg-x86-7.1.0-150500.45.1 updated - qemu-ipxe-1.0.0+-150500.45.1 updated - qemu-seabios-1.16.0_0_gd239552-150500.45.1 updated - qemu-sgabios-8-150500.45.1 updated - qemu-vgabios-1.16.0_0_gd239552-150500.45.1 updated - libhogweed6-3.8.1-150500.2.15 updated - qemu-hw-usb-redirect-7.1.0-150500.45.1 updated - xen-libs-4.17.0_04-150500.1.1 updated - qemu-tools-7.1.0-150500.45.1 updated - kubevirt-virt-launcher-0.58.0-150500.4.9 updated - qemu-ovmf-x86_64-202208-150500.3.1 updated - qemu-x86-7.1.0-150500.45.1 updated - qemu-7.1.0-150500.45.1 updated - container:sles15-image-15.0.0-32.72 updated From sle-updates at lists.suse.com Tue Feb 28 08:04:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 09:04:50 +0100 (CET) Subject: SUSE-CU-2023:491-1: Security update of suse/sles/15.5/libguestfs-tools Message-ID: <20230228080450.C9B67F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:491-1 Container Tags : suse/sles/15.5/libguestfs-tools:0.58.0 , suse/sles/15.5/libguestfs-tools:0.58.0-150500.4.9 , suse/sles/15.5/libguestfs-tools:0.58.0.17.153 Container Release : 17.153 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container suse/sles/15.5/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libz1-1.2.13-150500.1.8 updated - libuuid1-2.37.4-150500.7.3 updated - libsmartcols1-2.37.4-150500.7.3 updated - libblkid1-2.37.4-150500.7.3 updated - libgcrypt20-1.9.4-150500.10.9 updated - libgcrypt20-hmac-1.9.4-150500.10.9 updated - libfdisk1-2.37.4-150500.7.3 updated - libopenssl1_1-1.1.1l-150500.12.2 updated - libopenssl1_1-hmac-1.1.1l-150500.12.2 updated - libmount1-2.37.4-150500.7.3 updated - krb5-1.20.1-150500.1.1 updated - libcurl4-7.79.1-150400.5.15.1 updated - sles-release-15.5-150500.29.1 updated - util-linux-2.37.4-150500.7.3 updated - curl-7.79.1-150400.5.15.1 updated - libnettle8-3.8.1-150500.2.15 updated - mdadm-4.2-150500.1.12 updated - qemu-accel-tcg-x86-7.1.0-150500.45.1 updated - qemu-ipxe-1.0.0+-150500.45.1 updated - qemu-seabios-1.16.0_0_gd239552-150500.45.1 updated - qemu-sgabios-8-150500.45.1 updated - qemu-vgabios-1.16.0_0_gd239552-150500.45.1 updated - libhogweed6-3.8.1-150500.2.15 updated - xen-libs-4.17.0_04-150500.1.1 updated - qemu-tools-7.1.0-150500.45.1 updated - dracut-mkinitrd-deprecated-055+suse.345.g8b8708cb-150500.1.5 updated - dracut-055+suse.345.g8b8708cb-150500.1.5 updated - kernel-kvmsmall-5.14.21-150500.41.1 updated - dracut-fips-055+suse.345.g8b8708cb-150500.1.5 updated - qemu-x86-7.1.0-150500.45.1 updated - qemu-7.1.0-150500.45.1 updated - qemu-ovmf-x86_64-202208-150500.3.1 updated - container:sles15-image-15.0.0-32.72 updated From sle-updates at lists.suse.com Tue Feb 28 08:04:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 09:04:52 +0100 (CET) Subject: SUSE-CU-2023:492-1: Security update of suse/sles/15.5/virt-operator Message-ID: <20230228080452.56A2AF74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:492-1 Container Tags : suse/sles/15.5/virt-operator:0.58.0 , suse/sles/15.5/virt-operator:0.58.0-150500.4.9 , suse/sles/15.5/virt-operator:0.58.0.17.162 Container Release : 17.162 Severity : important Type : security References : 1207990 1207991 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container suse/sles/15.5/virt-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libz1-1.2.13-150500.1.8 updated - libuuid1-2.37.4-150500.7.3 updated - libsmartcols1-2.37.4-150500.7.3 updated - libblkid1-2.37.4-150500.7.3 updated - libgcrypt20-1.9.4-150500.10.9 updated - libgcrypt20-hmac-1.9.4-150500.10.9 updated - libfdisk1-2.37.4-150500.7.3 updated - libopenssl1_1-1.1.1l-150500.12.2 updated - libopenssl1_1-hmac-1.1.1l-150500.12.2 updated - libmount1-2.37.4-150500.7.3 updated - krb5-1.20.1-150500.1.1 updated - libcurl4-7.79.1-150400.5.15.1 updated - sles-release-15.5-150500.29.1 updated - util-linux-2.37.4-150500.7.3 updated - kubevirt-virt-operator-0.58.0-150500.4.9 updated - container:sles15-image-15.0.0-32.72 updated From sle-updates at lists.suse.com Tue Feb 28 08:05:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 09:05:13 +0100 (CET) Subject: SUSE-CU-2023:493-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20230228080513.6CF2AF74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:493-1 Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.354 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.354 Severity : moderate Type : security References : 1205244 1208443 CVE-2022-45061 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:549-1 Released: Mon Feb 27 17:35:07 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1205244,1208443,CVE-2022-45061 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.40.1 updated - python3-base-3.6.15-150300.10.40.1 updated From sle-updates at lists.suse.com Tue Feb 28 08:06:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 09:06:14 +0100 (CET) Subject: SUSE-CU-2023:495-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230228080614.21066F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:495-1 Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.176 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.176 Severity : moderate Type : security References : 1205244 1208443 CVE-2022-45061 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:549-1 Released: Mon Feb 27 17:35:07 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1205244,1208443,CVE-2022-45061 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.40.1 updated - python3-base-3.6.15-150300.10.40.1 updated From sle-updates at lists.suse.com Tue Feb 28 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 12:30:02 -0000 Subject: SUSE-SU-2023:0564-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP3) Message-ID: <167758740210.5941.5946629871941941183@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:0564-1 Rating: important References: * #1207139 Cross-References: * CVE-2023-0179 CVSS scores: * CVE-2023-0179 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_109 fixes one issue. The following security issue was fixed: * CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207139). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-564=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_109-default-2-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0179.html * https://bugzilla.suse.com/show_bug.cgi?id=1207139 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 28 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 12:30:04 -0000 Subject: SUSE-SU-2023:0562-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP3) Message-ID: <167758740487.5941.14800995136375249603@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:0562-1 Rating: important References: * #1206314 * #1207139 Cross-References: * CVE-2022-3564 * CVE-2023-0179 CVSS scores: * CVE-2022-3564 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-3564 ( NVD ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-0179 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_90 fixes several issues. The following security issues were fixed: * CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206314). * CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207139). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-561=1 SUSE-SLE- Module-Live-Patching-15-SP3-2023-562=1 SUSE-SLE-Module-Live- Patching-15-SP3-2023-570=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_90-default-8-150300.2.1 * kernel-livepatch-5_3_18-150300_59_98-default-5-150300.2.1 * kernel-livepatch-5_3_18-150300_59_93-default-7-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-3564.html * https://www.suse.com/security/cve/CVE-2023-0179.html * https://bugzilla.suse.com/show_bug.cgi?id=1206314 * https://bugzilla.suse.com/show_bug.cgi?id=1207139 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 28 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 12:30:07 -0000 Subject: SUSE-SU-2023:0560-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP5) Message-ID: <167758740737.5941.14045799486789055863@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:0560-1 Rating: important References: * #1206314 Cross-References: * CVE-2022-3564 CVSS scores: * CVE-2022-3564 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-3564 ( NVD ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Live Patching 12-SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_133 fixes one issue. The following security issue was fixed: * CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206314). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-555=1 SUSE-SLE-Live- Patching-12-SP5-2023-565=1 SUSE-SLE-Live-Patching-12-SP5-2023-560=1 * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-554=1 * SUSE Linux Enterprise Live Patching 12-SP4 zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-567=1 SUSE-SLE-Live- Patching-12-SP4-2023-566=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_133-default-5-2.1 * kgraft-patch-4_12_14-122_116-default-12-2.2 * kgraft-patch-4_12_14-122_121-default-10-2.2 * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_112-default-13-150200.2.2 * kernel-livepatch-SLE15-SP2_Update_26-debugsource-13-150200.2.2 * kernel-livepatch-5_3_18-150200_24_112-default-debuginfo-13-150200.2.2 * SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-95_102-default-7-2.1 * kgraft-patch-4_12_14-95_96-default-12-2.2 ## References: * https://www.suse.com/security/cve/CVE-2022-3564.html * https://bugzilla.suse.com/show_bug.cgi?id=1206314 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 28 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 12:30:09 -0000 Subject: SUSE-SU-2023:0569-1: important: Security update for postgresql15 Message-ID: <167758740984.5941.5190622485569433861@smelt2.suse.de> # Security update for postgresql15 Announcement ID: SUSE-SU-2023:0569-1 Rating: important References: * #1208102 Cross-References: * CVE-2022-41862 CVSS scores: * CVE-2022-41862 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for postgresql15 fixes the following issues: Update to 15.2: * CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-569=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-569=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-569=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-569=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-569=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-569=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-569=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-569=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-569=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-569=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-569=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-569=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-569=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-569=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-569=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-569=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-569=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * postgresql15-server-15.2-150200.5.6.1 * postgresql15-debugsource-15.2-150200.5.6.1 * postgresql15-test-15.2-150200.5.6.1 * libecpg6-15.2-150200.5.6.1 * postgresql15-devel-15.2-150200.5.6.1 * postgresql15-llvmjit-debuginfo-15.2-150200.5.6.1 * postgresql15-llvmjit-15.2-150200.5.6.1 * libpq5-debuginfo-15.2-150200.5.6.1 * postgresql15-15.2-150200.5.6.1 * postgresql15-debuginfo-15.2-150200.5.6.1 * postgresql15-plperl-debuginfo-15.2-150200.5.6.1 * libpq5-15.2-150200.5.6.1 * postgresql15-plpython-debuginfo-15.2-150200.5.6.1 * postgresql15-contrib-15.2-150200.5.6.1 * postgresql15-devel-debuginfo-15.2-150200.5.6.1 * postgresql15-pltcl-debuginfo-15.2-150200.5.6.1 * postgresql15-server-devel-15.2-150200.5.6.1 * postgresql15-server-devel-debuginfo-15.2-150200.5.6.1 * postgresql15-plpython-15.2-150200.5.6.1 * postgresql15-contrib-debuginfo-15.2-150200.5.6.1 * postgresql15-server-debuginfo-15.2-150200.5.6.1 * postgresql15-llvmjit-devel-15.2-150200.5.6.1 * postgresql15-plperl-15.2-150200.5.6.1 * postgresql15-pltcl-15.2-150200.5.6.1 * libecpg6-debuginfo-15.2-150200.5.6.1 * openSUSE Leap 15.4 (x86_64) * libecpg6-32bit-15.2-150200.5.6.1 * libpq5-32bit-debuginfo-15.2-150200.5.6.1 * libecpg6-32bit-debuginfo-15.2-150200.5.6.1 * libpq5-32bit-15.2-150200.5.6.1 * openSUSE Leap 15.4 (noarch) * postgresql15-docs-15.2-150200.5.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libpq5-debuginfo-15.2-150200.5.6.1 * postgresql15-15.2-150200.5.6.1 * postgresql15-debuginfo-15.2-150200.5.6.1 * libpq5-15.2-150200.5.6.1 * postgresql15-debugsource-15.2-150200.5.6.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql15-llvmjit-devel-15.2-150200.5.6.1 * postgresql15-test-15.2-150200.5.6.1 * postgresql15-llvmjit-debuginfo-15.2-150200.5.6.1 * postgresql15-llvmjit-15.2-150200.5.6.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql15-plpython-15.2-150200.5.6.1 * postgresql15-debuginfo-15.2-150200.5.6.1 * postgresql15-devel-debuginfo-15.2-150200.5.6.1 * postgresql15-pltcl-debuginfo-15.2-150200.5.6.1 * postgresql15-server-debuginfo-15.2-150200.5.6.1 * postgresql15-contrib-debuginfo-15.2-150200.5.6.1 * postgresql15-server-devel-15.2-150200.5.6.1 * postgresql15-server-devel-debuginfo-15.2-150200.5.6.1 * postgresql15-plperl-debuginfo-15.2-150200.5.6.1 * postgresql15-plperl-15.2-150200.5.6.1 * postgresql15-pltcl-15.2-150200.5.6.1 * postgresql15-debugsource-15.2-150200.5.6.1 * postgresql15-plpython-debuginfo-15.2-150200.5.6.1 * libecpg6-debuginfo-15.2-150200.5.6.1 * postgresql15-server-15.2-150200.5.6.1 * libecpg6-15.2-150200.5.6.1 * postgresql15-devel-15.2-150200.5.6.1 * postgresql15-contrib-15.2-150200.5.6.1 * Server Applications Module 15-SP4 (noarch) * postgresql15-docs-15.2-150200.5.6.1 * Server Applications Module 15-SP4 (ppc64le) * postgresql15-15.2-150200.5.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libecpg6-debuginfo-15.2-150200.5.6.1 * libpq5-debuginfo-15.2-150200.5.6.1 * libecpg6-15.2-150200.5.6.1 * libpq5-15.2-150200.5.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libpq5-32bit-debuginfo-15.2-150200.5.6.1 * libpq5-32bit-15.2-150200.5.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * postgresql15-server-15.2-150200.5.6.1 * postgresql15-debugsource-15.2-150200.5.6.1 * libecpg6-15.2-150200.5.6.1 * postgresql15-devel-15.2-150200.5.6.1 * libpq5-debuginfo-15.2-150200.5.6.1 * postgresql15-15.2-150200.5.6.1 * postgresql15-debuginfo-15.2-150200.5.6.1 * postgresql15-plperl-debuginfo-15.2-150200.5.6.1 * libpq5-15.2-150200.5.6.1 * postgresql15-plpython-debuginfo-15.2-150200.5.6.1 * postgresql15-contrib-15.2-150200.5.6.1 * postgresql15-devel-debuginfo-15.2-150200.5.6.1 * postgresql15-pltcl-debuginfo-15.2-150200.5.6.1 * postgresql15-server-devel-15.2-150200.5.6.1 * postgresql15-server-devel-debuginfo-15.2-150200.5.6.1 * postgresql15-plpython-15.2-150200.5.6.1 * postgresql15-contrib-debuginfo-15.2-150200.5.6.1 * postgresql15-server-debuginfo-15.2-150200.5.6.1 * postgresql15-plperl-15.2-150200.5.6.1 * postgresql15-pltcl-15.2-150200.5.6.1 * libecpg6-debuginfo-15.2-150200.5.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * postgresql15-docs-15.2-150200.5.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * postgresql15-server-15.2-150200.5.6.1 * postgresql15-debugsource-15.2-150200.5.6.1 * libecpg6-15.2-150200.5.6.1 * postgresql15-devel-15.2-150200.5.6.1 * libpq5-debuginfo-15.2-150200.5.6.1 * postgresql15-15.2-150200.5.6.1 * postgresql15-debuginfo-15.2-150200.5.6.1 * postgresql15-plperl-debuginfo-15.2-150200.5.6.1 * libpq5-15.2-150200.5.6.1 * postgresql15-plpython-debuginfo-15.2-150200.5.6.1 * postgresql15-contrib-15.2-150200.5.6.1 * postgresql15-devel-debuginfo-15.2-150200.5.6.1 * postgresql15-pltcl-debuginfo-15.2-150200.5.6.1 * postgresql15-server-devel-15.2-150200.5.6.1 * postgresql15-server-devel-debuginfo-15.2-150200.5.6.1 * postgresql15-plpython-15.2-150200.5.6.1 * postgresql15-contrib-debuginfo-15.2-150200.5.6.1 * postgresql15-server-debuginfo-15.2-150200.5.6.1 * postgresql15-plperl-15.2-150200.5.6.1 * postgresql15-pltcl-15.2-150200.5.6.1 * libecpg6-debuginfo-15.2-150200.5.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * postgresql15-docs-15.2-150200.5.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * postgresql15-server-15.2-150200.5.6.1 * postgresql15-debugsource-15.2-150200.5.6.1 * libecpg6-15.2-150200.5.6.1 * postgresql15-devel-15.2-150200.5.6.1 * libpq5-debuginfo-15.2-150200.5.6.1 * postgresql15-15.2-150200.5.6.1 * postgresql15-debuginfo-15.2-150200.5.6.1 * postgresql15-plperl-debuginfo-15.2-150200.5.6.1 * libpq5-15.2-150200.5.6.1 * postgresql15-plpython-debuginfo-15.2-150200.5.6.1 * postgresql15-contrib-15.2-150200.5.6.1 * postgresql15-devel-debuginfo-15.2-150200.5.6.1 * postgresql15-pltcl-debuginfo-15.2-150200.5.6.1 * postgresql15-server-devel-15.2-150200.5.6.1 * postgresql15-server-devel-debuginfo-15.2-150200.5.6.1 * postgresql15-plpython-15.2-150200.5.6.1 * postgresql15-contrib-debuginfo-15.2-150200.5.6.1 * postgresql15-server-debuginfo-15.2-150200.5.6.1 * postgresql15-plperl-15.2-150200.5.6.1 * postgresql15-pltcl-15.2-150200.5.6.1 * libecpg6-debuginfo-15.2-150200.5.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * postgresql15-docs-15.2-150200.5.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libecpg6-debuginfo-15.2-150200.5.6.1 * libpq5-debuginfo-15.2-150200.5.6.1 * libecpg6-15.2-150200.5.6.1 * libpq5-15.2-150200.5.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libpq5-32bit-debuginfo-15.2-150200.5.6.1 * libpq5-32bit-15.2-150200.5.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * postgresql15-server-15.2-150200.5.6.1 * postgresql15-debugsource-15.2-150200.5.6.1 * libecpg6-15.2-150200.5.6.1 * postgresql15-devel-15.2-150200.5.6.1 * libpq5-debuginfo-15.2-150200.5.6.1 * postgresql15-15.2-150200.5.6.1 * postgresql15-debuginfo-15.2-150200.5.6.1 * postgresql15-plperl-debuginfo-15.2-150200.5.6.1 * libpq5-15.2-150200.5.6.1 * postgresql15-plpython-debuginfo-15.2-150200.5.6.1 * postgresql15-contrib-15.2-150200.5.6.1 * postgresql15-devel-debuginfo-15.2-150200.5.6.1 * postgresql15-pltcl-debuginfo-15.2-150200.5.6.1 * postgresql15-server-devel-15.2-150200.5.6.1 * postgresql15-server-devel-debuginfo-15.2-150200.5.6.1 * postgresql15-plpython-15.2-150200.5.6.1 * postgresql15-contrib-debuginfo-15.2-150200.5.6.1 * postgresql15-server-debuginfo-15.2-150200.5.6.1 * postgresql15-plperl-15.2-150200.5.6.1 * postgresql15-pltcl-15.2-150200.5.6.1 * libecpg6-debuginfo-15.2-150200.5.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * postgresql15-docs-15.2-150200.5.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libecpg6-debuginfo-15.2-150200.5.6.1 * libpq5-debuginfo-15.2-150200.5.6.1 * libecpg6-15.2-150200.5.6.1 * libpq5-15.2-150200.5.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libpq5-32bit-debuginfo-15.2-150200.5.6.1 * libpq5-32bit-15.2-150200.5.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * postgresql15-server-15.2-150200.5.6.1 * postgresql15-debugsource-15.2-150200.5.6.1 * libecpg6-15.2-150200.5.6.1 * postgresql15-devel-15.2-150200.5.6.1 * libpq5-debuginfo-15.2-150200.5.6.1 * postgresql15-15.2-150200.5.6.1 * postgresql15-debuginfo-15.2-150200.5.6.1 * postgresql15-plperl-debuginfo-15.2-150200.5.6.1 * libpq5-15.2-150200.5.6.1 * postgresql15-plpython-debuginfo-15.2-150200.5.6.1 * postgresql15-contrib-15.2-150200.5.6.1 * postgresql15-devel-debuginfo-15.2-150200.5.6.1 * postgresql15-pltcl-debuginfo-15.2-150200.5.6.1 * postgresql15-server-devel-15.2-150200.5.6.1 * postgresql15-server-devel-debuginfo-15.2-150200.5.6.1 * postgresql15-plpython-15.2-150200.5.6.1 * postgresql15-contrib-debuginfo-15.2-150200.5.6.1 * postgresql15-server-debuginfo-15.2-150200.5.6.1 * postgresql15-plperl-15.2-150200.5.6.1 * postgresql15-pltcl-15.2-150200.5.6.1 * libecpg6-debuginfo-15.2-150200.5.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * postgresql15-docs-15.2-150200.5.6.1 * SUSE Manager Proxy 4.2 (x86_64) * postgresql15-server-15.2-150200.5.6.1 * postgresql15-debugsource-15.2-150200.5.6.1 * libecpg6-15.2-150200.5.6.1 * postgresql15-devel-15.2-150200.5.6.1 * libpq5-debuginfo-15.2-150200.5.6.1 * postgresql15-15.2-150200.5.6.1 * postgresql15-debuginfo-15.2-150200.5.6.1 * postgresql15-plperl-debuginfo-15.2-150200.5.6.1 * libpq5-15.2-150200.5.6.1 * postgresql15-plpython-debuginfo-15.2-150200.5.6.1 * postgresql15-contrib-15.2-150200.5.6.1 * postgresql15-devel-debuginfo-15.2-150200.5.6.1 * postgresql15-pltcl-debuginfo-15.2-150200.5.6.1 * postgresql15-server-devel-15.2-150200.5.6.1 * postgresql15-server-devel-debuginfo-15.2-150200.5.6.1 * postgresql15-plpython-15.2-150200.5.6.1 * postgresql15-contrib-debuginfo-15.2-150200.5.6.1 * postgresql15-server-debuginfo-15.2-150200.5.6.1 * postgresql15-plperl-15.2-150200.5.6.1 * postgresql15-pltcl-15.2-150200.5.6.1 * libecpg6-debuginfo-15.2-150200.5.6.1 * SUSE Manager Proxy 4.2 (noarch) * postgresql15-docs-15.2-150200.5.6.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * postgresql15-server-15.2-150200.5.6.1 * postgresql15-debugsource-15.2-150200.5.6.1 * libecpg6-15.2-150200.5.6.1 * postgresql15-devel-15.2-150200.5.6.1 * libpq5-debuginfo-15.2-150200.5.6.1 * postgresql15-15.2-150200.5.6.1 * postgresql15-debuginfo-15.2-150200.5.6.1 * postgresql15-plperl-debuginfo-15.2-150200.5.6.1 * libpq5-15.2-150200.5.6.1 * postgresql15-plpython-debuginfo-15.2-150200.5.6.1 * postgresql15-contrib-15.2-150200.5.6.1 * postgresql15-devel-debuginfo-15.2-150200.5.6.1 * postgresql15-pltcl-debuginfo-15.2-150200.5.6.1 * postgresql15-server-devel-15.2-150200.5.6.1 * postgresql15-server-devel-debuginfo-15.2-150200.5.6.1 * postgresql15-plpython-15.2-150200.5.6.1 * postgresql15-contrib-debuginfo-15.2-150200.5.6.1 * postgresql15-server-debuginfo-15.2-150200.5.6.1 * postgresql15-plperl-15.2-150200.5.6.1 * postgresql15-pltcl-15.2-150200.5.6.1 * libecpg6-debuginfo-15.2-150200.5.6.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * postgresql15-docs-15.2-150200.5.6.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * postgresql15-server-15.2-150200.5.6.1 * postgresql15-debugsource-15.2-150200.5.6.1 * libecpg6-15.2-150200.5.6.1 * postgresql15-devel-15.2-150200.5.6.1 * libpq5-debuginfo-15.2-150200.5.6.1 * postgresql15-15.2-150200.5.6.1 * postgresql15-debuginfo-15.2-150200.5.6.1 * postgresql15-plperl-debuginfo-15.2-150200.5.6.1 * libpq5-15.2-150200.5.6.1 * postgresql15-plpython-debuginfo-15.2-150200.5.6.1 * postgresql15-contrib-15.2-150200.5.6.1 * postgresql15-devel-debuginfo-15.2-150200.5.6.1 * postgresql15-pltcl-debuginfo-15.2-150200.5.6.1 * postgresql15-server-devel-15.2-150200.5.6.1 * postgresql15-server-devel-debuginfo-15.2-150200.5.6.1 * postgresql15-plpython-15.2-150200.5.6.1 * postgresql15-contrib-debuginfo-15.2-150200.5.6.1 * postgresql15-server-debuginfo-15.2-150200.5.6.1 * postgresql15-plperl-15.2-150200.5.6.1 * postgresql15-pltcl-15.2-150200.5.6.1 * libecpg6-debuginfo-15.2-150200.5.6.1 * SUSE Manager Server 4.2 (noarch) * postgresql15-docs-15.2-150200.5.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * postgresql15-server-15.2-150200.5.6.1 * postgresql15-debugsource-15.2-150200.5.6.1 * libecpg6-15.2-150200.5.6.1 * postgresql15-devel-15.2-150200.5.6.1 * libpq5-debuginfo-15.2-150200.5.6.1 * postgresql15-15.2-150200.5.6.1 * postgresql15-debuginfo-15.2-150200.5.6.1 * postgresql15-plperl-debuginfo-15.2-150200.5.6.1 * libpq5-15.2-150200.5.6.1 * postgresql15-plpython-debuginfo-15.2-150200.5.6.1 * postgresql15-contrib-15.2-150200.5.6.1 * postgresql15-devel-debuginfo-15.2-150200.5.6.1 * postgresql15-pltcl-debuginfo-15.2-150200.5.6.1 * postgresql15-server-devel-15.2-150200.5.6.1 * postgresql15-server-devel-debuginfo-15.2-150200.5.6.1 * postgresql15-plpython-15.2-150200.5.6.1 * postgresql15-contrib-debuginfo-15.2-150200.5.6.1 * postgresql15-server-debuginfo-15.2-150200.5.6.1 * postgresql15-plperl-15.2-150200.5.6.1 * postgresql15-pltcl-15.2-150200.5.6.1 * libecpg6-debuginfo-15.2-150200.5.6.1 * SUSE Enterprise Storage 7.1 (noarch) * postgresql15-docs-15.2-150200.5.6.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libecpg6-debuginfo-15.2-150200.5.6.1 * libpq5-debuginfo-15.2-150200.5.6.1 * libecpg6-15.2-150200.5.6.1 * libpq5-15.2-150200.5.6.1 * SUSE Enterprise Storage 7 (x86_64) * libpq5-32bit-debuginfo-15.2-150200.5.6.1 * libpq5-32bit-15.2-150200.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2022-41862.html * https://bugzilla.suse.com/show_bug.cgi?id=1208102 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 28 12:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 12:30:13 -0000 Subject: SUSE-SU-2023:0568-1: important: Security update for ucode-intel Message-ID: <167758741315.5941.16288464915393589438@smelt2.suse.de> # Security update for ucode-intel Announcement ID: SUSE-SU-2023:0568-1 Rating: important References: * #1208275 * #1208276 * #1208277 Cross-References: * CVE-2022-21216 * CVE-2022-33196 * CVE-2022-38090 CVSS scores: * CVE-2022-21216 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L * CVE-2022-21216 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L * CVE-2022-33196 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2022-33196 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2022-38090 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2022-38090 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves three vulnerabilities can now be installed. ## Description: This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20230214 release. Security issues fixed: * CVE-2022-38090: Security updates for INTEL-SA-00767 (bsc#1208275) * CVE-2022-33196: Security updates for INTEL-SA-00738 (bsc#1208276) * CVE-2022-21216: Security updates for INTEL-SA-00700 (bsc#1208277) * New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SPR-SP | E2 | 06-8f-05/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-HBM | B3 | 06-8f-08/10 | | 2c000170 | Xeon Max | RPL-P 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-H 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-02/07 | | 0000410e | Core Gen13 * Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-97-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12 | CLX-SP | B0 | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2 | CPX-SP | A1 | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-D | B0 | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3 | JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105 | LKF | B2/B3 | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11 | RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13 | SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-568=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-568=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-568=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-568=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-568=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-568=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-568=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-568=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-568=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-568=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-568=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-568=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-568=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-568=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-568=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-568=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-568=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-568=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-568=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-568=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-568=1 ## Package List: * openSUSE Leap Micro 5.3 (x86_64) * ucode-intel-20230214-150200.21.1 * openSUSE Leap 15.4 (x86_64) * ucode-intel-20230214-150200.21.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * ucode-intel-20230214-150200.21.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * ucode-intel-20230214-150200.21.1 * Basesystem Module 15-SP4 (x86_64) * ucode-intel-20230214-150200.21.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * ucode-intel-20230214-150200.21.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * ucode-intel-20230214-150200.21.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * ucode-intel-20230214-150200.21.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * ucode-intel-20230214-150200.21.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * ucode-intel-20230214-150200.21.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * ucode-intel-20230214-150200.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * ucode-intel-20230214-150200.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * ucode-intel-20230214-150200.21.1 * SUSE Manager Proxy 4.2 (x86_64) * ucode-intel-20230214-150200.21.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * ucode-intel-20230214-150200.21.1 * SUSE Manager Server 4.2 (x86_64) * ucode-intel-20230214-150200.21.1 * SUSE Enterprise Storage 7.1 (x86_64) * ucode-intel-20230214-150200.21.1 * SUSE Enterprise Storage 7 (x86_64) * ucode-intel-20230214-150200.21.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * ucode-intel-20230214-150200.21.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * ucode-intel-20230214-150200.21.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * ucode-intel-20230214-150200.21.1 ## References: * https://www.suse.com/security/cve/CVE-2022-21216.html * https://www.suse.com/security/cve/CVE-2022-33196.html * https://www.suse.com/security/cve/CVE-2022-38090.html * https://bugzilla.suse.com/show_bug.cgi?id=1208275 * https://bugzilla.suse.com/show_bug.cgi?id=1208276 * https://bugzilla.suse.com/show_bug.cgi?id=1208277 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 28 12:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 12:30:16 -0000 Subject: SUSE-RU-2023:0563-1: moderate: Recommended update for openssl-1_1 Message-ID: <167758741614.5941.5491648982100985534@smelt2.suse.de> # Recommended update for openssl-1_1 Announcement ID: SUSE-RU-2023:0563-1 Rating: moderate References: * #1207994 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-563=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-563=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-563=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-563=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-563=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.25.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.25.1 * libopenssl1_1-1.1.1l-150400.7.25.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.25.1 * libopenssl-1_1-devel-1.1.1l-150400.7.25.1 * libopenssl1_1-hmac-1.1.1l-150400.7.25.1 * openssl-1_1-1.1.1l-150400.7.25.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.25.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.25.1 * libopenssl1_1-1.1.1l-150400.7.25.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.25.1 * libopenssl-1_1-devel-1.1.1l-150400.7.25.1 * libopenssl1_1-hmac-1.1.1l-150400.7.25.1 * openssl-1_1-1.1.1l-150400.7.25.1 * openSUSE Leap 15.4 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.25.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.25.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.25.1 * libopenssl1_1-32bit-1.1.1l-150400.7.25.1 * openSUSE Leap 15.4 (noarch) * openssl-1_1-doc-1.1.1l-150400.7.25.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.25.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.25.1 * libopenssl1_1-1.1.1l-150400.7.25.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.25.1 * libopenssl-1_1-devel-1.1.1l-150400.7.25.1 * libopenssl1_1-hmac-1.1.1l-150400.7.25.1 * openssl-1_1-1.1.1l-150400.7.25.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.25.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.25.1 * libopenssl1_1-1.1.1l-150400.7.25.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.25.1 * libopenssl-1_1-devel-1.1.1l-150400.7.25.1 * libopenssl1_1-hmac-1.1.1l-150400.7.25.1 * openssl-1_1-1.1.1l-150400.7.25.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.25.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.25.1 * libopenssl1_1-1.1.1l-150400.7.25.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.25.1 * libopenssl-1_1-devel-1.1.1l-150400.7.25.1 * libopenssl1_1-hmac-1.1.1l-150400.7.25.1 * openssl-1_1-1.1.1l-150400.7.25.1 * Basesystem Module 15-SP4 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.25.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.25.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.25.1 * libopenssl1_1-32bit-1.1.1l-150400.7.25.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207994 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 28 12:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 12:30:20 -0000 Subject: SUSE-RU-2023:0558-1: moderate: Recommended update for strongswan Message-ID: <167758742056.5941.1407891407482818799@smelt2.suse.de> # Recommended update for strongswan Announcement ID: SUSE-RU-2023:0558-1 Rating: moderate References: * #1199205 Affected Products: * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has one recommended fix can now be installed. ## Description: This update for strongswan fixes the following issues: * Fix crash in packet sender in libcharon library caused by marvell-auth-els patch (bsc#1199205) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-558=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-558=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-558=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-558=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-558=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-558=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-558=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-558=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-558=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-558=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-558=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-558=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-558=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * strongswan-5.8.2-150200.11.33.1 * strongswan-debugsource-5.8.2-150200.11.33.1 * strongswan-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-5.8.2-150200.11.33.1 * strongswan-ipsec-5.8.2-150200.11.33.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.33.1 * strongswan-hmac-5.8.2-150200.11.33.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * strongswan-doc-5.8.2-150200.11.33.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * strongswan-5.8.2-150200.11.33.1 * strongswan-debugsource-5.8.2-150200.11.33.1 * strongswan-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-5.8.2-150200.11.33.1 * strongswan-ipsec-5.8.2-150200.11.33.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.33.1 * strongswan-hmac-5.8.2-150200.11.33.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * strongswan-doc-5.8.2-150200.11.33.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * strongswan-5.8.2-150200.11.33.1 * strongswan-debugsource-5.8.2-150200.11.33.1 * strongswan-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-5.8.2-150200.11.33.1 * strongswan-ipsec-5.8.2-150200.11.33.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.33.1 * strongswan-hmac-5.8.2-150200.11.33.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * strongswan-doc-5.8.2-150200.11.33.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * strongswan-5.8.2-150200.11.33.1 * strongswan-debugsource-5.8.2-150200.11.33.1 * strongswan-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-5.8.2-150200.11.33.1 * strongswan-ipsec-5.8.2-150200.11.33.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.33.1 * strongswan-hmac-5.8.2-150200.11.33.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * strongswan-doc-5.8.2-150200.11.33.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * strongswan-5.8.2-150200.11.33.1 * strongswan-debugsource-5.8.2-150200.11.33.1 * strongswan-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-5.8.2-150200.11.33.1 * strongswan-ipsec-5.8.2-150200.11.33.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.33.1 * strongswan-hmac-5.8.2-150200.11.33.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * strongswan-doc-5.8.2-150200.11.33.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * strongswan-5.8.2-150200.11.33.1 * strongswan-debugsource-5.8.2-150200.11.33.1 * strongswan-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-5.8.2-150200.11.33.1 * strongswan-ipsec-5.8.2-150200.11.33.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.33.1 * strongswan-hmac-5.8.2-150200.11.33.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * strongswan-doc-5.8.2-150200.11.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * strongswan-5.8.2-150200.11.33.1 * strongswan-debugsource-5.8.2-150200.11.33.1 * strongswan-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-5.8.2-150200.11.33.1 * strongswan-ipsec-5.8.2-150200.11.33.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.33.1 * strongswan-hmac-5.8.2-150200.11.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * strongswan-doc-5.8.2-150200.11.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * strongswan-5.8.2-150200.11.33.1 * strongswan-debugsource-5.8.2-150200.11.33.1 * strongswan-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-5.8.2-150200.11.33.1 * strongswan-ipsec-5.8.2-150200.11.33.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.33.1 * strongswan-hmac-5.8.2-150200.11.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * strongswan-doc-5.8.2-150200.11.33.1 * SUSE Manager Proxy 4.2 (x86_64) * strongswan-5.8.2-150200.11.33.1 * strongswan-debugsource-5.8.2-150200.11.33.1 * strongswan-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-5.8.2-150200.11.33.1 * strongswan-ipsec-5.8.2-150200.11.33.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.33.1 * strongswan-hmac-5.8.2-150200.11.33.1 * SUSE Manager Proxy 4.2 (noarch) * strongswan-doc-5.8.2-150200.11.33.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * strongswan-5.8.2-150200.11.33.1 * strongswan-debugsource-5.8.2-150200.11.33.1 * strongswan-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-5.8.2-150200.11.33.1 * strongswan-ipsec-5.8.2-150200.11.33.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.33.1 * strongswan-hmac-5.8.2-150200.11.33.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * strongswan-doc-5.8.2-150200.11.33.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * strongswan-5.8.2-150200.11.33.1 * strongswan-debugsource-5.8.2-150200.11.33.1 * strongswan-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-5.8.2-150200.11.33.1 * strongswan-ipsec-5.8.2-150200.11.33.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.33.1 * strongswan-hmac-5.8.2-150200.11.33.1 * SUSE Manager Server 4.2 (noarch) * strongswan-doc-5.8.2-150200.11.33.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * strongswan-5.8.2-150200.11.33.1 * strongswan-debugsource-5.8.2-150200.11.33.1 * strongswan-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-5.8.2-150200.11.33.1 * strongswan-ipsec-5.8.2-150200.11.33.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.33.1 * strongswan-hmac-5.8.2-150200.11.33.1 * SUSE Enterprise Storage 7.1 (noarch) * strongswan-doc-5.8.2-150200.11.33.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * strongswan-5.8.2-150200.11.33.1 * strongswan-debugsource-5.8.2-150200.11.33.1 * strongswan-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-5.8.2-150200.11.33.1 * strongswan-ipsec-5.8.2-150200.11.33.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.33.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.33.1 * strongswan-hmac-5.8.2-150200.11.33.1 * SUSE Enterprise Storage 7 (noarch) * strongswan-doc-5.8.2-150200.11.33.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1199205 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 28 12:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 12:30:22 -0000 Subject: SUSE-SU-2023:0557-1: important: Security update for libxslt Message-ID: <167758742259.5941.15416546496168923582@smelt2.suse.de> # Security update for libxslt Announcement ID: SUSE-SU-2023:0557-1 Rating: important References: * #1208574 Cross-References: * CVE-2021-30560 CVSS scores: * CVE-2021-30560 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2021-30560 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for libxslt fixes the following issues: * CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-557=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-557=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-557=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-557=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-557=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-557=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libxslt1-1.1.34-150400.3.3.1 * libxslt1-debuginfo-1.1.34-150400.3.3.1 * libxslt-debugsource-1.1.34-150400.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libxslt1-1.1.34-150400.3.3.1 * libxslt-devel-1.1.34-150400.3.3.1 * libxslt1-debuginfo-1.1.34-150400.3.3.1 * libxslt-tools-1.1.34-150400.3.3.1 * libxslt-tools-debuginfo-1.1.34-150400.3.3.1 * libxslt-debugsource-1.1.34-150400.3.3.1 * openSUSE Leap 15.4 (x86_64) * libxslt-devel-32bit-1.1.34-150400.3.3.1 * libxslt1-32bit-debuginfo-1.1.34-150400.3.3.1 * libxslt1-32bit-1.1.34-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libxslt1-1.1.34-150400.3.3.1 * libxslt1-debuginfo-1.1.34-150400.3.3.1 * libxslt-debugsource-1.1.34-150400.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libxslt1-1.1.34-150400.3.3.1 * libxslt1-debuginfo-1.1.34-150400.3.3.1 * libxslt-debugsource-1.1.34-150400.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libxslt1-1.1.34-150400.3.3.1 * libxslt-devel-1.1.34-150400.3.3.1 * libxslt1-debuginfo-1.1.34-150400.3.3.1 * libxslt-tools-1.1.34-150400.3.3.1 * libxslt-tools-debuginfo-1.1.34-150400.3.3.1 * libxslt-debugsource-1.1.34-150400.3.3.1 * SUSE Package Hub 15 15-SP4 (x86_64) * libxslt1-32bit-1.1.34-150400.3.3.1 * libxslt1-32bit-debuginfo-1.1.34-150400.3.3.1 * libxslt-debugsource-1.1.34-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2021-30560.html * https://bugzilla.suse.com/show_bug.cgi?id=1208574 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 28 12:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 12:30:25 -0000 Subject: SUSE-SU-2023:0556-1: important: Security update for libxslt Message-ID: <167758742509.5941.10348334521485138903@smelt2.suse.de> # Security update for libxslt Announcement ID: SUSE-SU-2023:0556-1 Rating: important References: * #1208574 Cross-References: * CVE-2021-30560 CVSS scores: * CVE-2021-30560 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2021-30560 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for libxslt fixes the following issues: * CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-556=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-556=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-556=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-556=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-556=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-556=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-556=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-556=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-556=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-556=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libxslt1-1.1.28-17.15.1 * libxslt-tools-1.1.28-17.15.1 * libxslt1-debuginfo-1.1.28-17.15.1 * libxslt1-32bit-1.1.28-17.15.1 * libxslt-debugsource-1.1.28-17.15.1 * libxslt-tools-debuginfo-1.1.28-17.15.1 * libxslt1-debuginfo-32bit-1.1.28-17.15.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libxslt1-1.1.28-17.15.1 * libxslt-tools-1.1.28-17.15.1 * libxslt1-debuginfo-1.1.28-17.15.1 * libxslt1-32bit-1.1.28-17.15.1 * libxslt-debugsource-1.1.28-17.15.1 * libxslt-tools-debuginfo-1.1.28-17.15.1 * libxslt1-debuginfo-32bit-1.1.28-17.15.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * libxslt1-1.1.28-17.15.1 * libxslt-tools-1.1.28-17.15.1 * libxslt1-debuginfo-1.1.28-17.15.1 * libxslt-debugsource-1.1.28-17.15.1 * libxslt-tools-debuginfo-1.1.28-17.15.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libxslt1-debuginfo-32bit-1.1.28-17.15.1 * libxslt1-32bit-1.1.28-17.15.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libxslt-devel-1.1.28-17.15.1 * libxslt-debugsource-1.1.28-17.15.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libxslt1-1.1.28-17.15.1 * libxslt-tools-1.1.28-17.15.1 * libxslt1-debuginfo-1.1.28-17.15.1 * libxslt1-32bit-1.1.28-17.15.1 * libxslt-debugsource-1.1.28-17.15.1 * libxslt-tools-debuginfo-1.1.28-17.15.1 * libxslt1-debuginfo-32bit-1.1.28-17.15.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * libxslt1-1.1.28-17.15.1 * libxslt-tools-1.1.28-17.15.1 * libxslt1-debuginfo-1.1.28-17.15.1 * libxslt-debugsource-1.1.28-17.15.1 * libxslt-tools-debuginfo-1.1.28-17.15.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libxslt1-debuginfo-32bit-1.1.28-17.15.1 * libxslt1-32bit-1.1.28-17.15.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * libxslt1-1.1.28-17.15.1 * libxslt-tools-1.1.28-17.15.1 * libxslt1-debuginfo-1.1.28-17.15.1 * libxslt-debugsource-1.1.28-17.15.1 * libxslt-tools-debuginfo-1.1.28-17.15.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libxslt1-debuginfo-32bit-1.1.28-17.15.1 * libxslt1-32bit-1.1.28-17.15.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libxslt1-1.1.28-17.15.1 * libxslt-tools-1.1.28-17.15.1 * libxslt1-debuginfo-1.1.28-17.15.1 * libxslt-debugsource-1.1.28-17.15.1 * libxslt-tools-debuginfo-1.1.28-17.15.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libxslt1-debuginfo-32bit-1.1.28-17.15.1 * libxslt1-32bit-1.1.28-17.15.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libxslt1-1.1.28-17.15.1 * libxslt-tools-1.1.28-17.15.1 * libxslt1-debuginfo-1.1.28-17.15.1 * libxslt-debugsource-1.1.28-17.15.1 * libxslt-tools-debuginfo-1.1.28-17.15.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libxslt1-debuginfo-32bit-1.1.28-17.15.1 * libxslt1-32bit-1.1.28-17.15.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libxslt1-1.1.28-17.15.1 * libxslt-tools-1.1.28-17.15.1 * libxslt1-debuginfo-1.1.28-17.15.1 * libxslt-debugsource-1.1.28-17.15.1 * libxslt-tools-debuginfo-1.1.28-17.15.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libxslt1-debuginfo-32bit-1.1.28-17.15.1 * libxslt1-32bit-1.1.28-17.15.1 ## References: * https://www.suse.com/security/cve/CVE-2021-30560.html * https://bugzilla.suse.com/show_bug.cgi?id=1208574 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 28 12:30:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 12:30:28 -0000 Subject: SUSE-SU-2023:0553-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP3) Message-ID: <167758742810.5941.3142801453564086643@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:0553-1 Rating: important References: * #1206314 * #1207139 Cross-References: * CVE-2022-3564 * CVE-2023-0179 CVSS scores: * CVE-2022-3564 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-3564 ( NVD ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-0179 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_71 fixes several issues. The following security issues were fixed: * CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206314). * CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207139). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-553=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_71-default-11-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-3564.html * https://www.suse.com/security/cve/CVE-2023-0179.html * https://bugzilla.suse.com/show_bug.cgi?id=1206314 * https://bugzilla.suse.com/show_bug.cgi?id=1207139 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 28 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 16:30:02 -0000 Subject: SUSE-SU-2023:0578-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP3) Message-ID: <167760180286.11205.3362344255666708749@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:0578-1 Rating: important References: * #1206314 * #1207139 Cross-References: * CVE-2022-3564 * CVE-2023-0179 CVSS scores: * CVE-2022-3564 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-3564 ( NVD ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-0179 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_63 fixes several issues. The following security issues were fixed: * CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206314). * CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207139). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-576=1 SUSE-SLE- Module-Live-Patching-15-SP3-2023-575=1 SUSE-SLE-Module-Live- Patching-15-SP3-2023-578=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-571=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_76-default-10-150300.2.1 * kernel-livepatch-5_3_18-150300_59_87-default-9-150300.2.1 * kernel-livepatch-5_3_18-150300_59_68-default-12-150300.2.2 * kernel-livepatch-5_3_18-150300_59_63-default-13-150300.2.2 ## References: * https://www.suse.com/security/cve/CVE-2022-3564.html * https://www.suse.com/security/cve/CVE-2023-0179.html * https://bugzilla.suse.com/show_bug.cgi?id=1206314 * https://bugzilla.suse.com/show_bug.cgi?id=1207139 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 28 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 16:30:03 -0000 Subject: SUSE-RU-2023:0577-1: moderate: Recommended update for cluster-glue Message-ID: <167760180399.11205.11538073826991502867@smelt2.suse.de> # Recommended update for cluster-glue Announcement ID: SUSE-RU-2023:0577-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update of cluster-glue fixes the following issues: * rebuild against the new net-snmp (jsc#SLE-11203). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-577=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-577=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * cluster-glue-1.0.12+v1.git.1587474580.a5fda2bc-150400.12.2.1 * cluster-glue-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150400.12.2.1 * libglue-devel-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150400.12.2.1 * cluster-glue-debugsource-1.0.12+v1.git.1587474580.a5fda2bc-150400.12.2.1 * libglue2-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150400.12.2.1 * libglue-devel-1.0.12+v1.git.1587474580.a5fda2bc-150400.12.2.1 * libglue2-1.0.12+v1.git.1587474580.a5fda2bc-150400.12.2.1 * openSUSE Leap 15.4 (x86_64) * libglue2-32bit-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150400.12.2.1 * libglue-devel-32bit-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150400.12.2.1 * libglue2-32bit-1.0.12+v1.git.1587474580.a5fda2bc-150400.12.2.1 * libglue-devel-32bit-1.0.12+v1.git.1587474580.a5fda2bc-150400.12.2.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * cluster-glue-1.0.12+v1.git.1587474580.a5fda2bc-150400.12.2.1 * cluster-glue-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150400.12.2.1 * libglue-devel-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150400.12.2.1 * cluster-glue-debugsource-1.0.12+v1.git.1587474580.a5fda2bc-150400.12.2.1 * libglue2-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150400.12.2.1 * libglue-devel-1.0.12+v1.git.1587474580.a5fda2bc-150400.12.2.1 * libglue2-1.0.12+v1.git.1587474580.a5fda2bc-150400.12.2.1 ## References: * https://jira.suse.com/browse/SLE-11203 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 28 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 16:30:07 -0000 Subject: SUSE-SU-2023:0573-1: important: Security update for webkit2gtk3 Message-ID: <167760180750.11205.16715900448727645485@smelt2.suse.de> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:0573-1 Rating: important References: * #1206750 * #1207997 * #1208328 Cross-References: * CVE-2022-42826 * CVE-2022-42852 * CVE-2022-42863 * CVE-2022-42867 * CVE-2022-46691 * CVE-2022-46692 * CVE-2022-46698 * CVE-2022-46699 * CVE-2022-46700 * CVE-2023-23517 * CVE-2023-23518 * CVE-2023-23529 CVSS scores: * CVE-2022-42826 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-42852 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2022-42852 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2022-42863 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-42863 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-42867 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-42867 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-46691 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-46691 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-46692 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2022-46692 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2022-46698 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2022-46698 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2022-46699 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-46699 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-46700 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-23517 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-23518 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-23529 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 6 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves 12 vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.38.5 (boo#1208328): * CVE-2023-23529: Fixed possible arbitrary code execution via maliciously crafted web content. Update to version 2.38.4 (boo#1207997): * CVE-2023-23517: Fixed web content processing that could have led to arbitrary code execution. * CVE-2023-23518: Fixed web content processing that could have led to arbitrary code execution. * CVE-2022-42826: Fixed a use-after-free issue that was caused by improper memory management. New CVE and bug references where added for already released updates: Update to version 2.38.3 (boo#1206750): * CVE-2022-42852: Fixed disclosure of process memory by improved memory handling. * CVE-2022-42867: Fixed a use after free issue was addressed with improved memory management. * CVE-2022-46692: Fixed bypass of Same Origin Policy through improved state management. * CVE-2022-46698: Fixed disclosure of sensitive user information with improved checks. * CVE-2022-46699: Fixed an arbitrary code execution caused by memory corruption. * CVE-2022-46700: Fixed a potential arbitrary code execution when processing maliciously crafted web content. Update to version 2.38.1: * CVE-2022-46691: Fixed a potential arbitrary code execution when processing maliciously crafted web content. Update to version 2.38.0: * CVE-2022-42863: Fixed a potential arbitrary code execution when processing maliciously crafted web content. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-573=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-573=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-573=1 * SUSE Enterprise Storage 6 zypper in -t patch SUSE-Storage-6-2023-573=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * webkit2gtk-4_0-injected-bundles-2.38.5-150000.3.134.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.5-150000.3.134.1 * typelib-1_0-WebKit2-4_0-2.38.5-150000.3.134.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.5-150000.3.134.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.5-150000.3.134.1 * typelib-1_0-JavaScriptCore-4_0-2.38.5-150000.3.134.1 * libwebkit2gtk-4_0-37-2.38.5-150000.3.134.1 * webkit2gtk3-debugsource-2.38.5-150000.3.134.1 * webkit2gtk3-devel-2.38.5-150000.3.134.1 * libjavascriptcoregtk-4_0-18-2.38.5-150000.3.134.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.5-150000.3.134.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * libwebkit2gtk3-lang-2.38.5-150000.3.134.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_0-injected-bundles-2.38.5-150000.3.134.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.5-150000.3.134.1 * typelib-1_0-WebKit2-4_0-2.38.5-150000.3.134.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.5-150000.3.134.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.5-150000.3.134.1 * typelib-1_0-JavaScriptCore-4_0-2.38.5-150000.3.134.1 * libwebkit2gtk-4_0-37-2.38.5-150000.3.134.1 * webkit2gtk3-debugsource-2.38.5-150000.3.134.1 * webkit2gtk3-devel-2.38.5-150000.3.134.1 * libjavascriptcoregtk-4_0-18-2.38.5-150000.3.134.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.5-150000.3.134.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * libwebkit2gtk3-lang-2.38.5-150000.3.134.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * webkit2gtk-4_0-injected-bundles-2.38.5-150000.3.134.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.5-150000.3.134.1 * typelib-1_0-WebKit2-4_0-2.38.5-150000.3.134.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.5-150000.3.134.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.5-150000.3.134.1 * typelib-1_0-JavaScriptCore-4_0-2.38.5-150000.3.134.1 * libwebkit2gtk-4_0-37-2.38.5-150000.3.134.1 * webkit2gtk3-debugsource-2.38.5-150000.3.134.1 * webkit2gtk3-devel-2.38.5-150000.3.134.1 * libjavascriptcoregtk-4_0-18-2.38.5-150000.3.134.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.5-150000.3.134.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * libwebkit2gtk3-lang-2.38.5-150000.3.134.1 * SUSE Enterprise Storage 6 (aarch64 x86_64) * webkit2gtk-4_0-injected-bundles-2.38.5-150000.3.134.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.5-150000.3.134.1 * typelib-1_0-WebKit2-4_0-2.38.5-150000.3.134.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.5-150000.3.134.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.5-150000.3.134.1 * typelib-1_0-JavaScriptCore-4_0-2.38.5-150000.3.134.1 * libwebkit2gtk-4_0-37-2.38.5-150000.3.134.1 * webkit2gtk3-debugsource-2.38.5-150000.3.134.1 * webkit2gtk3-devel-2.38.5-150000.3.134.1 * libjavascriptcoregtk-4_0-18-2.38.5-150000.3.134.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.5-150000.3.134.1 * SUSE Enterprise Storage 6 (noarch) * libwebkit2gtk3-lang-2.38.5-150000.3.134.1 * SUSE CaaS Platform 4.0 (x86_64) * webkit2gtk-4_0-injected-bundles-2.38.5-150000.3.134.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.5-150000.3.134.1 * typelib-1_0-WebKit2-4_0-2.38.5-150000.3.134.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.5-150000.3.134.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.5-150000.3.134.1 * typelib-1_0-JavaScriptCore-4_0-2.38.5-150000.3.134.1 * libwebkit2gtk-4_0-37-2.38.5-150000.3.134.1 * webkit2gtk3-debugsource-2.38.5-150000.3.134.1 * webkit2gtk3-devel-2.38.5-150000.3.134.1 * libjavascriptcoregtk-4_0-18-2.38.5-150000.3.134.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.5-150000.3.134.1 * SUSE CaaS Platform 4.0 (noarch) * libwebkit2gtk3-lang-2.38.5-150000.3.134.1 ## References: * https://www.suse.com/security/cve/CVE-2022-42826.html * https://www.suse.com/security/cve/CVE-2022-42852.html * https://www.suse.com/security/cve/CVE-2022-42863.html * https://www.suse.com/security/cve/CVE-2022-42867.html * https://www.suse.com/security/cve/CVE-2022-46691.html * https://www.suse.com/security/cve/CVE-2022-46692.html * https://www.suse.com/security/cve/CVE-2022-46698.html * https://www.suse.com/security/cve/CVE-2022-46699.html * https://www.suse.com/security/cve/CVE-2022-46700.html * https://www.suse.com/security/cve/CVE-2023-23517.html * https://www.suse.com/security/cve/CVE-2023-23518.html * https://www.suse.com/security/cve/CVE-2023-23529.html * https://bugzilla.suse.com/show_bug.cgi?id=1206750 * https://bugzilla.suse.com/show_bug.cgi?id=1207997 * https://bugzilla.suse.com/show_bug.cgi?id=1208328 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 28 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 20:30:02 -0000 Subject: SUSE-SU-2023:0582-1: important: Security update for xterm Message-ID: <167761620255.1866.11981520913635375911@smelt2.suse.de> # Security update for xterm Announcement ID: SUSE-SU-2023:0582-1 Rating: important References: * #1205305 Cross-References: * CVE-2022-45063 CVSS scores: * CVE-2022-45063 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-45063 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for xterm fixes the following issues: * CVE-2022-45063: Fixed command injection in ESC 50 fontoperation by disabling the change font functionality (bsc#1205305). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-582=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-582=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-582=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-582=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-582=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-582=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-582=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-582=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-582=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * xterm-debuginfo-308-5.9.1 * xterm-debugsource-308-5.9.1 * xterm-308-5.9.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * xterm-debuginfo-308-5.9.1 * xterm-debugsource-308-5.9.1 * xterm-308-5.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * xterm-debuginfo-308-5.9.1 * xterm-debugsource-308-5.9.1 * xterm-308-5.9.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * xterm-debuginfo-308-5.9.1 * xterm-debugsource-308-5.9.1 * xterm-308-5.9.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * xterm-debuginfo-308-5.9.1 * xterm-debugsource-308-5.9.1 * xterm-308-5.9.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * xterm-debuginfo-308-5.9.1 * xterm-debugsource-308-5.9.1 * xterm-308-5.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * xterm-debuginfo-308-5.9.1 * xterm-debugsource-308-5.9.1 * xterm-308-5.9.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * xterm-debuginfo-308-5.9.1 * xterm-debugsource-308-5.9.1 * xterm-308-5.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * xterm-debuginfo-308-5.9.1 * xterm-debugsource-308-5.9.1 * xterm-308-5.9.1 ## References: * https://www.suse.com/security/cve/CVE-2022-45063.html * https://bugzilla.suse.com/show_bug.cgi?id=1205305 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 28 20:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 20:30:05 -0000 Subject: SUSE-SU-2023:0581-1: moderate: Security update for compat-openssl098 Message-ID: <167761620544.1866.9665298391062853245@smelt2.suse.de> # Security update for compat-openssl098 Announcement ID: SUSE-SU-2023:0581-1 Rating: moderate References: * #1207534 Cross-References: * CVE-2022-4304 CVSS scores: * CVE-2022-4304 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-4304 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Legacy Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for compat-openssl098 fixes the following issues: * CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Legacy Module 12 zypper in -t patch SUSE-SLE-Module-Legacy-12-2023-581=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-581=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SAP-12-SP5-2023-581=1 ## Package List: * Legacy Module 12 (s390x x86_64) * libopenssl0_9_8-0.9.8j-106.42.1 * compat-openssl098-debugsource-0.9.8j-106.42.1 * libopenssl0_9_8-32bit-0.9.8j-106.42.1 * libopenssl0_9_8-debuginfo-0.9.8j-106.42.1 * libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.42.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * compat-openssl098-debugsource-0.9.8j-106.42.1 * libopenssl0_9_8-0.9.8j-106.42.1 * libopenssl0_9_8-debuginfo-0.9.8j-106.42.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * compat-openssl098-debugsource-0.9.8j-106.42.1 * libopenssl0_9_8-0.9.8j-106.42.1 * libopenssl0_9_8-debuginfo-0.9.8j-106.42.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4304.html * https://bugzilla.suse.com/show_bug.cgi?id=1207534 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 28 20:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 20:30:06 -0000 Subject: SUSE-RU-2023:0580-1: low: Recommended update for SUSE_SLES_LTSS-EXTREME-CORE-release Message-ID: <167761620673.1866.14985025299319825550@smelt2.suse.de> # Recommended update for SUSE_SLES_LTSS-EXTREME-CORE-release Announcement ID: SUSE-RU-2023:0580-1 Rating: low References: Affected Products: * SUSE Linux Enterprise Server 11 SP4 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 An update that can now be installed. ## Description: This update for SUSE_SLES_LTSS-EXTREME-CORE-release provides the following fix: * Adjust the EOL date for the product. ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-580=1 * SUSE Linux Enterprise Server 11 SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-580=1 ## Package List: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (x86_64) * SUSE_SLES_LTSS-EXTREME-CORE-release-11.4-5.4.1 * SUSE Linux Enterprise Server 11 SP4 (x86_64) * SUSE_SLES_LTSS-EXTREME-CORE-release-11.4-5.4.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Feb 28 20:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Feb 2023 20:30:14 -0000 Subject: SUSE-SU-2023:0579-2: important: Security update for glibc Message-ID: <167761621438.1866.15239053834486910305@smelt2.suse.de> # Security update for glibc Announcement ID: SUSE-SU-2023:0579-2 Rating: important References: * #1018158 * #1178386 * #1179694 * #1179721 * #1181505 * #1182117 Cross-References: * CVE-2019-25013 * CVE-2020-27618 * CVE-2020-29562 * CVE-2020-29573 * CVE-2021-3326 CVSS scores: * CVE-2019-25013 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2019-25013 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-27618 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2020-27618 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-29562 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-29562 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2020-29573 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-29573 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-3326 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-3326 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 11 SP4 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 An update that solves five vulnerabilities and has one fix can now be installed. ## Description: This update for glibc fixes the following issues: Security issues fixed: * CVE-2020-29573: x86: printf was hardened against non-normal long double values (bsc#1179721, BZ #26649) * CVE-2021-3326: Fix assertion failure in gconv ISO-2022-JP-3 module (bsc#1181505, BZ #27256) * CVE-2019-25013: Fix buffer overrun in EUC-KR conversion module (bsc#1182117, BZ #24973) * CVE-2020-27618: Accept redundant shift sequences in IBM1364 iconv (bsc#1178386, BZ #26224) * CVE-2020-29562: Fix incorrect UCS4 inner loop bounds in iconv (bsc#1179694, BZ #26923) * Schedule nscd cache pruning more accurately from re-added values (bsc#1018158) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-579=1 * SUSE Linux Enterprise Server 11 SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-579=1 ## Package List: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (x86_64) * glibc-info-2.11.3-17.110.43.1 * glibc-locale-2.11.3-17.110.43.1 * glibc-html-2.11.3-17.110.43.1 * glibc-i18ndata-2.11.3-17.110.43.1 * glibc-profile-2.11.3-17.110.43.1 * glibc-2.11.3-17.110.43.1 * nscd-2.11.3-17.110.43.1 * glibc-devel-2.11.3-17.110.43.1 * SUSE Linux Enterprise Server 11 SP4 (x86_64) * glibc-info-2.11.3-17.110.43.1 * glibc-locale-2.11.3-17.110.43.1 * glibc-html-2.11.3-17.110.43.1 * glibc-i18ndata-2.11.3-17.110.43.1 * glibc-profile-2.11.3-17.110.43.1 * glibc-2.11.3-17.110.43.1 * nscd-2.11.3-17.110.43.1 * glibc-devel-2.11.3-17.110.43.1 ## References: * https://www.suse.com/security/cve/CVE-2019-25013.html * https://www.suse.com/security/cve/CVE-2020-27618.html * https://www.suse.com/security/cve/CVE-2020-29562.html * https://www.suse.com/security/cve/CVE-2020-29573.html * https://www.suse.com/security/cve/CVE-2021-3326.html * https://bugzilla.suse.com/show_bug.cgi?id=1018158 * https://bugzilla.suse.com/show_bug.cgi?id=1178386 * https://bugzilla.suse.com/show_bug.cgi?id=1179694 * https://bugzilla.suse.com/show_bug.cgi?id=1179721 * https://bugzilla.suse.com/show_bug.cgi?id=1181505 * https://bugzilla.suse.com/show_bug.cgi?id=1182117 -------------- next part -------------- An HTML attachment was scrubbed... URL: