From sle-updates at lists.suse.com Wed Mar 1 08:02:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:02:27 +0100 (CET) Subject: SUSE-CU-2023:496-1: Security update of ses/7.1/cephcsi/cephcsi Message-ID: <20230301080227.E3D27F74A@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:496-1 Container Tags : ses/7.1/cephcsi/cephcsi:3.7.0 , ses/7.1/cephcsi/cephcsi:3.7.0.0.3.2.620 , ses/7.1/cephcsi/cephcsi:latest , ses/7.1/cephcsi/cephcsi:sle15.3.pacific , ses/7.1/cephcsi/cephcsi:v3.7.0 , ses/7.1/cephcsi/cephcsi:v3.7.0.0 Container Release : 3.2.620 Severity : critical Type : security References : 1087072 1101820 1121365 1142579 1149792 1167864 1176785 1177083 1177460 1177460 1178676 1179465 1180995 1181961 1183533 1185597 1185712 1188374 1188607 1190818 1191473 1192439 1193929 1194038 1194530 1194783 1197255 1197592 1197998 1198237 1198472 1198523 1199074 1199467 1199856 1199944 1200723 1200901 1201959 1201978 1202324 1202627 1202750 1202812 1202816 1202966 1202967 1202969 1203046 1203123 1203125 1203201 1203216 1203246 1203652 1203652 1203669 1203681 1203857 1203911 1204111 1204112 1204113 1204137 1204145 1204179 1204211 1204256 1204364 1204366 1204367 1204383 1204423 1204577 1204649 1204690 1204708 1204968 1204986 1205000 1205126 1205156 1205244 1205646 1206212 1206212 1206309 1206337 1206412 1206579 1206622 1206667 1206738 1207082 1207533 1207534 1207536 1207538 1208443 CVE-2016-3709 CVE-2018-10903 CVE-2019-1010204 CVE-2019-18348 CVE-2020-10696 CVE-2020-10735 CVE-2020-25658 CVE-2020-8492 CVE-2021-20206 CVE-2021-22569 CVE-2021-28153 CVE-2021-3530 CVE-2021-3648 CVE-2021-3826 CVE-2021-45078 CVE-2021-46195 CVE-2021-46848 CVE-2022-1664 CVE-2022-1941 CVE-2022-23491 CVE-2022-24761 CVE-2022-27943 CVE-2022-2990 CVE-2022-3171 CVE-2022-32221 CVE-2022-37454 CVE-2022-38126 CVE-2022-38127 CVE-2022-3821 CVE-2022-38533 CVE-2022-40023 CVE-2022-40303 CVE-2022-40304 CVE-2022-40897 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42898 CVE-2022-42969 CVE-2022-4304 CVE-2022-43552 CVE-2022-43680 CVE-2022-43995 CVE-2022-4415 CVE-2022-4450 CVE-2022-45061 CVE-2022-46908 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 CVE-2023-22809 ----------------------------------------------------------------- The container ses/7.1/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3731-1 Released: Tue Oct 25 17:10:20 2022 Summary: Security update for python-waitress Type: security Severity: important References: 1197255,CVE-2022-24761 This update for python-waitress fixes the following issues: - CVE-2022-24761: Fixed a bug to avoid inconsistent interpretation of HTTP requests leading to request smuggling. (bsc#1197255) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3805-1 Released: Thu Oct 27 17:19:46 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3912-1 Released: Tue Nov 8 13:38:11 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3932-1 Released: Thu Nov 10 11:55:12 2022 Summary: Security update for python-rsa Type: security Severity: moderate References: 1178676,CVE-2020-25658 This update for python-rsa fixes the following issues: - CVE-2020-25658: Fixed bleichenbacher timing oracle attack against RSA decryption (bsc#1178676). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3979-1 Released: Tue Nov 15 11:05:22 2022 Summary: Security update for python-Mako Type: security Severity: moderate References: 1203246,CVE-2022-40023 This update for python-Mako fixes the following issues: - CVE-2022-40023: Fixed regular expression Denial of Service when using the Lexer class to parse (bsc#1203246). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3985-1 Released: Tue Nov 15 12:54:11 2022 Summary: Recommended update for python-apipkg Type: recommended Severity: moderate References: 1204145 This update fixes for python3-apipkg the following issues: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4020-1 Released: Wed Nov 16 15:45:13 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1199856,1202627 This update for nfs-utils fixes the following issues: - Fix nfsdcltrack bug that affected non-x86 archs (bsc#1202627) - Ensure sysctl setting work (bsc#1199856) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4044-1 Released: Thu Nov 17 09:07:24 2022 Summary: Security update for python-cryptography, python-cryptography-vectors Type: security Severity: important References: 1101820,1149792,1176785,1177083,CVE-2018-10903 This update for python-cryptography, python-cryptography-vectors fixes the following issues: - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Refresh patches for new version - Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352) - update to 2.9.2 * 2.9.2 - 2020-04-22 - Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15. * 2.9.1 - 2020-04-21 - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g. * 2.9 - 2020-04-02 - BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden. - BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade. - BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed. - Removed support for calling public_bytes() with no arguments, as per our deprecation policy. You must now pass encoding and format. - BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string() returns the RDNs as required by RFC 4514. - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f. - Added support for parsing single_extensions in an OCSP response. - NameAttribute values can now be empty strings. - Add openSSL_111d.patch to make this version of the package compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792. - bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in finalize_with_tag API - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Include in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352) - update to 2.9.2: * updated vectors for the cryptography 2.9.2 testing ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4077-1 Released: Fri Nov 18 15:05:28 2022 Summary: Security update for sudo Type: security Severity: important References: 1190818,1203201,1204986,CVE-2022-43995 This update for sudo fixes the following issues: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a passwor dof seven characters or fewer and using the crypt() password backend (bsc#1204986). - Fix wrong information output in the error message (bsc#1190818). - Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4146-1 Released: Mon Nov 21 09:56:12 2022 Summary: Security update for binutils Type: security Severity: moderate References: 1142579,1185597,1185712,1188374,1191473,1193929,1194783,1197592,1198237,1202816,1202966,1202967,1202969,CVE-2019-1010204,CVE-2021-3530,CVE-2021-3648,CVE-2021-3826,CVE-2021-45078,CVE-2021-46195,CVE-2022-27943,CVE-2022-38126,CVE-2022-38127,CVE-2022-38533 This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE= in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils. * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to 'warn' will generate a warning message whenever any multibyte character is encountered. Using the option to 'warn-sym-only' will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4160-1 Released: Tue Nov 22 10:10:37 2022 Summary: Recommended update for nfsidmap Type: recommended Severity: moderate References: 1200901 This update for nfsidmap fixes the following issues: - Various bugfixes and improvemes from upstream In particular, fixed a crash that can happen when a 'static' mapping is configured. (bsc#1200901) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4270-1 Released: Tue Nov 29 13:20:45 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1198523,1199074,1203216 This update for lvm2 fixes the following issues: - Design changes to avoid kernel panic (bsc#1198523) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4391-1 Released: Fri Dec 9 08:02:23 2022 Summary: Recommended update for libxslt Type: recommended Severity: low References: 1203669 This update for libxslt fixes the following issues: - Fix broken license symlink for libxslt-tools (bsc#1203669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4470-1 Released: Wed Dec 14 06:05:48 2022 Summary: Recommended update for sudo Type: recommended Severity: important References: 1197998 This update for sudo fixes the following issues: - Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update (bsc#1197998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:115-1 Released: Fri Jan 20 10:23:51 2023 Summary: Security update for sudo Type: security Severity: important References: 1207082,CVE-2023-22809 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:139-1 Released: Wed Jan 25 14:41:55 2023 Summary: Security update for python-certifi Type: security Severity: important References: 1206212,CVE-2022-23491 This update for python-certifi fixes the following issues: - remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle certs (bsc#1206212 CVE-2022-23491) - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 - Add removeTrustCor.patch ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:157-1 Released: Thu Jan 26 15:54:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:161-1 Released: Thu Jan 26 18:23:16 2023 Summary: Security update for python-py Type: security Severity: moderate References: 1204364,CVE-2022-42969 This update for python-py fixes the following issues: - CVE-2022-42969: Fixed an excessive resource consumption that could be triggered when interacting with a Subversion repository containing crated data (bsc#1204364). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:174-1 Released: Thu Jan 26 20:52:38 2023 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:176-1 Released: Thu Jan 26 20:56:20 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1206738 This update for permissions fixes the following issues: Update to version 20181225: * Backport postfix permissions to SLE 15 SP2 (bsc#1206738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:198-1 Released: Fri Jan 27 14:26:54 2023 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:223-1 Released: Wed Feb 1 09:36:03 2023 Summary: Security update for python-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:310-1 Released: Tue Feb 7 17:35:34 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:549-1 Released: Mon Feb 27 17:35:07 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1205244,1208443,CVE-2022-45061 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:572-1 Released: Tue Feb 28 13:12:50 2023 Summary: Recommended update for ceph-csi Type: recommended Severity: moderate References: 1203123 This update for ceph-csi fixes the following issues: - Upgrade grpc-go to v1.52.0 to fix grpc/grpc-go#5801 (bsc#1203123) The following package changes have been done: - binutils-2.39-150100.7.40.1 updated - ca-certificates-mozilla-2.60-150200.27.1 updated - ceph-csi-3.7.0.1+git0.6767868-150300.3.6.1 updated - dbus-1-1.12.2-150100.8.14.1 updated - device-mapper-2.03.05_1.02.163-150200.8.49.1 updated - glib2-tools-2.62.6-150200.3.10.1 updated - krb5-1.19.2-150300.10.1 updated - libblkid1-2.36.2-150300.4.32.1 updated - libctf-nobfd0-2.39-150100.7.40.1 updated - libctf0-2.39-150100.7.40.1 updated - libcurl4-7.66.0-150200.4.45.1 updated - libdbus-1-3-1.12.2-150100.8.14.1 updated - libdevmapper-event1_03-2.03.05_1.02.163-150200.8.49.1 updated - libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 updated - libexpat1-2.2.5-150000.3.25.1 updated - libfdisk1-2.36.2-150300.4.32.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libgio-2_0-0-2.62.6-150200.3.10.1 updated - libglib-2_0-0-2.62.6-150200.3.10.1 updated - libgmodule-2_0-0-2.62.6-150200.3.10.1 updated - libgobject-2_0-0-2.62.6-150200.3.10.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libksba8-1.3.5-150000.4.6.1 updated - liblvm2cmd2_03-2.03.05-150200.8.49.1 updated - libmount1-2.36.2-150300.4.32.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.57.1 updated - libopenssl1_1-1.1.1d-150200.11.57.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libpython3_6m1_0-3.6.15-150300.10.40.1 updated - libsmartcols1-2.36.2-150300.4.32.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libsystemd0-246.16-150300.7.57.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-246.16-150300.7.57.1 updated - libuuid1-2.36.2-150300.4.32.1 updated - libxml2-2-2.9.7-150000.3.51.1 updated - libxslt1-1.1.32-150000.3.11.1 updated - libz1-1.2.11-150000.3.39.1 updated - lvm2-2.03.05-150200.8.49.1 updated - nfs-client-2.1.1-150100.10.27.1 updated - nfs-kernel-server-2.1.1-150100.10.27.1 updated - nfsidmap-0.26-150000.3.7.1 updated - openssh-clients-8.4p1-150300.3.15.4 updated - openssh-common-8.4p1-150300.3.15.4 updated - openssh-fips-8.4p1-150300.3.15.4 updated - openssh-server-8.4p1-150300.3.15.4 updated - openssh-8.4p1-150300.3.15.4 updated - openssl-1_1-1.1.1d-150200.11.57.1 updated - pam-1.3.0-150000.6.61.1 updated - permissions-20181225-150200.23.23.1 updated - procps-3.3.15-150000.7.28.1 updated - python3-Mako-1.0.7-150000.3.3.1 updated - python3-apipkg-1.4-150000.3.4.1 updated - python3-base-3.6.15-150300.10.40.1 updated - python3-certifi-2018.1.18-150000.3.3.1 updated - python3-cryptography-2.9.2-150200.13.1 updated - python3-curses-3.6.15-150300.10.40.1 updated - python3-iniconfig-1.1.1-150000.1.9.1 updated - python3-py-1.10.0-150100.5.12.1 updated - python3-rsa-3.4.2-150000.3.7.1 updated - python3-setuptools-40.5.0-150100.6.6.1 updated - python3-waitress-1.4.3-150000.3.6.1 updated - python3-3.6.15-150300.10.40.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - sudo-1.9.5p2-150300.3.19.1 updated - systemd-246.16-150300.7.57.1 updated - timezone-2022g-150000.75.18.1 updated - udev-246.16-150300.7.57.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - util-linux-2.36.2-150300.4.32.1 updated - container:ceph-image-1.0.0-3.2.408 updated From sle-updates at lists.suse.com Wed Mar 1 08:02:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:02:37 +0100 (CET) Subject: SUSE-CU-2023:498-1: Security update of ses/7.1/ceph/grafana Message-ID: <20230301080237.8A1E0F74A@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/grafana ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:498-1 Container Tags : ses/7.1/ceph/grafana:8.5.15 , ses/7.1/ceph/grafana:8.5.15.2.2.393 , ses/7.1/ceph/grafana:latest , ses/7.1/ceph/grafana:sle15.3.pacific Container Release : 2.2.393 Severity : important Type : security References : 1121365 1177460 1177460 1180995 1183533 1188571 1189520 1192383 1192763 1193492 1193686 1194038 1194530 1198472 1199467 1199810 1200723 1201535 1201539 1201959 1201978 1202324 1202750 1203046 1203596 1203597 1203652 1203652 1203681 1203857 1204179 1204211 1204256 1204302 1204303 1204304 1204305 1204366 1204367 1204423 1204649 1204968 1205000 1205126 1205156 1205225 1205227 1205646 1206309 1206337 1206412 1206579 1206738 1207533 1207534 1207536 1207538 CVE-2016-3709 CVE-2021-22569 CVE-2021-28153 CVE-2021-36222 CVE-2021-3711 CVE-2021-41174 CVE-2021-41244 CVE-2021-43798 CVE-2021-43813 CVE-2021-43815 CVE-2022-1941 CVE-2022-29170 CVE-2022-31097 CVE-2022-31107 CVE-2022-31123 CVE-2022-31130 CVE-2022-3171 CVE-2022-35957 CVE-2022-36062 CVE-2022-3821 CVE-2022-39201 CVE-2022-39229 CVE-2022-39306 CVE-2022-39307 CVE-2022-40303 CVE-2022-40304 CVE-2022-42898 CVE-2022-4304 CVE-2022-43552 CVE-2022-4415 CVE-2022-4450 CVE-2022-46908 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container ses/7.1/ceph/grafana was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4428-1 Released: Tue Dec 13 08:29:38 2022 Summary: Security update for grafana Type: security Severity: important References: 1188571,1189520,1192383,1192763,1193492,1193686,1199810,1201535,1201539,1203596,1203597,CVE-2021-36222,CVE-2021-3711,CVE-2021-41174,CVE-2021-41244,CVE-2021-43798,CVE-2021-43813,CVE-2021-43815,CVE-2022-29170,CVE-2022-31097,CVE-2022-31107,CVE-2022-35957,CVE-2022-36062 This update for grafana fixes the following issues: Version update from 8.3.10 to 8.5.13 (jsc#PED-2145): - Security fixes: * CVE-2022-36062: (bsc#1203596) * CVE-2022-35957: (bsc#1203597) * CVE-2022-31107: (bsc#1201539) * CVE-2022-31097: (bsc#1201535) * CVE-2022-29170: (bsc#1199810) * CVE-2021-43813, CVE-2021-43815: (bsc#1193686) * CVE-2021-43798: (bsc#1193492) * CVE-2021-41244: (bsc#1192763) * CVE-2021-41174: (bsc#1192383) * CVE-2021-3711: (bsc#1189520) * CVE-2021-36222: (bsc#1188571) - Features and enhancements: * AccessControl: Disable user remove and user update roles when they do not have the permissions * AccessControl: Provisioning for teams * Alerting: Add custom grouping to Alert Panel * Alerting: Add safeguard for migrations that might cause dataloss * Alerting: AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled * Alerting: Grafana uses > instead of >= when checking the For duration * Alerting: Move slow queries in the scheduler to another goroutine * Alerting: Remove disabled flag for data source when migrating alerts * Alerting: Show notification tab of legacy alerting only to editor * Alerting: Update migration to migrate only alerts that belon to existing org\dashboard * Alerting: Use expanded labels in dashboard annotations * Alerting: Use time.Ticker instead of alerting.Ticker in ngalert * Analytics: Add user id tracking to google analytics * Angular: Add AngularJS plugin support deprecation plan to docs site * API: Add usage stats preview endpoint * API: Extract OpenAPI specification from source code using go-swagger * Auth: implement auto_sign_up for auth.jwt * Azure monitor Logs: Optimize data fetching in resource picker * Azure Monitor Logs: Order subscriptions in resource picker by name * Azure Monitor: Include datasource ref when interpolating variables. * AzureMonitor: Add support for not equals and startsWith operators when creating Azure Metrics dimension filters. * AzureMonitor: Do not quote variables when a custom 'All' variable option is used * AzureMonitor: Filter list of resources by resourceType * AzureMonitor: Update allowed namespaces * BarChart: color by field, x time field, bar radius, label skipping * Chore: Implement OpenTelemetry in Grafana * Cloud Monitoring: Adds metric type to Metric drop down options * CloudMonitor: Correctly encode default project response * CloudWatch: Add all ElastiCache Redis Metrics * CloudWatch: Add Data Lifecycle Manager metrics and dimension * CloudWatch: Add Missing Elasticache Host-level metrics * CloudWatch: Add multi-value template variable support for log group names in logs query builder * CloudWatch: Add new AWS/ES metrics. #43034, @sunker * Cloudwatch: Add support for AWS/PrivateLink* metrics and dimensions * Cloudwatch: Add support for new AWS/RDS EBS* metrics * Cloudwatch: Add syntax highlighting and autocomplete for 'Metric Search' * Cloudwatch: Add template variable query function for listing log groups * Configuration: Add ability to customize okta login button name and icon * Elasticsearch: Add deprecation notice for < 7.10 versions. * Explore: Support custom display label for exemplar links for Prometheus datasource * Hotkeys: Make time range absolute/permanent * InfluxDB: Use backend for influxDB by default via feature toggle * Legend: Use correct unit for percent and count calculations * Logs: Escape windows newline into single newline * Loki: Add unpack to autocomplete suggestions * Loki: Use millisecond steps in Grafana 8.5.x. * Playlists: Enable sharing direct links to playlists * Plugins: Allow using both Function and Class components for app plugins * Plugins: Expose emotion/react to plugins to prevent load failures * Plugins: Introduce HTTP 207 Multi Status response to api/ds/query * Rendering: Add support for renderer token * Setting: Support configuring feature toggles with bools instead of just passing an array * SQLStore: Prevent concurrent migrations * SSE: Add Mode to drop NaN/Inf/Null in Reduction operations * Tempo: Switch out Select with AsyncSelect component to get loading state in Tempo Search * TimeSeries: Add migration for Graph panel's transform series override * TimeSeries: Add support for negative Y and constant transform * TimeSeries: Preserve null/undefined values when performing negative y transform * Traces: Filter by service/span name and operation in Tempo and Jaeger * Transformations: Add 'JSON' field type to ConvertFieldTypeTransformer * Transformations: Add an All Unique Values Reducer * Transformers: avoid error when the ExtractFields source field is missing - Breaking changes: * For a data source query made via /api/ds/query: + If the DatasourceQueryMultiStatus feature is enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is now '207 Multi Status' instead of '400 Bad gateway' + If the DatasourceQueryMultiStatus feature is not enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is '400 BadRequest' (no breaking change) * For a proxied request, e.g. Grafana's datasource or plugin proxy: + If the request is cancelled, e.g. from the browser/by the client, the HTTP status code is now '499 Client closed' request instead of 502 Bad gateway If the request times out, e.g. takes longer time than allowed, the HTTP status code is now '504 Gateway timeout' instead of '502 Bad gateway'. + The change in behavior is that negative-valued series are now stacked downwards from 0 (in their own stacks), rather than downwards from the top of the positive stacks. We now automatically group stacks by Draw style, Line interpolation, and Bar alignment, making it impossible to stack bars on top of lines, or smooth lines on top of stepped lines + The meaning of the default data source has now changed from being a persisted property in a panel. Before when you selected the default data source for a panel and later changed the default data source to another data source it would change all panels who were configured to use the default data source. From now on the default data source is just the default for new panels and changing the default will not impact any currently saved dashboards + The Tooltip component provided by @grafana/ui is no longer automatically interactive (that is you can hover onto it and click a link or select text). It will from now on by default close automatically when you mouse out from the trigger element. To make tooltips behave like before set the new interactive property to true. - Deprecations: * /api/tsdb/query API has been deprecated, please use /api/ds/query instead * AngularJS plugin support is now in a deprecated state. The documentation site has an article with more details on why, when, and how - Bug fixes: * Alerting: Add contact points provisioning API * Alerting: add field for custom slack endpoint * Alerting: Add resolved count to notification title when both firing and resolved present * Alerting: Alert rule should wait For duration when execution error state is Alerting * Alerting: Allow disabling override timings for notification policies * Alerting: Allow serving images from custom url path * Alerting: Apply Custom Headers to datasource queries * Alerting: Classic conditions can now display multiple values * Alerting: correctly show all alerts in a folder * Alerting: Display query from grafana-managed alert rules on /api/v1/rules * Alerting: Do not overwrite existing alert rule condition * Alerting: Enhance support for arbitrary group names in managed alerts * Alerting: Fix access to alerts for viewer with editor permissions when RBAC is disabled * Alerting: Fix anonymous access to alerting * Alerting: Fix migrations by making send_alerts_to field nullable * Alerting: Fix RBAC actions for notification policies * Alerting: Fix use of > instead of >= when checking the For duration * Alerting: Remove double quotes from matchers * API: Include userId, orgId, uname in request logging middleware * Auth: Guarantee consistency of signed SigV4 headers * Azure Monitor : Adding json formatting of error messages in Panel Header Corner and Inspect Error Tab * Azure Monitor: Add 2 more Curated Dashboards for VM Insights * Azure Monitor: Bug Fix for incorrect variable cascading for template variables * Azure Monitor: Fix space character encoding for metrics query link to Azure Portal * Azure Monitor: Fixes broken log queries that use workspace * Azure Monitor: Small bug fixes for Resource Picker * AzureAd Oauth: Fix strictMode to reject users without an assigned role * AzureMonitor: Fixes metric definition for Azure Storage queue/file/blob/table resources * Cloudwatch : Fixed reseting metric name when changing namespace in Metric Query * CloudWatch: Added missing MemoryDB Namespace metrics * CloudWatch: Fix MetricName resetting on Namespace change. * Cloudwatch: Fix template variables in variable queries. * CloudWatch: Fix variable query tag migration * CloudWatch: Handle new error codes for MetricInsights * CloudWatch: List all metrics properly in SQL autocomplete * CloudWatch: Prevent log groups from being removed on query change * CloudWatch: Remove error message when using multi-valued template vars in region field * CloudWatch: Run query on blur in logs query field * CloudWatch: Use default http client from aws-sdk-go * Dashboard: Fix dashboard update permission check * Dashboard: Fixes random scrolling on time range change * Dashboard: Template variables are now correctly persisted when clicking breadcrumb links * DashboardExport: Fix exporting and importing dashboards where query data source ended up as incorrect * DashboardPage: Remember scroll position when coming back panel edit / view panel * Dashboards: Fixes repeating by row and no refresh * Dashboards: Show changes in save dialog * DataSource: Default data source is no longer a persisted state but just the default data source for new panels * DataSourcePlugin API: Allow queries import when changing data source type * Elasticsearch: Respect maxConcurrentShardRequests datasource setting * Explore: Allow users to save Explore state to a new panel in a new dashboard * Explore: Avoid locking timepicker when range is inverted. * Explore: Fix closing split pane when logs panel is used * Explore: Prevent direct access to explore if disabled via feature toggle * Explore: Remove return to panel button * FileUpload: clicking the Upload file button now opens their modal correctly * Gauge: Fixes blank viz when data link exists and orientation was horizontal * GrafanaUI: Fix color of links in error Tooltips in light theme * Histogram Panel: Take decimal into consideration * InfluxDB: Fixes invalid no data alerts. #48295, @yesoreyeram * Instrumentation: Fix HTTP request instrumentation of authentication failures * Instrumentation: Make backend plugin metrics endpoints available with optional authentication * Instrumentation: Proxy status code correction and various improvements * LibraryPanels: Fix library panels not connecting properly in imported dashboards * LibraryPanels: Prevent long descriptions and names from obscuring the delete button * Logger: Use specified format for file logger * Logging: Introduce feature toggle to activate gokit/log format * Logs: Handle missing fields in dataframes better * Loki: Improve unpack parser handling * ManageDashboards: Fix error when deleting all dashboards from folder view * Middleware: Fix IPv6 host parsing in CSRF check * Navigation: Prevent navbar briefly showing on login * NewsPanel: Add support for Atom feeds. #45390, @kaydelaney * OAuth: Fix parsing of ID token if header contains non-string value * Panel Edit: Options search now works correctly when a logarithmic scale option is set * Panel Edit: Visualization search now works correctly with special characters * Plugins Catalog: Fix styling of hyperlinks * Plugins: Add deprecation notice for /api/tsdb/query endpoint * Plugins: Adding support for traceID field to accept variables * Plugins: Ensure catching all appropriate 4xx api/ds/query scenarios * Postgres: Return tables with hyphenated schemes * PostgreSQL: __unixEpochGroup to support arithmetic expression as argument * Profile/Help: Expose option to disable profile section and help menu * Prometheus: Enable new visual query builder by default * Provisioning: Fix duplicate validation when multiple organizations have been configured inserted * RBAC: Fix Anonymous Editors missing dashboard controls * RolePicker: Fix menu position on smaller screens * SAML: Allow disabling of SAML signups * Search: Sort results correctly when using postgres * Security: Fixes minor code scanning security warnings in old vendored javascript libs * Table panel: Fix horizontal scrolling when pagination is enabled * Table panel: Show datalinks for cell display modes JSON View and Gauge derivates * Table: Fix filter crashes table * Table: New pagination option * TablePanel: Add cell inspect option * TablePanel: Do not prefix columns with frame name if multipleframes and override active * TagsInput: Fix tags remove button accessibility issues * Tempo / Trace Viewer: Support Span Links in Trace Viewer * Tempo: Download span references in data inspector * Tempo: Separate trace to logs and loki search datasource config * TextPanel: Sanitize after markdown has been rendered to html * TimeRange: Fixes updating time range from url and browser history * TimeSeries: Fix detection & rendering of sparse datapoints * Timeseries: Fix outside range stale state * TimeSeries: Properly stack series with missing datapoints * TimeSeries: Sort tooltip values based on raw values * Tooltip: Fix links not legible in Tooltips when using light theme * Tooltip: Sort decimals using standard numeric compare * Trace View: Show number of child spans * Transformations: Support escaped characters in key-value pair parsing * Transforms: Labels to fields, fix label picker layout * Variables: Ensure variables in query params are correctly recognised * Variables: Fix crash when changing query variable datasource * Variables: Fixes issue with data source variables not updating queries with variable * Visualizations: Stack negative-valued series downwards - Plugin development fixes: * Card: Increase clickable area when meta items are present. * ClipboardButton: Use a fallback when the Clipboard API is unavailable * Loki: Fix operator description propup from being shortened. * OAuth: Add setting to skip org assignment for external users * Tooltips: Make tooltips non interactive by default * Tracing: Add option to map tag names to log label names in trace to logs settings ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:157-1 Released: Thu Jan 26 15:54:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:174-1 Released: Thu Jan 26 20:52:38 2023 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:176-1 Released: Thu Jan 26 20:56:20 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1206738 This update for permissions fixes the following issues: Update to version 20181225: * Backport postfix permissions to SLE 15 SP2 (bsc#1206738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:198-1 Released: Fri Jan 27 14:26:54 2023 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:310-1 Released: Tue Feb 7 17:35:34 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:362-1 Released: Fri Feb 10 15:15:36 2023 Summary: Security update for grafana Type: security Severity: moderate References: 1204302,1204303,1204304,1204305,1205225,1205227,CVE-2022-31123,CVE-2022-31130,CVE-2022-39201,CVE-2022-39229,CVE-2022-39306,CVE-2022-39307 This update for grafana fixes the following issues: - Version update from 8.5.13 to 8.5.15 (jsc#PED-2617): * CVE-2022-39306: Security fix for privilege escalation (bsc#1205225) * CVE-2022-39307: Omit error from http response when user does not exists (bsc#1205227) * CVE-2022-39201: Do not forward login cookie in outgoing requests (bsc#1204303) * CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers (bsc#1204305) * CVE-2022-31123: Fix plugin signature bypass (bsc#1204302) * CVE-2022-39229: Fix blocking other users from signing in (bsc#1204304) The following package changes have been done: - grafana-8.5.15-150200.3.32.1 updated - krb5-1.19.2-150300.10.1 updated - libblkid1-2.36.2-150300.4.32.1 updated - libcurl4-7.66.0-150200.4.45.1 updated - libfdisk1-2.36.2-150300.4.32.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libglib-2_0-0-2.62.6-150200.3.10.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libmount1-2.36.2-150300.4.32.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.57.1 updated - libopenssl1_1-1.1.1d-150200.11.57.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libsmartcols1-2.36.2-150300.4.32.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libsystemd0-246.16-150300.7.57.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-246.16-150300.7.57.1 updated - libuuid1-2.36.2-150300.4.32.1 updated - libxml2-2-2.9.7-150000.3.51.1 updated - libz1-1.2.11-150000.3.39.1 updated - openssl-1_1-1.1.1d-150200.11.57.1 updated - pam-1.3.0-150000.6.61.1 updated - permissions-20181225-150200.23.23.1 updated - procps-3.3.15-150000.7.28.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - timezone-2022g-150000.75.18.1 updated - util-linux-2.36.2-150300.4.32.1 updated - container:sles15-image-15.0.0-17.20.107 updated From sle-updates at lists.suse.com Wed Mar 1 08:02:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:02:44 +0100 (CET) Subject: SUSE-CU-2023:499-1: Security update of ses/7.1/ceph/haproxy Message-ID: <20230301080244.01627F74A@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/haproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:499-1 Container Tags : ses/7.1/ceph/haproxy:2.0.14 , ses/7.1/ceph/haproxy:2.0.14.3.5.330 , ses/7.1/ceph/haproxy:latest , ses/7.1/ceph/haproxy:sle15.3.pacific Container Release : 3.5.330 Severity : critical Type : security References : 1087072 1121365 1167864 1177460 1177460 1180995 1181961 1183533 1192478 1194038 1194530 1198472 1198523 1199074 1199467 1199944 1200723 1201959 1201978 1202324 1202750 1202812 1202962 1203046 1203110 1203152 1203155 1203194 1203216 1203272 1203508 1203509 1203652 1203652 1203681 1203796 1203797 1203799 1203820 1203857 1203911 1203924 1204111 1204112 1204113 1204137 1204179 1204211 1204256 1204366 1204367 1204383 1204423 1204649 1204708 1204779 1204779 1204968 1205000 1205126 1205156 1205646 1205797 1206028 1206071 1206072 1206075 1206077 1206309 1206337 1206412 1206579 1206738 1206866 1206867 1206868 1207162 1207181 1207396 1207533 1207534 1207536 1207538 1208132 CVE-2016-3709 CVE-2020-10696 CVE-2021-20206 CVE-2021-22569 CVE-2021-28153 CVE-2021-3928 CVE-2022-1664 CVE-2022-1941 CVE-2022-2980 CVE-2022-2982 CVE-2022-2990 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 CVE-2022-3171 CVE-2022-32221 CVE-2022-3234 CVE-2022-3235 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3491 CVE-2022-3520 CVE-2022-3591 CVE-2022-3705 CVE-2022-3705 CVE-2022-3821 CVE-2022-40303 CVE-2022-40304 CVE-2022-4141 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42898 CVE-2022-4292 CVE-2022-4293 CVE-2022-4304 CVE-2022-43552 CVE-2022-43680 CVE-2022-4415 CVE-2022-4450 CVE-2022-46908 CVE-2022-47629 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0056 CVE-2023-0215 CVE-2023-0286 CVE-2023-0288 CVE-2023-0433 CVE-2023-25725 ----------------------------------------------------------------- The container ses/7.1/ceph/haproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3805-1 Released: Thu Oct 27 17:19:46 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3912-1 Released: Tue Nov 8 13:38:11 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4270-1 Released: Tue Nov 29 13:20:45 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1198523,1199074,1203216 This update for lvm2 fixes the following issues: - Design changes to avoid kernel panic (bsc#1198523) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4282-1 Released: Tue Nov 29 15:50:15 2022 Summary: Security update for vim Type: security Severity: important References: 1192478,1202962,1203110,1203152,1203155,1203194,1203272,1203508,1203509,1203796,1203797,1203799,1203820,1203924,1204779,CVE-2021-3928,CVE-2022-2980,CVE-2022-2982,CVE-2022-3037,CVE-2022-3099,CVE-2022-3134,CVE-2022-3153,CVE-2022-3234,CVE-2022-3235,CVE-2022-3278,CVE-2022-3296,CVE-2022-3297,CVE-2022-3324,CVE-2022-3352,CVE-2022-3705 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0814: - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508). - CVE-2022-3235: Fixed use-after-free (bsc#1203509). - CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820). - CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779). - CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152). - CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796). - CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797). - CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110). - CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194). - CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272). - CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799). - CVE-2022-3352: Fixed use-after-free (bsc#1203924). - CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155). - CVE-2022-3037: Fixed use-after-free (bsc#1202962). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4631-1 Released: Wed Dec 28 09:29:15 2022 Summary: Security update for vim Type: security Severity: important References: 1204779,1205797,1206028,1206071,1206072,1206075,1206077,CVE-2022-3491,CVE-2022-3520,CVE-2022-3591,CVE-2022-3705,CVE-2022-4141,CVE-2022-4292,CVE-2022-4293 This update for vim fixes the following issues: Updated to version 9.0.1040: - CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028). - CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071). - CVE-2022-3591: vim: Use After Free (bsc#1206072). - CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075). - CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077). - CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797). - CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:157-1 Released: Thu Jan 26 15:54:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:174-1 Released: Thu Jan 26 20:52:38 2023 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:176-1 Released: Thu Jan 26 20:56:20 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1206738 This update for permissions fixes the following issues: Update to version 20181225: * Backport postfix permissions to SLE 15 SP2 (bsc#1206738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:198-1 Released: Fri Jan 27 14:26:54 2023 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:211-1 Released: Mon Jan 30 17:26:10 2023 Summary: Security update for vim Type: security Severity: moderate References: 1206866,1206867,1206868,1207162,1207396,CVE-2023-0049,CVE-2023-0051,CVE-2023-0054,CVE-2023-0288,CVE-2023-0433 This update for vim fixes the following issues: - Updated to version 9.0.1234: - CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash (bsc#1207396). - CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash (bsc#1207162). - CVE-2023-0054: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1206868). - CVE-2023-0051: Fixed an out of bounds memory access that could cause a crash (bsc#1206867). - CVE-2023-0049: Fixed an out of bounds memory access that could cause a crash (bsc#1206866). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:310-1 Released: Tue Feb 7 17:35:34 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:413-1 Released: Tue Feb 14 17:07:23 2023 Summary: Security update for haproxy Type: security Severity: critical References: 1207181,1208132,CVE-2023-0056,CVE-2023-25725 This update for haproxy fixes the following issues: - CVE-2023-25725: Fixed a serious vulnerability in the HTTP/1 parser (bsc#1208132). - CVE-2023-0056: Fixed denial of service via crash in http_wait_for_response() (bsc#1207181). The following package changes have been done: - dbus-1-1.12.2-150100.8.14.1 updated - haproxy-2.0.14-150200.11.15.1 updated - krb5-1.19.2-150300.10.1 updated - libblkid1-2.36.2-150300.4.32.1 updated - libcurl4-7.66.0-150200.4.45.1 updated - libdbus-1-3-1.12.2-150100.8.14.1 updated - libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 updated - libexpat1-2.2.5-150000.3.25.1 updated - libfdisk1-2.36.2-150300.4.32.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libglib-2_0-0-2.62.6-150200.3.10.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libmount1-2.36.2-150300.4.32.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.57.1 updated - libopenssl1_1-1.1.1d-150200.11.57.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libsmartcols1-2.36.2-150300.4.32.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libsystemd0-246.16-150300.7.57.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-246.16-150300.7.57.1 updated - libuuid1-2.36.2-150300.4.32.1 updated - libxml2-2-2.9.7-150000.3.51.1 updated - libz1-1.2.11-150000.3.39.1 updated - openssl-1_1-1.1.1d-150200.11.57.1 updated - pam-1.3.0-150000.6.61.1 updated - permissions-20181225-150200.23.23.1 updated - procps-3.3.15-150000.7.28.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - systemd-246.16-150300.7.57.1 updated - timezone-2022g-150000.75.18.1 updated - udev-246.16-150300.7.57.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - util-linux-2.36.2-150300.4.32.1 updated - vim-data-common-9.0.1234-150000.5.34.1 updated - vim-9.0.1234-150000.5.34.1 updated - container:sles15-image-15.0.0-17.20.107 updated From sle-updates at lists.suse.com Wed Mar 1 08:02:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:02:50 +0100 (CET) Subject: SUSE-CU-2023:500-1: Security update of ses/7.1/ceph/ceph Message-ID: <20230301080250.33A8EF74A@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:500-1 Container Tags : ses/7.1/ceph/ceph:16.2.9.536 , ses/7.1/ceph/ceph:16.2.9.536.3.2.408 , ses/7.1/ceph/ceph:latest , ses/7.1/ceph/ceph:sle15.3.pacific Container Release : 3.2.408 Severity : critical Type : security References : 1087072 1101820 1121365 1142579 1149792 1167864 1176785 1177083 1177460 1177460 1178676 1179465 1180995 1181961 1183533 1185597 1185712 1188374 1188607 1190818 1191473 1192439 1193929 1194038 1194530 1194783 1197255 1197592 1197998 1198237 1198472 1198523 1199074 1199467 1199856 1199944 1200723 1200901 1201959 1201978 1202324 1202627 1202750 1202812 1202816 1202966 1202967 1202969 1203046 1203125 1203201 1203216 1203246 1203652 1203652 1203669 1203681 1203857 1203911 1204111 1204112 1204113 1204137 1204145 1204179 1204211 1204256 1204364 1204366 1204367 1204383 1204423 1204577 1204649 1204690 1204708 1204968 1204986 1205000 1205126 1205156 1205244 1205646 1206212 1206212 1206309 1206337 1206412 1206579 1206622 1206667 1206738 1207082 1207533 1207534 1207536 1207538 1208443 CVE-2016-3709 CVE-2018-10903 CVE-2019-1010204 CVE-2019-18348 CVE-2020-10696 CVE-2020-10735 CVE-2020-25658 CVE-2020-8492 CVE-2021-20206 CVE-2021-22569 CVE-2021-28153 CVE-2021-3530 CVE-2021-3648 CVE-2021-3826 CVE-2021-45078 CVE-2021-46195 CVE-2021-46848 CVE-2022-1664 CVE-2022-1941 CVE-2022-23491 CVE-2022-24761 CVE-2022-27943 CVE-2022-2990 CVE-2022-3171 CVE-2022-32221 CVE-2022-37454 CVE-2022-38126 CVE-2022-38127 CVE-2022-3821 CVE-2022-38533 CVE-2022-40023 CVE-2022-40303 CVE-2022-40304 CVE-2022-40897 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42898 CVE-2022-42969 CVE-2022-4304 CVE-2022-43552 CVE-2022-43680 CVE-2022-43995 CVE-2022-4415 CVE-2022-4450 CVE-2022-45061 CVE-2022-46908 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 CVE-2023-22809 ----------------------------------------------------------------- The container ses/7.1/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3731-1 Released: Tue Oct 25 17:10:20 2022 Summary: Security update for python-waitress Type: security Severity: important References: 1197255,CVE-2022-24761 This update for python-waitress fixes the following issues: - CVE-2022-24761: Fixed a bug to avoid inconsistent interpretation of HTTP requests leading to request smuggling. (bsc#1197255) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3805-1 Released: Thu Oct 27 17:19:46 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3912-1 Released: Tue Nov 8 13:38:11 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3932-1 Released: Thu Nov 10 11:55:12 2022 Summary: Security update for python-rsa Type: security Severity: moderate References: 1178676,CVE-2020-25658 This update for python-rsa fixes the following issues: - CVE-2020-25658: Fixed bleichenbacher timing oracle attack against RSA decryption (bsc#1178676). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3979-1 Released: Tue Nov 15 11:05:22 2022 Summary: Security update for python-Mako Type: security Severity: moderate References: 1203246,CVE-2022-40023 This update for python-Mako fixes the following issues: - CVE-2022-40023: Fixed regular expression Denial of Service when using the Lexer class to parse (bsc#1203246). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3985-1 Released: Tue Nov 15 12:54:11 2022 Summary: Recommended update for python-apipkg Type: recommended Severity: moderate References: 1204145 This update fixes for python3-apipkg the following issues: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4020-1 Released: Wed Nov 16 15:45:13 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1199856,1202627 This update for nfs-utils fixes the following issues: - Fix nfsdcltrack bug that affected non-x86 archs (bsc#1202627) - Ensure sysctl setting work (bsc#1199856) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4044-1 Released: Thu Nov 17 09:07:24 2022 Summary: Security update for python-cryptography, python-cryptography-vectors Type: security Severity: important References: 1101820,1149792,1176785,1177083,CVE-2018-10903 This update for python-cryptography, python-cryptography-vectors fixes the following issues: - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Refresh patches for new version - Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352) - update to 2.9.2 * 2.9.2 - 2020-04-22 - Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15. * 2.9.1 - 2020-04-21 - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g. * 2.9 - 2020-04-02 - BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden. - BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade. - BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed. - Removed support for calling public_bytes() with no arguments, as per our deprecation policy. You must now pass encoding and format. - BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string() returns the RDNs as required by RFC 4514. - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f. - Added support for parsing single_extensions in an OCSP response. - NameAttribute values can now be empty strings. - Add openSSL_111d.patch to make this version of the package compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792. - bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in finalize_with_tag API - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Include in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352) - update to 2.9.2: * updated vectors for the cryptography 2.9.2 testing ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4077-1 Released: Fri Nov 18 15:05:28 2022 Summary: Security update for sudo Type: security Severity: important References: 1190818,1203201,1204986,CVE-2022-43995 This update for sudo fixes the following issues: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a passwor dof seven characters or fewer and using the crypt() password backend (bsc#1204986). - Fix wrong information output in the error message (bsc#1190818). - Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4146-1 Released: Mon Nov 21 09:56:12 2022 Summary: Security update for binutils Type: security Severity: moderate References: 1142579,1185597,1185712,1188374,1191473,1193929,1194783,1197592,1198237,1202816,1202966,1202967,1202969,CVE-2019-1010204,CVE-2021-3530,CVE-2021-3648,CVE-2021-3826,CVE-2021-45078,CVE-2021-46195,CVE-2022-27943,CVE-2022-38126,CVE-2022-38127,CVE-2022-38533 This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE= in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils. * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to 'warn' will generate a warning message whenever any multibyte character is encountered. Using the option to 'warn-sym-only' will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4160-1 Released: Tue Nov 22 10:10:37 2022 Summary: Recommended update for nfsidmap Type: recommended Severity: moderate References: 1200901 This update for nfsidmap fixes the following issues: - Various bugfixes and improvemes from upstream In particular, fixed a crash that can happen when a 'static' mapping is configured. (bsc#1200901) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4270-1 Released: Tue Nov 29 13:20:45 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1198523,1199074,1203216 This update for lvm2 fixes the following issues: - Design changes to avoid kernel panic (bsc#1198523) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4391-1 Released: Fri Dec 9 08:02:23 2022 Summary: Recommended update for libxslt Type: recommended Severity: low References: 1203669 This update for libxslt fixes the following issues: - Fix broken license symlink for libxslt-tools (bsc#1203669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4470-1 Released: Wed Dec 14 06:05:48 2022 Summary: Recommended update for sudo Type: recommended Severity: important References: 1197998 This update for sudo fixes the following issues: - Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update (bsc#1197998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:115-1 Released: Fri Jan 20 10:23:51 2023 Summary: Security update for sudo Type: security Severity: important References: 1207082,CVE-2023-22809 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:139-1 Released: Wed Jan 25 14:41:55 2023 Summary: Security update for python-certifi Type: security Severity: important References: 1206212,CVE-2022-23491 This update for python-certifi fixes the following issues: - remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle certs (bsc#1206212 CVE-2022-23491) - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 - Add removeTrustCor.patch ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:157-1 Released: Thu Jan 26 15:54:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:161-1 Released: Thu Jan 26 18:23:16 2023 Summary: Security update for python-py Type: security Severity: moderate References: 1204364,CVE-2022-42969 This update for python-py fixes the following issues: - CVE-2022-42969: Fixed an excessive resource consumption that could be triggered when interacting with a Subversion repository containing crated data (bsc#1204364). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:174-1 Released: Thu Jan 26 20:52:38 2023 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:176-1 Released: Thu Jan 26 20:56:20 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1206738 This update for permissions fixes the following issues: Update to version 20181225: * Backport postfix permissions to SLE 15 SP2 (bsc#1206738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:198-1 Released: Fri Jan 27 14:26:54 2023 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:223-1 Released: Wed Feb 1 09:36:03 2023 Summary: Security update for python-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:310-1 Released: Tue Feb 7 17:35:34 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:549-1 Released: Mon Feb 27 17:35:07 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1205244,1208443,CVE-2022-45061 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). The following package changes have been done: - binutils-2.39-150100.7.40.1 updated - ca-certificates-mozilla-2.60-150200.27.1 updated - dbus-1-1.12.2-150100.8.14.1 updated - device-mapper-2.03.05_1.02.163-150200.8.49.1 updated - glib2-tools-2.62.6-150200.3.10.1 updated - krb5-1.19.2-150300.10.1 updated - libblkid1-2.36.2-150300.4.32.1 updated - libctf-nobfd0-2.39-150100.7.40.1 updated - libctf0-2.39-150100.7.40.1 updated - libcurl4-7.66.0-150200.4.45.1 updated - libdbus-1-3-1.12.2-150100.8.14.1 updated - libdevmapper-event1_03-2.03.05_1.02.163-150200.8.49.1 updated - libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 updated - libexpat1-2.2.5-150000.3.25.1 updated - libfdisk1-2.36.2-150300.4.32.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libgio-2_0-0-2.62.6-150200.3.10.1 updated - libglib-2_0-0-2.62.6-150200.3.10.1 updated - libgmodule-2_0-0-2.62.6-150200.3.10.1 updated - libgobject-2_0-0-2.62.6-150200.3.10.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libksba8-1.3.5-150000.4.6.1 updated - liblvm2cmd2_03-2.03.05-150200.8.49.1 updated - libmount1-2.36.2-150300.4.32.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.57.1 updated - libopenssl1_1-1.1.1d-150200.11.57.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libpython3_6m1_0-3.6.15-150300.10.40.1 updated - libsmartcols1-2.36.2-150300.4.32.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libsystemd0-246.16-150300.7.57.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-246.16-150300.7.57.1 updated - libuuid1-2.36.2-150300.4.32.1 updated - libxml2-2-2.9.7-150000.3.51.1 updated - libxslt1-1.1.32-150000.3.11.1 updated - libz1-1.2.11-150000.3.39.1 updated - lvm2-2.03.05-150200.8.49.1 updated - nfs-client-2.1.1-150100.10.27.1 updated - nfs-kernel-server-2.1.1-150100.10.27.1 updated - nfsidmap-0.26-150000.3.7.1 updated - openssh-clients-8.4p1-150300.3.15.4 updated - openssh-common-8.4p1-150300.3.15.4 updated - openssh-fips-8.4p1-150300.3.15.4 updated - openssh-server-8.4p1-150300.3.15.4 updated - openssh-8.4p1-150300.3.15.4 updated - openssl-1_1-1.1.1d-150200.11.57.1 updated - pam-1.3.0-150000.6.61.1 updated - permissions-20181225-150200.23.23.1 updated - procps-3.3.15-150000.7.28.1 updated - python3-Mako-1.0.7-150000.3.3.1 updated - python3-apipkg-1.4-150000.3.4.1 updated - python3-base-3.6.15-150300.10.40.1 updated - python3-certifi-2018.1.18-150000.3.3.1 updated - python3-cryptography-2.9.2-150200.13.1 updated - python3-curses-3.6.15-150300.10.40.1 updated - python3-iniconfig-1.1.1-150000.1.9.1 updated - python3-py-1.10.0-150100.5.12.1 updated - python3-rsa-3.4.2-150000.3.7.1 updated - python3-setuptools-40.5.0-150100.6.6.1 updated - python3-waitress-1.4.3-150000.3.6.1 updated - python3-3.6.15-150300.10.40.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - sudo-1.9.5p2-150300.3.19.1 updated - systemd-246.16-150300.7.57.1 updated - timezone-2022g-150000.75.18.1 updated - udev-246.16-150300.7.57.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - util-linux-systemd-2.36.2-150300.4.32.1 updated - util-linux-2.36.2-150300.4.32.1 updated - container:sles15-image-15.0.0-17.20.107 updated From sle-updates at lists.suse.com Wed Mar 1 08:02:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:02:56 +0100 (CET) Subject: SUSE-CU-2023:501-1: Security update of ses/7.1/ceph/keepalived Message-ID: <20230301080256.A8FA5F74A@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/keepalived ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:501-1 Container Tags : ses/7.1/ceph/keepalived:2.0.19 , ses/7.1/ceph/keepalived:2.0.19.3.5.316 , ses/7.1/ceph/keepalived:latest , ses/7.1/ceph/keepalived:sle15.3.pacific Container Release : 3.5.316 Severity : important Type : security References : 1087072 1121365 1167864 1177460 1177460 1180995 1181961 1183533 1194038 1194530 1198472 1198523 1199074 1199467 1199944 1200723 1201103 1201959 1201978 1202324 1202750 1202812 1203046 1203216 1203652 1203652 1203681 1203857 1203911 1204111 1204112 1204113 1204137 1204179 1204211 1204256 1204366 1204367 1204383 1204423 1204649 1204708 1204968 1205000 1205126 1205148 1205150 1205156 1205646 1206044 1206309 1206337 1206412 1206579 1206738 1206828 1207533 1207534 1207536 1207538 CVE-2016-3709 CVE-2020-10696 CVE-2021-20206 CVE-2021-22569 CVE-2021-28153 CVE-2022-1664 CVE-2022-1941 CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24808 CVE-2022-24809 CVE-2022-24810 CVE-2022-2990 CVE-2022-3171 CVE-2022-32221 CVE-2022-3821 CVE-2022-40303 CVE-2022-40304 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42898 CVE-2022-4304 CVE-2022-43552 CVE-2022-43680 CVE-2022-4415 CVE-2022-4450 CVE-2022-44792 CVE-2022-44793 CVE-2022-46908 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container ses/7.1/ceph/keepalived was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3805-1 Released: Thu Oct 27 17:19:46 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3912-1 Released: Tue Nov 8 13:38:11 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4205-1 Released: Wed Nov 23 17:34:41 2022 Summary: Security update for net-snmp Type: security Severity: moderate References: 1201103,CVE-2022-24805,CVE-2022-24806,CVE-2022-24807,CVE-2022-24808,CVE-2022-24809,CVE-2022-24810 This update for net-snmp fixes the following issues: Updated to version 5.9.3 (bsc#1201103, jsc#SLE-11203): - CVE-2022-24805: Fixed a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB that can cause an out-of-bounds memory access. - CVE-2022-24809: Fixed a malformed OID in a GET-NEXT to the nsVacmAccessTable that can cause a NULL pointer dereference. - CVE-2022-24806: Fixed an improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously. - CVE-2022-24807: Fixed a malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. - CVE-2022-24808: Fixed a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference. - CVE-2022-24810: Fixed a malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4270-1 Released: Tue Nov 29 13:20:45 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1198523,1199074,1203216 This update for lvm2 fixes the following issues: - Design changes to avoid kernel panic (bsc#1198523) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:75-1 Released: Thu Jan 12 09:03:11 2023 Summary: Security update for net-snmp Type: security Severity: moderate References: 1205148,1205150,1206044,1206828,CVE-2022-44792,CVE-2022-44793 This update for net-snmp fixes the following issues: - CVE-2022-44793: Fixed a NULL pointer dereference issue that could allow a remote attacker with write access to crash the server instance (bsc#1205148). - CVE-2022-44792: Fixed a NULL pointer dereference issue that could allow a remote attacker with write access to crash the server instance (bsc#1205150). Other fixes: - Enabled AES-192 and AES-256 privacy protocols (bsc#1206828). - Fixed an incorrect systemd hardening that caused home directory size and allocation to be listed incorrectly (bsc#1206044) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:157-1 Released: Thu Jan 26 15:54:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:174-1 Released: Thu Jan 26 20:52:38 2023 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:176-1 Released: Thu Jan 26 20:56:20 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1206738 This update for permissions fixes the following issues: Update to version 20181225: * Backport postfix permissions to SLE 15 SP2 (bsc#1206738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:198-1 Released: Fri Jan 27 14:26:54 2023 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:310-1 Released: Tue Feb 7 17:35:34 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) The following package changes have been done: - dbus-1-1.12.2-150100.8.14.1 updated - krb5-1.19.2-150300.10.1 updated - libblkid1-2.36.2-150300.4.32.1 updated - libcurl4-7.66.0-150200.4.45.1 updated - libdbus-1-3-1.12.2-150100.8.14.1 updated - libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 updated - libexpat1-2.2.5-150000.3.25.1 updated - libfdisk1-2.36.2-150300.4.32.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libglib-2_0-0-2.62.6-150200.3.10.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libmount1-2.36.2-150300.4.32.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.57.1 updated - libopenssl1_1-1.1.1d-150200.11.57.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libsmartcols1-2.36.2-150300.4.32.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libsystemd0-246.16-150300.7.57.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-246.16-150300.7.57.1 updated - libuuid1-2.36.2-150300.4.32.1 updated - libxml2-2-2.9.7-150000.3.51.1 updated - libz1-1.2.11-150000.3.39.1 updated - openssl-1_1-1.1.1d-150200.11.57.1 updated - pam-1.3.0-150000.6.61.1 updated - permissions-20181225-150200.23.23.1 updated - procps-3.3.15-150000.7.28.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - snmp-mibs-5.9.3-150300.15.8.1 updated - systemd-246.16-150300.7.57.1 updated - timezone-2022g-150000.75.18.1 updated - udev-246.16-150300.7.57.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - util-linux-2.36.2-150300.4.32.1 updated - container:sles15-image-15.0.0-17.20.107 updated From sle-updates at lists.suse.com Wed Mar 1 08:03:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:03:02 +0100 (CET) Subject: SUSE-CU-2023:502-1: Security update of ses/7.1/cephcsi/csi-attacher Message-ID: <20230301080302.80F18F74A@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-attacher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:502-1 Container Tags : ses/7.1/cephcsi/csi-attacher:v3.5.0 , ses/7.1/cephcsi/csi-attacher:v3.5.0-rev1 , ses/7.1/cephcsi/csi-attacher:v3.5.0-rev1-build2.2.374 Container Release : 2.2.374 Severity : important Type : security References : 1121365 1167864 1177460 1177460 1180995 1181961 1183533 1194038 1194530 1198472 1199467 1200723 1201959 1201978 1202324 1202750 1202812 1203046 1203652 1203652 1203681 1203857 1203911 1204137 1204179 1204211 1204256 1204366 1204367 1204383 1204423 1204649 1204968 1205000 1205126 1205156 1205646 1206309 1206337 1206412 1206579 1206738 1207533 1207534 1207536 1207538 CVE-2016-3709 CVE-2020-10696 CVE-2021-20206 CVE-2021-22569 CVE-2021-28153 CVE-2022-1941 CVE-2022-2990 CVE-2022-3171 CVE-2022-32221 CVE-2022-3821 CVE-2022-40303 CVE-2022-40304 CVE-2022-42898 CVE-2022-4304 CVE-2022-43552 CVE-2022-4415 CVE-2022-4450 CVE-2022-46908 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-attacher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:157-1 Released: Thu Jan 26 15:54:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:174-1 Released: Thu Jan 26 20:52:38 2023 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:176-1 Released: Thu Jan 26 20:56:20 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1206738 This update for permissions fixes the following issues: Update to version 20181225: * Backport postfix permissions to SLE 15 SP2 (bsc#1206738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:198-1 Released: Fri Jan 27 14:26:54 2023 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:310-1 Released: Tue Feb 7 17:35:34 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) The following package changes have been done: - krb5-1.19.2-150300.10.1 updated - libblkid1-2.36.2-150300.4.32.1 updated - libcurl4-7.66.0-150200.4.45.1 updated - libfdisk1-2.36.2-150300.4.32.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libglib-2_0-0-2.62.6-150200.3.10.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libmount1-2.36.2-150300.4.32.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.57.1 updated - libopenssl1_1-1.1.1d-150200.11.57.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libsmartcols1-2.36.2-150300.4.32.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libsystemd0-246.16-150300.7.57.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-246.16-150300.7.57.1 updated - libuuid1-2.36.2-150300.4.32.1 updated - libxml2-2-2.9.7-150000.3.51.1 updated - libz1-1.2.11-150000.3.39.1 updated - openssl-1_1-1.1.1d-150200.11.57.1 updated - pam-1.3.0-150000.6.61.1 updated - permissions-20181225-150200.23.23.1 updated - procps-3.3.15-150000.7.28.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - timezone-2022g-150000.75.18.1 updated - util-linux-2.36.2-150300.4.32.1 updated - container:sles15-image-15.0.0-17.20.107 updated From sle-updates at lists.suse.com Wed Mar 1 08:03:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:03:07 +0100 (CET) Subject: SUSE-CU-2023:503-1: Security update of ses/7.1/cephcsi/csi-node-driver-registrar Message-ID: <20230301080307.D6015F74A@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-node-driver-registrar ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:503-1 Container Tags : ses/7.1/cephcsi/csi-node-driver-registrar:v2.5.1 , ses/7.1/cephcsi/csi-node-driver-registrar:v2.5.1-rev1 , ses/7.1/cephcsi/csi-node-driver-registrar:v2.5.1-rev1-build2.2.379 Container Release : 2.2.379 Severity : important Type : security References : 1121365 1167864 1177460 1177460 1180995 1181961 1183533 1194038 1194530 1198472 1199467 1200723 1201959 1201978 1202324 1202750 1202812 1203046 1203652 1203652 1203681 1203857 1203911 1204137 1204179 1204211 1204256 1204366 1204367 1204383 1204423 1204649 1204968 1205000 1205126 1205156 1205646 1206309 1206337 1206412 1206579 1206738 1207533 1207534 1207536 1207538 CVE-2016-3709 CVE-2020-10696 CVE-2021-20206 CVE-2021-22569 CVE-2021-28153 CVE-2022-1941 CVE-2022-2990 CVE-2022-3171 CVE-2022-32221 CVE-2022-3821 CVE-2022-40303 CVE-2022-40304 CVE-2022-42898 CVE-2022-4304 CVE-2022-43552 CVE-2022-4415 CVE-2022-4450 CVE-2022-46908 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-node-driver-registrar was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:157-1 Released: Thu Jan 26 15:54:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:174-1 Released: Thu Jan 26 20:52:38 2023 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:176-1 Released: Thu Jan 26 20:56:20 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1206738 This update for permissions fixes the following issues: Update to version 20181225: * Backport postfix permissions to SLE 15 SP2 (bsc#1206738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:198-1 Released: Fri Jan 27 14:26:54 2023 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:310-1 Released: Tue Feb 7 17:35:34 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) The following package changes have been done: - krb5-1.19.2-150300.10.1 updated - libblkid1-2.36.2-150300.4.32.1 updated - libcurl4-7.66.0-150200.4.45.1 updated - libfdisk1-2.36.2-150300.4.32.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libglib-2_0-0-2.62.6-150200.3.10.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libmount1-2.36.2-150300.4.32.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.57.1 updated - libopenssl1_1-1.1.1d-150200.11.57.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libsmartcols1-2.36.2-150300.4.32.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libsystemd0-246.16-150300.7.57.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-246.16-150300.7.57.1 updated - libuuid1-2.36.2-150300.4.32.1 updated - libxml2-2-2.9.7-150000.3.51.1 updated - libz1-1.2.11-150000.3.39.1 updated - openssl-1_1-1.1.1d-150200.11.57.1 updated - pam-1.3.0-150000.6.61.1 updated - permissions-20181225-150200.23.23.1 updated - procps-3.3.15-150000.7.28.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - timezone-2022g-150000.75.18.1 updated - util-linux-2.36.2-150300.4.32.1 updated - container:sles15-image-15.0.0-17.20.107 updated From sle-updates at lists.suse.com Wed Mar 1 08:03:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:03:13 +0100 (CET) Subject: SUSE-CU-2023:504-1: Security update of ses/7.1/cephcsi/csi-provisioner Message-ID: <20230301080313.914C1F74A@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-provisioner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:504-1 Container Tags : ses/7.1/cephcsi/csi-provisioner:v3.2.1 , ses/7.1/cephcsi/csi-provisioner:v3.2.1-rev1 , ses/7.1/cephcsi/csi-provisioner:v3.2.1-rev1-build2.2.372 Container Release : 2.2.372 Severity : important Type : security References : 1121365 1167864 1177460 1177460 1180995 1181961 1183533 1194038 1194530 1198472 1199467 1200723 1201959 1201978 1202324 1202750 1202812 1203046 1203652 1203652 1203681 1203857 1203911 1204137 1204179 1204211 1204256 1204366 1204367 1204383 1204423 1204649 1204968 1205000 1205126 1205156 1205646 1206309 1206337 1206412 1206579 1206738 1207533 1207534 1207536 1207538 CVE-2016-3709 CVE-2020-10696 CVE-2021-20206 CVE-2021-22569 CVE-2021-28153 CVE-2022-1941 CVE-2022-2990 CVE-2022-3171 CVE-2022-32221 CVE-2022-3821 CVE-2022-40303 CVE-2022-40304 CVE-2022-42898 CVE-2022-4304 CVE-2022-43552 CVE-2022-4415 CVE-2022-4450 CVE-2022-46908 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-provisioner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:157-1 Released: Thu Jan 26 15:54:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:174-1 Released: Thu Jan 26 20:52:38 2023 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:176-1 Released: Thu Jan 26 20:56:20 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1206738 This update for permissions fixes the following issues: Update to version 20181225: * Backport postfix permissions to SLE 15 SP2 (bsc#1206738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:198-1 Released: Fri Jan 27 14:26:54 2023 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:310-1 Released: Tue Feb 7 17:35:34 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) The following package changes have been done: - krb5-1.19.2-150300.10.1 updated - libblkid1-2.36.2-150300.4.32.1 updated - libcurl4-7.66.0-150200.4.45.1 updated - libfdisk1-2.36.2-150300.4.32.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libglib-2_0-0-2.62.6-150200.3.10.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libmount1-2.36.2-150300.4.32.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.57.1 updated - libopenssl1_1-1.1.1d-150200.11.57.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libsmartcols1-2.36.2-150300.4.32.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libsystemd0-246.16-150300.7.57.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-246.16-150300.7.57.1 updated - libuuid1-2.36.2-150300.4.32.1 updated - libxml2-2-2.9.7-150000.3.51.1 updated - libz1-1.2.11-150000.3.39.1 updated - openssl-1_1-1.1.1d-150200.11.57.1 updated - pam-1.3.0-150000.6.61.1 updated - permissions-20181225-150200.23.23.1 updated - procps-3.3.15-150000.7.28.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - timezone-2022g-150000.75.18.1 updated - util-linux-2.36.2-150300.4.32.1 updated - container:sles15-image-15.0.0-17.20.107 updated From sle-updates at lists.suse.com Wed Mar 1 08:03:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:03:19 +0100 (CET) Subject: SUSE-CU-2023:505-1: Security update of ses/7.1/cephcsi/csi-resizer Message-ID: <20230301080319.2D82CF74A@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-resizer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:505-1 Container Tags : ses/7.1/cephcsi/csi-resizer:v1.5.0 , ses/7.1/cephcsi/csi-resizer:v1.5.0-rev1 , ses/7.1/cephcsi/csi-resizer:v1.5.0-rev1-build2.2.369 Container Release : 2.2.369 Severity : important Type : security References : 1121365 1167864 1177460 1177460 1180995 1181961 1183533 1194038 1194530 1198472 1199467 1200723 1201959 1201978 1202324 1202750 1202812 1203046 1203652 1203652 1203681 1203857 1203911 1204137 1204179 1204211 1204256 1204366 1204367 1204383 1204423 1204649 1204968 1205000 1205126 1205156 1205646 1206309 1206337 1206412 1206579 1206738 1207533 1207534 1207536 1207538 CVE-2016-3709 CVE-2020-10696 CVE-2021-20206 CVE-2021-22569 CVE-2021-28153 CVE-2022-1941 CVE-2022-2990 CVE-2022-3171 CVE-2022-32221 CVE-2022-3821 CVE-2022-40303 CVE-2022-40304 CVE-2022-42898 CVE-2022-4304 CVE-2022-43552 CVE-2022-4415 CVE-2022-4450 CVE-2022-46908 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-resizer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:157-1 Released: Thu Jan 26 15:54:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:174-1 Released: Thu Jan 26 20:52:38 2023 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:176-1 Released: Thu Jan 26 20:56:20 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1206738 This update for permissions fixes the following issues: Update to version 20181225: * Backport postfix permissions to SLE 15 SP2 (bsc#1206738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:198-1 Released: Fri Jan 27 14:26:54 2023 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:310-1 Released: Tue Feb 7 17:35:34 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) The following package changes have been done: - krb5-1.19.2-150300.10.1 updated - libblkid1-2.36.2-150300.4.32.1 updated - libcurl4-7.66.0-150200.4.45.1 updated - libfdisk1-2.36.2-150300.4.32.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libglib-2_0-0-2.62.6-150200.3.10.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libmount1-2.36.2-150300.4.32.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.57.1 updated - libopenssl1_1-1.1.1d-150200.11.57.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libsmartcols1-2.36.2-150300.4.32.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libsystemd0-246.16-150300.7.57.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-246.16-150300.7.57.1 updated - libuuid1-2.36.2-150300.4.32.1 updated - libxml2-2-2.9.7-150000.3.51.1 updated - libz1-1.2.11-150000.3.39.1 updated - openssl-1_1-1.1.1d-150200.11.57.1 updated - pam-1.3.0-150000.6.61.1 updated - permissions-20181225-150200.23.23.1 updated - procps-3.3.15-150000.7.28.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - timezone-2022g-150000.75.18.1 updated - util-linux-2.36.2-150300.4.32.1 updated - container:sles15-image-15.0.0-17.20.107 updated From sle-updates at lists.suse.com Wed Mar 1 08:03:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:03:24 +0100 (CET) Subject: SUSE-CU-2023:506-1: Security update of ses/7.1/cephcsi/csi-snapshotter Message-ID: <20230301080324.9385FF74A@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-snapshotter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:506-1 Container Tags : ses/7.1/cephcsi/csi-snapshotter:v6.0.1 , ses/7.1/cephcsi/csi-snapshotter:v6.0.1-rev1 , ses/7.1/cephcsi/csi-snapshotter:v6.0.1-rev1-build2.2.367 Container Release : 2.2.367 Severity : important Type : security References : 1121365 1167864 1177460 1177460 1180995 1181961 1183533 1194038 1194530 1198472 1199467 1200723 1201959 1201978 1202324 1202750 1202812 1203046 1203652 1203652 1203681 1203857 1203911 1204137 1204179 1204211 1204256 1204366 1204367 1204383 1204423 1204649 1204968 1205000 1205126 1205156 1205646 1206309 1206337 1206412 1206579 1206738 1207533 1207534 1207536 1207538 CVE-2016-3709 CVE-2020-10696 CVE-2021-20206 CVE-2021-22569 CVE-2021-28153 CVE-2022-1941 CVE-2022-2990 CVE-2022-3171 CVE-2022-32221 CVE-2022-3821 CVE-2022-40303 CVE-2022-40304 CVE-2022-42898 CVE-2022-4304 CVE-2022-43552 CVE-2022-4415 CVE-2022-4450 CVE-2022-46908 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-snapshotter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:157-1 Released: Thu Jan 26 15:54:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:174-1 Released: Thu Jan 26 20:52:38 2023 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:176-1 Released: Thu Jan 26 20:56:20 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1206738 This update for permissions fixes the following issues: Update to version 20181225: * Backport postfix permissions to SLE 15 SP2 (bsc#1206738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:198-1 Released: Fri Jan 27 14:26:54 2023 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:310-1 Released: Tue Feb 7 17:35:34 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) The following package changes have been done: - krb5-1.19.2-150300.10.1 updated - libblkid1-2.36.2-150300.4.32.1 updated - libcurl4-7.66.0-150200.4.45.1 updated - libfdisk1-2.36.2-150300.4.32.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libglib-2_0-0-2.62.6-150200.3.10.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libmount1-2.36.2-150300.4.32.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.57.1 updated - libopenssl1_1-1.1.1d-150200.11.57.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libsmartcols1-2.36.2-150300.4.32.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libsystemd0-246.16-150300.7.57.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-246.16-150300.7.57.1 updated - libuuid1-2.36.2-150300.4.32.1 updated - libxml2-2-2.9.7-150000.3.51.1 updated - libz1-1.2.11-150000.3.39.1 updated - openssl-1_1-1.1.1d-150200.11.57.1 updated - pam-1.3.0-150000.6.61.1 updated - permissions-20181225-150200.23.23.1 updated - procps-3.3.15-150000.7.28.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - timezone-2022g-150000.75.18.1 updated - util-linux-2.36.2-150300.4.32.1 updated - container:sles15-image-15.0.0-17.20.107 updated From sle-updates at lists.suse.com Wed Mar 1 08:03:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:03:30 +0100 (CET) Subject: SUSE-CU-2023:507-1: Security update of ses/7.1/ceph/prometheus-alertmanager Message-ID: <20230301080330.205C3F74A@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/prometheus-alertmanager ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:507-1 Container Tags : ses/7.1/ceph/prometheus-alertmanager:0.23.0 , ses/7.1/ceph/prometheus-alertmanager:0.23.0.3.2.368 , ses/7.1/ceph/prometheus-alertmanager:latest , ses/7.1/ceph/prometheus-alertmanager:sle15.3.pacific Container Release : 3.2.368 Severity : important Type : security References : 1121365 1167864 1177460 1177460 1180995 1181961 1183533 1194038 1194530 1198472 1199467 1200723 1200725 1201959 1201978 1202324 1202750 1202812 1203046 1203652 1203652 1203681 1203857 1203911 1204137 1204179 1204211 1204256 1204366 1204367 1204383 1204423 1204649 1204968 1205000 1205126 1205156 1205646 1206309 1206337 1206412 1206579 1206738 1207533 1207534 1207536 1207538 CVE-2016-3709 CVE-2020-10696 CVE-2021-20206 CVE-2021-22569 CVE-2021-28153 CVE-2022-1941 CVE-2022-2990 CVE-2022-3171 CVE-2022-32221 CVE-2022-3821 CVE-2022-40303 CVE-2022-40304 CVE-2022-42898 CVE-2022-4304 CVE-2022-43552 CVE-2022-4415 CVE-2022-4450 CVE-2022-46908 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container ses/7.1/ceph/prometheus-alertmanager was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3743-1 Released: Wed Oct 26 10:34:54 2022 Summary: Recommended update for golang-github-prometheus-alertmanager Type: recommended Severity: moderate References: 1200725 This update for golang-github-prometheus-alertmanager fixes the following issues: - Do not include sources (bsc#1200725) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:157-1 Released: Thu Jan 26 15:54:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:174-1 Released: Thu Jan 26 20:52:38 2023 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:176-1 Released: Thu Jan 26 20:56:20 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1206738 This update for permissions fixes the following issues: Update to version 20181225: * Backport postfix permissions to SLE 15 SP2 (bsc#1206738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:198-1 Released: Fri Jan 27 14:26:54 2023 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:310-1 Released: Tue Feb 7 17:35:34 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) The following package changes have been done: - golang-github-prometheus-alertmanager-0.23.0-150100.4.10.1 updated - krb5-1.19.2-150300.10.1 updated - libblkid1-2.36.2-150300.4.32.1 updated - libcurl4-7.66.0-150200.4.45.1 updated - libfdisk1-2.36.2-150300.4.32.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libglib-2_0-0-2.62.6-150200.3.10.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libmount1-2.36.2-150300.4.32.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.57.1 updated - libopenssl1_1-1.1.1d-150200.11.57.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libsmartcols1-2.36.2-150300.4.32.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libsystemd0-246.16-150300.7.57.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-246.16-150300.7.57.1 updated - libuuid1-2.36.2-150300.4.32.1 updated - libxml2-2-2.9.7-150000.3.51.1 updated - libz1-1.2.11-150000.3.39.1 updated - openssl-1_1-1.1.1d-150200.11.57.1 updated - pam-1.3.0-150000.6.61.1 updated - permissions-20181225-150200.23.23.1 updated - procps-3.3.15-150000.7.28.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - timezone-2022g-150000.75.18.1 updated - util-linux-2.36.2-150300.4.32.1 updated - container:sles15-image-15.0.0-17.20.107 updated From sle-updates at lists.suse.com Wed Mar 1 08:03:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:03:36 +0100 (CET) Subject: SUSE-CU-2023:508-1: Security update of ses/7.1/ceph/prometheus-node-exporter Message-ID: <20230301080336.0C1D9F74A@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/prometheus-node-exporter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:508-1 Container Tags : ses/7.1/ceph/prometheus-node-exporter:1.3.0 , ses/7.1/ceph/prometheus-node-exporter:1.3.0.3.2.359 , ses/7.1/ceph/prometheus-node-exporter:latest , ses/7.1/ceph/prometheus-node-exporter:sle15.3.pacific Container Release : 3.2.359 Severity : important Type : security References : 1121365 1167864 1177460 1177460 1180995 1181961 1183533 1194038 1194530 1196338 1198472 1199467 1200723 1201959 1201978 1202324 1202750 1202812 1203046 1203652 1203652 1203681 1203857 1203911 1204137 1204179 1204211 1204256 1204366 1204367 1204383 1204423 1204649 1204968 1205000 1205126 1205156 1205646 1206309 1206337 1206412 1206579 1206738 1207533 1207534 1207536 1207538 CVE-2016-3709 CVE-2020-10696 CVE-2021-20206 CVE-2021-22569 CVE-2021-28153 CVE-2022-1941 CVE-2022-21698 CVE-2022-2990 CVE-2022-3171 CVE-2022-32221 CVE-2022-3821 CVE-2022-40303 CVE-2022-40304 CVE-2022-42898 CVE-2022-4304 CVE-2022-43552 CVE-2022-4415 CVE-2022-4450 CVE-2022-46908 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container ses/7.1/ceph/prometheus-node-exporter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3745-1 Released: Wed Oct 26 10:37:11 2022 Summary: Security update for golang-github-prometheus-node_exporter Type: security Severity: moderate References: 1196338,CVE-2022-21698 This update for golang-github-prometheus-node_exporter fixes the following issues: (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239, jsc#SUMA-114, CVE-2022-21698) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:157-1 Released: Thu Jan 26 15:54:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:174-1 Released: Thu Jan 26 20:52:38 2023 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:176-1 Released: Thu Jan 26 20:56:20 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1206738 This update for permissions fixes the following issues: Update to version 20181225: * Backport postfix permissions to SLE 15 SP2 (bsc#1206738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:198-1 Released: Fri Jan 27 14:26:54 2023 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:310-1 Released: Tue Feb 7 17:35:34 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) The following package changes have been done: - golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1 updated - krb5-1.19.2-150300.10.1 updated - libblkid1-2.36.2-150300.4.32.1 updated - libcurl4-7.66.0-150200.4.45.1 updated - libfdisk1-2.36.2-150300.4.32.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libglib-2_0-0-2.62.6-150200.3.10.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libmount1-2.36.2-150300.4.32.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.57.1 updated - libopenssl1_1-1.1.1d-150200.11.57.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libsmartcols1-2.36.2-150300.4.32.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libsystemd0-246.16-150300.7.57.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-246.16-150300.7.57.1 updated - libuuid1-2.36.2-150300.4.32.1 updated - libxml2-2-2.9.7-150000.3.51.1 updated - libz1-1.2.11-150000.3.39.1 updated - openssl-1_1-1.1.1d-150200.11.57.1 updated - pam-1.3.0-150000.6.61.1 updated - permissions-20181225-150200.23.23.1 updated - procps-3.3.15-150000.7.28.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - timezone-2022g-150000.75.18.1 updated - util-linux-2.36.2-150300.4.32.1 updated - container:sles15-image-15.0.0-17.20.107 updated From sle-updates at lists.suse.com Wed Mar 1 08:03:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:03:42 +0100 (CET) Subject: SUSE-CU-2023:509-1: Security update of ses/7.1/ceph/prometheus-server Message-ID: <20230301080342.1ADBEF74A@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/prometheus-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:509-1 Container Tags : ses/7.1/ceph/prometheus-server:2.32.1 , ses/7.1/ceph/prometheus-server:2.32.1.3.2.352 , ses/7.1/ceph/prometheus-server:latest , ses/7.1/ceph/prometheus-server:sle15.3.pacific Container Release : 3.2.352 Severity : important Type : security References : 1121365 1167864 1177460 1177460 1180995 1181961 1183533 1194038 1194530 1198472 1199467 1200723 1201959 1201978 1202324 1202750 1202812 1203046 1203652 1203652 1203681 1203857 1203911 1204137 1204179 1204211 1204256 1204366 1204367 1204383 1204423 1204649 1204968 1205000 1205126 1205156 1205646 1206309 1206337 1206412 1206579 1206738 1207533 1207534 1207536 1207538 CVE-2016-3709 CVE-2020-10696 CVE-2021-20206 CVE-2021-22569 CVE-2021-28153 CVE-2022-1941 CVE-2022-2990 CVE-2022-3171 CVE-2022-32221 CVE-2022-3821 CVE-2022-40303 CVE-2022-40304 CVE-2022-42898 CVE-2022-4304 CVE-2022-43552 CVE-2022-4415 CVE-2022-4450 CVE-2022-46908 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container ses/7.1/ceph/prometheus-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:157-1 Released: Thu Jan 26 15:54:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:174-1 Released: Thu Jan 26 20:52:38 2023 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:176-1 Released: Thu Jan 26 20:56:20 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1206738 This update for permissions fixes the following issues: Update to version 20181225: * Backport postfix permissions to SLE 15 SP2 (bsc#1206738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:198-1 Released: Fri Jan 27 14:26:54 2023 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:310-1 Released: Tue Feb 7 17:35:34 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) The following package changes have been done: - krb5-1.19.2-150300.10.1 updated - libblkid1-2.36.2-150300.4.32.1 updated - libcurl4-7.66.0-150200.4.45.1 updated - libfdisk1-2.36.2-150300.4.32.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libglib-2_0-0-2.62.6-150200.3.10.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libmount1-2.36.2-150300.4.32.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.57.1 updated - libopenssl1_1-1.1.1d-150200.11.57.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libsmartcols1-2.36.2-150300.4.32.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libsystemd0-246.16-150300.7.57.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-246.16-150300.7.57.1 updated - libuuid1-2.36.2-150300.4.32.1 updated - libxml2-2-2.9.7-150000.3.51.1 updated - libz1-1.2.11-150000.3.39.1 updated - openssl-1_1-1.1.1d-150200.11.57.1 updated - pam-1.3.0-150000.6.61.1 updated - permissions-20181225-150200.23.23.1 updated - procps-3.3.15-150000.7.28.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - timezone-2022g-150000.75.18.1 updated - util-linux-2.36.2-150300.4.32.1 updated - container:sles15-image-15.0.0-17.20.107 updated From sle-updates at lists.suse.com Wed Mar 1 08:03:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:03:48 +0100 (CET) Subject: SUSE-CU-2023:510-1: Security update of ses/7.1/ceph/prometheus-snmp_notifier Message-ID: <20230301080348.12F14F74A@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/prometheus-snmp_notifier ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:510-1 Container Tags : ses/7.1/ceph/prometheus-snmp_notifier:1.2.1 , ses/7.1/ceph/prometheus-snmp_notifier:1.2.1.2.2.341 , ses/7.1/ceph/prometheus-snmp_notifier:latest , ses/7.1/ceph/prometheus-snmp_notifier:sle15.3.pacific Container Release : 2.2.341 Severity : important Type : security References : 1121365 1167864 1177460 1177460 1180995 1181961 1183533 1194038 1194530 1198472 1199467 1200723 1201959 1201978 1202324 1202750 1202812 1203046 1203652 1203652 1203681 1203857 1203911 1204137 1204179 1204211 1204256 1204366 1204367 1204383 1204423 1204649 1204968 1205000 1205126 1205156 1205646 1206309 1206337 1206412 1206579 1206738 1207533 1207534 1207536 1207538 CVE-2016-3709 CVE-2020-10696 CVE-2021-20206 CVE-2021-22569 CVE-2021-28153 CVE-2022-1941 CVE-2022-2990 CVE-2022-3171 CVE-2022-32221 CVE-2022-3821 CVE-2022-40303 CVE-2022-40304 CVE-2022-42898 CVE-2022-4304 CVE-2022-43552 CVE-2022-4415 CVE-2022-4450 CVE-2022-46908 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container ses/7.1/ceph/prometheus-snmp_notifier was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:157-1 Released: Thu Jan 26 15:54:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:174-1 Released: Thu Jan 26 20:52:38 2023 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:176-1 Released: Thu Jan 26 20:56:20 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1206738 This update for permissions fixes the following issues: Update to version 20181225: * Backport postfix permissions to SLE 15 SP2 (bsc#1206738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:198-1 Released: Fri Jan 27 14:26:54 2023 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:310-1 Released: Tue Feb 7 17:35:34 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) The following package changes have been done: - krb5-1.19.2-150300.10.1 updated - libblkid1-2.36.2-150300.4.32.1 updated - libcurl4-7.66.0-150200.4.45.1 updated - libfdisk1-2.36.2-150300.4.32.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libglib-2_0-0-2.62.6-150200.3.10.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libmount1-2.36.2-150300.4.32.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.57.1 updated - libopenssl1_1-1.1.1d-150200.11.57.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libsmartcols1-2.36.2-150300.4.32.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libsystemd0-246.16-150300.7.57.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-246.16-150300.7.57.1 updated - libuuid1-2.36.2-150300.4.32.1 updated - libxml2-2-2.9.7-150000.3.51.1 updated - libz1-1.2.11-150000.3.39.1 updated - openssl-1_1-1.1.1d-150200.11.57.1 updated - pam-1.3.0-150000.6.61.1 updated - permissions-20181225-150200.23.23.1 updated - procps-3.3.15-150000.7.28.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - timezone-2022g-150000.75.18.1 updated - util-linux-2.36.2-150300.4.32.1 updated - container:sles15-image-15.0.0-17.20.107 updated From sle-updates at lists.suse.com Wed Mar 1 08:03:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:03:55 +0100 (CET) Subject: SUSE-CU-2023:511-1: Security update of ses/7.1/rook/ceph Message-ID: <20230301080355.6654FF74A@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:511-1 Container Tags : ses/7.1/rook/ceph:1.10.1 , ses/7.1/rook/ceph:1.10.1.16 , ses/7.1/rook/ceph:1.10.1.16.4.5.328 , ses/7.1/rook/ceph:latest , ses/7.1/rook/ceph:sle15.3.pacific Container Release : 4.5.328 Severity : critical Type : security References : 1087072 1101820 1121365 1142579 1149792 1167864 1176785 1177083 1177460 1177460 1178676 1179465 1180995 1181961 1183533 1185597 1185712 1188374 1188607 1190818 1191473 1192439 1193929 1194038 1194530 1194783 1197255 1197592 1197998 1198237 1198472 1198523 1199074 1199467 1199856 1199944 1200723 1200901 1201959 1201978 1202324 1202627 1202750 1202812 1202816 1202966 1202967 1202969 1203046 1203125 1203201 1203216 1203246 1203652 1203652 1203669 1203681 1203857 1203911 1204111 1204112 1204113 1204137 1204145 1204179 1204211 1204256 1204364 1204366 1204367 1204383 1204423 1204577 1204649 1204690 1204708 1204968 1204986 1205000 1205126 1205156 1205244 1205646 1206212 1206212 1206309 1206337 1206412 1206579 1206622 1206667 1206738 1207082 1207533 1207534 1207536 1207538 1208443 CVE-2016-3709 CVE-2018-10903 CVE-2019-1010204 CVE-2019-18348 CVE-2020-10696 CVE-2020-10735 CVE-2020-25658 CVE-2020-8492 CVE-2021-20206 CVE-2021-22569 CVE-2021-28153 CVE-2021-3530 CVE-2021-3648 CVE-2021-3826 CVE-2021-45078 CVE-2021-46195 CVE-2021-46848 CVE-2022-1664 CVE-2022-1941 CVE-2022-23491 CVE-2022-24761 CVE-2022-27943 CVE-2022-2990 CVE-2022-3171 CVE-2022-32221 CVE-2022-37454 CVE-2022-38126 CVE-2022-38127 CVE-2022-3821 CVE-2022-38533 CVE-2022-40023 CVE-2022-40303 CVE-2022-40304 CVE-2022-40897 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42898 CVE-2022-42969 CVE-2022-4304 CVE-2022-43552 CVE-2022-43680 CVE-2022-43995 CVE-2022-4415 CVE-2022-4450 CVE-2022-45061 CVE-2022-46908 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 CVE-2023-22809 ----------------------------------------------------------------- The container ses/7.1/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3731-1 Released: Tue Oct 25 17:10:20 2022 Summary: Security update for python-waitress Type: security Severity: important References: 1197255,CVE-2022-24761 This update for python-waitress fixes the following issues: - CVE-2022-24761: Fixed a bug to avoid inconsistent interpretation of HTTP requests leading to request smuggling. (bsc#1197255) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3805-1 Released: Thu Oct 27 17:19:46 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3912-1 Released: Tue Nov 8 13:38:11 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3932-1 Released: Thu Nov 10 11:55:12 2022 Summary: Security update for python-rsa Type: security Severity: moderate References: 1178676,CVE-2020-25658 This update for python-rsa fixes the following issues: - CVE-2020-25658: Fixed bleichenbacher timing oracle attack against RSA decryption (bsc#1178676). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3979-1 Released: Tue Nov 15 11:05:22 2022 Summary: Security update for python-Mako Type: security Severity: moderate References: 1203246,CVE-2022-40023 This update for python-Mako fixes the following issues: - CVE-2022-40023: Fixed regular expression Denial of Service when using the Lexer class to parse (bsc#1203246). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3985-1 Released: Tue Nov 15 12:54:11 2022 Summary: Recommended update for python-apipkg Type: recommended Severity: moderate References: 1204145 This update fixes for python3-apipkg the following issues: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4020-1 Released: Wed Nov 16 15:45:13 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1199856,1202627 This update for nfs-utils fixes the following issues: - Fix nfsdcltrack bug that affected non-x86 archs (bsc#1202627) - Ensure sysctl setting work (bsc#1199856) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4044-1 Released: Thu Nov 17 09:07:24 2022 Summary: Security update for python-cryptography, python-cryptography-vectors Type: security Severity: important References: 1101820,1149792,1176785,1177083,CVE-2018-10903 This update for python-cryptography, python-cryptography-vectors fixes the following issues: - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Refresh patches for new version - Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352) - update to 2.9.2 * 2.9.2 - 2020-04-22 - Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15. * 2.9.1 - 2020-04-21 - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g. * 2.9 - 2020-04-02 - BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden. - BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade. - BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed. - Removed support for calling public_bytes() with no arguments, as per our deprecation policy. You must now pass encoding and format. - BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string() returns the RDNs as required by RFC 4514. - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f. - Added support for parsing single_extensions in an OCSP response. - NameAttribute values can now be empty strings. - Add openSSL_111d.patch to make this version of the package compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792. - bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in finalize_with_tag API - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Include in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352) - update to 2.9.2: * updated vectors for the cryptography 2.9.2 testing ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4077-1 Released: Fri Nov 18 15:05:28 2022 Summary: Security update for sudo Type: security Severity: important References: 1190818,1203201,1204986,CVE-2022-43995 This update for sudo fixes the following issues: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a passwor dof seven characters or fewer and using the crypt() password backend (bsc#1204986). - Fix wrong information output in the error message (bsc#1190818). - Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4146-1 Released: Mon Nov 21 09:56:12 2022 Summary: Security update for binutils Type: security Severity: moderate References: 1142579,1185597,1185712,1188374,1191473,1193929,1194783,1197592,1198237,1202816,1202966,1202967,1202969,CVE-2019-1010204,CVE-2021-3530,CVE-2021-3648,CVE-2021-3826,CVE-2021-45078,CVE-2021-46195,CVE-2022-27943,CVE-2022-38126,CVE-2022-38127,CVE-2022-38533 This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE= in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils. * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to 'warn' will generate a warning message whenever any multibyte character is encountered. Using the option to 'warn-sym-only' will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4160-1 Released: Tue Nov 22 10:10:37 2022 Summary: Recommended update for nfsidmap Type: recommended Severity: moderate References: 1200901 This update for nfsidmap fixes the following issues: - Various bugfixes and improvemes from upstream In particular, fixed a crash that can happen when a 'static' mapping is configured. (bsc#1200901) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4270-1 Released: Tue Nov 29 13:20:45 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1198523,1199074,1203216 This update for lvm2 fixes the following issues: - Design changes to avoid kernel panic (bsc#1198523) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4391-1 Released: Fri Dec 9 08:02:23 2022 Summary: Recommended update for libxslt Type: recommended Severity: low References: 1203669 This update for libxslt fixes the following issues: - Fix broken license symlink for libxslt-tools (bsc#1203669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4470-1 Released: Wed Dec 14 06:05:48 2022 Summary: Recommended update for sudo Type: recommended Severity: important References: 1197998 This update for sudo fixes the following issues: - Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update (bsc#1197998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:115-1 Released: Fri Jan 20 10:23:51 2023 Summary: Security update for sudo Type: security Severity: important References: 1207082,CVE-2023-22809 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:139-1 Released: Wed Jan 25 14:41:55 2023 Summary: Security update for python-certifi Type: security Severity: important References: 1206212,CVE-2022-23491 This update for python-certifi fixes the following issues: - remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle certs (bsc#1206212 CVE-2022-23491) - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 - Add removeTrustCor.patch ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:157-1 Released: Thu Jan 26 15:54:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:161-1 Released: Thu Jan 26 18:23:16 2023 Summary: Security update for python-py Type: security Severity: moderate References: 1204364,CVE-2022-42969 This update for python-py fixes the following issues: - CVE-2022-42969: Fixed an excessive resource consumption that could be triggered when interacting with a Subversion repository containing crated data (bsc#1204364). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:174-1 Released: Thu Jan 26 20:52:38 2023 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:176-1 Released: Thu Jan 26 20:56:20 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1206738 This update for permissions fixes the following issues: Update to version 20181225: * Backport postfix permissions to SLE 15 SP2 (bsc#1206738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:198-1 Released: Fri Jan 27 14:26:54 2023 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:223-1 Released: Wed Feb 1 09:36:03 2023 Summary: Security update for python-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:310-1 Released: Tue Feb 7 17:35:34 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:549-1 Released: Mon Feb 27 17:35:07 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1205244,1208443,CVE-2022-45061 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). The following package changes have been done: - binutils-2.39-150100.7.40.1 updated - ca-certificates-mozilla-2.60-150200.27.1 updated - dbus-1-1.12.2-150100.8.14.1 updated - device-mapper-2.03.05_1.02.163-150200.8.49.1 updated - glib2-tools-2.62.6-150200.3.10.1 updated - krb5-1.19.2-150300.10.1 updated - libblkid1-2.36.2-150300.4.32.1 updated - libctf-nobfd0-2.39-150100.7.40.1 updated - libctf0-2.39-150100.7.40.1 updated - libcurl4-7.66.0-150200.4.45.1 updated - libdbus-1-3-1.12.2-150100.8.14.1 updated - libdevmapper-event1_03-2.03.05_1.02.163-150200.8.49.1 updated - libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 updated - libexpat1-2.2.5-150000.3.25.1 updated - libfdisk1-2.36.2-150300.4.32.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libgio-2_0-0-2.62.6-150200.3.10.1 updated - libglib-2_0-0-2.62.6-150200.3.10.1 updated - libgmodule-2_0-0-2.62.6-150200.3.10.1 updated - libgobject-2_0-0-2.62.6-150200.3.10.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libksba8-1.3.5-150000.4.6.1 updated - liblvm2cmd2_03-2.03.05-150200.8.49.1 updated - libmount1-2.36.2-150300.4.32.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.57.1 updated - libopenssl1_1-1.1.1d-150200.11.57.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libpython3_6m1_0-3.6.15-150300.10.40.1 updated - libsmartcols1-2.36.2-150300.4.32.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libsystemd0-246.16-150300.7.57.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-246.16-150300.7.57.1 updated - libuuid1-2.36.2-150300.4.32.1 updated - libxml2-2-2.9.7-150000.3.51.1 updated - libxslt1-1.1.32-150000.3.11.1 updated - libz1-1.2.11-150000.3.39.1 updated - lvm2-2.03.05-150200.8.49.1 updated - nfs-client-2.1.1-150100.10.27.1 updated - nfs-kernel-server-2.1.1-150100.10.27.1 updated - nfsidmap-0.26-150000.3.7.1 updated - openssh-clients-8.4p1-150300.3.15.4 updated - openssh-common-8.4p1-150300.3.15.4 updated - openssh-fips-8.4p1-150300.3.15.4 updated - openssh-server-8.4p1-150300.3.15.4 updated - openssh-8.4p1-150300.3.15.4 updated - openssl-1_1-1.1.1d-150200.11.57.1 updated - pam-1.3.0-150000.6.61.1 updated - permissions-20181225-150200.23.23.1 updated - procps-3.3.15-150000.7.28.1 updated - python3-Mako-1.0.7-150000.3.3.1 updated - python3-apipkg-1.4-150000.3.4.1 updated - python3-base-3.6.15-150300.10.40.1 updated - python3-certifi-2018.1.18-150000.3.3.1 updated - python3-cryptography-2.9.2-150200.13.1 updated - python3-curses-3.6.15-150300.10.40.1 updated - python3-iniconfig-1.1.1-150000.1.9.1 updated - python3-py-1.10.0-150100.5.12.1 updated - python3-rsa-3.4.2-150000.3.7.1 updated - python3-setuptools-40.5.0-150100.6.6.1 updated - python3-waitress-1.4.3-150000.3.6.1 updated - python3-3.6.15-150300.10.40.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - sudo-1.9.5p2-150300.3.19.1 updated - systemd-246.16-150300.7.57.1 updated - timezone-2022g-150000.75.18.1 updated - udev-246.16-150300.7.57.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - util-linux-systemd-2.36.2-150300.4.32.1 updated - util-linux-2.36.2-150300.4.32.1 updated - container:sles15-image-15.0.0-17.20.107 updated From sle-updates at lists.suse.com Wed Mar 1 08:04:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:04:57 +0100 (CET) Subject: SUSE-CU-2023:513-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20230301080457.E0126F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:513-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.85 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.85 Severity : moderate Type : security References : 1205244 1208443 CVE-2022-45061 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:549-1 Released: Mon Feb 27 17:35:07 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1205244,1208443,CVE-2022-45061 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.40.1 updated - python3-base-3.6.15-150300.10.40.1 updated From sle-updates at lists.suse.com Wed Mar 1 08:05:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:05:07 +0100 (CET) Subject: SUSE-CU-2023:514-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230301080507.6F506F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:514-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-3.2.64 , suse/sle-micro/5.4/toolbox:latest Container Release : 3.2.64 Severity : moderate Type : security References : 1205244 1208443 CVE-2022-45061 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:549-1 Released: Mon Feb 27 17:35:07 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1205244,1208443,CVE-2022-45061 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.40.1 updated - python3-base-3.6.15-150300.10.40.1 updated From sle-updates at lists.suse.com Wed Mar 1 08:06:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:06:00 +0100 (CET) Subject: SUSE-CU-2023:515-1: Recommended update of suse/389-ds Message-ID: <20230301080600.2EDE0F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:515-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-19.29 , suse/389-ds:latest Container Release : 19.29 Severity : moderate Type : recommended References : 1207994 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - openssl-1_1-1.1.1l-150400.7.25.1 updated - container:sles15-image-15.0.0-27.14.37 updated From sle-updates at lists.suse.com Wed Mar 1 08:06:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:06:30 +0100 (CET) Subject: SUSE-CU-2023:516-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230301080630.A9154F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:516-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-29.5 , bci/dotnet-aspnet:6.0.14 , bci/dotnet-aspnet:6.0.14-29.5 Container Release : 29.5 Severity : moderate Type : recommended References : 1207994 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - container:sles15-image-15.0.0-27.14.37 updated From sle-updates at lists.suse.com Wed Mar 1 08:07:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:07:06 +0100 (CET) Subject: SUSE-CU-2023:517-1: Recommended update of bci/dotnet-sdk Message-ID: <20230301080706.5A86FF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:517-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-31.5 , bci/dotnet-sdk:6.0.14 , bci/dotnet-sdk:6.0.14-31.5 Container Release : 31.5 Severity : moderate Type : recommended References : 1207994 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - container:sles15-image-15.0.0-27.14.37 updated From sle-updates at lists.suse.com Wed Mar 1 08:07:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:07:36 +0100 (CET) Subject: SUSE-CU-2023:518-1: Recommended update of bci/dotnet-runtime Message-ID: <20230301080736.D2031F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:518-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-28.5 , bci/dotnet-runtime:6.0.14 , bci/dotnet-runtime:6.0.14-28.5 Container Release : 28.5 Severity : moderate Type : recommended References : 1207994 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - container:sles15-image-15.0.0-27.14.37 updated From sle-updates at lists.suse.com Wed Mar 1 08:18:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:18:51 +0100 (CET) Subject: SUSE-CU-2023:518-1: Recommended update of bci/dotnet-runtime Message-ID: <20230301081851.0295CF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:518-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-28.5 , bci/dotnet-runtime:6.0.14 , bci/dotnet-runtime:6.0.14-28.5 Container Release : 28.5 Severity : moderate Type : recommended References : 1207994 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - container:sles15-image-15.0.0-27.14.37 updated From sle-updates at lists.suse.com Wed Mar 1 08:19:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:19:23 +0100 (CET) Subject: SUSE-CU-2023:519-1: Recommended update of bci/golang Message-ID: <20230301081923.5B17BF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:519-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-19.41 Container Release : 19.41 Severity : moderate Type : recommended References : 1207994 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - container:sles15-image-15.0.0-27.14.37 updated From sle-updates at lists.suse.com Wed Mar 1 08:19:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:19:49 +0100 (CET) Subject: SUSE-CU-2023:520-1: Recommended update of bci/golang Message-ID: <20230301081949.C296BF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:520-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-20.26 , bci/golang:latest Container Release : 20.26 Severity : moderate Type : recommended References : 1207994 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - container:sles15-image-15.0.0-27.14.37 updated From sle-updates at lists.suse.com Wed Mar 1 08:20:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:20:24 +0100 (CET) Subject: SUSE-CU-2023:521-1: Recommended update of bci/nodejs Message-ID: <20230301082024.CC8BEF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:521-1 Container Tags : bci/node:14 , bci/node:14-36.43 , bci/nodejs:14 , bci/nodejs:14-36.43 Container Release : 36.43 Severity : moderate Type : recommended References : 1207994 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - container:sles15-image-15.0.0-27.14.37 updated From sle-updates at lists.suse.com Wed Mar 1 08:20:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:20:26 +0100 (CET) Subject: SUSE-CU-2023:522-1: Recommended update of bci/nodejs Message-ID: <20230301082026.DD665F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:522-1 Container Tags : bci/node:18 , bci/node:18-2.6 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-2.6 , bci/nodejs:latest Container Release : 2.6 Severity : moderate Type : recommended References : 1207994 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - container:sles15-image-15.0.0-27.14.37 updated From sle-updates at lists.suse.com Wed Mar 1 08:21:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:21:09 +0100 (CET) Subject: SUSE-CU-2023:523-1: Recommended update of bci/openjdk-devel Message-ID: <20230301082109.591BAF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:523-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-38.90 Container Release : 38.90 Severity : moderate Type : recommended References : 1207994 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - openssl-1_1-1.1.1l-150400.7.25.1 updated - container:bci-openjdk-11-15.4.11-34.43 updated From sle-updates at lists.suse.com Wed Mar 1 08:21:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:21:44 +0100 (CET) Subject: SUSE-CU-2023:524-1: Recommended update of bci/openjdk Message-ID: <20230301082144.6E4B3F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:524-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-34.43 Container Release : 34.43 Severity : moderate Type : recommended References : 1207994 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - openssl-1_1-1.1.1l-150400.7.25.1 updated - container:sles15-image-15.0.0-27.14.37 updated From sle-updates at lists.suse.com Wed Mar 1 08:21:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:21:58 +0100 (CET) Subject: SUSE-CU-2023:525-1: Recommended update of bci/openjdk-devel Message-ID: <20230301082158.6F33AF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:525-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-13.51 , bci/openjdk-devel:latest Container Release : 13.51 Severity : moderate Type : recommended References : 1207994 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - openssl-1_1-1.1.1l-150400.7.25.1 updated - container:bci-openjdk-17-15.4.17-12.27 updated From sle-updates at lists.suse.com Wed Mar 1 08:22:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:22:09 +0100 (CET) Subject: SUSE-CU-2023:526-1: Recommended update of bci/openjdk Message-ID: <20230301082209.BFCCAF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:526-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.28 , bci/openjdk:latest Container Release : 12.28 Severity : moderate Type : recommended References : 1207994 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - openssl-1_1-1.1.1l-150400.7.25.1 updated - container:sles15-image-15.0.0-27.14.37 updated From sle-updates at lists.suse.com Wed Mar 1 08:22:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:22:56 +0100 (CET) Subject: SUSE-CU-2023:527-1: Recommended update of suse/pcp Message-ID: <20230301082257.00780F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:527-1 Container Tags : suse/pcp:5 , suse/pcp:5-12.42 , suse/pcp:5.2 , suse/pcp:5.2-12.42 , suse/pcp:5.2.2 , suse/pcp:5.2.2-12.42 , suse/pcp:latest Container Release : 12.42 Severity : moderate Type : recommended References : 1207994 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - container:bci-bci-init-15.4-15.4-25.21 updated From sle-updates at lists.suse.com Wed Mar 1 08:23:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:23:25 +0100 (CET) Subject: SUSE-CU-2023:528-1: Recommended update of bci/python Message-ID: <20230301082325.5A7E7F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:528-1 Container Tags : bci/python:3 , bci/python:3-11.25 , bci/python:3.10 , bci/python:3.10-11.25 , bci/python:latest Container Release : 11.25 Severity : moderate Type : recommended References : 1207994 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - openssl-1_1-1.1.1l-150400.7.25.1 updated - container:sles15-image-15.0.0-27.14.37 updated From sle-updates at lists.suse.com Wed Mar 1 08:23:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:23:58 +0100 (CET) Subject: SUSE-CU-2023:529-1: Recommended update of bci/python Message-ID: <20230301082358.2BB15F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:529-1 Container Tags : bci/python:3 , bci/python:3-34.28 , bci/python:3.6 , bci/python:3.6-34.28 Container Release : 34.28 Severity : moderate Type : recommended References : 1207994 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - openssl-1_1-1.1.1l-150400.7.25.1 updated - container:sles15-image-15.0.0-27.14.37 updated From sle-updates at lists.suse.com Wed Mar 1 08:24:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:24:28 +0100 (CET) Subject: SUSE-CU-2023:530-1: Recommended update of bci/ruby Message-ID: <20230301082428.CA197F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:530-1 Container Tags : bci/ruby:2 , bci/ruby:2-33.24 , bci/ruby:2.5 , bci/ruby:2.5-33.24 , bci/ruby:latest Container Release : 33.24 Severity : moderate Type : recommended References : 1207994 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - container:sles15-image-15.0.0-27.14.37 updated From sle-updates at lists.suse.com Wed Mar 1 08:24:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:24:38 +0100 (CET) Subject: SUSE-CU-2023:531-1: Recommended update of bci/rust Message-ID: <20230301082438.302E9F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:531-1 Container Tags : bci/rust:1.65 , bci/rust:1.65-13.23 Container Release : 13.23 Severity : moderate Type : recommended References : 1207994 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - container:sles15-image-15.0.0-27.14.37 updated From sle-updates at lists.suse.com Wed Mar 1 08:24:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:24:44 +0100 (CET) Subject: SUSE-CU-2023:532-1: Recommended update of bci/rust Message-ID: <20230301082444.20E89F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:532-1 Container Tags : bci/rust:1.66 , bci/rust:1.66-3.9 Container Release : 3.9 Severity : moderate Type : recommended References : 1207994 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - container:sles15-image-15.0.0-27.14.37 updated From sle-updates at lists.suse.com Wed Mar 1 08:24:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:24:45 +0100 (CET) Subject: SUSE-CU-2023:533-1: Recommended update of bci/rust Message-ID: <20230301082445.BBCDDF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:533-1 Container Tags : bci/rust:1.67 , bci/rust:1.67-2.4 , bci/rust:latest Container Release : 2.4 Severity : moderate Type : recommended References : 1207994 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - container:sles15-image-15.0.0-27.14.37 updated From sle-updates at lists.suse.com Wed Mar 1 08:25:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2023 09:25:10 +0100 (CET) Subject: SUSE-CU-2023:534-1: Recommended update of suse/sle15 Message-ID: <20230301082510.7924FF74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:534-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.37 , suse/sle15:15.4 , suse/sle15:15.4.27.14.37 Container Release : 27.14.37 Severity : moderate Type : recommended References : 1207994 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - libopenssl1_1-1.1.1l-150400.7.25.1 updated - openssl-1_1-1.1.1l-150400.7.25.1 updated From sle-updates at lists.suse.com Wed Mar 1 12:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 01 Mar 2023 12:30:01 -0000 Subject: SUSE-RU-2023:0585-1: moderate: Recommended update for libica Message-ID: <167767380144.4529.5423475219930468440@smelt2.suse.de> # Recommended update for libica Announcement ID: SUSE-RU-2023:0585-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for libica fixes the following issues: Upgrade to version 4.2.1 (jsc#PED-2872) * fixed a regression opening shared memory ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-585=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-585=1 ## Package List: * openSUSE Leap 15.4 (s390x) * libica-devel-4.2.1-150400.3.8.1 * libica-devel-static-4.2.1-150400.3.8.1 * libica4-debuginfo-4.2.1-150400.3.8.1 * libica-tools-4.2.1-150400.3.8.1 * libica-tools-debuginfo-4.2.1-150400.3.8.1 * libica-debugsource-4.2.1-150400.3.8.1 * libica4-4.2.1-150400.3.8.1 * Server Applications Module 15-SP4 (s390x) * libica-devel-4.2.1-150400.3.8.1 * libica-devel-static-4.2.1-150400.3.8.1 * libica4-debuginfo-4.2.1-150400.3.8.1 * libica-tools-4.2.1-150400.3.8.1 * libica-tools-debuginfo-4.2.1-150400.3.8.1 * libica-debugsource-4.2.1-150400.3.8.1 * libica4-4.2.1-150400.3.8.1 ## References: * https://jira.suse.com/browse/PED-2872 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 1 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 01 Mar 2023 12:30:03 -0000 Subject: SUSE-SU-2023:0584-1: moderate: Security update for openssl Message-ID: <167767380363.4529.10440077802582138094@smelt2.suse.de> # Security update for openssl Announcement ID: SUSE-SU-2023:0584-1 Rating: moderate References: * #1207534 Cross-References: * CVE-2022-4304 CVSS scores: * CVE-2022-4304 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-4304 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 11 SP4 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for openssl fixes the following issues: * CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-584=1 * SUSE Linux Enterprise Server 11 SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-584=1 ## Package List: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (x86_64) * libopenssl0_9_8-0.9.8j-0.106.60.1 * libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.60.1 * libopenssl0_9_8-32bit-0.9.8j-0.106.60.1 * libopenssl0_9_8-hmac-0.9.8j-0.106.60.1 * openssl-doc-0.9.8j-0.106.60.1 * openssl-0.9.8j-0.106.60.1 * SUSE Linux Enterprise Server 11 SP4 (x86_64) * libopenssl0_9_8-0.9.8j-0.106.60.1 * libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.60.1 * libopenssl0_9_8-32bit-0.9.8j-0.106.60.1 * libopenssl0_9_8-hmac-0.9.8j-0.106.60.1 * openssl-doc-0.9.8j-0.106.60.1 * openssl-0.9.8j-0.106.60.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4304.html * https://bugzilla.suse.com/show_bug.cgi?id=1207534 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 1 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 01 Mar 2023 12:30:06 -0000 Subject: SUSE-SU-2023:0583-1: important: Security update for postgresql13 Message-ID: <167767380609.4529.9721437105819268946@smelt2.suse.de> # Security update for postgresql13 Announcement ID: SUSE-SU-2023:0583-1 Rating: important References: * #1208102 Cross-References: * CVE-2022-41862 CVSS scores: * CVE-2022-41862 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Legacy Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for postgresql13 fixes the following issues: Update to 13.10: * CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-583=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-583=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-583=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-583=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-583=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-583=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-583=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-583=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-583=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-583=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-583=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-583=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-583=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-583=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-583=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * postgresql13-pltcl-13.10-150200.5.37.1 * postgresql13-server-debuginfo-13.10-150200.5.37.1 * postgresql13-llvmjit-devel-13.10-150200.5.37.1 * postgresql13-13.10-150200.5.37.1 * postgresql13-server-devel-13.10-150200.5.37.1 * postgresql13-server-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-llvmjit-debuginfo-13.10-150200.5.37.1 * postgresql13-plperl-13.10-150200.5.37.1 * postgresql13-debuginfo-13.10-150200.5.37.1 * postgresql13-test-13.10-150200.5.37.1 * postgresql13-server-13.10-150200.5.37.1 * postgresql13-pltcl-debuginfo-13.10-150200.5.37.1 * postgresql13-plpython-debuginfo-13.10-150200.5.37.1 * postgresql13-debugsource-13.10-150200.5.37.1 * postgresql13-contrib-13.10-150200.5.37.1 * postgresql13-plpython-13.10-150200.5.37.1 * postgresql13-devel-13.10-150200.5.37.1 * postgresql13-llvmjit-13.10-150200.5.37.1 * postgresql13-contrib-debuginfo-13.10-150200.5.37.1 * postgresql13-plperl-debuginfo-13.10-150200.5.37.1 * openSUSE Leap 15.4 (noarch) * postgresql13-docs-13.10-150200.5.37.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql13-plpython-debuginfo-13.10-150200.5.37.1 * postgresql13-pltcl-13.10-150200.5.37.1 * postgresql13-server-debuginfo-13.10-150200.5.37.1 * postgresql13-debugsource-13.10-150200.5.37.1 * postgresql13-13.10-150200.5.37.1 * postgresql13-llvmjit-devel-13.10-150200.5.37.1 * postgresql13-llvmjit-debuginfo-13.10-150200.5.37.1 * postgresql13-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-plperl-13.10-150200.5.37.1 * postgresql13-contrib-13.10-150200.5.37.1 * postgresql13-plpython-13.10-150200.5.37.1 * postgresql13-plperl-debuginfo-13.10-150200.5.37.1 * postgresql13-debuginfo-13.10-150200.5.37.1 * postgresql13-server-13.10-150200.5.37.1 * postgresql13-server-devel-13.10-150200.5.37.1 * postgresql13-server-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-devel-13.10-150200.5.37.1 * postgresql13-llvmjit-13.10-150200.5.37.1 * postgresql13-pltcl-debuginfo-13.10-150200.5.37.1 * postgresql13-contrib-debuginfo-13.10-150200.5.37.1 * Legacy Module 15-SP4 (noarch) * postgresql13-docs-13.10-150200.5.37.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * postgresql13-plpython-debuginfo-13.10-150200.5.37.1 * postgresql13-pltcl-13.10-150200.5.37.1 * postgresql13-server-debuginfo-13.10-150200.5.37.1 * postgresql13-debugsource-13.10-150200.5.37.1 * postgresql13-13.10-150200.5.37.1 * postgresql13-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-plperl-13.10-150200.5.37.1 * postgresql13-contrib-13.10-150200.5.37.1 * postgresql13-plpython-13.10-150200.5.37.1 * postgresql13-plperl-debuginfo-13.10-150200.5.37.1 * postgresql13-debuginfo-13.10-150200.5.37.1 * postgresql13-server-13.10-150200.5.37.1 * postgresql13-server-devel-13.10-150200.5.37.1 * postgresql13-server-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-devel-13.10-150200.5.37.1 * postgresql13-pltcl-debuginfo-13.10-150200.5.37.1 * postgresql13-contrib-debuginfo-13.10-150200.5.37.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * postgresql13-docs-13.10-150200.5.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * postgresql13-plpython-debuginfo-13.10-150200.5.37.1 * postgresql13-pltcl-13.10-150200.5.37.1 * postgresql13-server-debuginfo-13.10-150200.5.37.1 * postgresql13-debugsource-13.10-150200.5.37.1 * postgresql13-13.10-150200.5.37.1 * postgresql13-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-plperl-13.10-150200.5.37.1 * postgresql13-contrib-13.10-150200.5.37.1 * postgresql13-plpython-13.10-150200.5.37.1 * postgresql13-plperl-debuginfo-13.10-150200.5.37.1 * postgresql13-debuginfo-13.10-150200.5.37.1 * postgresql13-server-13.10-150200.5.37.1 * postgresql13-server-devel-13.10-150200.5.37.1 * postgresql13-server-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-devel-13.10-150200.5.37.1 * postgresql13-pltcl-debuginfo-13.10-150200.5.37.1 * postgresql13-contrib-debuginfo-13.10-150200.5.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * postgresql13-docs-13.10-150200.5.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * postgresql13-plpython-debuginfo-13.10-150200.5.37.1 * postgresql13-pltcl-13.10-150200.5.37.1 * postgresql13-server-debuginfo-13.10-150200.5.37.1 * postgresql13-debugsource-13.10-150200.5.37.1 * postgresql13-13.10-150200.5.37.1 * postgresql13-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-plperl-13.10-150200.5.37.1 * postgresql13-contrib-13.10-150200.5.37.1 * postgresql13-plpython-13.10-150200.5.37.1 * postgresql13-plperl-debuginfo-13.10-150200.5.37.1 * postgresql13-debuginfo-13.10-150200.5.37.1 * postgresql13-server-13.10-150200.5.37.1 * postgresql13-server-devel-13.10-150200.5.37.1 * postgresql13-server-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-devel-13.10-150200.5.37.1 * postgresql13-pltcl-debuginfo-13.10-150200.5.37.1 * postgresql13-contrib-debuginfo-13.10-150200.5.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * postgresql13-docs-13.10-150200.5.37.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * postgresql13-plpython-debuginfo-13.10-150200.5.37.1 * postgresql13-pltcl-13.10-150200.5.37.1 * postgresql13-server-debuginfo-13.10-150200.5.37.1 * postgresql13-debugsource-13.10-150200.5.37.1 * postgresql13-13.10-150200.5.37.1 * postgresql13-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-plperl-13.10-150200.5.37.1 * postgresql13-contrib-13.10-150200.5.37.1 * postgresql13-plpython-13.10-150200.5.37.1 * postgresql13-plperl-debuginfo-13.10-150200.5.37.1 * postgresql13-debuginfo-13.10-150200.5.37.1 * postgresql13-server-13.10-150200.5.37.1 * postgresql13-server-devel-13.10-150200.5.37.1 * postgresql13-server-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-devel-13.10-150200.5.37.1 * postgresql13-pltcl-debuginfo-13.10-150200.5.37.1 * postgresql13-contrib-debuginfo-13.10-150200.5.37.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * postgresql13-docs-13.10-150200.5.37.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * postgresql13-plpython-debuginfo-13.10-150200.5.37.1 * postgresql13-pltcl-13.10-150200.5.37.1 * postgresql13-server-debuginfo-13.10-150200.5.37.1 * postgresql13-debugsource-13.10-150200.5.37.1 * postgresql13-13.10-150200.5.37.1 * postgresql13-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-plperl-13.10-150200.5.37.1 * postgresql13-contrib-13.10-150200.5.37.1 * postgresql13-plpython-13.10-150200.5.37.1 * postgresql13-plperl-debuginfo-13.10-150200.5.37.1 * postgresql13-debuginfo-13.10-150200.5.37.1 * postgresql13-server-13.10-150200.5.37.1 * postgresql13-server-devel-13.10-150200.5.37.1 * postgresql13-server-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-devel-13.10-150200.5.37.1 * postgresql13-pltcl-debuginfo-13.10-150200.5.37.1 * postgresql13-contrib-debuginfo-13.10-150200.5.37.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * postgresql13-docs-13.10-150200.5.37.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * postgresql13-plpython-debuginfo-13.10-150200.5.37.1 * postgresql13-pltcl-13.10-150200.5.37.1 * postgresql13-server-debuginfo-13.10-150200.5.37.1 * postgresql13-debugsource-13.10-150200.5.37.1 * postgresql13-13.10-150200.5.37.1 * postgresql13-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-plperl-13.10-150200.5.37.1 * postgresql13-contrib-13.10-150200.5.37.1 * postgresql13-plpython-13.10-150200.5.37.1 * postgresql13-plperl-debuginfo-13.10-150200.5.37.1 * postgresql13-debuginfo-13.10-150200.5.37.1 * postgresql13-server-13.10-150200.5.37.1 * postgresql13-server-devel-13.10-150200.5.37.1 * postgresql13-server-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-devel-13.10-150200.5.37.1 * postgresql13-pltcl-debuginfo-13.10-150200.5.37.1 * postgresql13-contrib-debuginfo-13.10-150200.5.37.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * postgresql13-docs-13.10-150200.5.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * postgresql13-plpython-debuginfo-13.10-150200.5.37.1 * postgresql13-pltcl-13.10-150200.5.37.1 * postgresql13-server-debuginfo-13.10-150200.5.37.1 * postgresql13-debugsource-13.10-150200.5.37.1 * postgresql13-13.10-150200.5.37.1 * postgresql13-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-plperl-13.10-150200.5.37.1 * postgresql13-contrib-13.10-150200.5.37.1 * postgresql13-plpython-13.10-150200.5.37.1 * postgresql13-plperl-debuginfo-13.10-150200.5.37.1 * postgresql13-debuginfo-13.10-150200.5.37.1 * postgresql13-server-13.10-150200.5.37.1 * postgresql13-server-devel-13.10-150200.5.37.1 * postgresql13-server-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-devel-13.10-150200.5.37.1 * postgresql13-pltcl-debuginfo-13.10-150200.5.37.1 * postgresql13-contrib-debuginfo-13.10-150200.5.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * postgresql13-docs-13.10-150200.5.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * postgresql13-plpython-debuginfo-13.10-150200.5.37.1 * postgresql13-pltcl-13.10-150200.5.37.1 * postgresql13-server-debuginfo-13.10-150200.5.37.1 * postgresql13-debugsource-13.10-150200.5.37.1 * postgresql13-13.10-150200.5.37.1 * postgresql13-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-plperl-13.10-150200.5.37.1 * postgresql13-contrib-13.10-150200.5.37.1 * postgresql13-plpython-13.10-150200.5.37.1 * postgresql13-plperl-debuginfo-13.10-150200.5.37.1 * postgresql13-debuginfo-13.10-150200.5.37.1 * postgresql13-server-13.10-150200.5.37.1 * postgresql13-server-devel-13.10-150200.5.37.1 * postgresql13-server-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-devel-13.10-150200.5.37.1 * postgresql13-pltcl-debuginfo-13.10-150200.5.37.1 * postgresql13-contrib-debuginfo-13.10-150200.5.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * postgresql13-docs-13.10-150200.5.37.1 * SUSE Manager Proxy 4.2 (x86_64) * postgresql13-plpython-debuginfo-13.10-150200.5.37.1 * postgresql13-pltcl-13.10-150200.5.37.1 * postgresql13-server-debuginfo-13.10-150200.5.37.1 * postgresql13-debugsource-13.10-150200.5.37.1 * postgresql13-13.10-150200.5.37.1 * postgresql13-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-plperl-13.10-150200.5.37.1 * postgresql13-contrib-13.10-150200.5.37.1 * postgresql13-plpython-13.10-150200.5.37.1 * postgresql13-plperl-debuginfo-13.10-150200.5.37.1 * postgresql13-debuginfo-13.10-150200.5.37.1 * postgresql13-server-13.10-150200.5.37.1 * postgresql13-server-devel-13.10-150200.5.37.1 * postgresql13-server-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-devel-13.10-150200.5.37.1 * postgresql13-pltcl-debuginfo-13.10-150200.5.37.1 * postgresql13-contrib-debuginfo-13.10-150200.5.37.1 * SUSE Manager Proxy 4.2 (noarch) * postgresql13-docs-13.10-150200.5.37.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * postgresql13-plpython-debuginfo-13.10-150200.5.37.1 * postgresql13-pltcl-13.10-150200.5.37.1 * postgresql13-server-debuginfo-13.10-150200.5.37.1 * postgresql13-debugsource-13.10-150200.5.37.1 * postgresql13-13.10-150200.5.37.1 * postgresql13-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-plperl-13.10-150200.5.37.1 * postgresql13-contrib-13.10-150200.5.37.1 * postgresql13-plpython-13.10-150200.5.37.1 * postgresql13-plperl-debuginfo-13.10-150200.5.37.1 * postgresql13-debuginfo-13.10-150200.5.37.1 * postgresql13-server-13.10-150200.5.37.1 * postgresql13-server-devel-13.10-150200.5.37.1 * postgresql13-server-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-devel-13.10-150200.5.37.1 * postgresql13-pltcl-debuginfo-13.10-150200.5.37.1 * postgresql13-contrib-debuginfo-13.10-150200.5.37.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * postgresql13-docs-13.10-150200.5.37.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * postgresql13-plpython-debuginfo-13.10-150200.5.37.1 * postgresql13-pltcl-13.10-150200.5.37.1 * postgresql13-server-debuginfo-13.10-150200.5.37.1 * postgresql13-debugsource-13.10-150200.5.37.1 * postgresql13-13.10-150200.5.37.1 * postgresql13-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-plperl-13.10-150200.5.37.1 * postgresql13-contrib-13.10-150200.5.37.1 * postgresql13-plpython-13.10-150200.5.37.1 * postgresql13-plperl-debuginfo-13.10-150200.5.37.1 * postgresql13-debuginfo-13.10-150200.5.37.1 * postgresql13-server-13.10-150200.5.37.1 * postgresql13-server-devel-13.10-150200.5.37.1 * postgresql13-server-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-devel-13.10-150200.5.37.1 * postgresql13-pltcl-debuginfo-13.10-150200.5.37.1 * postgresql13-contrib-debuginfo-13.10-150200.5.37.1 * SUSE Manager Server 4.2 (noarch) * postgresql13-docs-13.10-150200.5.37.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * postgresql13-plpython-debuginfo-13.10-150200.5.37.1 * postgresql13-pltcl-13.10-150200.5.37.1 * postgresql13-server-debuginfo-13.10-150200.5.37.1 * postgresql13-debugsource-13.10-150200.5.37.1 * postgresql13-13.10-150200.5.37.1 * postgresql13-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-plperl-13.10-150200.5.37.1 * postgresql13-contrib-13.10-150200.5.37.1 * postgresql13-plpython-13.10-150200.5.37.1 * postgresql13-plperl-debuginfo-13.10-150200.5.37.1 * postgresql13-debuginfo-13.10-150200.5.37.1 * postgresql13-server-13.10-150200.5.37.1 * postgresql13-server-devel-13.10-150200.5.37.1 * postgresql13-server-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-devel-13.10-150200.5.37.1 * postgresql13-pltcl-debuginfo-13.10-150200.5.37.1 * postgresql13-contrib-debuginfo-13.10-150200.5.37.1 * SUSE Enterprise Storage 7.1 (noarch) * postgresql13-docs-13.10-150200.5.37.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * postgresql13-plpython-debuginfo-13.10-150200.5.37.1 * postgresql13-pltcl-13.10-150200.5.37.1 * postgresql13-server-debuginfo-13.10-150200.5.37.1 * postgresql13-debugsource-13.10-150200.5.37.1 * postgresql13-13.10-150200.5.37.1 * postgresql13-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-plperl-13.10-150200.5.37.1 * postgresql13-contrib-13.10-150200.5.37.1 * postgresql13-plpython-13.10-150200.5.37.1 * postgresql13-plperl-debuginfo-13.10-150200.5.37.1 * postgresql13-debuginfo-13.10-150200.5.37.1 * postgresql13-server-13.10-150200.5.37.1 * postgresql13-server-devel-13.10-150200.5.37.1 * postgresql13-server-devel-debuginfo-13.10-150200.5.37.1 * postgresql13-devel-13.10-150200.5.37.1 * postgresql13-pltcl-debuginfo-13.10-150200.5.37.1 * postgresql13-contrib-debuginfo-13.10-150200.5.37.1 * SUSE Enterprise Storage 7 (noarch) * postgresql13-docs-13.10-150200.5.37.1 ## References: * https://www.suse.com/security/cve/CVE-2022-41862.html * https://bugzilla.suse.com/show_bug.cgi?id=1208102 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 1 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 01 Mar 2023 16:30:03 -0000 Subject: SUSE-RU-2023:0588-1: moderate: Recommended update for kdump Message-ID: <167768820396.31871.9072901062477871589@smelt2.suse.de> # Recommended update for kdump Announcement ID: SUSE-RU-2023:0588-1 Rating: moderate References: * #1186745 * #1196335 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for kdump fixes the following issues: * run kdump.service only after kdump-early.service (bsc#1196335) * don't skip infiniband interfaces (bsc#1186745) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-588=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-588=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-588=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-588=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-588=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * kdump-debuginfo-1.0.2+git20.g64239cc-150400.3.11.1 * kdump-1.0.2+git20.g64239cc-150400.3.11.1 * kdump-debugsource-1.0.2+git20.g64239cc-150400.3.11.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kdump-debuginfo-1.0.2+git20.g64239cc-150400.3.11.1 * kdump-1.0.2+git20.g64239cc-150400.3.11.1 * kdump-debugsource-1.0.2+git20.g64239cc-150400.3.11.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kdump-debuginfo-1.0.2+git20.g64239cc-150400.3.11.1 * kdump-1.0.2+git20.g64239cc-150400.3.11.1 * kdump-debugsource-1.0.2+git20.g64239cc-150400.3.11.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kdump-debuginfo-1.0.2+git20.g64239cc-150400.3.11.1 * kdump-1.0.2+git20.g64239cc-150400.3.11.1 * kdump-debugsource-1.0.2+git20.g64239cc-150400.3.11.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kdump-debuginfo-1.0.2+git20.g64239cc-150400.3.11.1 * kdump-1.0.2+git20.g64239cc-150400.3.11.1 * kdump-debugsource-1.0.2+git20.g64239cc-150400.3.11.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1186745 * https://bugzilla.suse.com/show_bug.cgi?id=1196335 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 1 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 01 Mar 2023 16:30:06 -0000 Subject: SUSE-SU-2023:0587-1: important: Security update for rubygem-activerecord-4_2 Message-ID: <167768820610.31871.13929635188010057859@smelt2.suse.de> # Security update for rubygem-activerecord-4_2 Announcement ID: SUSE-SU-2023:0587-1 Rating: important References: * #1207450 Cross-References: * CVE-2022-44566 CVSS scores: * CVE-2022-44566 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-44566 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE OpenStack Cloud Crowbar 8 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for rubygem-activerecord-4_2 contains the following fixes: * CVE-2022-44566: Fixed a potential denial of service due to an inefficient comparison between integer and numeric values. (bsc#1207450) * fixed regression caused by fix for CVE-2022-44566. (bsc#1207450) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-587=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-587=1 ## Package List: * SUSE OpenStack Cloud Crowbar 8 (x86_64) * ruby2.1-rubygem-activerecord-4_2-4.2.9-6.12.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * ruby2.1-rubygem-activerecord-4_2-4.2.9-6.12.1 ## References: * https://www.suse.com/security/cve/CVE-2022-44566.html * https://bugzilla.suse.com/show_bug.cgi?id=1207450 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 1 16:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 01 Mar 2023 16:30:10 -0000 Subject: SUSE-SU-2023:0586-1: moderate: Security update for nrpe Message-ID: <167768821093.31871.13146943013437361536@smelt2.suse.de> # Security update for nrpe Announcement ID: SUSE-SU-2023:0586-1 Rating: moderate References: * #931600 * #938906 Cross-References: * CVE-2015-4000 CVSS scores: * CVE-2015-4000 ( NVD ): 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for nrpe fixes the following issues: * CVE-2015-4000: Fixed Logjam Attack by increasing the standard size of 512 bit dh parameters to 2048 (bsc#931600, bsc#938906). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-586=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-586=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-586=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-586=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-586=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-586=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-586=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-586=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-586=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * nrpe-2.15-6.3.1 * monitoring-plugins-nrpe-debuginfo-2.15-6.3.1 * nrpe-debuginfo-2.15-6.3.1 * monitoring-plugins-nrpe-2.15-6.3.1 * nrpe-debugsource-2.15-6.3.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * nrpe-2.15-6.3.1 * monitoring-plugins-nrpe-debuginfo-2.15-6.3.1 * nrpe-debuginfo-2.15-6.3.1 * monitoring-plugins-nrpe-2.15-6.3.1 * nrpe-debugsource-2.15-6.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * nrpe-2.15-6.3.1 * monitoring-plugins-nrpe-debuginfo-2.15-6.3.1 * nrpe-debuginfo-2.15-6.3.1 * monitoring-plugins-nrpe-2.15-6.3.1 * nrpe-debugsource-2.15-6.3.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * nrpe-2.15-6.3.1 * monitoring-plugins-nrpe-debuginfo-2.15-6.3.1 * nrpe-debuginfo-2.15-6.3.1 * monitoring-plugins-nrpe-2.15-6.3.1 * nrpe-debugsource-2.15-6.3.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * nrpe-2.15-6.3.1 * monitoring-plugins-nrpe-debuginfo-2.15-6.3.1 * nrpe-debuginfo-2.15-6.3.1 * monitoring-plugins-nrpe-2.15-6.3.1 * nrpe-debugsource-2.15-6.3.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * nrpe-2.15-6.3.1 * monitoring-plugins-nrpe-debuginfo-2.15-6.3.1 * nrpe-debuginfo-2.15-6.3.1 * monitoring-plugins-nrpe-2.15-6.3.1 * nrpe-debugsource-2.15-6.3.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * nrpe-2.15-6.3.1 * monitoring-plugins-nrpe-debuginfo-2.15-6.3.1 * nrpe-debuginfo-2.15-6.3.1 * monitoring-plugins-nrpe-2.15-6.3.1 * nrpe-debugsource-2.15-6.3.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * nrpe-2.15-6.3.1 * monitoring-plugins-nrpe-debuginfo-2.15-6.3.1 * nrpe-debuginfo-2.15-6.3.1 * monitoring-plugins-nrpe-2.15-6.3.1 * nrpe-debugsource-2.15-6.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * nrpe-2.15-6.3.1 * monitoring-plugins-nrpe-debuginfo-2.15-6.3.1 * nrpe-debuginfo-2.15-6.3.1 * monitoring-plugins-nrpe-2.15-6.3.1 * nrpe-debugsource-2.15-6.3.1 ## References: * https://www.suse.com/security/cve/CVE-2015-4000.html * https://bugzilla.suse.com/show_bug.cgi?id=931600 * https://bugzilla.suse.com/show_bug.cgi?id=938906 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 1 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 01 Mar 2023 20:30:02 -0000 Subject: SUSE-RU-2023:0590-1: important: Recommended update for libzypp Message-ID: <167770260249.31110.407621138988992943@smelt2.suse.de> # Recommended update for libzypp Announcement ID: SUSE-RU-2023:0590-1 Rating: important References: * #1204548 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that has one recommended fix can now be installed. ## Description: This update for libzypp fixes the following issues: * Properly reset range requests (bsc#1204548) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-590=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libzypp-16.22.5-27.88.1 * libzypp-devel-16.22.5-27.88.1 * libzypp-debugsource-16.22.5-27.88.1 * libzypp-debuginfo-16.22.5-27.88.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1204548 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 2 08:02:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Mar 2023 09:02:46 +0100 (CET) Subject: SUSE-CU-2023:536-1: Recommended update of suse/registry Message-ID: <20230302080246.01A15F52D@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:536-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-5.8 , suse/registry:latest Container Release : 5.8 Severity : moderate Type : recommended References : 1207994 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.25.1 updated - openssl-1_1-1.1.1l-150400.7.25.1 updated From sle-updates at lists.suse.com Thu Mar 2 08:03:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Mar 2023 09:03:13 +0100 (CET) Subject: SUSE-CU-2023:537-1: Recommended update of bci/bci-init Message-ID: <20230302080313.9F820F52D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:537-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.25.21 , bci/bci-init:latest Container Release : 25.21 Severity : moderate Type : recommended References : 1207994 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - container:sles15-image-15.0.0-27.14.37 updated From sle-updates at lists.suse.com Thu Mar 2 08:03:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Mar 2023 09:03:35 +0100 (CET) Subject: SUSE-CU-2023:538-1: Recommended update of bci/nodejs Message-ID: <20230302080335.64B27F52D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:538-1 Container Tags : bci/node:16 , bci/node:16-14.6 , bci/nodejs:16 , bci/nodejs:16-14.6 Container Release : 14.6 Severity : moderate Type : recommended References : 1207994 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - container:sles15-image-15.0.0-27.14.37 updated From sle-updates at lists.suse.com Thu Mar 2 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Mar 2023 12:30:03 -0000 Subject: SUSE-SU-2023:0598-1: important: Security update for emacs Message-ID: <167776020306.3186.14314353787191839868@smelt2.suse.de> # Security update for emacs Announcement ID: SUSE-SU-2023:0598-1 Rating: important References: * #1208512 * #1208514 * #1208515 Cross-References: * CVE-2022-48337 * CVE-2022-48338 * CVE-2022-48339 CVSS scores: * CVE-2022-48337 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48338 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2022-48339 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities can now be installed. ## Description: This update for emacs fixes the following issues: * CVE-2022-48337: Fixed etags local command injection vulnerability (bsc#1208515). * CVE-2022-48339: Fixed htmlfontify.el command injection vulnerability (bsc#1208512). * CVE-2022-48338: Fixed ruby-mode.el local command injection vulnerability (bsc#1208514). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-598=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-598=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-598=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * etags-debuginfo-27.2-150400.3.6.1 * emacs-debugsource-27.2-150400.3.6.1 * emacs-x11-27.2-150400.3.6.1 * etags-27.2-150400.3.6.1 * emacs-x11-debuginfo-27.2-150400.3.6.1 * emacs-nox-debuginfo-27.2-150400.3.6.1 * emacs-nox-27.2-150400.3.6.1 * emacs-debuginfo-27.2-150400.3.6.1 * emacs-27.2-150400.3.6.1 * openSUSE Leap 15.4 (noarch) * emacs-info-27.2-150400.3.6.1 * emacs-el-27.2-150400.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * etags-debuginfo-27.2-150400.3.6.1 * emacs-debugsource-27.2-150400.3.6.1 * etags-27.2-150400.3.6.1 * emacs-nox-debuginfo-27.2-150400.3.6.1 * emacs-nox-27.2-150400.3.6.1 * emacs-debuginfo-27.2-150400.3.6.1 * emacs-27.2-150400.3.6.1 * Basesystem Module 15-SP4 (noarch) * emacs-info-27.2-150400.3.6.1 * emacs-el-27.2-150400.3.6.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * emacs-debuginfo-27.2-150400.3.6.1 * emacs-x11-27.2-150400.3.6.1 * emacs-x11-debuginfo-27.2-150400.3.6.1 * emacs-debugsource-27.2-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48337.html * https://www.suse.com/security/cve/CVE-2022-48338.html * https://www.suse.com/security/cve/CVE-2022-48339.html * https://bugzilla.suse.com/show_bug.cgi?id=1208512 * https://bugzilla.suse.com/show_bug.cgi?id=1208514 * https://bugzilla.suse.com/show_bug.cgi?id=1208515 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 2 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Mar 2023 12:30:05 -0000 Subject: SUSE-SU-2023:0597-1: important: Security update for emacs Message-ID: <167776020544.3186.13515114641084116089@smelt2.suse.de> # Security update for emacs Announcement ID: SUSE-SU-2023:0597-1 Rating: important References: * #1208512 * #1208515 Cross-References: * CVE-2022-48337 * CVE-2022-48339 CVSS scores: * CVE-2022-48337 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48339 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves two vulnerabilities can now be installed. ## Description: This update for emacs fixes the following issues: * CVE-2022-48337: Fixed etags local command injection vulnerability (bsc#1208515). * CVE-2022-48339: Fixed htmlfontify.el command injection vulnerability (bsc#1208512). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-597=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-597=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-597=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-597=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-597=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-597=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-597=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-597=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-597=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * emacs-nox-debuginfo-24.3-25.12.1 * emacs-x11-24.3-25.12.1 * emacs-x11-debuginfo-24.3-25.12.1 * etags-debuginfo-24.3-25.12.1 * etags-24.3-25.12.1 * emacs-debugsource-24.3-25.12.1 * emacs-24.3-25.12.1 * emacs-nox-24.3-25.12.1 * emacs-debuginfo-24.3-25.12.1 * SUSE OpenStack Cloud 9 (noarch) * emacs-el-24.3-25.12.1 * emacs-info-24.3-25.12.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * emacs-nox-debuginfo-24.3-25.12.1 * emacs-x11-24.3-25.12.1 * emacs-x11-debuginfo-24.3-25.12.1 * etags-debuginfo-24.3-25.12.1 * etags-24.3-25.12.1 * emacs-debugsource-24.3-25.12.1 * emacs-24.3-25.12.1 * emacs-nox-24.3-25.12.1 * emacs-debuginfo-24.3-25.12.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * emacs-el-24.3-25.12.1 * emacs-info-24.3-25.12.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * emacs-nox-debuginfo-24.3-25.12.1 * emacs-x11-24.3-25.12.1 * emacs-x11-debuginfo-24.3-25.12.1 * etags-debuginfo-24.3-25.12.1 * etags-24.3-25.12.1 * emacs-debugsource-24.3-25.12.1 * emacs-24.3-25.12.1 * emacs-nox-24.3-25.12.1 * emacs-debuginfo-24.3-25.12.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * emacs-el-24.3-25.12.1 * emacs-info-24.3-25.12.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * emacs-nox-debuginfo-24.3-25.12.1 * emacs-x11-24.3-25.12.1 * emacs-x11-debuginfo-24.3-25.12.1 * etags-debuginfo-24.3-25.12.1 * etags-24.3-25.12.1 * emacs-debugsource-24.3-25.12.1 * emacs-24.3-25.12.1 * emacs-nox-24.3-25.12.1 * emacs-debuginfo-24.3-25.12.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * emacs-el-24.3-25.12.1 * emacs-info-24.3-25.12.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * emacs-nox-debuginfo-24.3-25.12.1 * emacs-x11-24.3-25.12.1 * emacs-x11-debuginfo-24.3-25.12.1 * etags-debuginfo-24.3-25.12.1 * etags-24.3-25.12.1 * emacs-debugsource-24.3-25.12.1 * emacs-24.3-25.12.1 * emacs-nox-24.3-25.12.1 * emacs-debuginfo-24.3-25.12.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * emacs-el-24.3-25.12.1 * emacs-info-24.3-25.12.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * emacs-nox-debuginfo-24.3-25.12.1 * emacs-x11-24.3-25.12.1 * emacs-x11-debuginfo-24.3-25.12.1 * etags-debuginfo-24.3-25.12.1 * etags-24.3-25.12.1 * emacs-debugsource-24.3-25.12.1 * emacs-24.3-25.12.1 * emacs-nox-24.3-25.12.1 * emacs-debuginfo-24.3-25.12.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * emacs-el-24.3-25.12.1 * emacs-info-24.3-25.12.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * emacs-nox-debuginfo-24.3-25.12.1 * emacs-x11-24.3-25.12.1 * emacs-x11-debuginfo-24.3-25.12.1 * etags-debuginfo-24.3-25.12.1 * etags-24.3-25.12.1 * emacs-debugsource-24.3-25.12.1 * emacs-24.3-25.12.1 * emacs-nox-24.3-25.12.1 * emacs-debuginfo-24.3-25.12.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * emacs-el-24.3-25.12.1 * emacs-info-24.3-25.12.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * emacs-nox-debuginfo-24.3-25.12.1 * emacs-x11-24.3-25.12.1 * emacs-x11-debuginfo-24.3-25.12.1 * etags-debuginfo-24.3-25.12.1 * etags-24.3-25.12.1 * emacs-debugsource-24.3-25.12.1 * emacs-24.3-25.12.1 * emacs-nox-24.3-25.12.1 * emacs-debuginfo-24.3-25.12.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * emacs-el-24.3-25.12.1 * emacs-info-24.3-25.12.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * emacs-nox-debuginfo-24.3-25.12.1 * emacs-x11-24.3-25.12.1 * emacs-x11-debuginfo-24.3-25.12.1 * etags-debuginfo-24.3-25.12.1 * etags-24.3-25.12.1 * emacs-debugsource-24.3-25.12.1 * emacs-24.3-25.12.1 * emacs-nox-24.3-25.12.1 * emacs-debuginfo-24.3-25.12.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * emacs-el-24.3-25.12.1 * emacs-info-24.3-25.12.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48337.html * https://www.suse.com/security/cve/CVE-2022-48339.html * https://bugzilla.suse.com/show_bug.cgi?id=1208512 * https://bugzilla.suse.com/show_bug.cgi?id=1208515 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 2 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Mar 2023 12:30:07 -0000 Subject: SUSE-RU-2023:0596-1: important: Recommended update for openslp Message-ID: <167776020739.3186.15803166356485216767@smelt2.suse.de> # Recommended update for openslp Announcement ID: SUSE-RU-2023:0596-1 Rating: important References: * #1206153 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that has one recommended fix can now be installed. ## Description: This update for openslp fixes the following issues: * Fix logrotate configuration to use systemd (bsc#1206153) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-596=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * openslp-debuginfo-32bit-2.0.0-18.26.1 * openslp-2.0.0-18.26.1 * openslp-32bit-2.0.0-18.26.1 * openslp-debugsource-2.0.0-18.26.1 * openslp-debuginfo-2.0.0-18.26.1 * openslp-server-debuginfo-2.0.0-18.26.1 * openslp-server-2.0.0-18.26.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206153 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 2 12:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Mar 2023 12:30:10 -0000 Subject: SUSE-FU-2023:0595-1: important: Feature update for s390-tools Message-ID: <167776021034.3186.13775783177643062061@smelt2.suse.de> # Feature update for s390-tools Announcement ID: SUSE-FU-2023:0595-1 Rating: important References: * #1206706 * #1207175 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains four features and has two feature fixes can now be installed. ## Description: This update for s390-tools fixes the following issues: * Implement tools and components to persistently configure vfio-ap devices (bsc#1207175, jsc#SLE-2285, jsc#SLE-24835): * `ap-check` utility is added as a callout function for the mdevctl utility. This allows for meaningful error messages to be presented to end-users when vfio-ap configuration errors are detected while using mdevctl to create/modify vfio-ap mediated devices. * 'ap' device type is added to zdev, providing a command-line interface for managing the apmask and aqmask, which determine what AP resources are available for vfio-ap usage. * Implement KVM Secure Execution Attestation Userspace Tool (jsc#SLE-24831, jsc#SLE-22854, bsc#1206706) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-595=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-595=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-595=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-595=1 ## Package List: * openSUSE Leap 15.4 (s390x) * libkmipclient1-2.19.0-150400.7.15.2 * osasnmpd-debuginfo-2.19.0-150400.7.15.2 * s390-tools-zdsfs-debuginfo-2.19.0-150400.7.15.2 * s390-tools-debugsource-2.19.0-150400.7.15.2 * libkmipclient1-debuginfo-2.19.0-150400.7.15.2 * s390-tools-zdsfs-2.19.0-150400.7.15.2 * libekmfweb1-debuginfo-2.19.0-150400.7.15.2 * s390-tools-2.19.0-150400.7.15.2 * s390-tools-debuginfo-2.19.0-150400.7.15.2 * libekmfweb1-devel-2.19.0-150400.7.15.2 * s390-tools-chreipl-fcp-mpath-2.19.0-150400.7.15.2 * osasnmpd-2.19.0-150400.7.15.2 * libkmipclient1-devel-2.19.0-150400.7.15.2 * s390-tools-hmcdrvfs-2.19.0-150400.7.15.2 * s390-tools-hmcdrvfs-debuginfo-2.19.0-150400.7.15.2 * libekmfweb1-2.19.0-150400.7.15.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (s390x) * libkmipclient1-2.19.0-150400.7.15.2 * s390-tools-debugsource-2.19.0-150400.7.15.2 * libkmipclient1-debuginfo-2.19.0-150400.7.15.2 * libekmfweb1-debuginfo-2.19.0-150400.7.15.2 * s390-tools-2.19.0-150400.7.15.2 * s390-tools-debuginfo-2.19.0-150400.7.15.2 * libekmfweb1-2.19.0-150400.7.15.2 * SUSE Linux Enterprise Micro 5.3 (s390x) * libkmipclient1-2.19.0-150400.7.15.2 * s390-tools-debugsource-2.19.0-150400.7.15.2 * libkmipclient1-debuginfo-2.19.0-150400.7.15.2 * libekmfweb1-debuginfo-2.19.0-150400.7.15.2 * s390-tools-2.19.0-150400.7.15.2 * s390-tools-debuginfo-2.19.0-150400.7.15.2 * libekmfweb1-2.19.0-150400.7.15.2 * Basesystem Module 15-SP4 (s390x) * libkmipclient1-2.19.0-150400.7.15.2 * osasnmpd-debuginfo-2.19.0-150400.7.15.2 * s390-tools-zdsfs-debuginfo-2.19.0-150400.7.15.2 * s390-tools-debugsource-2.19.0-150400.7.15.2 * libkmipclient1-debuginfo-2.19.0-150400.7.15.2 * s390-tools-zdsfs-2.19.0-150400.7.15.2 * libekmfweb1-debuginfo-2.19.0-150400.7.15.2 * s390-tools-2.19.0-150400.7.15.2 * s390-tools-debuginfo-2.19.0-150400.7.15.2 * libekmfweb1-devel-2.19.0-150400.7.15.2 * s390-tools-chreipl-fcp-mpath-2.19.0-150400.7.15.2 * osasnmpd-2.19.0-150400.7.15.2 * s390-tools-hmcdrvfs-2.19.0-150400.7.15.2 * s390-tools-hmcdrvfs-debuginfo-2.19.0-150400.7.15.2 * libekmfweb1-2.19.0-150400.7.15.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206706 * https://bugzilla.suse.com/show_bug.cgi?id=1207175 * https://jira.suse.com/browse/SLE-2285 * https://jira.suse.com/browse/SLE-22854 * https://jira.suse.com/browse/SLE-24831 * https://jira.suse.com/browse/SLE-24835 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 2 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Mar 2023 12:30:12 -0000 Subject: SUSE-RU-2023:0594-1: important: Recommended update for drbd-utils Message-ID: <167776021223.3186.5842372812796862521@smelt2.suse.de> # Recommended update for drbd-utils Announcement ID: SUSE-RU-2023:0594-1 Rating: important References: * #1206754 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that has one recommended fix can now be installed. ## Description: This update for drbd-utils fixes the following issues: * Fix drbd.service failing to load, caused by incorrect path to executable (bsc#1206754) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-594=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-594=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-594=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-594=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-594=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-594=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * drbd-utils-9.19.0-150400.3.9.1 * drbd-utils-debuginfo-9.19.0-150400.3.9.1 * drbd-utils-debugsource-9.19.0-150400.3.9.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * drbd-utils-9.19.0-150400.3.9.1 * drbd-utils-debuginfo-9.19.0-150400.3.9.1 * drbd-utils-debugsource-9.19.0-150400.3.9.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * drbd-utils-9.19.0-150400.3.9.1 * drbd-utils-debuginfo-9.19.0-150400.3.9.1 * drbd-utils-debugsource-9.19.0-150400.3.9.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * drbd-utils-9.19.0-150400.3.9.1 * drbd-utils-debuginfo-9.19.0-150400.3.9.1 * drbd-utils-debugsource-9.19.0-150400.3.9.1 * SUSE Manager Server 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * drbd-utils-9.19.0-150400.3.9.1 * drbd-utils-debuginfo-9.19.0-150400.3.9.1 * drbd-utils-debugsource-9.19.0-150400.3.9.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * drbd-utils-9.19.0-150400.3.9.1 * drbd-utils-debuginfo-9.19.0-150400.3.9.1 * drbd-utils-debugsource-9.19.0-150400.3.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206754 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 2 12:31:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Mar 2023 12:31:10 -0000 Subject: SUSE-SU-2023:0593-1: critical: Maintenance update for SUSE Manager 4.2: Release notes for Server, Proxy and Retail Branch Server Message-ID: <167776027093.3186.2741692279261573893@smelt2.suse.de> # Maintenance update for SUSE Manager 4.2: Release notes for Server, Proxy and Retail Branch Server Announcement ID: SUSE-SU-2023:0593-1 Rating: critical References: * #1188191 * #1195979 * #1198226 * #1200096 * #1200169 * #1201142 * #1201476 * #1201893 * #1202093 * #1202217 * #1203287 * #1203288 * #1203532 * #1203588 * #1203633 * #1203698 * #1203826 * #1203884 * #1203886 * #1204011 * #1204029 * #1204032 * #1204186 * #1204208 * #1204330 * #1204437 * #1204517 * #1204519 * #1204541 * #1204651 * #1204699 * #1204712 * #1204879 * #1205012 * #1205040 * #1205523 * #1205663 * #1205759 * #1205920 * #1205943 * #1205976 * #1206146 * #1206168 * #1206249 * #1206375 * #1206470 * #1206613 * #1206817 * #1206861 * #1206932 * #1206933 * #1206963 * #1206979 * #1206981 * #1207141 * #1208306 * #1208335 * #1208418 * #1208499 Cross-References: * CVE-2021-42740 * CVE-2022-1415 * CVE-2022-31129 CVSS scores: * CVE-2021-42740 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2021-42740 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-1415 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2022-31129 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-31129 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: An update that solves three vulnerabilities and has 56 fixes can now be installed. ## Description: Maintenance update for SUSE Manager 4.2: Release notes for Server, Proxy and Retail Branch Server This is a codestream only patchinfo. ## Patch Instructions: To install this SUSE Critical update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: ## Package List: ## References: * https://www.suse.com/security/cve/CVE-2021-42740.html * https://www.suse.com/security/cve/CVE-2022-1415.html * https://www.suse.com/security/cve/CVE-2022-31129.html * https://bugzilla.suse.com/show_bug.cgi?id=1188191 * https://bugzilla.suse.com/show_bug.cgi?id=1195979 * https://bugzilla.suse.com/show_bug.cgi?id=1198226 * https://bugzilla.suse.com/show_bug.cgi?id=1200096 * https://bugzilla.suse.com/show_bug.cgi?id=1200169 * https://bugzilla.suse.com/show_bug.cgi?id=1201142 * https://bugzilla.suse.com/show_bug.cgi?id=1201476 * https://bugzilla.suse.com/show_bug.cgi?id=1201893 * https://bugzilla.suse.com/show_bug.cgi?id=1202093 * https://bugzilla.suse.com/show_bug.cgi?id=1202217 * https://bugzilla.suse.com/show_bug.cgi?id=1203287 * https://bugzilla.suse.com/show_bug.cgi?id=1203288 * https://bugzilla.suse.com/show_bug.cgi?id=1203532 * https://bugzilla.suse.com/show_bug.cgi?id=1203588 * https://bugzilla.suse.com/show_bug.cgi?id=1203633 * https://bugzilla.suse.com/show_bug.cgi?id=1203698 * https://bugzilla.suse.com/show_bug.cgi?id=1203826 * https://bugzilla.suse.com/show_bug.cgi?id=1203884 * https://bugzilla.suse.com/show_bug.cgi?id=1203886 * https://bugzilla.suse.com/show_bug.cgi?id=1204011 * https://bugzilla.suse.com/show_bug.cgi?id=1204029 * https://bugzilla.suse.com/show_bug.cgi?id=1204032 * https://bugzilla.suse.com/show_bug.cgi?id=1204186 * https://bugzilla.suse.com/show_bug.cgi?id=1204208 * https://bugzilla.suse.com/show_bug.cgi?id=1204330 * https://bugzilla.suse.com/show_bug.cgi?id=1204437 * https://bugzilla.suse.com/show_bug.cgi?id=1204517 * https://bugzilla.suse.com/show_bug.cgi?id=1204519 * https://bugzilla.suse.com/show_bug.cgi?id=1204541 * https://bugzilla.suse.com/show_bug.cgi?id=1204651 * https://bugzilla.suse.com/show_bug.cgi?id=1204699 * https://bugzilla.suse.com/show_bug.cgi?id=1204712 * https://bugzilla.suse.com/show_bug.cgi?id=1204879 * https://bugzilla.suse.com/show_bug.cgi?id=1205012 * https://bugzilla.suse.com/show_bug.cgi?id=1205040 * https://bugzilla.suse.com/show_bug.cgi?id=1205523 * https://bugzilla.suse.com/show_bug.cgi?id=1205663 * https://bugzilla.suse.com/show_bug.cgi?id=1205759 * https://bugzilla.suse.com/show_bug.cgi?id=1205920 * https://bugzilla.suse.com/show_bug.cgi?id=1205943 * https://bugzilla.suse.com/show_bug.cgi?id=1205976 * https://bugzilla.suse.com/show_bug.cgi?id=1206146 * https://bugzilla.suse.com/show_bug.cgi?id=1206168 * https://bugzilla.suse.com/show_bug.cgi?id=1206249 * https://bugzilla.suse.com/show_bug.cgi?id=1206375 * https://bugzilla.suse.com/show_bug.cgi?id=1206470 * https://bugzilla.suse.com/show_bug.cgi?id=1206613 * https://bugzilla.suse.com/show_bug.cgi?id=1206817 * https://bugzilla.suse.com/show_bug.cgi?id=1206861 * https://bugzilla.suse.com/show_bug.cgi?id=1206932 * https://bugzilla.suse.com/show_bug.cgi?id=1206933 * https://bugzilla.suse.com/show_bug.cgi?id=1206963 * https://bugzilla.suse.com/show_bug.cgi?id=1206979 * https://bugzilla.suse.com/show_bug.cgi?id=1206981 * https://bugzilla.suse.com/show_bug.cgi?id=1207141 * https://bugzilla.suse.com/show_bug.cgi?id=1208306 * https://bugzilla.suse.com/show_bug.cgi?id=1208335 * https://bugzilla.suse.com/show_bug.cgi?id=1208418 * https://bugzilla.suse.com/show_bug.cgi?id=1208499 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 2 12:31:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Mar 2023 12:31:44 -0000 Subject: SUSE-SU-2023:0591-1: important: Security update for the Linux Kernel Message-ID: <167776030411.3186.3052869988389992591@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:0591-1 Rating: important References: * #1065729 * #1156395 * #1203740 * #1204614 * #1204989 * #1205496 * #1205601 * #1205695 * #1206073 * #1206344 * #1206393 * #1206399 * #1206515 * #1206602 * #1206634 * #1206635 * #1206636 * #1206637 * #1206640 * #1206641 * #1206642 * #1206643 * #1206644 * #1206645 * #1206646 * #1206647 * #1206648 * #1206649 * #1206841 * #1206854 * #1206855 * #1206857 * #1206858 * #1206859 * #1206860 * #1206873 * #1206875 * #1206876 * #1206877 * #1206878 * #1206880 * #1206881 * #1206882 * #1206883 * #1206884 * #1206885 * #1206886 * #1206887 * #1206888 * #1206889 * #1206890 * #1206891 * #1206893 * #1206896 * #1206904 * #1207036 * #1207125 Cross-References: * CVE-2022-3112 * CVE-2022-3115 * CVE-2022-3564 * CVE-2022-47520 * CVE-2023-23454 * CVE-2023-23455 CVSS scores: * CVE-2022-3112 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3112 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3115 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3115 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3564 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-3564 ( NVD ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2022-47520 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L * CVE-2022-47520 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Real Time Module 15-SP3 An update that solves six vulnerabilities, contains two features and has 51 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases (bsc#1206399). * CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc (bsc#1206393). * CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206073). * CVE-2022-47520: Fixed a out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet in the WILC1000 wireless driver (bsc#1206515). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (bsc#1207125). The following non-security bugs were fixed: * arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes) * arm64: dts: allwinner: H5: Add PMU node (git-fixes) * arm64: dts: allwinner: H6: Add PMU mode (git-fixes) * arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes) * arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes) * arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes) * arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes) * arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes) * arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes). * arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes) * arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator (git- fixes) * btrfs: Avoid unnecessary lock and leaf splits when up (bsc#1206904). * drbd: destroy workqueue when drbd device was freed (git-fixes). * drbd: remove usage of list iterator variable after loop (git-fixes). * drbd: use after free in drbd_create_device() (git-fixes). * ext4: Detect already used quota file early (bsc#1206873). * ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). * ext4: avoid BUG_ON when creating xattrs (bsc#1205496). * ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). * ext4: avoid race conditions when remounting with options that change dax (bsc#1206860). * ext4: avoid resizing to a partial cluster size (bsc#1206880). * ext4: choose hardlimit when softlimit is larger than hardlimit in ext4_statfs_project() (bsc#1206854). * ext4: continue to expand file system when the target size does not reach (bsc#1206882). * ext4: convert BUG_ON's to WARN_ON's in mballoc.c (bsc#1206859). * ext4: correct max_inline_xattr_value_size computing (bsc#1206878). * ext4: correct the error path of ext4_write_inline_data_end() (bsc#1206875). * ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). * ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). * ext4: fix a data race at inode->i_disksize (bsc#1206855). * ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). * ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). * ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). * ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). * ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). * ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). * ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). * ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). * ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). * ext4: iomap that extends beyond EOF should be marked dirty (bsc#1206637). * ext4: make ext4_lazyinit_thread freezable (bsc#1206885). * ext4: mark block bitmap corrupted when found instead of BUGON (bsc#1206857). * ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). * ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). * ext4: use matching invalidatepage in ext4_writepage (bsc#1206858). * fs: nfsd: fix kconfig dependency warning for NFSD_V4 (git-fixes). * ibmveth: Always stop tx queues during close (bsc#1065729). * isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636). * lib/notifier-error-inject: fix error when writing -errno to debugfs file (bsc#1206634). * libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (bsc#1206634). * lockd: lockd server-side shouldn't set fl_ops (git-fixes). * memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). * memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). * mm, memcg: do not high throttle allocators based on wraparound * mm, memcg: fix corruption on 64-bit divisor in memory.high throttling * mm, memcg: throttle allocators based on ancestral memory.high * mm/filemap.c: clear page error before actual read (bsc#1206635). * mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). * module: Remove accidental change of module_enable_x() (git-fixes). * module: avoid _goto_ s in module_sig_check() (git-fixes). * module: merge repetitive strings in module_sig_check() (git-fixes). * module: set MODULE_STATE_GOING state when a module fails to load (git- fixes). * modules: lockdep: Suppress suspicious RCU usage warning (git-fixes). * net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). * net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). * net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes). * netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). * nfs4: Fix kmemleak when allocate slot failed (git-fixes). * nfs4: Fix oops when copy_file_range is attempted with NFS4.0 source (git- fixes). * nfs: Fix an Oops in nfs_d_automount() (git-fixes). * nfs: Fix memory leaks (git-fixes). * nfs: Fix memory leaks in nfs_pageio_stop_mirroring() (git-fixes). * nfs: Handle missing attributes in OPEN reply (bsc#1203740). * nfs: Zero-stateid SETATTR should first return delegation (git-fixes). * nfs: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails (git- fixes). * nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes). * nfs: nfs4clinet: check the return value of kstrdup() (git-fixes). * nfs: nfs_find_open_context() may only select open files (git-fixes). * nfs: nfs_xdr_status should record the procedure name (git-fixes). * nfs: we do not support removing system.nfs4_acl (git-fixes). * nfsd: Clone should commit src file metadata too (git-fixes). * nfsd: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes). * nfsd: Fix svc_xprt refcnt leak when setup callback client failed (git- fixes). * nfsd: Keep existing listeners on portlist error (git-fixes). * nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git- fixes). * nfsd: do not call nfsd_file_put from client states seqfile display (git- fixes). * nfsd: fix error handling in NFSv4.0 callbacks (git-fixes). * nfsd: safer handling of corrupted c_type (git-fixes). * nfsv4 expose nfs_parse_server_name function (git-fixes). * nfsv4 only print the label when its queried (git-fixes). * nfsv4 remove zero number of fs_locations entries error check (git-fixes). * nfsv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (git-fixes). * nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes). * nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). * nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). * nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). * nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). * nfsv4.2: Fix initialisation of struct nfs4_label (git-fixes). * nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). * nfsv4.2: error out when relink swapfile (git-fixes). * nfsv4.x: Fail client initialisation if state manager thread can't run (git- fixes). * nfsv4/pnfs: Always return layout stats on layout return for flexfiles (git- fixes). * nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes). * nfsv4: Do not hold the layoutget locks across multiple RPC calls (git- fixes). * nfsv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). * nfsv4: Fix a pNFS layout related use-after-free race when freeing the inode (git-fixes). * nfsv4: Fix races between open and dentry revalidation (git-fixes). * nfsv4: Protect the state recovery thread against direct reclaim (git-fixes). * nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). * pnfs/nfsv4: Try to return invalid layout in pnfs_layout_process() (git- fixes). * powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). * powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729). * powerpc/book3s/mm: Update Oops message to print the correct translation in use (bsc#1156395). * powerpc/boot: Fixup device-tree on little endian (bsc#1065729). * powerpc/crashkernel: Take "mem=" option into account (bsc#1065729). * powerpc/eeh: Only dump stack once if an MMIO loop is detected (bsc#1065729). * powerpc/pci: Fix get_phb_number() locking (bsc#1065729). * powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). * powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number (bsc#1065729). * powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729). * powerpc/powernv: Avoid re-registration of imc debugfs directory (bsc#1156395). * powerpc/powernv: add missing of_node_put (bsc#1065729). * powerpc/pseries/cmm: Implement release() function for sysfs device (bsc#1065729). * powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). * powerpc/pseries: Stop calling printk in rtas_stop_self() (bsc#1065729). * powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). * powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). * powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). * powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV (bsc#1065729). * powerpc/xive/spapr: correct bitmap allocation size (git-fixes). * powerpc/xive: Add a check for memory allocation failure (git-fixes). * powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). * powerpc: Ensure that swiotlb buffer is allocated from low memory (bsc#1156395). * powerpc: Force inlining of cpu_has_feature() to avoid build failure (bsc#1065729). * powerpc: improve handling of unrecoverable system reset (bsc#1065729). * powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() (bsc#1065729). * quota: Check next/prev free block number after reading from quota file (bsc#1206640). * rpc: fix NULL dereference on kmalloc failure (git-fixes). * rpc: fix gss_svc_init cleanup on failure (git-fixes). * sbitmap: fix lockup while swapping (bsc#1206602). * sched/psi: Fix sampling error and rare div0 crashes with cgroups and high uptime (bsc#1206841). * scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). * scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). * scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). * scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). * scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). * scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). * scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). * scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). * scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). * scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). * scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). * scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). * scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). * string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). * sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git- fixes). * sunrpc: Do not start a timer on an already queued rpc task (git-fixes). * sunrpc: Fix missing release socket in rpc_sockname() (git-fixes). * sunrpc: Fix potential leaks in sunrpc_cache_unhash() (git-fixes). * sunrpc: Fix socket waits for write buffer space (git-fixes). * sunrpc: Handle 0 length opaque XDR object data properly (git-fixes). * sunrpc: Mitigate cond_resched() in xprt_transmit() (git-fixes). * sunrpc: Move simple_get_bytes and simple_get_netobj into private header (git-fixes). * sunrpc: check that domain table is empty at module unload (git-fixes). * sunrpc: stop printk reading past end of string (git-fixes). * svcrdma: Fix another Receive buffer leak (git-fixes). * svcrdma: Fix backchannel return code (git-fixes). * tracing: Verify if trace array exists before destroying it (git-fixes). * udf: Avoid accessing uninitialized data on failed inode read (bsc#1206642). * udf: Fix NULL pointer dereference in udf_symlink function (bsc#1206646). * udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). * udf: Fix free space reporting for metadata and virtual partitions (bsc#1206641). * udf: Fix iocharset=utf8 mount option (bsc#1206647). * udf: Limit sparing table size (bsc#1206643). * udf: fix silent AED tagLocation corruption (bsc#1206645). * udf: fix the problem that the disc content is not displayed (bsc#1206644). * udf_get_extendedattr() had no boundary checks (bsc#1206648). * xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). * xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Real Time Module 15-SP3 zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2023-591=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-591=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-591=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-591=1 ## Package List: * SUSE Real Time Module 15-SP3 (x86_64) * kernel-syms-rt-5.3.18-150300.118.1 * kernel-rt_debug-devel-debuginfo-5.3.18-150300.118.1 * cluster-md-kmp-rt-5.3.18-150300.118.1 * kernel-rt_debug-debugsource-5.3.18-150300.118.1 * gfs2-kmp-rt-debuginfo-5.3.18-150300.118.1 * kernel-rt-debuginfo-5.3.18-150300.118.1 * dlm-kmp-rt-debuginfo-5.3.18-150300.118.1 * dlm-kmp-rt-5.3.18-150300.118.1 * kernel-rt-devel-debuginfo-5.3.18-150300.118.1 * kernel-rt_debug-devel-5.3.18-150300.118.1 * gfs2-kmp-rt-5.3.18-150300.118.1 * cluster-md-kmp-rt-debuginfo-5.3.18-150300.118.1 * kernel-rt-debugsource-5.3.18-150300.118.1 * ocfs2-kmp-rt-5.3.18-150300.118.1 * kernel-rt_debug-debuginfo-5.3.18-150300.118.1 * ocfs2-kmp-rt-debuginfo-5.3.18-150300.118.1 * kernel-rt-devel-5.3.18-150300.118.1 * SUSE Real Time Module 15-SP3 (noarch) * kernel-devel-rt-5.3.18-150300.118.1 * kernel-source-rt-5.3.18-150300.118.1 * SUSE Real Time Module 15-SP3 (nosrc x86_64) * kernel-rt-5.3.18-150300.118.1 * SUSE Real Time Module 15-SP3 (nosrc) * kernel-rt_debug-5.3.18-150300.118.1 * SUSE Linux Enterprise Micro 5.1 (nosrc x86_64) * kernel-rt-5.3.18-150300.118.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.118.1 * kernel-rt-debugsource-5.3.18-150300.118.1 * SUSE Linux Enterprise Micro 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.118.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.118.1 * kernel-rt-debugsource-5.3.18-150300.118.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.118.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.118.1 * kernel-rt-debugsource-5.3.18-150300.118.1 ## References: * https://www.suse.com/security/cve/CVE-2022-3112.html * https://www.suse.com/security/cve/CVE-2022-3115.html * https://www.suse.com/security/cve/CVE-2022-3564.html * https://www.suse.com/security/cve/CVE-2022-47520.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-23455.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1156395 * https://bugzilla.suse.com/show_bug.cgi?id=1203740 * https://bugzilla.suse.com/show_bug.cgi?id=1204614 * https://bugzilla.suse.com/show_bug.cgi?id=1204989 * https://bugzilla.suse.com/show_bug.cgi?id=1205496 * https://bugzilla.suse.com/show_bug.cgi?id=1205601 * https://bugzilla.suse.com/show_bug.cgi?id=1205695 * https://bugzilla.suse.com/show_bug.cgi?id=1206073 * https://bugzilla.suse.com/show_bug.cgi?id=1206344 * https://bugzilla.suse.com/show_bug.cgi?id=1206393 * https://bugzilla.suse.com/show_bug.cgi?id=1206399 * https://bugzilla.suse.com/show_bug.cgi?id=1206515 * https://bugzilla.suse.com/show_bug.cgi?id=1206602 * https://bugzilla.suse.com/show_bug.cgi?id=1206634 * https://bugzilla.suse.com/show_bug.cgi?id=1206635 * https://bugzilla.suse.com/show_bug.cgi?id=1206636 * https://bugzilla.suse.com/show_bug.cgi?id=1206637 * https://bugzilla.suse.com/show_bug.cgi?id=1206640 * https://bugzilla.suse.com/show_bug.cgi?id=1206641 * https://bugzilla.suse.com/show_bug.cgi?id=1206642 * https://bugzilla.suse.com/show_bug.cgi?id=1206643 * https://bugzilla.suse.com/show_bug.cgi?id=1206644 * https://bugzilla.suse.com/show_bug.cgi?id=1206645 * https://bugzilla.suse.com/show_bug.cgi?id=1206646 * https://bugzilla.suse.com/show_bug.cgi?id=1206647 * https://bugzilla.suse.com/show_bug.cgi?id=1206648 * https://bugzilla.suse.com/show_bug.cgi?id=1206649 * https://bugzilla.suse.com/show_bug.cgi?id=1206841 * https://bugzilla.suse.com/show_bug.cgi?id=1206854 * https://bugzilla.suse.com/show_bug.cgi?id=1206855 * https://bugzilla.suse.com/show_bug.cgi?id=1206857 * https://bugzilla.suse.com/show_bug.cgi?id=1206858 * https://bugzilla.suse.com/show_bug.cgi?id=1206859 * https://bugzilla.suse.com/show_bug.cgi?id=1206860 * https://bugzilla.suse.com/show_bug.cgi?id=1206873 * https://bugzilla.suse.com/show_bug.cgi?id=1206875 * https://bugzilla.suse.com/show_bug.cgi?id=1206876 * https://bugzilla.suse.com/show_bug.cgi?id=1206877 * https://bugzilla.suse.com/show_bug.cgi?id=1206878 * https://bugzilla.suse.com/show_bug.cgi?id=1206880 * https://bugzilla.suse.com/show_bug.cgi?id=1206881 * https://bugzilla.suse.com/show_bug.cgi?id=1206882 * https://bugzilla.suse.com/show_bug.cgi?id=1206883 * https://bugzilla.suse.com/show_bug.cgi?id=1206884 * https://bugzilla.suse.com/show_bug.cgi?id=1206885 * https://bugzilla.suse.com/show_bug.cgi?id=1206886 * https://bugzilla.suse.com/show_bug.cgi?id=1206887 * https://bugzilla.suse.com/show_bug.cgi?id=1206888 * https://bugzilla.suse.com/show_bug.cgi?id=1206889 * https://bugzilla.suse.com/show_bug.cgi?id=1206890 * https://bugzilla.suse.com/show_bug.cgi?id=1206891 * https://bugzilla.suse.com/show_bug.cgi?id=1206893 * https://bugzilla.suse.com/show_bug.cgi?id=1206896 * https://bugzilla.suse.com/show_bug.cgi?id=1206904 * https://bugzilla.suse.com/show_bug.cgi?id=1207036 * https://bugzilla.suse.com/show_bug.cgi?id=1207125 * https://jira.suse.com/browse/PED-1445 * https://jira.suse.com/browse/PED-568 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 2 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Mar 2023 16:30:07 -0000 Subject: SUSE-SU-2023:0604-1: important: Security update for python-cryptography, python-cryptography-vectors Message-ID: <167777460713.16340.5496386143513403864@smelt2.suse.de> # Security update for python-cryptography, python-cryptography-vectors Announcement ID: SUSE-SU-2023:0604-1 Rating: important References: * #1178168 * #1182066 * #1198331 * #1199282 Cross-References: * CVE-2020-25659 * CVE-2020-36242 CVSS scores: * CVE-2020-25659 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2020-25659 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2020-36242 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-36242 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities, contains one feature and has two fixes can now be installed. ## Description: This update for python-cryptography, python-cryptography-vectors fixes the following issues: * Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * CVE-2020-36242: Fixed a bug where certain sequences of update() calls could result in integer overflow (bsc#1182066). * CVE-2020-25659: Fixed Bleichenbacher vulnerabilities (bsc#1178168). * update to 3.3.2 (bsc#1198331) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-604=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-604=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-604=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-604=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-604=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-604=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-604=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-604=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-604=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-604=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-604=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-604=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-604=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-604=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-604=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-604=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * python3-cryptography-debuginfo-3.3.2-150200.16.1 * python2-cryptography-debuginfo-3.3.2-150200.16.1 * python-cryptography-debuginfo-3.3.2-150200.16.1 * python-cryptography-debugsource-3.3.2-150200.16.1 * python2-cryptography-3.3.2-150200.16.1 * python3-cryptography-3.3.2-150200.16.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * python-cryptography-debuginfo-3.3.2-150200.16.1 * python3-cryptography-debuginfo-3.3.2-150200.16.1 * python-cryptography-debugsource-3.3.2-150200.16.1 * python3-cryptography-3.3.2-150200.16.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * python-cryptography-debuginfo-3.3.2-150200.16.1 * python3-cryptography-debuginfo-3.3.2-150200.16.1 * python-cryptography-debugsource-3.3.2-150200.16.1 * python3-cryptography-3.3.2-150200.16.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * python-cryptography-debuginfo-3.3.2-150200.16.1 * python3-cryptography-debuginfo-3.3.2-150200.16.1 * python-cryptography-debugsource-3.3.2-150200.16.1 * python3-cryptography-3.3.2-150200.16.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * python3-cryptography-debuginfo-3.3.2-150200.16.1 * python2-cryptography-debuginfo-3.3.2-150200.16.1 * python-cryptography-debuginfo-3.3.2-150200.16.1 * python-cryptography-debugsource-3.3.2-150200.16.1 * python2-cryptography-3.3.2-150200.16.1 * python3-cryptography-3.3.2-150200.16.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * python-cryptography-debuginfo-3.3.2-150200.16.1 * python3-cryptography-debuginfo-3.3.2-150200.16.1 * python-cryptography-debugsource-3.3.2-150200.16.1 * python3-cryptography-3.3.2-150200.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * python3-cryptography-debuginfo-3.3.2-150200.16.1 * python2-cryptography-debuginfo-3.3.2-150200.16.1 * python-cryptography-debuginfo-3.3.2-150200.16.1 * python-cryptography-debugsource-3.3.2-150200.16.1 * python2-cryptography-3.3.2-150200.16.1 * python3-cryptography-3.3.2-150200.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * python-cryptography-debuginfo-3.3.2-150200.16.1 * python3-cryptography-debuginfo-3.3.2-150200.16.1 * python-cryptography-debugsource-3.3.2-150200.16.1 * python3-cryptography-3.3.2-150200.16.1 * SUSE Manager Proxy 4.2 (x86_64) * python-cryptography-debuginfo-3.3.2-150200.16.1 * python3-cryptography-debuginfo-3.3.2-150200.16.1 * python-cryptography-debugsource-3.3.2-150200.16.1 * python3-cryptography-3.3.2-150200.16.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * python-cryptography-debuginfo-3.3.2-150200.16.1 * python3-cryptography-debuginfo-3.3.2-150200.16.1 * python-cryptography-debugsource-3.3.2-150200.16.1 * python3-cryptography-3.3.2-150200.16.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * python3-cryptography-debuginfo-3.3.2-150200.16.1 * python2-cryptography-debuginfo-3.3.2-150200.16.1 * python-cryptography-debuginfo-3.3.2-150200.16.1 * python-cryptography-debugsource-3.3.2-150200.16.1 * python2-cryptography-3.3.2-150200.16.1 * python3-cryptography-3.3.2-150200.16.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * python-cryptography-debuginfo-3.3.2-150200.16.1 * python3-cryptography-debuginfo-3.3.2-150200.16.1 * python-cryptography-debugsource-3.3.2-150200.16.1 * python3-cryptography-3.3.2-150200.16.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * python3-cryptography-debuginfo-3.3.2-150200.16.1 * python2-cryptography-debuginfo-3.3.2-150200.16.1 * python-cryptography-debuginfo-3.3.2-150200.16.1 * python-cryptography-debugsource-3.3.2-150200.16.1 * python2-cryptography-3.3.2-150200.16.1 * python3-cryptography-3.3.2-150200.16.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * python-cryptography-debuginfo-3.3.2-150200.16.1 * python3-cryptography-debuginfo-3.3.2-150200.16.1 * python-cryptography-debugsource-3.3.2-150200.16.1 * python3-cryptography-3.3.2-150200.16.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * python-cryptography-debuginfo-3.3.2-150200.16.1 * python3-cryptography-debuginfo-3.3.2-150200.16.1 * python-cryptography-debugsource-3.3.2-150200.16.1 * python3-cryptography-3.3.2-150200.16.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * python-cryptography-debuginfo-3.3.2-150200.16.1 * python3-cryptography-debuginfo-3.3.2-150200.16.1 * python-cryptography-debugsource-3.3.2-150200.16.1 * python3-cryptography-3.3.2-150200.16.1 ## References: * https://www.suse.com/security/cve/CVE-2020-25659.html * https://www.suse.com/security/cve/CVE-2020-36242.html * https://bugzilla.suse.com/show_bug.cgi?id=1178168 * https://bugzilla.suse.com/show_bug.cgi?id=1182066 * https://bugzilla.suse.com/show_bug.cgi?id=1198331 * https://bugzilla.suse.com/show_bug.cgi?id=1199282 * https://jira.suse.com/browse/SLE-24629 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 2 16:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Mar 2023 16:30:11 -0000 Subject: SUSE-SU-2023:0603-1: important: Security update for google-guest-agent Message-ID: <167777461182.16340.7275520833555996700@smelt2.suse.de> # Security update for google-guest-agent Announcement ID: SUSE-SU-2023:0603-1 Rating: important References: * #1191468 * #1195391 * #1195838 * #1202100 * #1202101 * #1208723 Cross-References: * CVE-2021-38297 * CVE-2022-23806 CVSS scores: * CVE-2021-38297 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2021-38297 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-23806 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-23806 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities and has four fixes can now be installed. ## Description: This update for google-guest-agent fixes the following issues: Updated to version 20230222.00 (bsc#1202100, bsc#1202101) and bumped go API version to 1.18 to address the following (bsc#1208723): * CVE-2021-38297: Fixed data overwrite when passing large arguments to GOARCH=wasm GOOS=js (bsc#1191468). * CVE-2022-23806: Fixed Curve.IsOnCurve to incorrectly return true (bsc#1195838). Bugfixes: * Avoid bashim in post install scripts (bsc#1195391). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-603=1 ## Package List: * Public Cloud Module 12 (aarch64 ppc64le s390x x86_64) * google-guest-agent-20230221.00-1.29.1 ## References: * https://www.suse.com/security/cve/CVE-2021-38297.html * https://www.suse.com/security/cve/CVE-2022-23806.html * https://bugzilla.suse.com/show_bug.cgi?id=1191468 * https://bugzilla.suse.com/show_bug.cgi?id=1195391 * https://bugzilla.suse.com/show_bug.cgi?id=1195838 * https://bugzilla.suse.com/show_bug.cgi?id=1202100 * https://bugzilla.suse.com/show_bug.cgi?id=1202101 * https://bugzilla.suse.com/show_bug.cgi?id=1208723 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 2 16:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Mar 2023 16:30:15 -0000 Subject: SUSE-SU-2023:0602-1: important: Security update for google-osconfig-agent Message-ID: <167777461514.16340.18024754379008815578@smelt2.suse.de> # Security update for google-osconfig-agent Announcement ID: SUSE-SU-2023:0602-1 Rating: important References: * #1191468 * #1195838 * #1208723 Cross-References: * CVE-2021-38297 * CVE-2022-23806 CVSS scores: * CVE-2021-38297 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2021-38297 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-23806 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-23806 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for google-osconfig-agent fixes the following issues: Updated to version 20230222.00 and bumped go API version to 1.18 to address the following (bsc#1208723): * CVE-2021-38297: Fixed data overwrite when passing large arguments to GOARCH=wasm GOOS=js (bsc#1191468). * CVE-2022-23806: Fixed Curve.IsOnCurve to incorrectly return true (bsc#1195838). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-602=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-602=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-602=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-602=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-602=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * google-osconfig-agent-20230222.00-150000.1.27.1 * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * google-osconfig-agent-20230222.00-150000.1.27.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * google-osconfig-agent-20230222.00-150000.1.27.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * google-osconfig-agent-20230222.00-150000.1.27.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * google-osconfig-agent-20230222.00-150000.1.27.1 ## References: * https://www.suse.com/security/cve/CVE-2021-38297.html * https://www.suse.com/security/cve/CVE-2022-23806.html * https://bugzilla.suse.com/show_bug.cgi?id=1191468 * https://bugzilla.suse.com/show_bug.cgi?id=1195838 * https://bugzilla.suse.com/show_bug.cgi?id=1208723 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 2 16:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Mar 2023 16:30:20 -0000 Subject: SUSE-SU-2023:0601-1: important: Security update for google-osconfig-agent Message-ID: <167777462055.16340.5643448534722816455@smelt2.suse.de> # Security update for google-osconfig-agent Announcement ID: SUSE-SU-2023:0601-1 Rating: important References: * #1191468 * #1194319 * #1195391 * #1195838 * #1202100 * #1202101 * #1202826 * #1208723 Cross-References: * CVE-2021-38297 * CVE-2022-23806 CVSS scores: * CVE-2021-38297 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2021-38297 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-23806 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-23806 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities and has six fixes can now be installed. ## Description: This update for google-osconfig-agent fixes the following issues: Updated to version 20230222.00 (bsc#1202100, bsc#1202101) and bumped go API version to 1.18 to address the following (bsc#1208723): * CVE-2021-38297: Fixed data overwrite when passing large arguments to GOARCH=wasm GOOS=js (bsc#1191468). * CVE-2022-23806: Fixed Curve.IsOnCurve to incorrectly return true (bsc#1195838). Bugfixes: * Fixed missing install command in %post section to create state file (bsc#1202826). * Avoid bashim in post install scripts (bsc#1195391). * Don't restart daemon on package upgrade, create a state file instead (bsc#1194319). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-601=1 ## Package List: * Public Cloud Module 12 (aarch64 ppc64le s390x x86_64) * google-osconfig-agent-20230222.00-1.20.1 ## References: * https://www.suse.com/security/cve/CVE-2021-38297.html * https://www.suse.com/security/cve/CVE-2022-23806.html * https://bugzilla.suse.com/show_bug.cgi?id=1191468 * https://bugzilla.suse.com/show_bug.cgi?id=1194319 * https://bugzilla.suse.com/show_bug.cgi?id=1195391 * https://bugzilla.suse.com/show_bug.cgi?id=1195838 * https://bugzilla.suse.com/show_bug.cgi?id=1202100 * https://bugzilla.suse.com/show_bug.cgi?id=1202101 * https://bugzilla.suse.com/show_bug.cgi?id=1202826 * https://bugzilla.suse.com/show_bug.cgi?id=1208723 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 2 16:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Mar 2023 16:30:24 -0000 Subject: SUSE-SU-2023:0600-1: important: Security update for google-guest-agent Message-ID: <167777462437.16340.9456304992406326725@smelt2.suse.de> # Security update for google-guest-agent Announcement ID: SUSE-SU-2023:0600-1 Rating: important References: * #1191468 * #1195391 * #1195838 * #1208723 Cross-References: * CVE-2021-38297 * CVE-2022-23806 CVSS scores: * CVE-2021-38297 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2021-38297 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-23806 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-23806 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and has two fixes can now be installed. ## Description: This update for google-guest-agent fixes the following issues: Updated to version 20230222.00 and bumped go API version to 1.18 to address the following (bsc#1208723): * CVE-2021-38297: Fixed data overwrite when passing large arguments to GOARCH=wasm GOOS=js (bsc#1191468). * CVE-2022-23806: Fixed Curve.IsOnCurve to incorrectly return true (bsc#1195838). Bugfixes: * Avoid bashism in post-install scripts (bsc#1195391). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-600=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-600=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-600=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-600=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-600=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * google-guest-agent-20230221.00-150000.1.34.1 * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * google-guest-agent-20230221.00-150000.1.34.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * google-guest-agent-20230221.00-150000.1.34.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * google-guest-agent-20230221.00-150000.1.34.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * google-guest-agent-20230221.00-150000.1.34.1 ## References: * https://www.suse.com/security/cve/CVE-2021-38297.html * https://www.suse.com/security/cve/CVE-2022-23806.html * https://bugzilla.suse.com/show_bug.cgi?id=1191468 * https://bugzilla.suse.com/show_bug.cgi?id=1195391 * https://bugzilla.suse.com/show_bug.cgi?id=1195838 * https://bugzilla.suse.com/show_bug.cgi?id=1208723 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 2 16:30:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Mar 2023 16:30:27 -0000 Subject: SUSE-SU-2023:0599-1: important: Security update for MozillaThunderbird Message-ID: <167777462716.16340.16309530497375548550@smelt2.suse.de> # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2023:0599-1 Rating: important References: * #1208144 Cross-References: * CVE-2023-0616 * CVE-2023-0767 * CVE-2023-25728 * CVE-2023-25729 * CVE-2023-25730 * CVE-2023-25732 * CVE-2023-25734 * CVE-2023-25735 * CVE-2023-25737 * CVE-2023-25738 * CVE-2023-25739 * CVE-2023-25742 * CVE-2023-25746 CVSS scores: * CVE-2023-0767 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves 13 vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: Updated Mozilla Thunderbird to version 102.8.0 (bsc#1208144): \- CVE-2023-0616: Fixed User Interface lockup via messages combining S/MIME and OpenPGP. \- CVE-2023-25728: Fixed content security policy leak in violation reports using iframes. \- CVE-2023-25730: Fixed screen hijack via browser fullscreen mode. \- CVE-2023-0767: Fixed arbitrary memory write via PKCS 12 in NSS. \- CVE-2023-25735: Fixed potential use-after-free from compartment mismatch in SpiderMonkey. \- CVE-2023-25737: Fixed invalid downcast in SVGUtils::SetupStrokeGeometry. \- CVE-2023-25738: Fixed printing on Windows could potentially crash Thunderbird with some device drivers. \- CVE-2023-25739: Fixed use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext. \- CVE-2023-25729: Fixed vulnerability where extensions could have opened external schemes without user knowledge. \- CVE-2023-25732: Fixed out of bounds memory write from EncodeInputStream. \- CVE-2023-25734: Fixed issue where opening local .url files could cause unexpected network loads. \- CVE-2023-25742: Fixed tab crashing caused by Web Crypto ImportKey. \- CVE-2023-25746: Fixed memory safety bugs. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-599=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-599=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-599=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-translations-common-102.8.0-150200.8.105.2 * MozillaThunderbird-102.8.0-150200.8.105.2 * MozillaThunderbird-debuginfo-102.8.0-150200.8.105.2 * MozillaThunderbird-translations-other-102.8.0-150200.8.105.2 * MozillaThunderbird-debugsource-102.8.0-150200.8.105.2 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x) * MozillaThunderbird-translations-common-102.8.0-150200.8.105.2 * MozillaThunderbird-102.8.0-150200.8.105.2 * MozillaThunderbird-debuginfo-102.8.0-150200.8.105.2 * MozillaThunderbird-translations-other-102.8.0-150200.8.105.2 * MozillaThunderbird-debugsource-102.8.0-150200.8.105.2 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * MozillaThunderbird-translations-common-102.8.0-150200.8.105.2 * MozillaThunderbird-102.8.0-150200.8.105.2 * MozillaThunderbird-debuginfo-102.8.0-150200.8.105.2 * MozillaThunderbird-translations-other-102.8.0-150200.8.105.2 * MozillaThunderbird-debugsource-102.8.0-150200.8.105.2 ## References: * https://www.suse.com/security/cve/CVE-2023-0616.html * https://www.suse.com/security/cve/CVE-2023-0767.html * https://www.suse.com/security/cve/CVE-2023-25728.html * https://www.suse.com/security/cve/CVE-2023-25729.html * https://www.suse.com/security/cve/CVE-2023-25730.html * https://www.suse.com/security/cve/CVE-2023-25732.html * https://www.suse.com/security/cve/CVE-2023-25734.html * https://www.suse.com/security/cve/CVE-2023-25735.html * https://www.suse.com/security/cve/CVE-2023-25737.html * https://www.suse.com/security/cve/CVE-2023-25738.html * https://www.suse.com/security/cve/CVE-2023-25739.html * https://www.suse.com/security/cve/CVE-2023-25742.html * https://www.suse.com/security/cve/CVE-2023-25746.html * https://bugzilla.suse.com/show_bug.cgi?id=1208144 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 3 08:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 03 Mar 2023 08:30:01 -0000 Subject: SUSE-RU-2023:0605-1: moderate: Recommended update for quagga Message-ID: <167783220138.15841.12133974868286242880@smelt2.suse.de> # Recommended update for quagga Announcement ID: SUSE-RU-2023:0605-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update of quagga fixes the following issues: * rebuild against the new net-snmp (jsc#SLE-11203). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-605=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-605=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libzebra1-debuginfo-1.1.1-150400.12.2.1 * libquagga_pb0-1.1.1-150400.12.2.1 * quagga-debuginfo-1.1.1-150400.12.2.1 * libfpm_pb0-1.1.1-150400.12.2.1 * libospfapiclient0-1.1.1-150400.12.2.1 * libfpm_pb0-debuginfo-1.1.1-150400.12.2.1 * libzebra1-1.1.1-150400.12.2.1 * quagga-1.1.1-150400.12.2.1 * libquagga_pb0-debuginfo-1.1.1-150400.12.2.1 * quagga-devel-1.1.1-150400.12.2.1 * libospf0-debuginfo-1.1.1-150400.12.2.1 * quagga-debugsource-1.1.1-150400.12.2.1 * libospf0-1.1.1-150400.12.2.1 * libospfapiclient0-debuginfo-1.1.1-150400.12.2.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libzebra1-debuginfo-1.1.1-150400.12.2.1 * libquagga_pb0-1.1.1-150400.12.2.1 * quagga-debuginfo-1.1.1-150400.12.2.1 * libfpm_pb0-1.1.1-150400.12.2.1 * libospfapiclient0-1.1.1-150400.12.2.1 * libfpm_pb0-debuginfo-1.1.1-150400.12.2.1 * libzebra1-1.1.1-150400.12.2.1 * quagga-1.1.1-150400.12.2.1 * libquagga_pb0-debuginfo-1.1.1-150400.12.2.1 * quagga-devel-1.1.1-150400.12.2.1 * libospf0-debuginfo-1.1.1-150400.12.2.1 * quagga-debugsource-1.1.1-150400.12.2.1 * libospf0-1.1.1-150400.12.2.1 * libospfapiclient0-debuginfo-1.1.1-150400.12.2.1 ## References: * https://jira.suse.com/browse/SLE-11203 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 3 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 03 Mar 2023 12:30:02 -0000 Subject: SUSE-SU-2023:0613-1: moderate: Security update for tpm2-0-tss Message-ID: <167784660245.11642.3702525268714639485@smelt2.suse.de> # Security update for tpm2-0-tss Announcement ID: SUSE-SU-2023:0613-1 Rating: moderate References: * #1207325 Cross-References: * CVE-2023-22745 CVSS scores: * CVE-2023-22745 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-22745 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Real Time 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for tpm2-0-tss fixes the following issues: * CVE-2023-22745: Fixed a memory safety issue that could be exploited by local attackers with TPM access (bsc#1207325). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-613=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-613=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libtss2-fapi0-debuginfo-2.4.5-150300.3.6.1 * libtss2-fapi0-2.4.5-150300.3.6.1 * libtss2-sys0-debuginfo-2.4.5-150300.3.6.1 * libtss2-sys0-2.4.5-150300.3.6.1 * openSUSE Leap 15.4 (x86_64) * libtss2-sys0-32bit-debuginfo-2.4.5-150300.3.6.1 * libtss2-sys0-32bit-2.4.5-150300.3.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * tpm2-0-tss-devel-2.4.5-150300.3.6.1 * libtss2-tcti-device0-2.4.5-150300.3.6.1 * tpm2-0-tss-2.4.5-150300.3.6.1 * libtss2-rc0-debuginfo-2.4.5-150300.3.6.1 * libtss2-mu0-2.4.5-150300.3.6.1 * libtss2-tcti-device0-debuginfo-2.4.5-150300.3.6.1 * libtss2-tctildr0-debuginfo-2.4.5-150300.3.6.1 * tpm2-0-tss-debugsource-2.4.5-150300.3.6.1 * libtss2-sys0-2.4.5-150300.3.6.1 * libtss2-tcti-mssim0-2.4.5-150300.3.6.1 * libtss2-fapi0-2.4.5-150300.3.6.1 * libtss2-tcti-mssim0-debuginfo-2.4.5-150300.3.6.1 * libtss2-sys0-debuginfo-2.4.5-150300.3.6.1 * libtss2-mu0-debuginfo-2.4.5-150300.3.6.1 * libtss2-fapi0-debuginfo-2.4.5-150300.3.6.1 * libtss2-rc0-2.4.5-150300.3.6.1 * libtss2-esys0-debuginfo-2.4.5-150300.3.6.1 * libtss2-tctildr0-2.4.5-150300.3.6.1 * libtss2-esys0-2.4.5-150300.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22745.html * https://bugzilla.suse.com/show_bug.cgi?id=1207325 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 3 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 03 Mar 2023 12:30:04 -0000 Subject: SUSE-SU-2023:0612-1: moderate: Security update for rubygem-activesupport-4_2 Message-ID: <167784660446.11642.10958222036218948254@smelt2.suse.de> # Security update for rubygem-activesupport-4_2 Announcement ID: SUSE-SU-2023:0612-1 Rating: moderate References: * #1207454 Cross-References: * CVE-2023-22796 CVSS scores: * CVE-2023-22796 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-22796 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE OpenStack Cloud Crowbar 8 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for rubygem-activesupport-4_2 fixes the following issues: * CVE-2023-22796: Fixed a potential denial of service when passing a crafted input to the underscore method due to an inefficient regular expression (bsc#1207454). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-612=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-612=1 ## Package List: * SUSE OpenStack Cloud Crowbar 8 (x86_64) * ruby2.1-rubygem-activesupport-4_2-4.2.9-7.15.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * ruby2.1-rubygem-activesupport-4_2-4.2.9-7.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22796.html * https://bugzilla.suse.com/show_bug.cgi?id=1207454 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 3 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 03 Mar 2023 12:30:06 -0000 Subject: SUSE-SU-2023:0611-1: moderate: Security update for pkgconf Message-ID: <167784660624.11642.6394447600021121851@smelt2.suse.de> # Security update for pkgconf Announcement ID: SUSE-SU-2023:0611-1 Rating: moderate References: * #1207394 Cross-References: * CVE-2023-24056 CVSS scores: * CVE-2023-24056 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-24056 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability can now be installed. ## Description: This update for pkgconf fixes the following issues: * CVE-2023-24056: Fixed unbounded string expansion due to incorrect checks in libpkgconf/tuple.c (bsc#1207394). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-611=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpkgconf3-debuginfo-1.8.0-150400.3.3.1 * pkgconf-1.8.0-150400.3.3.1 * libpkgconf3-1.8.0-150400.3.3.1 * libpkgconf-devel-1.8.0-150400.3.3.1 * pkgconf-debugsource-1.8.0-150400.3.3.1 * pkgconf-debuginfo-1.8.0-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24056.html * https://bugzilla.suse.com/show_bug.cgi?id=1207394 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 3 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 03 Mar 2023 12:30:07 -0000 Subject: SUSE-SU-2023:0610-1: moderate: Security update for gnutls Message-ID: <167784660796.11642.9701612969190620322@smelt2.suse.de> # Security update for gnutls Announcement ID: SUSE-SU-2023:0610-1 Rating: moderate References: * #1208143 Cross-References: * CVE-2023-0361 CVSS scores: * CVE-2023-0361 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0361 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for gnutls fixes the following issues: * CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-610=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-610=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-610=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-610=1 ## Package List: * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * gnutls-debugsource-3.6.7-150200.14.25.2 * libgnutls30-32bit-3.6.7-150200.14.25.2 * libgnutls30-debuginfo-3.6.7-150200.14.25.2 * libgnutlsxx28-debuginfo-3.6.7-150200.14.25.2 * libgnutls30-32bit-debuginfo-3.6.7-150200.14.25.2 * gnutls-3.6.7-150200.14.25.2 * gnutls-debuginfo-3.6.7-150200.14.25.2 * libgnutlsxx28-3.6.7-150200.14.25.2 * libgnutls30-hmac-32bit-3.6.7-150200.14.25.2 * libgnutls30-hmac-3.6.7-150200.14.25.2 * libgnutlsxx-devel-3.6.7-150200.14.25.2 * libgnutls30-3.6.7-150200.14.25.2 * libgnutls-devel-3.6.7-150200.14.25.2 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * gnutls-debugsource-3.6.7-150200.14.25.2 * libgnutls30-debuginfo-3.6.7-150200.14.25.2 * gnutls-debuginfo-3.6.7-150200.14.25.2 * libgnutls30-hmac-3.6.7-150200.14.25.2 * libgnutls30-3.6.7-150200.14.25.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * gnutls-debugsource-3.6.7-150200.14.25.2 * libgnutls30-debuginfo-3.6.7-150200.14.25.2 * gnutls-3.6.7-150200.14.25.2 * gnutls-debuginfo-3.6.7-150200.14.25.2 * libgnutls30-hmac-3.6.7-150200.14.25.2 * libgnutls30-3.6.7-150200.14.25.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * gnutls-debugsource-3.6.7-150200.14.25.2 * libgnutls30-debuginfo-3.6.7-150200.14.25.2 * gnutls-3.6.7-150200.14.25.2 * gnutls-debuginfo-3.6.7-150200.14.25.2 * libgnutls30-hmac-3.6.7-150200.14.25.2 * libgnutls30-3.6.7-150200.14.25.2 ## References: * https://www.suse.com/security/cve/CVE-2023-0361.html * https://bugzilla.suse.com/show_bug.cgi?id=1208143 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 3 12:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 03 Mar 2023 12:30:13 -0000 Subject: SUSE-SU-2023:0609-1: important: Security update for nodejs16 Message-ID: <167784661317.11642.12518240948878005318@smelt2.suse.de> # Security update for nodejs16 Announcement ID: SUSE-SU-2023:0609-1 Rating: important References: * #1205568 * #1208413 * #1208481 * #1208483 * #1208485 * #1208487 Cross-References: * CVE-2023-23918 * CVE-2023-23919 * CVE-2023-23920 * CVE-2023-23936 * CVE-2023-24807 CVSS scores: * CVE-2023-23918 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-23919 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23920 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2023-23936 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-23936 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-24807 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24807 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * Web and Scripting Module 12 An update that solves five vulnerabilities and has one fix can now be installed. ## Description: This update for nodejs16 fixes the following issues: Update to LTS version 16.19.1: * CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule (bsc#1208481). * CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library (bsc#1208483). * CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487). * CVE-2023-23936: Fixed protection against CRLF injection in host headers inside fetch API (bsc#1208485). * CVE-2023-24807: Fixed possible Regular Expression Denial of Service (ReDoS) via Headers.set() and Headers.append() methods (bsc#1208413). Bug fixes: * Workaround for failing openssl-nodejs test (bsc#1205568). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-609=1 ## Package List: * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * nodejs16-16.19.1-8.24.1 * nodejs16-devel-16.19.1-8.24.1 * npm16-16.19.1-8.24.1 * nodejs16-debugsource-16.19.1-8.24.1 * nodejs16-debuginfo-16.19.1-8.24.1 * Web and Scripting Module 12 (noarch) * nodejs16-docs-16.19.1-8.24.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23918.html * https://www.suse.com/security/cve/CVE-2023-23919.html * https://www.suse.com/security/cve/CVE-2023-23920.html * https://www.suse.com/security/cve/CVE-2023-23936.html * https://www.suse.com/security/cve/CVE-2023-24807.html * https://bugzilla.suse.com/show_bug.cgi?id=1205568 * https://bugzilla.suse.com/show_bug.cgi?id=1208413 * https://bugzilla.suse.com/show_bug.cgi?id=1208481 * https://bugzilla.suse.com/show_bug.cgi?id=1208483 * https://bugzilla.suse.com/show_bug.cgi?id=1208485 * https://bugzilla.suse.com/show_bug.cgi?id=1208487 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 3 12:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 03 Mar 2023 12:30:18 -0000 Subject: SUSE-SU-2023:0608-1: important: Security update for nodejs16 Message-ID: <167784661819.11642.1391816309085022312@smelt2.suse.de> # Security update for nodejs16 Announcement ID: SUSE-SU-2023:0608-1 Rating: important References: * #1205568 * #1208413 * #1208481 * #1208483 * #1208485 * #1208487 Cross-References: * CVE-2023-23918 * CVE-2023-23919 * CVE-2023-23920 * CVE-2023-23936 * CVE-2023-24807 CVSS scores: * CVE-2023-23918 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-23919 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23920 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2023-23936 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-23936 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-24807 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24807 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP4 An update that solves five vulnerabilities and has one fix can now be installed. ## Description: This update for nodejs16 fixes the following issues: Update to LTS version 16.19.1: * CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule (bsc#1208481). * CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library (bsc#1208483). * CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487). * CVE-2023-23936: Fixed protection against CRLF injection in host headers inside fetch API (bsc#1208485). * CVE-2023-24807: Fixed possible Regular Expression Denial of Service (ReDoS) via Headers.set() and Headers.append() methods (bsc#1208413). Bug fixes: * Workaround for failing openssl-nodejs test (bsc#1205568). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-608=1 * Web and Scripting Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-608=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * npm16-16.19.1-150400.3.15.1 * corepack16-16.19.1-150400.3.15.1 * nodejs16-devel-16.19.1-150400.3.15.1 * nodejs16-debuginfo-16.19.1-150400.3.15.1 * nodejs16-16.19.1-150400.3.15.1 * nodejs16-debugsource-16.19.1-150400.3.15.1 * openSUSE Leap 15.4 (noarch) * nodejs16-docs-16.19.1-150400.3.15.1 * Web and Scripting Module 15-SP4 (aarch64 ppc64le s390x x86_64) * npm16-16.19.1-150400.3.15.1 * nodejs16-devel-16.19.1-150400.3.15.1 * nodejs16-debuginfo-16.19.1-150400.3.15.1 * nodejs16-16.19.1-150400.3.15.1 * nodejs16-debugsource-16.19.1-150400.3.15.1 * Web and Scripting Module 15-SP4 (noarch) * nodejs16-docs-16.19.1-150400.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23918.html * https://www.suse.com/security/cve/CVE-2023-23919.html * https://www.suse.com/security/cve/CVE-2023-23920.html * https://www.suse.com/security/cve/CVE-2023-23936.html * https://www.suse.com/security/cve/CVE-2023-24807.html * https://bugzilla.suse.com/show_bug.cgi?id=1205568 * https://bugzilla.suse.com/show_bug.cgi?id=1208413 * https://bugzilla.suse.com/show_bug.cgi?id=1208481 * https://bugzilla.suse.com/show_bug.cgi?id=1208483 * https://bugzilla.suse.com/show_bug.cgi?id=1208485 * https://bugzilla.suse.com/show_bug.cgi?id=1208487 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 3 12:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 03 Mar 2023 12:30:20 -0000 Subject: SUSE-SU-2023:0607-1: important: Security update for nodejs14 Message-ID: <167784662078.11642.16936465721709317806@smelt2.suse.de> # Security update for nodejs14 Announcement ID: SUSE-SU-2023:0607-1 Rating: important References: * #1208481 * #1208487 Cross-References: * CVE-2023-23918 * CVE-2023-23920 CVSS scores: * CVE-2023-23918 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-23920 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * Web and Scripting Module 12 An update that solves two vulnerabilities can now be installed. ## Description: This update for nodejs14 fixes the following issues: Update to 14.21.3: * CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule (bsc#1208481). * CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-607=1 ## Package List: * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * npm14-14.21.3-6.40.1 * nodejs14-debugsource-14.21.3-6.40.1 * nodejs14-debuginfo-14.21.3-6.40.1 * nodejs14-devel-14.21.3-6.40.1 * nodejs14-14.21.3-6.40.1 * Web and Scripting Module 12 (noarch) * nodejs14-docs-14.21.3-6.40.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23918.html * https://www.suse.com/security/cve/CVE-2023-23920.html * https://bugzilla.suse.com/show_bug.cgi?id=1208481 * https://bugzilla.suse.com/show_bug.cgi?id=1208487 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 3 12:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 03 Mar 2023 12:30:23 -0000 Subject: SUSE-SU-2023:0606-1: important: Security update for nodejs10 Message-ID: <167784662310.11642.12586834368014557734@smelt2.suse.de> # Security update for nodejs10 Announcement ID: SUSE-SU-2023:0606-1 Rating: important References: * #1208487 Cross-References: * CVE-2023-23920 CVSS scores: * CVE-2023-23920 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for nodejs10 fixes the following issues: * CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-606=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-606=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-606=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-606=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-606=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-606=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-606=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-606=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nodejs10-debuginfo-10.24.1-150000.1.56.1 * nodejs10-debugsource-10.24.1-150000.1.56.1 * nodejs10-devel-10.24.1-150000.1.56.1 * npm10-10.24.1-150000.1.56.1 * nodejs10-10.24.1-150000.1.56.1 * openSUSE Leap 15.4 (noarch) * nodejs10-docs-10.24.1-150000.1.56.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * nodejs10-debuginfo-10.24.1-150000.1.56.1 * nodejs10-debugsource-10.24.1-150000.1.56.1 * nodejs10-devel-10.24.1-150000.1.56.1 * npm10-10.24.1-150000.1.56.1 * nodejs10-10.24.1-150000.1.56.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * nodejs10-docs-10.24.1-150000.1.56.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nodejs10-debuginfo-10.24.1-150000.1.56.1 * nodejs10-debugsource-10.24.1-150000.1.56.1 * nodejs10-devel-10.24.1-150000.1.56.1 * npm10-10.24.1-150000.1.56.1 * nodejs10-10.24.1-150000.1.56.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs10-docs-10.24.1-150000.1.56.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * nodejs10-debuginfo-10.24.1-150000.1.56.1 * nodejs10-debugsource-10.24.1-150000.1.56.1 * nodejs10-devel-10.24.1-150000.1.56.1 * npm10-10.24.1-150000.1.56.1 * nodejs10-10.24.1-150000.1.56.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * nodejs10-docs-10.24.1-150000.1.56.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * nodejs10-debuginfo-10.24.1-150000.1.56.1 * nodejs10-debugsource-10.24.1-150000.1.56.1 * nodejs10-devel-10.24.1-150000.1.56.1 * npm10-10.24.1-150000.1.56.1 * nodejs10-10.24.1-150000.1.56.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs10-docs-10.24.1-150000.1.56.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * nodejs10-debuginfo-10.24.1-150000.1.56.1 * nodejs10-debugsource-10.24.1-150000.1.56.1 * nodejs10-devel-10.24.1-150000.1.56.1 * npm10-10.24.1-150000.1.56.1 * nodejs10-10.24.1-150000.1.56.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * nodejs10-docs-10.24.1-150000.1.56.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * nodejs10-debuginfo-10.24.1-150000.1.56.1 * nodejs10-debugsource-10.24.1-150000.1.56.1 * nodejs10-devel-10.24.1-150000.1.56.1 * npm10-10.24.1-150000.1.56.1 * nodejs10-10.24.1-150000.1.56.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs10-docs-10.24.1-150000.1.56.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * nodejs10-debuginfo-10.24.1-150000.1.56.1 * nodejs10-debugsource-10.24.1-150000.1.56.1 * nodejs10-devel-10.24.1-150000.1.56.1 * npm10-10.24.1-150000.1.56.1 * nodejs10-10.24.1-150000.1.56.1 * SUSE Enterprise Storage 7 (noarch) * nodejs10-docs-10.24.1-150000.1.56.1 * SUSE CaaS Platform 4.0 (x86_64) * nodejs10-debuginfo-10.24.1-150000.1.56.1 * nodejs10-debugsource-10.24.1-150000.1.56.1 * nodejs10-devel-10.24.1-150000.1.56.1 * npm10-10.24.1-150000.1.56.1 * nodejs10-10.24.1-150000.1.56.1 * SUSE CaaS Platform 4.0 (noarch) * nodejs10-docs-10.24.1-150000.1.56.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23920.html * https://bugzilla.suse.com/show_bug.cgi?id=1208487 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 3 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 03 Mar 2023 16:30:02 -0000 Subject: SUSE-RU-2023:0617-1: moderate: Recommended update for jitterentropy Message-ID: <167786100241.16853.17910326037647919541@smelt2.suse.de> # Recommended update for jitterentropy Announcement ID: SUSE-RU-2023:0617-1 Rating: moderate References: * #1207789 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for jitterentropy fixes the following issues: * build jitterentropy library with debuginfo (bsc#1207789) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-617=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-617=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-617=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-617=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-617=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * jitterentropy-devel-3.4.0-150000.1.9.1 * jitterentropy-debugsource-3.4.0-150000.1.9.1 * libjitterentropy3-3.4.0-150000.1.9.1 * libjitterentropy3-debuginfo-3.4.0-150000.1.9.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libjitterentropy3-3.4.0-150000.1.9.1 * jitterentropy-debugsource-3.4.0-150000.1.9.1 * jitterentropy-devel-static-3.4.0-150000.1.9.1 * jitterentropy-devel-3.4.0-150000.1.9.1 * libjitterentropy3-debuginfo-3.4.0-150000.1.9.1 * openSUSE Leap 15.4 (x86_64) * jitterentropy-devel-32bit-3.4.0-150000.1.9.1 * libjitterentropy3-32bit-3.4.0-150000.1.9.1 * libjitterentropy3-32bit-debuginfo-3.4.0-150000.1.9.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * jitterentropy-devel-3.4.0-150000.1.9.1 * jitterentropy-debugsource-3.4.0-150000.1.9.1 * libjitterentropy3-3.4.0-150000.1.9.1 * libjitterentropy3-debuginfo-3.4.0-150000.1.9.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x) * jitterentropy-devel-static-3.4.0-150000.1.9.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * jitterentropy-devel-3.4.0-150000.1.9.1 * jitterentropy-debugsource-3.4.0-150000.1.9.1 * libjitterentropy3-3.4.0-150000.1.9.1 * libjitterentropy3-debuginfo-3.4.0-150000.1.9.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x) * jitterentropy-devel-static-3.4.0-150000.1.9.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libjitterentropy3-3.4.0-150000.1.9.1 * jitterentropy-debugsource-3.4.0-150000.1.9.1 * jitterentropy-devel-static-3.4.0-150000.1.9.1 * jitterentropy-devel-3.4.0-150000.1.9.1 * libjitterentropy3-debuginfo-3.4.0-150000.1.9.1 * Basesystem Module 15-SP4 (x86_64) * jitterentropy-devel-32bit-3.4.0-150000.1.9.1 * libjitterentropy3-32bit-3.4.0-150000.1.9.1 * libjitterentropy3-32bit-debuginfo-3.4.0-150000.1.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207789 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 3 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 03 Mar 2023 16:30:06 -0000 Subject: SUSE-SU-2023:0616-1: moderate: Security update for python36 Message-ID: <167786100618.16853.8889622816361741881@smelt2.suse.de> # Security update for python36 Announcement ID: SUSE-SU-2023:0616-1 Rating: moderate References: * #1188607 * #1205244 * #1208443 Cross-References: * CVE-2022-45061 CVSS scores: * CVE-2022-45061 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-45061 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability and has two fixes can now be installed. ## Description: This update for python36 fixes the following issues: * CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: * Solve a program error in the Python Garbage Collection. (bsc#1188607) * Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-616=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-616=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-616=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-616=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * python36-devel-3.6.15-37.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * python36-debuginfo-3.6.15-37.1 * libpython3_6m1_0-3.6.15-37.1 * python36-3.6.15-37.1 * libpython3_6m1_0-debuginfo-3.6.15-37.1 * python36-base-3.6.15-37.1 * python36-base-debuginfo-3.6.15-37.1 * python36-debugsource-3.6.15-37.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libpython3_6m1_0-debuginfo-32bit-3.6.15-37.1 * libpython3_6m1_0-32bit-3.6.15-37.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * python36-debuginfo-3.6.15-37.1 * libpython3_6m1_0-3.6.15-37.1 * python36-3.6.15-37.1 * libpython3_6m1_0-debuginfo-3.6.15-37.1 * python36-base-3.6.15-37.1 * python36-base-debuginfo-3.6.15-37.1 * python36-debugsource-3.6.15-37.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libpython3_6m1_0-debuginfo-32bit-3.6.15-37.1 * libpython3_6m1_0-32bit-3.6.15-37.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * python36-debuginfo-3.6.15-37.1 * libpython3_6m1_0-3.6.15-37.1 * python36-3.6.15-37.1 * libpython3_6m1_0-debuginfo-3.6.15-37.1 * python36-base-3.6.15-37.1 * python36-base-debuginfo-3.6.15-37.1 * python36-debugsource-3.6.15-37.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libpython3_6m1_0-debuginfo-32bit-3.6.15-37.1 * libpython3_6m1_0-32bit-3.6.15-37.1 ## References: * https://www.suse.com/security/cve/CVE-2022-45061.html * https://bugzilla.suse.com/show_bug.cgi?id=1188607 * https://bugzilla.suse.com/show_bug.cgi?id=1205244 * https://bugzilla.suse.com/show_bug.cgi?id=1208443 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 3 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 03 Mar 2023 16:30:08 -0000 Subject: SUSE-RU-2023:0614-1: moderate: Recommended update for nut Message-ID: <167786100833.16853.901103385557150677@smelt2.suse.de> # Recommended update for nut Announcement ID: SUSE-RU-2023:0614-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update of nut fixes the following issues: * rebuild against the new net-snmp (jsc#SLE-11203). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-614=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-614=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-614=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nut-2.7.4-150400.15.2.1 * nut-drivers-net-2.7.4-150400.15.2.1 * libupsclient1-2.7.4-150400.15.2.1 * nut-debugsource-2.7.4-150400.15.2.1 * nut-cgi-2.7.4-150400.15.2.1 * nut-cgi-debuginfo-2.7.4-150400.15.2.1 * nut-debuginfo-2.7.4-150400.15.2.1 * nut-devel-2.7.4-150400.15.2.1 * nut-drivers-net-debuginfo-2.7.4-150400.15.2.1 * libupsclient1-debuginfo-2.7.4-150400.15.2.1 * openSUSE Leap 15.4 (noarch) * nut-doc-images-2.7.4-150400.15.2.1 * nut-devel-doc-html-2.7.4-150400.15.2.1 * nut-devel-doc-pdf-2.7.4-150400.15.2.1 * nut-doc-pdf-2.7.4-150400.15.2.1 * nut-doc-asciidoc-2.7.4-150400.15.2.1 * nut-doc-html-2.7.4-150400.15.2.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * nut-debuginfo-2.7.4-150400.15.2.1 * nut-debugsource-2.7.4-150400.15.2.1 * libupsclient1-debuginfo-2.7.4-150400.15.2.1 * libupsclient1-2.7.4-150400.15.2.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * nut-2.7.4-150400.15.2.1 * nut-drivers-net-2.7.4-150400.15.2.1 * nut-debugsource-2.7.4-150400.15.2.1 * nut-drivers-net-debuginfo-2.7.4-150400.15.2.1 * nut-debuginfo-2.7.4-150400.15.2.1 * nut-devel-2.7.4-150400.15.2.1 ## References: * https://jira.suse.com/browse/SLE-11203 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 3 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 03 Mar 2023 16:30:07 -0000 Subject: SUSE-RU-2023:0615-1: moderate: Recommended update for eth-ff Message-ID: <167786100730.16853.8539239128265255730@smelt2.suse.de> # Recommended update for eth-ff Announcement ID: SUSE-RU-2023:0615-1 Rating: moderate References: Affected Products: * HPC Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 An update that contains one feature can now be installed. ## Description: This update of eth-ff fixes the following issues: * rebuild against the new net-snmp (jsc#SLE-11203). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-615=1 * HPC Module 15-SP4 zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2023-615=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * eth-basic-tools-debuginfo-11.1.0.0-150400.3.2.1 * eth-fastfabric-11.1.0.0-150400.3.2.1 * eth-basic-tools-11.1.0.0-150400.3.2.1 * eth-ff-debuginfo-11.1.0.0-150400.3.2.1 * eth-fastfabric-debuginfo-11.1.0.0-150400.3.2.1 * eth-ff-debugsource-11.1.0.0-150400.3.2.1 * HPC Module 15-SP4 (x86_64) * eth-basic-tools-debuginfo-11.1.0.0-150400.3.2.1 * eth-fastfabric-11.1.0.0-150400.3.2.1 * eth-basic-tools-11.1.0.0-150400.3.2.1 * eth-ff-debuginfo-11.1.0.0-150400.3.2.1 * eth-fastfabric-debuginfo-11.1.0.0-150400.3.2.1 * eth-ff-debugsource-11.1.0.0-150400.3.2.1 ## References: * https://jira.suse.com/browse/SLE-11203 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Mar 4 08:04:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Mar 2023 09:04:00 +0100 (CET) Subject: SUSE-CU-2023:546-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230304080400.97B48F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:546-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-29.6 , bci/dotnet-aspnet:6.0.14 , bci/dotnet-aspnet:6.0.14-29.6 Container Release : 29.6 Severity : moderate Type : recommended References : 1207789 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated From sle-updates at lists.suse.com Sat Mar 4 08:04:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Mar 2023 09:04:07 +0100 (CET) Subject: SUSE-CU-2023:547-1: Recommended update of suse/registry Message-ID: <20230304080407.97F02F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:547-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-5.9 , suse/registry:latest Container Release : 5.9 Severity : moderate Type : recommended References : 1207789 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated From sle-updates at lists.suse.com Sat Mar 4 08:04:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Mar 2023 09:04:54 +0100 (CET) Subject: SUSE-CU-2023:548-1: Recommended update of bci/dotnet-sdk Message-ID: <20230304080454.EFEB6F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:548-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-31.6 , bci/dotnet-sdk:6.0.14 , bci/dotnet-sdk:6.0.14-31.6 Container Release : 31.6 Severity : moderate Type : recommended References : 1207789 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated From sle-updates at lists.suse.com Sat Mar 4 08:05:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Mar 2023 09:05:35 +0100 (CET) Subject: SUSE-CU-2023:549-1: Recommended update of bci/dotnet-runtime Message-ID: <20230304080535.B0FE4F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:549-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-28.6 , bci/dotnet-runtime:6.0.14 , bci/dotnet-runtime:6.0.14-28.6 Container Release : 28.6 Severity : moderate Type : recommended References : 1207789 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated From sle-updates at lists.suse.com Sat Mar 4 08:06:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Mar 2023 09:06:07 +0100 (CET) Subject: SUSE-CU-2023:550-1: Recommended update of bci/golang Message-ID: <20230304080607.F0F22F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:550-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-19.43 Container Release : 19.43 Severity : moderate Type : recommended References : 1207789 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated - container:sles15-image-15.0.0-27.14.38 updated From sle-updates at lists.suse.com Sat Mar 4 08:06:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Mar 2023 09:06:31 +0100 (CET) Subject: SUSE-CU-2023:551-1: Recommended update of bci/golang Message-ID: <20230304080631.85CC3F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:551-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-20.28 , bci/golang:latest Container Release : 20.28 Severity : moderate Type : recommended References : 1207789 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated - container:sles15-image-15.0.0-27.14.38 updated From sle-updates at lists.suse.com Sat Mar 4 08:07:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Mar 2023 09:07:05 +0100 (CET) Subject: SUSE-CU-2023:552-1: Recommended update of bci/bci-init Message-ID: <20230304080705.32F9CF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:552-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.25.22 , bci/bci-init:latest Container Release : 25.22 Severity : moderate Type : recommended References : 1207789 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated From sle-updates at lists.suse.com Sat Mar 4 08:07:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Mar 2023 09:07:37 +0100 (CET) Subject: SUSE-CU-2023:553-1: Recommended update of bci/nodejs Message-ID: <20230304080737.F2771F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:553-1 Container Tags : bci/node:14 , bci/node:14-36.44 , bci/nodejs:14 , bci/nodejs:14-36.44 Container Release : 36.44 Severity : moderate Type : recommended References : 1207789 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated From sle-updates at lists.suse.com Sat Mar 4 08:08:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Mar 2023 09:08:20 +0100 (CET) Subject: SUSE-CU-2023:554-1: Recommended update of bci/openjdk-devel Message-ID: <20230304080820.65DD9F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:554-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-38.93 Container Release : 38.93 Severity : moderate Type : recommended References : 1207789 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated - container:bci-openjdk-11-15.4.11-34.44 updated From sle-updates at lists.suse.com Sat Mar 4 08:08:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Mar 2023 09:08:55 +0100 (CET) Subject: SUSE-CU-2023:555-1: Recommended update of bci/openjdk Message-ID: <20230304080855.1ECD7F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:555-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-34.44 Container Release : 34.44 Severity : moderate Type : recommended References : 1207789 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated From sle-updates at lists.suse.com Sat Mar 4 08:09:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Mar 2023 09:09:09 +0100 (CET) Subject: SUSE-CU-2023:556-1: Recommended update of bci/openjdk-devel Message-ID: <20230304080909.465F5F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:556-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-13.53 , bci/openjdk-devel:latest Container Release : 13.53 Severity : moderate Type : recommended References : 1207789 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated - container:bci-openjdk-17-15.4.17-12.29 updated From sle-updates at lists.suse.com Sat Mar 4 08:09:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Mar 2023 09:09:20 +0100 (CET) Subject: SUSE-CU-2023:557-1: Recommended update of bci/openjdk Message-ID: <20230304080920.2C9A4F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:557-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.29 , bci/openjdk:latest Container Release : 12.29 Severity : moderate Type : recommended References : 1207789 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated From sle-updates at lists.suse.com Sat Mar 4 08:10:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Mar 2023 09:10:08 +0100 (CET) Subject: SUSE-CU-2023:558-1: Recommended update of suse/pcp Message-ID: <20230304081008.AAB30F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:558-1 Container Tags : suse/pcp:5 , suse/pcp:5-12.44 , suse/pcp:5.2 , suse/pcp:5.2-12.44 , suse/pcp:5.2.2 , suse/pcp:5.2.2-12.44 , suse/pcp:latest Container Release : 12.44 Severity : moderate Type : recommended References : 1207789 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated - container:bci-bci-init-15.4-15.4-25.22 updated From sle-updates at lists.suse.com Sat Mar 4 08:10:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Mar 2023 09:10:39 +0100 (CET) Subject: SUSE-CU-2023:559-1: Recommended update of bci/python Message-ID: <20230304081039.31D9DF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:559-1 Container Tags : bci/python:3 , bci/python:3-11.26 , bci/python:3.10 , bci/python:3.10-11.26 , bci/python:latest Container Release : 11.26 Severity : moderate Type : recommended References : 1207789 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated From sle-updates at lists.suse.com Sat Mar 4 08:11:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Mar 2023 09:11:13 +0100 (CET) Subject: SUSE-CU-2023:560-1: Recommended update of bci/python Message-ID: <20230304081113.E61EBF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:560-1 Container Tags : bci/python:3 , bci/python:3-34.29 , bci/python:3.6 , bci/python:3.6-34.29 Container Release : 34.29 Severity : moderate Type : recommended References : 1207789 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated From sle-updates at lists.suse.com Sat Mar 4 08:11:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Mar 2023 09:11:45 +0100 (CET) Subject: SUSE-CU-2023:561-1: Recommended update of bci/ruby Message-ID: <20230304081145.ADCFCF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:561-1 Container Tags : bci/ruby:2 , bci/ruby:2-33.25 , bci/ruby:2.5 , bci/ruby:2.5-33.25 , bci/ruby:latest Container Release : 33.25 Severity : moderate Type : recommended References : 1207789 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated From sle-updates at lists.suse.com Sat Mar 4 08:12:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Mar 2023 09:12:11 +0100 (CET) Subject: SUSE-CU-2023:562-1: Recommended update of suse/sle15 Message-ID: <20230304081211.AD8A4F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:562-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.38 , suse/sle15:15.4 , suse/sle15:15.4.27.14.38 Container Release : 27.14.38 Severity : moderate Type : recommended References : 1207789 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated From sle-updates at lists.suse.com Sat Mar 4 08:12:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Mar 2023 09:12:21 +0100 (CET) Subject: SUSE-CU-2023:564-1: Recommended update of bci/bci-init Message-ID: <20230304081221.79974F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:564-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.3.23 Container Release : 3.23 Severity : moderate Type : recommended References : 1207789 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated - sles-release-15.5-150500.31.1 updated - container:sles15-image-15.0.0-33.2.34 updated From sle-updates at lists.suse.com Sat Mar 4 09:36:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Mar 2023 10:36:21 +0100 (CET) Subject: SUSE-CU-2023:566-1: Recommended update of bci/rust Message-ID: <20230304093621.103EBF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:566-1 Container Tags : bci/rust:1.65 , bci/rust:1.65-13.24 Container Release : 13.24 Severity : moderate Type : recommended References : 1207789 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated From sle-updates at lists.suse.com Sat Mar 4 09:36:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Mar 2023 10:36:30 +0100 (CET) Subject: SUSE-CU-2023:567-1: Recommended update of bci/rust Message-ID: <20230304093630.7B303F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:567-1 Container Tags : bci/rust:1.66 , bci/rust:1.66-3.10 Container Release : 3.10 Severity : moderate Type : recommended References : 1207789 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated From sle-updates at lists.suse.com Sat Mar 4 09:36:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Mar 2023 10:36:34 +0100 (CET) Subject: SUSE-CU-2023:568-1: Recommended update of bci/rust Message-ID: <20230304093634.EEEE0F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:568-1 Container Tags : bci/rust:1.67 , bci/rust:1.67-2.5 , bci/rust:latest Container Release : 2.5 Severity : moderate Type : recommended References : 1207789 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated From sle-updates at lists.suse.com Mon Mar 6 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Mar 2023 12:30:05 -0000 Subject: SUSE-RU-2023:0627-1: moderate: Recommended update for lvm2 Message-ID: <167810580523.14088.16772452961581504459@smelt2.suse.de> # Recommended update for lvm2 Announcement ID: SUSE-RU-2023:0627-1 Rating: moderate References: * #1142550 Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for lvm2 fixes the following issues: * Fix LVM volume groups not being cleaned up after kiwi image build (bsc#1142550) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-627=1 SUSE-SLE- SERVER-12-SP5-2023-627=1 * SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-627=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-627=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-627=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-627=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * device-mapper-1.02.172-12.6.1 * lvm2-clvm-debuginfo-2.02.188-12.6.1 * lvm2-cmirrord-debuginfo-2.02.188-12.6.1 * lvm2-cmirrord-2.02.188-12.6.1 * lvm2-debugsource-2.02.188-12.6.1 * lvm2-debuginfo-2.02.188-12.6.1 * lvm2-clvm-2.02.188-12.6.1 * lvm2-2.02.188-12.6.1 * device-mapper-debuginfo-1.02.172-12.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * device-mapper-debuginfo-32bit-1.02.172-12.6.1 * device-mapper-32bit-1.02.172-12.6.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64) * lvm2-clvm-debuginfo-2.02.188-12.6.1 * lvm2-cmirrord-debuginfo-2.02.188-12.6.1 * lvm2-cmirrord-2.02.188-12.6.1 * lvm2-debugsource-2.02.188-12.6.1 * lvm2-debuginfo-2.02.188-12.6.1 * lvm2-clvm-2.02.188-12.6.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * lvm2-debugsource-2.02.188-12.6.1 * device-mapper-devel-1.02.172-12.6.1 * lvm2-debuginfo-2.02.188-12.6.1 * lvm2-devel-2.02.188-12.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * device-mapper-1.02.172-12.6.1 * lvm2-debugsource-2.02.188-12.6.1 * lvm2-2.02.188-12.6.1 * lvm2-debuginfo-2.02.188-12.6.1 * device-mapper-debuginfo-1.02.172-12.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * device-mapper-debuginfo-32bit-1.02.172-12.6.1 * device-mapper-32bit-1.02.172-12.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * device-mapper-1.02.172-12.6.1 * lvm2-debugsource-2.02.188-12.6.1 * lvm2-2.02.188-12.6.1 * lvm2-debuginfo-2.02.188-12.6.1 * device-mapper-debuginfo-1.02.172-12.6.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * device-mapper-debuginfo-32bit-1.02.172-12.6.1 * device-mapper-32bit-1.02.172-12.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1142550 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Mar 6 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Mar 2023 12:30:07 -0000 Subject: SUSE-RU-2023:0626-1: important: Recommended update for libnvme Message-ID: <167810580748.14088.17074437458508510829@smelt2.suse.de> # Recommended update for libnvme Announcement ID: SUSE-RU-2023:0626-1 Rating: important References: * #1207159 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for libnvme fixes the following issues: * Fix import error in python-libnvme (bsc#1207159) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-626=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-626=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-626=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-626=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-626=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libnvme1-1.0-150400.3.15.1 * libnvme1-debuginfo-1.0-150400.3.15.1 * libnvme-debugsource-1.0-150400.3.15.1 * libnvme-debuginfo-1.0-150400.3.15.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python3-libnvme-debuginfo-1.0-150400.3.15.1 * libnvme-devel-1.0-150400.3.15.1 * libnvme1-debuginfo-1.0-150400.3.15.1 * libnvme-debugsource-1.0-150400.3.15.1 * python3-libnvme-1.0-150400.3.15.1 * libnvme1-1.0-150400.3.15.1 * libnvme-debuginfo-1.0-150400.3.15.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libnvme1-1.0-150400.3.15.1 * libnvme1-debuginfo-1.0-150400.3.15.1 * libnvme-debugsource-1.0-150400.3.15.1 * libnvme-debuginfo-1.0-150400.3.15.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libnvme1-1.0-150400.3.15.1 * libnvme1-debuginfo-1.0-150400.3.15.1 * libnvme-debugsource-1.0-150400.3.15.1 * libnvme-debuginfo-1.0-150400.3.15.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-libnvme-debuginfo-1.0-150400.3.15.1 * libnvme-devel-1.0-150400.3.15.1 * libnvme1-debuginfo-1.0-150400.3.15.1 * libnvme-debugsource-1.0-150400.3.15.1 * python3-libnvme-1.0-150400.3.15.1 * libnvme1-1.0-150400.3.15.1 * libnvme-debuginfo-1.0-150400.3.15.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207159 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Mar 6 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Mar 2023 12:30:11 -0000 Subject: SUSE-RU-2023:0625-1: important: Recommended update for linuxrc Message-ID: <167810581104.14088.4735689652518512221@smelt2.suse.de> # Recommended update for linuxrc Announcement ID: SUSE-RU-2023:0625-1 Rating: important References: * #1206460 * #1207403 Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for linuxrc fixes the following issues: * Fix buffer overflow in debug log (bsc#1207403) * Ensure the switching between textmode and graphic console is properly handled (bsc#1206460) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-625=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-625=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * linuxrc-debugsource-7.0.31.9-150400.3.3.1 * linuxrc-debuginfo-7.0.31.9-150400.3.3.1 * linuxrc-7.0.31.9-150400.3.3.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * linuxrc-debugsource-7.0.31.9-150400.3.3.1 * linuxrc-debuginfo-7.0.31.9-150400.3.3.1 * linuxrc-7.0.31.9-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206460 * https://bugzilla.suse.com/show_bug.cgi?id=1207403 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Mar 6 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Mar 2023 12:30:14 -0000 Subject: SUSE-RU-2023:0623-1: moderate: Recommended update for xscreensaver Message-ID: <167810581484.14088.14616467767887155582@smelt2.suse.de> # Recommended update for xscreensaver Announcement ID: SUSE-RU-2023:0623-1 Rating: moderate References: * #1199742 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for xscreensaver fixes the following issues: * Let XScreenSaver search for its configuration in the right default path. (bsc#1199742) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-623=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-623=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * xscreensaver-data-6.03-150400.3.3.1 * xscreensaver-6.03-150400.3.3.1 * xscreensaver-data-extra-6.03-150400.3.3.1 * xscreensaver-debugsource-6.03-150400.3.3.1 * xscreensaver-data-debuginfo-6.03-150400.3.3.1 * xscreensaver-data-extra-debuginfo-6.03-150400.3.3.1 * xscreensaver-debuginfo-6.03-150400.3.3.1 * openSUSE Leap 15.4 (noarch) * xscreensaver-lang-6.03-150400.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * xscreensaver-data-6.03-150400.3.3.1 * xscreensaver-6.03-150400.3.3.1 * xscreensaver-debugsource-6.03-150400.3.3.1 * xscreensaver-data-debuginfo-6.03-150400.3.3.1 * xscreensaver-debuginfo-6.03-150400.3.3.1 * Basesystem Module 15-SP4 (noarch) * xscreensaver-lang-6.03-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1199742 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Mar 6 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Mar 2023 12:30:12 -0000 Subject: SUSE-RU-2023:0624-1: moderate: Recommended update for lifecycle-data-sle-live-patching Message-ID: <167810581288.14088.11514187707515982858@smelt2.suse.de> # Recommended update for lifecycle-data-sle-live-patching Announcement ID: SUSE-RU-2023:0624-1 Rating: moderate References: * #1020320 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Live Patching 12-SP4 * SUSE Linux Enterprise Live Patching 12 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for lifecycle-data-sle-live-patching fixes the following issues: * Live kernel patching update data for for 4_12_14-122_139, 4_12_14-122_144, 4_12_14-95_114. (bsc#1020320) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12 zypper in -t patch SUSE-SLE-Live-Patching-12-2023-624=1 * SUSE Linux Enterprise Live Patching 12-SP4 zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-624=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-624=1 ## Package List: * SUSE Linux Enterprise Live Patching 12 (noarch) * lifecycle-data-sle-live-patching-1-10.122.1 * SUSE Linux Enterprise Live Patching 12-SP4 (noarch) * lifecycle-data-sle-live-patching-1-10.122.1 * SUSE Linux Enterprise Live Patching 12-SP5 (noarch) * lifecycle-data-sle-live-patching-1-10.122.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1020320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Mar 6 12:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Mar 2023 12:30:16 -0000 Subject: SUSE-RU-2023:0622-1: moderate: Recommended update for tcl Message-ID: <167810581671.14088.14336201662524236430@smelt2.suse.de> # Recommended update for tcl Announcement ID: SUSE-RU-2023:0622-1 Rating: moderate References: * #1206623 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for tcl fixes the following issues: * Fix string compare -length on big endian and improve string equal on little endian. (bsc#1206623) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-622=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-622=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-622=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-622=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-622=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-622=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * tcl-debuginfo-8.6.12-150300.14.9.1 * tcl-debugsource-8.6.12-150300.14.9.1 * tcl-8.6.12-150300.14.9.1 * openSUSE Leap 15.4 (x86_64) * tcl-32bit-8.6.12-150300.14.9.1 * tcl-32bit-debuginfo-8.6.12-150300.14.9.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * tcl-debuginfo-8.6.12-150300.14.9.1 * tcl-devel-8.6.12-150300.14.9.1 * tcl-debugsource-8.6.12-150300.14.9.1 * tcl-8.6.12-150300.14.9.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * tcl-debuginfo-8.6.12-150300.14.9.1 * tcl-debugsource-8.6.12-150300.14.9.1 * tcl-8.6.12-150300.14.9.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * tcl-debuginfo-8.6.12-150300.14.9.1 * tcl-debugsource-8.6.12-150300.14.9.1 * tcl-8.6.12-150300.14.9.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * tcl-debuginfo-8.6.12-150300.14.9.1 * tcl-devel-8.6.12-150300.14.9.1 * tcl-debugsource-8.6.12-150300.14.9.1 * tcl-8.6.12-150300.14.9.1 * Basesystem Module 15-SP4 (x86_64) * tcl-32bit-8.6.12-150300.14.9.1 * tcl-32bit-debuginfo-8.6.12-150300.14.9.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * tcl-debuginfo-8.6.12-150300.14.9.1 * tcl-32bit-8.6.12-150300.14.9.1 * tcl-32bit-debuginfo-8.6.12-150300.14.9.1 * tcl-8.6.12-150300.14.9.1 * tcl-devel-8.6.12-150300.14.9.1 * tcl-debugsource-8.6.12-150300.14.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206623 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Mar 6 12:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Mar 2023 12:30:18 -0000 Subject: SUSE-RU-2023:0621-1: moderate: Recommended update for tcl Message-ID: <167810581848.14088.14545243792858782288@smelt2.suse.de> # Recommended update for tcl Announcement ID: SUSE-RU-2023:0621-1 Rating: moderate References: * #1206623 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for tcl fixes the following issues: * Fix string compare -length on big endian and improve string equal on little endian. (bsc#1206623) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-621=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-621=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-621=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-621=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * tcl-debuginfo-8.6.12-11.9.1 * tcl-debugsource-8.6.12-11.9.1 * tcl-devel-8.6.12-11.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * tcl-debuginfo-8.6.12-11.9.1 * tcl-debugsource-8.6.12-11.9.1 * tcl-8.6.12-11.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * tcl-debuginfo-32bit-8.6.12-11.9.1 * tcl-32bit-8.6.12-11.9.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * tcl-debuginfo-8.6.12-11.9.1 * tcl-debugsource-8.6.12-11.9.1 * tcl-8.6.12-11.9.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * tcl-debuginfo-32bit-8.6.12-11.9.1 * tcl-32bit-8.6.12-11.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * tcl-debuginfo-8.6.12-11.9.1 * tcl-debugsource-8.6.12-11.9.1 * tcl-8.6.12-11.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * tcl-debuginfo-32bit-8.6.12-11.9.1 * tcl-32bit-8.6.12-11.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206623 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Mar 6 12:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Mar 2023 12:30:21 -0000 Subject: SUSE-SU-2023:0620-1: important: Security update for samba Message-ID: <167810582196.14088.16918473130175139980@smelt2.suse.de> # Security update for samba Announcement ID: SUSE-SU-2023:0620-1 Rating: important References: * #1205385 * #1206504 * #1206546 Cross-References: * CVE-2021-20251 * CVE-2022-37966 * CVE-2022-38023 CVSS scores: * CVE-2021-20251 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-37966 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-37966 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-38023 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-38023 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise Server 15 SP2 An update that solves three vulnerabilities can now be installed. ## Description: This update for samba fixes the following issues: * CVE-2021-20251: Fixed bad password count that was not incremented atomically (bsc#1206546). * CVE-2022-38023: Fixed weak RC4/HMAC-MD5 NetLogon Secure Channel usage should be avoided (bsc#1206504). * CVE-2022-37966: Fixed privilege elevation vulnerability with option 'kerberos encryption types = legacy' which would force RC4-HMAC as a client even if the server supports AES (bsc#1205385). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-620=1 ## Package List: * SUSE Enterprise Storage 7 (aarch64 x86_64) * libndr1-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * libwbclient0-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * libsmbclient0-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * libsamdb0-4.13.13+git.616.557146479a-150200.3.21.1 * libwbclient0-4.13.13+git.616.557146479a-150200.3.21.1 * libsamba-credentials0-4.13.13+git.616.557146479a-150200.3.21.1 * samba-client-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * libsamba-passdb0-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * samba-client-4.13.13+git.616.557146479a-150200.3.21.1 * samba-libs-python3-4.13.13+git.616.557146479a-150200.3.21.1 * samba-libs-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * libsamba-util0-4.13.13+git.616.557146479a-150200.3.21.1 * samba-libs-python3-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * libnetapi0-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * libtevent-util0-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * libsamba-errors0-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * libdcerpc0-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * libdcerpc-binding0-4.13.13+git.616.557146479a-150200.3.21.1 * libndr-krb5pac0-4.13.13+git.616.557146479a-150200.3.21.1 * libndr-nbt0-4.13.13+git.616.557146479a-150200.3.21.1 * libsmbclient0-4.13.13+git.616.557146479a-150200.3.21.1 * samba-4.13.13+git.616.557146479a-150200.3.21.1 * samba-debugsource-4.13.13+git.616.557146479a-150200.3.21.1 * libsamdb0-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * libsamba-credentials0-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * libtevent-util0-4.13.13+git.616.557146479a-150200.3.21.1 * ctdb-4.13.13+git.616.557146479a-150200.3.21.1 * samba-winbind-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * libsamba-util0-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * libsamba-passdb0-4.13.13+git.616.557146479a-150200.3.21.1 * libsmbldap2-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * libsmbconf0-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * ctdb-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * libsamba-errors0-4.13.13+git.616.557146479a-150200.3.21.1 * libdcerpc-binding0-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * libsamba-hostconfig0-4.13.13+git.616.557146479a-150200.3.21.1 * libsmbldap2-4.13.13+git.616.557146479a-150200.3.21.1 * libdcerpc0-4.13.13+git.616.557146479a-150200.3.21.1 * libndr-nbt0-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * samba-ceph-4.13.13+git.616.557146479a-150200.3.21.1 * samba-libs-4.13.13+git.616.557146479a-150200.3.21.1 * libndr-standard0-4.13.13+git.616.557146479a-150200.3.21.1 * libndr-krb5pac0-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * libndr-standard0-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * samba-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * libsmbconf0-4.13.13+git.616.557146479a-150200.3.21.1 * samba-ceph-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * samba-winbind-4.13.13+git.616.557146479a-150200.3.21.1 * libndr1-4.13.13+git.616.557146479a-150200.3.21.1 * libsamba-hostconfig0-debuginfo-4.13.13+git.616.557146479a-150200.3.21.1 * libnetapi0-4.13.13+git.616.557146479a-150200.3.21.1 ## References: * https://www.suse.com/security/cve/CVE-2021-20251.html * https://www.suse.com/security/cve/CVE-2022-37966.html * https://www.suse.com/security/cve/CVE-2022-38023.html * https://bugzilla.suse.com/show_bug.cgi?id=1205385 * https://bugzilla.suse.com/show_bug.cgi?id=1206504 * https://bugzilla.suse.com/show_bug.cgi?id=1206546 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Mar 6 12:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Mar 2023 12:30:23 -0000 Subject: SUSE-RU-2023:0619-1: moderate: Recommended update for sap-installation-wizard Message-ID: <167810582381.14088.7130205375667168799@smelt2.suse.de> # Recommended update for sap-installation-wizard Announcement ID: SUSE-RU-2023:0619-1 Rating: moderate References: * #1194784 Affected Products: * SAP Applications Module 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that has one recommended fix can now be installed. ## Description: This update for sap-installation-wizard fixes the following issues: * Unit tests: * Enable RSpec verifying doubles to ensue that the mocked methods really exist (bsc#1194784) * Fixed to actually pass * Run them during RPM build * Do not crash if the partitioning XML is not valid ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SAP Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-619=1 ## Package List: * SAP Applications Module 15-SP4 (ppc64le x86_64) * sap-installation-wizard-4.4.1-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1194784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Mar 6 12:30:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Mar 2023 12:30:44 -0000 Subject: SUSE-SU-2023:0618-1: important: Security update for the Linux Kernel Message-ID: <167810584427.14088.11181416664586328084@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:0618-1 Rating: important References: * #1065729 * #1175995 * #1198971 * #1202712 * #1203200 * #1203740 * #1204250 * #1204514 * #1205149 * #1205397 * #1205495 * #1206073 * #1206640 * #1206648 * #1206784 * #1206855 * #1206858 * #1206873 * #1206877 * #1206878 * #1206880 * #1206882 * #1206883 * #1206884 * #1206887 * #1206896 * #1207092 * #1207093 * #1207094 * #1207097 * #1207102 * #1207186 * #1207195 * #1207201 * #1207237 * #1208108 * #1208541 * #1208570 Cross-References: * CVE-2022-3107 * CVE-2022-3108 * CVE-2022-3564 * CVE-2022-36280 * CVE-2022-4662 * CVE-2022-47929 * CVE-2023-0045 * CVE-2023-0266 * CVE-2023-0590 * CVE-2023-23454 CVSS scores: * CVE-2022-3107 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3107 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3108 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3108 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3564 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-3564 ( NVD ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2022-36280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36280 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H * CVE-2022-4662 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-4662 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-47929 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2022-47929 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0045 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0266 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0266 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 10 vulnerabilities, contains three features and has 28 fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036). * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134). * CVE-2023-0045: Fixed flush IBP in ib_prctl_set() (bsc#1207773). * CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237). * CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bnc#1206664). * CVE-2022-36280: Fixed an out-of-bounds memory access vulnerability that was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c (bnc#1203332). * CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bnc#1206073). * CVE-2022-3108: Fixed missing check of return value of kmemdup() (bnc#1206389). * CVE-2022-3107: Fixed missing check of return value of kvmalloc_array() (bnc#1206395). The following non-security bugs were fixed: * Bluetooth: hci_qca: Fix the teardown problem for real (git-fixes). * CDC-NCM: remove "connected" log message (git-fixes). * HID: betop: check shape of output reports (git-fixes, bsc#1207186). * HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes, bsc#1207186). * HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784). * Input: convert autorepeat timer to use timer_setup() (git-fixes). * Input: do not use WARN() in input_alloc_absinfo() (git-fixes). * Input: i8042 - Add quirk for Fujitsu Lifebook T725 (git-fixes). * Input: iforce - reformat the packet dump output (git-fixes). * Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes). * Input: replace hard coded string with **func** in pr_err() (git-fixes). * Input: switch to using sizeof(*type) when allocating memory (git-fixes). * Input: use seq_putc() in input_seq_print_bitmap() (git-fixes). * Input: use seq_puts() in input_devices_seq_show() (git-fixes). * Makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200). * NFS Handle missing attributes in OPEN reply (bsc#1203740). * NFS: Correct size calculation for create reply length (git-fixes). * NFS: Fix an Oops in nfs_d_automount() (git-fixes). * NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup (git- fixes). * NFS: Fix memory leaks in nfs_pageio_stop_mirroring() (git-fixes). * NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails (git- fixes). * NFS: nfs_compare_mount_options always compare auth flavors (git-fixes). * NFS: nfs_find_open_context() may only select open files (git-fixes). * NFS: swap IO handling is slightly different for O_DIRECT IO (git-fixes). * NFS: swap-out must always use STABLE writes (git-fixes). * NFSD: Keep existing listeners on portlist error (git-fixes). * NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data (git- fixes). * NFSv2: Fix eof handling (git-fixes). * NFSv2: Fix write regression (git-fixes). * NFSv4 expose nfs_parse_server_name function (git-fixes). * NFSv4 only print the label when its queried (git-fixes). * NFSv4 remove zero number of fs_locations entries error check (git-fixes). * NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (git-fixes). * NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes). * NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). * NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). * NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). * NFSv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). * NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes). * NFSv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). * NFSv4.x: Fail client initialisation if state manager thread can't run (git- fixes). * NFSv4.x: fix lock recovery during delegation recall (git-fixes). * NFSv4/pNFS: Always return layout stats on layout return for flexfiles (git- fixes). * NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). * NFSv4: Fix open create exclusive when the server reboots (git-fixes). * NFSv4: Fix return value in nfs_finish_open() (git-fixes). * NFSv4: Fix return values for nfs4_file_open() (git-fixes). * PCI/ASPM: Correct LTR_L1.2_THRESHOLD computation (git-fixes). * PCI/ASPM: Declare threshold_ns as u32, not u64 (git-fixes). * PCI/sysfs: Fix double free in error path (git-fixes). * PCI: Check for alloc failure in pci_request_irq() (git-fixes). * PCI: Fix pci_device_is_present() for VFs by checking PF (git-fixes). * PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). * PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). * Revert "blkdev: check for valid request queue before issuing flush" (git- fixes). * Revert "dm cache: fix arm link errors with inline" (git-fixes). * Revert "scsi: core: run queue if SCSI device queue isn't ready and queue is idle" (git-fixes). * Revert "scsi: smartpqi: set force_blk_mq=1.(bsc#1205397)" * SUNRPC: Do not call __UDPX_INC_STATS() from a preemptible context (git- fixes). * SUNRPC: Do not leak netobj memory when gss_read_proxy_verf() fails (git- fixes). * SUNRPC: Fix a bogus get/put in generic_key_to_expire() (git-fixes). * SUNRPC: Fix a compile warning for cmpxchg64() (git-fixes). * SUNRPC: Fix a race with XPRT_CONNECTING (git-fixes). * SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). * SUNRPC: Handle 0 length opaque XDR object data properly (git-fixes). * SUNRPC: Move simple_get_bytes and simple_get_netobj into private header (git-fixes). * SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer() (git-fixes). * SUNRPC: make lockless test safe (bsc#1207201). * SUNRPC: stop printk reading past end of string (git-fixes). * USB: serial: ch341: fix disabled rx timer on older devices (git-fixes). * USB: serial: console: move mutex_unlock() before usb_serial_put() (git- fixes). * amiflop: clean up on errors during setup (git-fixes). * arm64/kvm: consistently handle host HCR_EL2 flags (git-fixes) * arm64: Fix minor issues with the dcache_by_line_op macro (git-fixes) * arm64: alternative: Use true and false for boolean values (git-fixes) * arm64: cmpwait: Clear event register before arming exclusive monitor (git- fixes) * arm64: fix possible spectre-v1 in ptrace_hbp_get_event() (git-fixes) * arm64: fix possible spectre-v1 write in ptrace_hbp_set_event() (git-fixes) * arm64: ftrace: do not adjust the LR value (git-fixes) * arm64: io: Ensure calls to delay routines are ordered against prior (git- fixes) * arm64: io: Ensure value passed to __iormb() is held in a 64-bit (git-fixes) * arm64: jump_label.h: use asm_volatile_goto macro instead of "asm (git-fixes) * arm64: make secondary_start_kernel() notrace (git-fixes) * arm64: makefile fix build of .i file in external module case (git-fixes) * arm64: ptrace: remove addr_limit manipulation (git-fixes) * arm64: rockchip: Force CONFIG_PM on Rockchip systems (git-fixes) * arm64: smp: Handle errors reported by the firmware (git-fixes) * audit: ensure userspace is penalized the same as the kernel when under pressure (bsc#1204514). * audit: improve robustness of the audit queue handling (bsc#1204514). * bcache: fix super block seq numbers comparision in register_cache_set() (git-fixes). * blk-cgroup: Fix memleak on error path (git-fixes). * blk-cgroup: Pre-allocate tree node on blkg_conf_prep (git-fixes). * blk-cgroup: fix missing put device in error path from blkg_conf_pref() (git- fixes). * blk-mq: fix possible memleak when register 'hctx' failed (git-fixes). * blk-mq: insert request not through ->queue_rq into sw/scheduler queue (git- fixes). * blk-mq: move cancel of requeue_work into blk_mq_release (git-fixes). * blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). * blktrace: break out of blktrace setup on concurrent calls (git-fixes). * blktrace: ensure our debugfs dir exists (git-fixes). * blktrace: fix endianness for blk_log_remap() (git-fixes). * blktrace: fix endianness in get_pdu_int() (git-fixes). * blktrace: use errno instead of bi_status (git-fixes). * block, bfq: fix overwrite of bfq_group pointer in bfq_find_set_group() (bsc#1175995,jsc#SLE-15608). * block, bfq: fix overwrite of bfq_group pointer in bfq_find_set_group() (git- fixes). * block, bfq: increase idling for weight-raised queues (git-fixes). * block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (bsc#1207102). * block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes). * block/bio-integrity: do not free 'buf' if bio_integrity_add_page() failed (git-fixes). * block/bio-integrity: fix a memory leak bug (git-fixes). * block/swim: Check drive type (git-fixes). * block/swim: Do not log an error message for an invalid ioctl (git-fixes). * block/swim: Fix IO error at end of medium (git-fixes). * block/swim: Rename macros to avoid inconsistent inverted logic (git-fixes). * block/swim: Select appropriate drive on device open (git-fixes). * block: Fix use-after-free issue accessing struct io_cq (git-fixes). * block: add a lower-level bio_add_page interface (git-fixes). * block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541). * block: fix memleak when __blk_rq_map_user_iov() is failed (git-fixes). * block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR (git-fixes). * brd: check and limit max_part par (git-fixes). * ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1207195). * compat_ioctl: block: handle BLKGETZONESZ/BLKGETNRZONES (git-fixes). * cpu/hotplug: Fix "SMT disabled by BIOS" detection for KVM (git-fixes). * cryptoloop: add a deprecation warning (git-fixes). * d6810d730022 ("memcg, THP, swap: make mem_cgroup_swapout() support THP") * dm bio record: save/restore bi_end_io and bi_integrity (git-fixes). * dm btree: add a defensive bounds check to insert_at() (git-fixes). * dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). * dm cache: Fix UAF in destroy() (git-fixes). * dm cache: set needs_check flag after aborting metadata (git-fixes). * dm crypt: use u64 instead of sector_t to store iv_offset (git-fixes). * dm flakey: Properly corrupt multi-page bios (git-fixes). * dm ioctl: fix misbehavior if list_versions races with module loading (git- fixes). * dm ioctl: prevent potential spectre v1 gadget (git-fixes). * dm kcopyd: Fix bug causing workqueue stalls (git-fixes). * dm raid: avoid bitmap with raid4/5/6 journal device (git-fixes). * dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). * dm space maps: do not reset space map allocation cursor when committing (git-fixes). * dm table: Remove BUG_ON(in_interrupt()) (git-fixes). * dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). * dm thin: Fix UAF in run_timer_softirq() (git-fixes). * dm thin: Use last transaction's pmd->root when commit failed (git-fixes). * dm thin: add sanity checks to thin-pool and external snapshot creation (git- fixes). * dm thin: resume even if in FAIL mode (git-fixes). * dm verity: skip verity work if I/O error when system is shutting down (git- fixes). * dm verity: use message limit for data block corruption message (git-fixes). * dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone (git-fixes). * dm: Use kzalloc for all structs with embedded biosets/mempools (git-fixes). * do not dump the threads that had been already exiting when zapped (git- fixes). * drbd: Change drbd_request_detach_interruptible's return type to int (git- fixes). * drbd: destroy workqueue when drbd device was freed (git-fixes). * drbd: do not block when adjusting "disk-options" while IO is frozen (git- fixes). * drbd: dynamically allocate shash descriptor (git-fixes). * drbd: fix potential silent data corruption (git-fixes). * drbd: fix print_st_err()'s prototype to match the definition (git-fixes). * drbd: ignore "all zero" peer volume sizes in handshake (git-fixes). * drbd: reject attach of unsuitable uuids even if connected (git-fixes). * drbd: remove usage of list iterator variable after loop (git-fixes). * drbd: use after free in drbd_create_device() (git-fixes). * drivers/block/zram/zram_drv.c: fix bug storing backing_dev (git-fixes). * drivers:md:fix a potential use-after-free bug (git-fixes). * ext4: Detect already used quota file early (bsc#1206873). * ext4: Fixup pages without buffers (bsc#1205495). * ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). * ext4: add reserved GDT blocks check (bsc#1202712). * ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). * ext4: avoid resizing to a partial cluster size (bsc#1206880). * ext4: clear mmp sequence number when remounting read-only (bsc#1207093). * ext4: continue to expand file system when the target size does not reach (bsc#1206882). * ext4: correct max_inline_xattr_value_size computing (bsc#1206878). * ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). * ext4: do not BUG if someone dirty pages without asking ext4 first (bsc#1207097). * ext4: fix a data race at inode->i_disksize (bsc#1206855). * ext4: fix argument checking in EXT4_IOC_MOVE_EXT (bsc#1207092). * ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). * ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). * ext4: fix race when reusing xattr blocks (bsc#1198971). * ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). * ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). * ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). * ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). * ext4: make ext4_lazyinit_thread freezable (bsc#1206885). * ext4: prohibit fstrim in norecovery mode (bsc#1207094). * ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713). * ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971). * ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). * ext4: use matching invalidatepage in ext4_writepage (bsc#1206858). * flexfiles: enforce per-mirror stateid only for v4 DSes (git-fixes). * flexfiles: use per-mirror specified stateid for IO (git-fixes). * floppy: Add max size check for user space request (git-fixes). * fs: nfs: Fix possible null-pointer dereferences in encode_attrs() (git- fixes). * ftrace: Enable trampoline when rec count returns back to one (git-fixes). * ftrace: Fix NULL pointer dereference in free_ftrace_func_mapper() (git- fixes). * ftrace: Fix updating FTRACE_FL_TRAMP (git-fixes). * ftrace: fpid_next() should increase position index (git-fixes). * gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp() (git-fixes). * ibmveth: Always stop tx queues during close (bsc#1065729). * iforce: restore old iforce_dump_packet (git-fixes). * ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). * ipmi: Move remove_work to dedicated workqueue (git-fixes). * ipmi: fix memleak when unload ipmi driver (git-fixes). * ipmi: fix use after free in _ipmi_destroy_user() (git-fixes). * ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). * isofs: reject hardware sector size > 2048 bytes (bsc#1207103). * jbd2: use the correct print format (git-fixes). * kABI: cpu/hotplug: reexport cpu_smt_control (kabi). * kABI: mitigate new ufs_stats field (git-fixes). * kbuild: clear LDFLAGS in the top Makefile (bsc#1203200). * kernel/sys.c: avoid copying possible padding bytes in copy_to_user (git- fixes). * kprobes, x86/alternatives: Use text_mutex to protect smp_alt_modules (git- fixes). * kprobes, x86/ptrace.h: Make regs_get_kernel_stack_nth() not fault on bad stack (git-fixes). * lockd: fix decoding of TEST results (git-fixes). * loop: Add LOOP_SET_DIRECT_IO to compat ioctl (git-fixes). * loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). * m68k/mac: Do not remap SWIM MMIO region (git-fixes). * mbcache: add functions to delete entry if unused (bsc#1198971). * mbcache: do not reclaim used entries (bsc#1198971). * md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes). * md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). * md: fix a crash in mempool_free (git-fixes). * md: protect md_unregister_thread from reentrancy (git-fixes). * media: Do not let tvp5150_get_vbi() go out of vbi_ram_default array (git- fixes). * media: i2c: tvp5150: remove useless variable assignment in tvp5150_set_vbi() (git-fixes). * memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). * memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). * memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc() failure (bsc#1208108). * mm, page_alloc: avoid expensive reclaim when compaction may not succeed (bsc#1204250). * mm/filemap.c: clear page error before actual read (bsc#1206635). * module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). * module: set MODULE_STATE_GOING state when a module fails to load (git- fixes). * move new members of struct usbnet to end (git-fixes). * nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag (git-fixes). * nbd: Fix NULL pointer in flush_workqueue (git-fixes). * nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). * nbd: add a flush_workqueue in nbd_start_device (git-fixes). * nbd: add missing config put (git-fixes). * nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). * nbd: do not requeue the same request twice (git-fixes). * nbd: fix a block_device refcount leak in nbd_release (git-fixes). * nbd: fix crash when the blksize is zero (git-fixes). * nbd: fix io hung while disconnecting device (git-fixes). * nbd: fix max number of supported devs (git-fixes). * nbd: fix possible sysfs duplicate warning (git-fixes). * nbd: fix race between nbd_alloc_config() and module removal (git-fixes). * nbd: fix shutdown and recv work deadlock v2 (git-fixes). * nbd: handle racing with error'ed out commands (git-fixes). * nbd: handle unexpected replies better (git-fixes). * nbd: make the config put is called before the notifying the waiter (git- fixes). * nbd: verify socket is supported during setup (git-fixes). * nbd:fix memory leak in nbd_get_socket() (git-fixes). * net :sunrpc :clnt :Fix xps refcount imbalance on the error path (git-fixes). * net/ethernet/freescale: rework quiesce/activate for ucc_geth (git-fixes). * net/mlx5e: Set of completion request bit should not clear other adjacent bits (git-fixes). * net/usb/kalmia: use ARRAY_SIZE for various array sizing calculations (git- fixes). * net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes). * net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes). * net: allwinner: Fix use correct return type for ndo_start_xmit() (git- fixes). * net: bcmgenet: suppress warnings on failed Rx SKB allocations (git-fixes). * net: bmac: Fix read of MAC address from ROM (git-fixes). * net: dsa: mv88e6xxx: Allow dsa and cpu ports in multiple vlans (git-fixes). * net: kalmia: clean up bind error path (git-fixes). * net: kalmia: fix memory leaks (git-fixes). * net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). * net: qed*: Reduce RX and TX default ring count when running inside kdump kernel (git-fixes). * net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). * net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). * net: stmmac: Fix sub-second increment (git-fixes). * net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes). * net: systemport: suppress warnings on failed Rx SKB allocations (git-fixes). * net: usb: asix: ax88772_bind return error when hw_reset fail (git-fixes). * net: usb: asix: init MAC address buffers (git-fixes). * net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes). * net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 (git-fixes). * net: usb: lan78xx: do not modify phy_device state concurrently (git-fixes). * net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). * net: usb: qmi_wwan: Add the BroadMobi BM818 card (git-fixes). * net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes). * net: usb: qmi_wwan: add Quectel EM160R-GL (git-fixes). * net: usb: qmi_wwan: add Quectel RM520N (git-fixes). * net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes). * net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). * net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git- fixes). * net: usb: rtl8150: demote allmulti message to dev_dbg() (git-fixes). * net: usb: sr9700: Handle negative len (git-fixes). * nfs4: Fix kmemleak when allocate slot failed (git-fixes). * nfs: Fix NULL pointer dereference of dev_name (git-fixes). * nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes). * nfs: nfs4clinet: check the return value of kstrdup() (git-fixes). * nfs: we do not support removing system.nfs4_acl (git-fixes). * nfsd4: fix crash on writing v4_end_grace before nfsd startup (git-fixes). * nfsd: Fix svc_xprt refcnt leak when setup callback client failed (git- fixes). * nfsd: Return EPERM, not EACCES, in some SETATTR cases (git-fixes). * nfsd: allow fh_want_write to be called twice (git-fixes). * nfsd: fix a warning in __cld_pipe_upcall() (git-fixes). * nfsd: fix wrong check in write_v4_end_grace() (git-fixes). * null_blk: Handle null_add_dev() failures properly (git-fixes). * null_blk: fix spurious IO errors after failed past-wp access (git-fixes). * pNFS/NFSv4: Try to return invalid layout in pnfs_layout_process() (git- fixes). * panic: unset panic_on_warn inside panic() (git-fixes). * parisc: Fix HP SDC hpa address output (git-fixes). * parisc: Fix serio address output (git-fixes). * powerpc/64/module: REL32 relocation range check (bsc#1065729). * powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). * powerpc/64s/hash: Fix stab_rr off by one initialization (bsc#1065729). * powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729). * powerpc/boot: Disable vector instructions (bsc#1065729). * powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1065729). * powerpc/boot: Fix 64-bit boot wrapper build with non-biarch compiler (bsc#1065729). * powerpc/boot: Fix missing check of lseek() return value (bsc#1065729). * powerpc/boot: Fixup device-tree on little endian (bsc#1065729). * powerpc/crashkernel: Take "mem=" option into account (bsc#1065729). * powerpc/eeh: Fix possible null deref in eeh_dump_dev_log() (bsc#1065729). * powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field (bsc#1065729). * powerpc/eeh: Only dump stack once if an MMIO loop is detected (bsc#1065729). * powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function (bsc#1065729). * powerpc/iommu: Avoid derefence before pointer check (bsc#1065729). * powerpc/mm: Make NULL pointer deferences explicit on bad page faults (bsc#1065729). * powerpc/pci/of: Fix OF flags parsing for 64bit BARs (bsc#1065729). * powerpc/pci: Fix get_phb_number() locking (bsc#1065729). * powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). * powerpc/powernv/eeh/npu: Fix uninitialized variables in opal_pci_eeh_freeze_status (bsc#1065729). * powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number (bsc#1065729). * powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729). * powerpc/powernv: add missing of_node_put (bsc#1065729). * powerpc/powernv: opal_put_chars partial write fix (bsc#1065729). * powerpc/pseries/cmm: Implement release() function for sysfs device (bsc#1065729). * powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). * powerpc/pseries/hvconsole: Fix stack overread via udbg (bsc#1065729). * powerpc/pseries: Fix node leak in update_lmb_associativity_index() (bsc#1065729). * powerpc/pseries: Mark accumulate_stolen_time() as notrace (bsc#1065729). * powerpc/pseries: Stop calling printk in rtas_stop_self() (bsc#1065729). * powerpc/pseries: add of_node_put() in dlpar_detach_node() (bsc#1065729). * powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). * powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). * powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). * powerpc/smp: Set numa node before updating mask (bsc#1065729). * powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV (bsc#1065729). * powerpc/time: Fix clockevent_decrementer initalisation for PR KVM (bsc#1065729). * powerpc/time: Use clockevents_register_device(), fixing an issue with large decrementer (bsc#1065729). * powerpc/traps: Fix the message printed when stack overflows (bsc#1065729). * powerpc/xive/spapr: correct bitmap allocation size (git-fixes). * powerpc/xive: Add a check for memory allocation failure (git-fixes). * powerpc/xive: Move a dereference below a NULL test (bsc#1065729). * powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). * powerpc/xmon: fix dump_segments() (bsc#1065729). * powerpc: Force inlining of cpu_has_feature() to avoid build failure (bsc#1065729). * powerpc: improve handling of unrecoverable system reset (bsc#1065729). * powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() (bsc#1065729). * prlimit: do_prlimit needs to have a speculation check (git-fixes). * ps3disk: use the default segment boundary (git-fixes). * ptrace: make ptrace() fail if the tracee changed its pid unexpectedly (git- fixes). * quota: Check next/prev free block number after reading from quota file (bsc#1206640). * quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF} quotactls (bsc#1207104). * rndis_host: increase sleep time in the query-response loop (git-fixes). * rpc: fix NULL dereference on kmalloc failure (git-fixes). * rpc: fix gss_svc_init cleanup on failure (git-fixes). * rpm: Add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149) * rsxx: add missed destroy_workqueue calls in remove (git-fixes). * sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git- fixes). * sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git- fixes). * sbitmap: fix lockup while swapping (bsc#1206602). * scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). * scsi: 3ware: fix return 0 on the error path of probe (git-fixes). * scsi: 53c700: pass correct "dev" to dma_alloc_attrs() (git-fixes). * scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (git- fixes). * scsi: NCR5380: Add disconnect_mask module parameter (git-fixes). * scsi: NCR5380: Check for bus reset (git-fixes). * scsi: NCR5380: Check for invalid reselection target (git-fixes). * scsi: NCR5380: Clear all unissued commands on host reset (git-fixes). * scsi: NCR5380: Do not call dsprintk() following reselection interrupt (git- fixes). * scsi: NCR5380: Do not clear busy flag when abort fails (git-fixes). * scsi: NCR5380: Handle BUS FREE during reselection (git-fixes). * scsi: NCR5380: Have NCR5380_select() return a bool (git-fixes). * scsi: NCR5380: Use DRIVER_SENSE to indicate valid sense data (git-fixes). * scsi: NCR5380: Withhold disconnect privilege for REQUEST SENSE (git-fixes). * scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session" (git-fixes). * scsi: aacraid: Disabling TM path and only processing IOP reset (git-fixes). * scsi: aacraid: fix illegal IO beyond last LBA (git-fixes). * scsi: advansys: Fix kernel pointer leak (git-fixes). * scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). * scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes). * scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (git-fixes). * scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE (git- fixes). * scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). * scsi: core: Avoid printing an error if target_alloc() returns -ENXIO (git- fixes). * scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes). * scsi: core: Do not start concurrent async scan on same host (git-fixes). * scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() (git-fixes). * scsi: core: Reduce memory required for SCSI logging (git-fixes). * scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c (git-fixes). * scsi: dc395x: fix dma API usage in srb_done (git-fixes). * scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). * scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git- fixes). * scsi: fcoe: drop frames in ELS LOGO error path (git-fixes). * scsi: fcoe: fix use-after-free in fcoe_ctlr_els_send (git-fixes). * scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE (git-fixes). * scsi: fnic: fix use after free (git-fixes). * scsi: hisi_sas: Check sas_port before using it (git-fixes). * scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes). * scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). * scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes). * scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). * scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). * scsi: hpsa: correct scsi command status issue after reset (git-fixes). * scsi: ibmvscsis: Ensure partition name is properly NUL terminated (git- fixes). * scsi: ibmvscsis: Fix a stringop-overflow warning (git-fixes). * scsi: ipr: Fix WARNING in ipr_init() (git-fixes). * scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). * scsi: ipr: Fix softlockup when rescanning devices in petitboot (git-fixes). * scsi: ips: fix missing break in switch (git-fixes). * scsi: isci: Change sci_controller_start_task's return type to sci_status (git-fixes). * scsi: isci: Use proper enumerated type in atapi_d2h_reg_frame_handler (git- fixes). * scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes). * scsi: iscsi: Do not destroy session if there are outstanding connections (git-fixes). * scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes). * scsi: iscsi: Do not send data to unbound connection (git-fixes). * scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj (git-fixes). * scsi: iscsi: Fix shost->max_id use (git-fixes). * scsi: iscsi: Report unbind session event when the target has been removed (git-fixes). * scsi: iscsi: Unblock session then wake up error handler (git-fixes). * scsi: iscsi: flush running unbind operations when removing a session (git- fixes). * scsi: iscsi_tcp: Explicitly cast param in iscsi_sw_tcp_host_get_param (git- fixes). * scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route() (git- fixes). * scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy() (git- fixes). * scsi: libfc: Fix a format specifier (git-fixes). * scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). * scsi: libiscsi: Fix NOP race condition (git-fixes). * scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset (git- fixes). * scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). * scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes). * scsi: libsas: Check SMP PHY control function result (git-fixes). * scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (git-fixes). * scsi: megaraid: Fix error check return value of register_chrdev() (git- fixes). * scsi: megaraid: disable device when probe failed after enabled device (git- fixes). * scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() (git- fixes). * scsi: megaraid_sas: fix panic on loading firmware crashdump (git-fixes). * scsi: megaraid_sas: reduce module load time (git-fixes). * scsi: mpt3sas: Fix clear pending bit in ioctl status (git-fixes). * scsi: mpt3sas: Fix double free warnings (git-fixes). * scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). * scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes). * scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). * scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). * scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes). * scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort (git-fixes). * scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). * scsi: pm80xx: Corrected dma_unmap_sg() parameter (git-fixes). * scsi: pm80xx: Fix for SATA device discovery (git-fixes). * scsi: pm80xx: Fixed system hang issue during kexec boot (git-fixes). * scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). * scsi: qedf: Do not retry ELS request if qedf_alloc_cmd fails (git-fixes). * scsi: qedi: Abort ep termination if offload not scheduled (git-fixes). * scsi: qedi: Do not flush offload work if ARP not resolved (git-fixes). * scsi: qedi: Fix list_del corruption while removing active I/O (git-fixes). * scsi: qedi: Fix null ref during abort handling (git-fixes). * scsi: qedi: Fix termination timeouts in session logout (git-fixes). * scsi: qedi: Protect active command list to avoid list corruption (git- fixes). * scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570). * scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570). * scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570). * scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). * scsi: qla2xxx: Fix erroneous link down (bsc#1208570). * scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570). * scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570). * scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570). * scsi: qla2xxx: Fix printk() format string (bsc#1208570). * scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). * scsi: qla2xxx: Fix stalled login (bsc#1208570). * scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). * scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570). * scsi: qla2xxx: Relocate/rename vp map (bsc#1208570). * scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570). * scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570). * scsi: qla2xxx: Remove dead code (bsc#1208570). * scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). * scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570). * scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570). * scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570). * scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). * scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570). * scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570). * scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570). * scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570). * scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570). * scsi: qla2xxx: edif: Fix clang warning (bsc#1208570). * scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570). * scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570). * scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570). * scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param (git- fixes). * scsi: qla4xxx: fix a potential NULL pointer dereference (git-fixes). * scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). * scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). * scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git- fixes). * scsi: scsi_debug: num_tgts must be >= 0 (git-fixes). * scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes). * scsi: scsi_dh_alua: always use a 2 second delay before retrying RTPG (git- fixes). * scsi: scsi_dh_alua: handle RTPG sense code correctly during state transitions (git-fixes). * scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes). * scsi: scsi_transport_spi: Fix function pointer check (git-fixes). * scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (git- fixes). * scsi: scsi_transport_srp: Do not block target in failfast state (git-fixes). * scsi: sd: Free scsi_disk device via put_device() (git-fixes). * scsi: sd: do not crash the host on invalid commands (git-fixes). * scsi: ses: Fix unsigned comparison with less than zero (git-fixes). * scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes). * scsi: smartpqi: use processor ID for hwqueue for non-mq case . * scsi: sni_53c710: fix compilation error (git-fixes). * scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). * scsi: sr: Do not use GFP_DMA (git-fixes). * scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes). * scsi: sr: Return appropriate error code when disk is ejected (git-fixes). * scsi: sr: Return correct event when media event code is 3 (git-fixes). * scsi: st: Fix a use after free in st_open() (git-fixes). * scsi: target: core: Add CONTROL field for trace events (git-fixes). * scsi: target: iscsi: Wait for all commands to finish before freeing a session (git-fixes). * scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() (git-fixes). * scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes). * scsi: ufs: Avoid configuring regulator with undefined voltage range (git- fixes). * scsi: ufs: Clean up completed request without interrupt notification (git- fixes). * scsi: ufs: Complete pending requests in host reset and restore path (git- fixes). * scsi: ufs: Fix error handing during hibern8 enter (git-fixes). * scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes). * scsi: ufs: Fix regulator load and icc-level configuration (git-fixes). * scsi: ufs: Fix system suspend status (git-fixes). * scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes). * scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (git-fixes). * scsi: ufs: fix potential bug which ends in system hang (git-fixes). * scsi: ufs: skip shutdown if hba is not powered (git-fixes). * scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() (git-fixes). * scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" (git- fixes). * scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload (git-fixes). * scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). * scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED (git-fixes). * scsi: vmw_pvscsi: Set correct residual data length (git-fixes). * scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes). * sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). * signal handling: do not use BUG_ON() for debugging (git-fixes). * struct dwc3: move new members to the end (git-fixes). * sunrpc: Fix connect metrics (git-fixes). * sunrpc: do not mark uninitialised items as VALID (git-fixes). * sunrpc: fix cache_head leak due to queued request (git-fixes). * sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN (git-fixes). * svcrdma: Ignore source port when computing DRC hash (git-fixes). * swim: fix cleanup on setup error (git-fixes). * tracing/cfi: Fix cmp_entries_* functions signature mismatch (git-fixes). * tracing: Adding NULL checks for trace_array descriptor pointer (git-fixes). * tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes). * tracing: Fix a kmemleak false positive in tracing_map (git-fixes). * tracing: Fix code comments in trace.c (git-fixes). * tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes). * tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes). * tracing: Fix stack trace event size (git-fixes). * tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git- fixes). * tracing: Make sure trace_printk() can output as soon as it can be used (git- fixes). * tracing: Set kernel_stack's caller size properly (git-fixes). * tracing: Use address-of operator on section symbols (git-fixes). * tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes). * trigger_next should increase position index (git-fixes). * udf: Avoid accessing uninitialized data on failed inode read (bsc#1206642). * udf: Check LVID earlier (bsc#1207108). * udf: Fix BUG on corrupted inode (bsc#1207107). * udf: Fix NULL pointer dereference in udf_symlink function (bsc#1206646). * udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). * udf: Fix free space reporting for metadata and virtual partitions (bsc#1206641). * udf: Limit sparing table size (bsc#1206643). * udf: fix silent AED tagLocation corruption (bsc#1206645). * udf_get_extendedattr() had no boundary checks (bsc#1206648). * usb: dwc3: Disable phy suspend after power-on reset (git-fixes). * usb: dwc3: core: Call dwc3_core_get_phy() before initializing phys (git- fixes). * usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init during suspend/resume (git-fixes). * usb: dwc3: core: initialize ULPI before trying to get the PHY (git-fixes). * usb: dwc3: fix PHY disable sequence (git-fixes). * usb: dwc3: gadget: Fix OTG events when gadget driver isn't loaded (git- fixes). * usb: dwc3: gadget: Fix event pending check (git-fixes). * usb: dwc3: gadget: only unmap requests from DMA if mapped (git-fixes). * usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). * usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes). * usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). * virtio-blk: Fix memory leak among suspend/resume procedure (git-fixes). * virtio_console: break out of buf poll on remove (git-fixes). * virtio_console: eliminate anonymous module_init & module_exit (git-fixes). * x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk (git-fixes). * x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models (git- fixes). * x86/asm: Add instruction suffixes to bitops (git-fixes). * x86/asm: Remove unnecessary \n\t in front of CC_SET() from asm templates (git-fixes). * x86/bugs: Move the l1tf function and define pr_fmt properly (git-fixes). * x86/earlyprintk: Add a force option for pciserial device (git-fixes). * x86/entry/64: Add instruction suffix (git-fixes). * x86/fpu: Add might_fault() to user_insn() (git-fixes). * x86/hpet: Prevent potential NULL pointer dereference (git-fixes). * x86/kexec: Do not setup EFI info if EFI runtime is not enabled (git-fixes). * x86/mce-inject: Reset injection struct after injection (git-fixes). * x86/mce/mce-inject: Preset the MCE injection struct (git-fixes). * x86/mce: Fix -Wmissing-prototypes warnings (git-fixes). * x86/mm: Do not leak kernel addresses (git-fixes). * x86/speculation: Add support for STIBP always-on preferred mode (git-fixes). * x86/speculation: Change misspelled STIPB to STIBP (git-fixes). * x86: boot: Fix EFI stub alignment (git-fixes). * x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). * xen-netfront: Fix hang on device removal (bsc#1206698). * xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init (git-fixes). * xfs: Fix bulkstat compat ioctls on x32 userspace (git-fixes). * xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git- fixes). * xfs: fix attr leaf header freemap.size underflow (git-fixes). * xfs: fix leaks on corruption errors in xfs_bmap.c (git-fixes). * xfs: fix mount failure crash on invalid iclog memory access (git-fixes). * xfs: fix partially uninitialized structure in xfs_reflink_remap_extent (git- fixes). * xfs: fix realtime bitmap/summary file truncation when growing rt volume (git-fixes). * xfs: fix use-after-free race in xfs_buf_rele (git-fixes). * xfs: initialize the shortform attr header padding entry (git-fixes). * xfs: make sure the rt allocator does not run off the end (git-fixes). * xfs: require both realtime inodes to mount (git-fixes). * xhci: Do not show warning for reinit on known broken suspend (git-fixes). * xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). * zram: fix double free backing device (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-618=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-618=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-618=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.124.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kernel-azure-debuginfo-4.12.14-16.124.1 * kernel-azure-debugsource-4.12.14-16.124.1 * kernel-azure-base-4.12.14-16.124.1 * kernel-azure-base-debuginfo-4.12.14-16.124.1 * kernel-azure-devel-4.12.14-16.124.1 * kernel-syms-azure-4.12.14-16.124.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-source-azure-4.12.14-16.124.1 * kernel-devel-azure-4.12.14-16.124.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.124.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * kernel-azure-debuginfo-4.12.14-16.124.1 * kernel-azure-debugsource-4.12.14-16.124.1 * kernel-azure-base-4.12.14-16.124.1 * kernel-azure-base-debuginfo-4.12.14-16.124.1 * kernel-azure-devel-4.12.14-16.124.1 * kernel-syms-azure-4.12.14-16.124.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-source-azure-4.12.14-16.124.1 * kernel-devel-azure-4.12.14-16.124.1 * SUSE Linux Enterprise Server 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.124.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * kernel-azure-debuginfo-4.12.14-16.124.1 * kernel-azure-debugsource-4.12.14-16.124.1 * kernel-azure-base-4.12.14-16.124.1 * kernel-azure-base-debuginfo-4.12.14-16.124.1 * kernel-azure-devel-4.12.14-16.124.1 * kernel-syms-azure-4.12.14-16.124.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-source-azure-4.12.14-16.124.1 * kernel-devel-azure-4.12.14-16.124.1 ## References: * https://www.suse.com/security/cve/CVE-2022-3107.html * https://www.suse.com/security/cve/CVE-2022-3108.html * https://www.suse.com/security/cve/CVE-2022-3564.html * https://www.suse.com/security/cve/CVE-2022-36280.html * https://www.suse.com/security/cve/CVE-2022-4662.html * https://www.suse.com/security/cve/CVE-2022-47929.html * https://www.suse.com/security/cve/CVE-2023-0045.html * https://www.suse.com/security/cve/CVE-2023-0266.html * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1175995 * https://bugzilla.suse.com/show_bug.cgi?id=1198971 * https://bugzilla.suse.com/show_bug.cgi?id=1202712 * https://bugzilla.suse.com/show_bug.cgi?id=1203200 * https://bugzilla.suse.com/show_bug.cgi?id=1203740 * https://bugzilla.suse.com/show_bug.cgi?id=1204250 * https://bugzilla.suse.com/show_bug.cgi?id=1204514 * https://bugzilla.suse.com/show_bug.cgi?id=1205149 * https://bugzilla.suse.com/show_bug.cgi?id=1205397 * https://bugzilla.suse.com/show_bug.cgi?id=1205495 * https://bugzilla.suse.com/show_bug.cgi?id=1206073 * https://bugzilla.suse.com/show_bug.cgi?id=1206640 * https://bugzilla.suse.com/show_bug.cgi?id=1206648 * https://bugzilla.suse.com/show_bug.cgi?id=1206784 * https://bugzilla.suse.com/show_bug.cgi?id=1206855 * https://bugzilla.suse.com/show_bug.cgi?id=1206858 * https://bugzilla.suse.com/show_bug.cgi?id=1206873 * https://bugzilla.suse.com/show_bug.cgi?id=1206877 * https://bugzilla.suse.com/show_bug.cgi?id=1206878 * https://bugzilla.suse.com/show_bug.cgi?id=1206880 * https://bugzilla.suse.com/show_bug.cgi?id=1206882 * https://bugzilla.suse.com/show_bug.cgi?id=1206883 * https://bugzilla.suse.com/show_bug.cgi?id=1206884 * https://bugzilla.suse.com/show_bug.cgi?id=1206887 * https://bugzilla.suse.com/show_bug.cgi?id=1206896 * https://bugzilla.suse.com/show_bug.cgi?id=1207092 * https://bugzilla.suse.com/show_bug.cgi?id=1207093 * https://bugzilla.suse.com/show_bug.cgi?id=1207094 * https://bugzilla.suse.com/show_bug.cgi?id=1207097 * https://bugzilla.suse.com/show_bug.cgi?id=1207102 * https://bugzilla.suse.com/show_bug.cgi?id=1207186 * https://bugzilla.suse.com/show_bug.cgi?id=1207195 * https://bugzilla.suse.com/show_bug.cgi?id=1207201 * https://bugzilla.suse.com/show_bug.cgi?id=1207237 * https://bugzilla.suse.com/show_bug.cgi?id=1208108 * https://bugzilla.suse.com/show_bug.cgi?id=1208541 * https://bugzilla.suse.com/show_bug.cgi?id=1208570 * https://jira.suse.com/browse/PED-1706 * https://jira.suse.com/browse/PED-568 * https://jira.suse.com/browse/SLE-15608 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Mar 6 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Mar 2023 16:30:02 -0000 Subject: SUSE-SU-2023:0631-1: moderate: security update for mariadb Message-ID: <167812020250.873.14302472141565021883@smelt2.suse.de> # security update for mariadb Announcement ID: SUSE-SU-2023:0631-1 Rating: moderate References: * #1202863 Cross-References: * CVE-2022-21595 * CVE-2022-38791 CVSS scores: * CVE-2022-21595 ( SUSE ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-21595 ( NVD ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38791 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38791 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves two vulnerabilities can now be installed. ## Description: This update for mariadb fixes the following issues: * CVE-2022-38791: Fixed deadlock in compress_write in extra/mariabackup/ds_compress.cc (bsc#1202863). Version update from 10.4.26 to 10.4.28 (fixes CVE-2022-38791 and CVE-2022-38791). * Update to 10.4.28: * https://mariadb.com/kb/en/library/mariadb-10428-release-notes * https://mariadb.com/kb/en/library/mariadb-10428-changelog * https://mariadb.com/kb/en/library/mariadb-10427-release-notes * https://mariadb.com/kb/en/library/mariadb-10427-changelog * Update list of skipped tests * Update mariadb.keyring ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-631=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-631=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-631=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-631=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * mariadb-tools-debuginfo-10.4.28-150200.3.38.1 * libmariadbd-devel-10.4.28-150200.3.38.1 * libmariadbd19-10.4.28-150200.3.38.1 * libmariadbd19-debuginfo-10.4.28-150200.3.38.1 * mariadb-client-debuginfo-10.4.28-150200.3.38.1 * mariadb-10.4.28-150200.3.38.1 * mariadb-debuginfo-10.4.28-150200.3.38.1 * mariadb-debugsource-10.4.28-150200.3.38.1 * mariadb-tools-10.4.28-150200.3.38.1 * mariadb-client-10.4.28-150200.3.38.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * mariadb-errormessages-10.4.28-150200.3.38.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * mariadb-tools-debuginfo-10.4.28-150200.3.38.1 * libmariadbd-devel-10.4.28-150200.3.38.1 * libmariadbd19-10.4.28-150200.3.38.1 * libmariadbd19-debuginfo-10.4.28-150200.3.38.1 * mariadb-client-debuginfo-10.4.28-150200.3.38.1 * mariadb-10.4.28-150200.3.38.1 * mariadb-debuginfo-10.4.28-150200.3.38.1 * mariadb-debugsource-10.4.28-150200.3.38.1 * mariadb-tools-10.4.28-150200.3.38.1 * mariadb-client-10.4.28-150200.3.38.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * mariadb-errormessages-10.4.28-150200.3.38.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * mariadb-tools-debuginfo-10.4.28-150200.3.38.1 * libmariadbd-devel-10.4.28-150200.3.38.1 * libmariadbd19-10.4.28-150200.3.38.1 * libmariadbd19-debuginfo-10.4.28-150200.3.38.1 * mariadb-client-debuginfo-10.4.28-150200.3.38.1 * mariadb-10.4.28-150200.3.38.1 * mariadb-debuginfo-10.4.28-150200.3.38.1 * mariadb-debugsource-10.4.28-150200.3.38.1 * mariadb-tools-10.4.28-150200.3.38.1 * mariadb-client-10.4.28-150200.3.38.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * mariadb-errormessages-10.4.28-150200.3.38.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * mariadb-tools-debuginfo-10.4.28-150200.3.38.1 * libmariadbd-devel-10.4.28-150200.3.38.1 * libmariadbd19-10.4.28-150200.3.38.1 * libmariadbd19-debuginfo-10.4.28-150200.3.38.1 * mariadb-client-debuginfo-10.4.28-150200.3.38.1 * mariadb-10.4.28-150200.3.38.1 * mariadb-debuginfo-10.4.28-150200.3.38.1 * mariadb-debugsource-10.4.28-150200.3.38.1 * mariadb-tools-10.4.28-150200.3.38.1 * mariadb-client-10.4.28-150200.3.38.1 * SUSE Enterprise Storage 7 (noarch) * mariadb-errormessages-10.4.28-150200.3.38.1 ## References: * https://www.suse.com/security/cve/CVE-2022-21595.html * https://www.suse.com/security/cve/CVE-2022-38791.html * https://bugzilla.suse.com/show_bug.cgi?id=1202863 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Mar 6 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Mar 2023 16:30:04 -0000 Subject: SUSE-RU-2023:0630-1: moderate: Recommended update for rust, rust1.67 Message-ID: <167812020473.873.15881257666638781586@smelt2.suse.de> # Recommended update for rust, rust1.67 Announcement ID: SUSE-RU-2023:0630-1 Rating: moderate References: * #1207928 Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for rust, rust1.67 fixes the following issues: rust1.67 (bsc#1207928) # Version 1.67.1 (2023-02-09) * Fix interoperability with thin archives. * Fix an internal error in the compiler build process. * Downgrade `clippy::uninlined_format_args` to pedantic. Changes in rust: * Update to version 1.67.1 - for details see the rust1.67 package ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-630=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-630=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * cargo1.67-1.67.1-150400.9.6.1 * rust-1.67.1-150400.24.9.1 * cargo-1.67.1-150400.24.9.1 * rust1.67-debuginfo-1.67.1-150400.9.6.1 * cargo1.67-debuginfo-1.67.1-150400.9.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.67-1.67.1-150400.9.6.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cargo1.67-1.67.1-150400.9.6.1 * rust-1.67.1-150400.24.9.1 * cargo-1.67.1-150400.24.9.1 * rust1.67-debuginfo-1.67.1-150400.9.6.1 * cargo1.67-debuginfo-1.67.1-150400.9.6.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.67-1.67.1-150400.9.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207928 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Mar 6 20:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Mar 2023 20:30:05 -0000 Subject: SUSE-RU-2023:0633-1: important: Recommended update for oracleasm Message-ID: <167813460518.22231.15023891313922721185@smelt2.suse.de> # Recommended update for oracleasm Announcement ID: SUSE-RU-2023:0633-1 Rating: important References: * #1202844 Affected Products: * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for oracleasm fixes the following issue: * Installation and stability issues such as kernel panics caused by compatibility issues. (bsc#1202844) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-633=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-633=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * oracleasm-debugsource-2.0.8-150400.25.5.1 * oracleasm-kmp-default-2.0.8_k5.14.21_150400.24.46-150400.25.5.1 * oracleasm-kmp-default-debuginfo-2.0.8_k5.14.21_150400.24.46-150400.25.5.1 * openSUSE Leap 15.4 (aarch64) * oracleasm-kmp-64kb-debuginfo-2.0.8_k5.14.21_150400.24.46-150400.25.5.1 * oracleasm-kmp-64kb-2.0.8_k5.14.21_150400.24.46-150400.25.5.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * oracleasm-kmp-default-2.0.8_k5.14.21_150400.24.46-150400.25.5.1 * oracleasm-kmp-default-debuginfo-2.0.8_k5.14.21_150400.24.46-150400.25.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1202844 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Mar 6 20:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Mar 2023 20:30:07 -0000 Subject: SUSE-RU-2023:0632-1: moderate: Recommended update for gnutls Message-ID: <167813460777.22231.5002880652341951513@smelt2.suse.de> # Recommended update for gnutls Announcement ID: SUSE-RU-2023:0632-1 Rating: moderate References: * #1207183 * #1208237 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature and has two recommended fixes can now be installed. ## Description: This update for gnutls fixes the following issues: * FIPS: Fix pct_test() return code in case of error (bsc#1207183) * Increase the limit of TLS PSK usernames from 128 to 65535 characters. [bsc#1208237, jsc#PED-1562] ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-632=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-632=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * gnutls-guile-debuginfo-3.7.3-150400.4.32.1 * gnutls-debugsource-3.7.3-150400.4.32.1 * libgnutls30-3.7.3-150400.4.32.1 * libgnutls30-hmac-3.7.3-150400.4.32.1 * gnutls-3.7.3-150400.4.32.1 * libgnutlsxx-devel-3.7.3-150400.4.32.1 * libgnutlsxx28-debuginfo-3.7.3-150400.4.32.1 * gnutls-guile-3.7.3-150400.4.32.1 * libgnutlsxx28-3.7.3-150400.4.32.1 * gnutls-debuginfo-3.7.3-150400.4.32.1 * libgnutls-devel-3.7.3-150400.4.32.1 * libgnutls30-debuginfo-3.7.3-150400.4.32.1 * openSUSE Leap 15.4 (x86_64) * libgnutls30-hmac-32bit-3.7.3-150400.4.32.1 * libgnutls-devel-32bit-3.7.3-150400.4.32.1 * libgnutls30-32bit-debuginfo-3.7.3-150400.4.32.1 * libgnutls30-32bit-3.7.3-150400.4.32.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * gnutls-debugsource-3.7.3-150400.4.32.1 * libgnutls30-3.7.3-150400.4.32.1 * libgnutls30-hmac-3.7.3-150400.4.32.1 * gnutls-3.7.3-150400.4.32.1 * libgnutlsxx-devel-3.7.3-150400.4.32.1 * libgnutlsxx28-debuginfo-3.7.3-150400.4.32.1 * libgnutlsxx28-3.7.3-150400.4.32.1 * gnutls-debuginfo-3.7.3-150400.4.32.1 * libgnutls-devel-3.7.3-150400.4.32.1 * libgnutls30-debuginfo-3.7.3-150400.4.32.1 * Basesystem Module 15-SP4 (x86_64) * libgnutls30-hmac-32bit-3.7.3-150400.4.32.1 * libgnutls30-32bit-3.7.3-150400.4.32.1 * libgnutls30-32bit-debuginfo-3.7.3-150400.4.32.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207183 * https://bugzilla.suse.com/show_bug.cgi?id=1208237 * https://jira.suse.com/browse/PED-1562 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Mar 7 08:04:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Mar 2023 09:04:18 +0100 (CET) Subject: SUSE-CU-2023:571-1: Security update of suse/sle15 Message-ID: <20230307080418.C009DF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:571-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.268 Container Release : 9.5.268 Severity : moderate Type : security References : 1208143 CVE-2023-0361 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:610-1 Released: Fri Mar 3 12:06:49 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1208143,CVE-2023-0361 This update for gnutls fixes the following issues: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143). The following package changes have been done: - libgnutls30-hmac-3.6.7-150200.14.25.2 updated - libgnutls30-3.6.7-150200.14.25.2 updated From sle-updates at lists.suse.com Tue Mar 7 08:04:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Mar 2023 09:04:56 +0100 (CET) Subject: SUSE-CU-2023:572-1: Recommended update of suse/389-ds Message-ID: <20230307080456.E4F8BF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:572-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-19.31 , suse/389-ds:latest Container Release : 19.31 Severity : moderate Type : recommended References : 1207789 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated - container:sles15-image-15.0.0-27.14.38 updated From sle-updates at lists.suse.com Tue Mar 7 08:05:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Mar 2023 09:05:38 +0100 (CET) Subject: SUSE-CU-2023:574-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230307080538.28E06F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:574-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-9.7 , bci/dotnet-aspnet:7.0.3 , bci/dotnet-aspnet:7.0.3-9.7 , bci/dotnet-aspnet:latest Container Release : 9.7 Severity : moderate Type : recommended References : 1207789 1207994 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - container:sles15-image-15.0.0-27.14.38 updated From sle-updates at lists.suse.com Tue Mar 7 08:06:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Mar 2023 09:06:23 +0100 (CET) Subject: SUSE-CU-2023:576-1: Recommended update of bci/dotnet-sdk Message-ID: <20230307080623.C8E3EF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:576-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-9.7 , bci/dotnet-sdk:7.0.3 , bci/dotnet-sdk:7.0.3-9.7 , bci/dotnet-sdk:latest Container Release : 9.7 Severity : moderate Type : recommended References : 1207789 1207994 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - container:sles15-image-15.0.0-27.14.38 updated From sle-updates at lists.suse.com Tue Mar 7 08:07:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Mar 2023 09:07:03 +0100 (CET) Subject: SUSE-CU-2023:578-1: Recommended update of bci/dotnet-runtime Message-ID: <20230307080703.28BC6F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:578-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-9.7 , bci/dotnet-runtime:7.0.3 , bci/dotnet-runtime:7.0.3-9.7 , bci/dotnet-runtime:latest Container Release : 9.7 Severity : moderate Type : recommended References : 1207789 1207994 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.25.1 updated - container:sles15-image-15.0.0-27.14.38 updated From sle-updates at lists.suse.com Tue Mar 7 08:07:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Mar 2023 09:07:29 +0100 (CET) Subject: SUSE-CU-2023:579-1: Security update of bci/nodejs Message-ID: <20230307080729.340D7F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:579-1 Container Tags : bci/node:16 , bci/node:16-14.8 , bci/nodejs:16 , bci/nodejs:16-14.8 Container Release : 14.8 Severity : important Type : security References : 1205568 1207789 1208413 1208481 1208483 1208485 1208487 CVE-2023-23918 CVE-2023-23919 CVE-2023-23920 CVE-2023-23936 CVE-2023-24807 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:608-1 Released: Fri Mar 3 12:03:19 2023 Summary: Security update for nodejs16 Type: security Severity: important References: 1205568,1208413,1208481,1208483,1208485,1208487,CVE-2023-23918,CVE-2023-23919,CVE-2023-23920,CVE-2023-23936,CVE-2023-24807 This update for nodejs16 fixes the following issues: Update to LTS version 16.19.1: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule (bsc#1208481). - CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library (bsc#1208483). - CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487). - CVE-2023-23936: Fixed protection against CRLF injection in host headers inside fetch API (bsc#1208485). - CVE-2023-24807: Fixed possible Regular Expression Denial of Service (ReDoS) via Headers.set() and Headers.append() methods (bsc#1208413). Bug fixes: - Workaround for failing openssl-nodejs test (bsc#1205568). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated - nodejs16-16.19.1-150400.3.15.1 updated - npm16-16.19.1-150400.3.15.1 updated From sle-updates at lists.suse.com Tue Mar 7 08:07:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Mar 2023 09:07:31 +0100 (CET) Subject: SUSE-CU-2023:580-1: Recommended update of bci/nodejs Message-ID: <20230307080731.EA535F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:580-1 Container Tags : bci/node:18 , bci/node:18-2.7 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-2.7 , bci/nodejs:latest Container Release : 2.7 Severity : moderate Type : recommended References : 1207789 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.9.1 updated From sle-updates at lists.suse.com Tue Mar 7 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 07 Mar 2023 12:30:02 -0000 Subject: SUSE-SU-2023:0637-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4) Message-ID: <167819220297.28591.11508440524964864025@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:0637-1 Rating: important References: * #1206314 * #1207139 Cross-References: * CVE-2022-3564 * CVE-2023-0179 CVSS scores: * CVE-2022-3564 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-3564 ( NVD ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-0179 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_22 fixes several issues. The following security issues were fixed: * CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206314). * CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207139). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-637=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-638=1 SUSE-SLE-Module-Live- Patching-15-SP4-2023-639=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-640=1 SUSE- SLE-Module-Live-Patching-15-SP4-2023-641=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_4-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_28-default-debuginfo-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_28-default-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_18-default-debuginfo-8-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_1-debugsource-8-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_3-debugsource-7-150400.2.1 * kernel-livepatch-5_14_21-150400_24_11-default-debuginfo-8-150400.2.1 * kernel-livepatch-5_14_21-150400_24_11-default-8-150400.2.1 * kernel-livepatch-5_14_21-150400_24_21-default-debuginfo-7-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_0-debugsource-11-150400.7.2 * kernel-livepatch-5_14_21-150400_22-default-11-150400.7.2 * kernel-livepatch-5_14_21-150400_24_21-default-7-150400.2.1 * kernel-livepatch-5_14_21-150400_22-default-debuginfo-11-150400.7.2 * kernel-livepatch-5_14_21-150400_24_18-default-8-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_2-debugsource-8-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-3564.html * https://www.suse.com/security/cve/CVE-2023-0179.html * https://bugzilla.suse.com/show_bug.cgi?id=1206314 * https://bugzilla.suse.com/show_bug.cgi?id=1207139 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Mar 7 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 07 Mar 2023 12:30:04 -0000 Subject: SUSE-SU-2023:0635-1: important: Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP4) Message-ID: <167819220486.28591.13810820475783336380@smelt2.suse.de> # Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:0635-1 Rating: important References: * #1207139 Cross-References: * CVE-2023-0179 CVSS scores: * CVE-2023-0179 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_15_5 fixes one issue. The following security issue was fixed: * CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207139). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-635=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-636=1 SUSE-SLE-Module-Live- Patching-15-SP4-2023-642=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-643=1 SUSE- SLE-Module-Live-Patching-15-SP4-2023-644=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-5_14_21-150400_15_5-rt-3-150400.2.1 * kernel-livepatch-5_14_21-150400_15_8-rt-2-150400.2.1 * kernel-livepatch-SLE15-SP4-RT_Update_2-debugsource-2-150400.2.1 * kernel-livepatch-SLE15-SP4-RT_Update_1-debugsource-3-150400.2.1 * kernel-livepatch-5_14_21-150400_15_5-rt-debuginfo-3-150400.2.1 * kernel-livepatch-5_14_21-150400_15_8-rt-debuginfo-2-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_7-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_33-default-4-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_5-debugsource-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_33-default-debuginfo-4-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_6-debugsource-3-150400.2.1 * kernel-livepatch-5_14_21-150400_24_38-default-3-150400.2.1 * kernel-livepatch-5_14_21-150400_24_41-default-debuginfo-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_38-default-debuginfo-3-150400.2.1 * kernel-livepatch-5_14_21-150400_24_41-default-2-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0179.html * https://bugzilla.suse.com/show_bug.cgi?id=1207139 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Mar 7 12:30:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 07 Mar 2023 12:30:49 -0000 Subject: SUSE-SU-2023:0634-1: important: Security update for the Linux Kernel Message-ID: <167819224964.28591.16487293712113402252@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:0634-1 Rating: important References: * #1068032 * #1175995 * #1186449 * #1194535 * #1198971 * #1201420 * #1202195 * #1202712 * #1202713 * #1203200 * #1203332 * #1203693 * #1204356 * #1204514 * #1204662 * #1205149 * #1205397 * #1205495 * #1206602 * #1206635 * #1206640 * #1206641 * #1206642 * #1206643 * #1206645 * #1206646 * #1206648 * #1206649 * #1206664 * #1206677 * #1206698 * #1206784 * #1206855 * #1206858 * #1206873 * #1206876 * #1206877 * #1206878 * #1206880 * #1206882 * #1206883 * #1206884 * #1206885 * #1206887 * #1206888 * #1206890 * #1207092 * #1207093 * #1207094 * #1207097 * #1207102 * #1207103 * #1207104 * #1207107 * #1207108 * #1207134 * #1207186 * #1207201 * #1207237 * #1207773 * #1207795 * #1207875 * #1208108 * #1208541 * #1208570 Cross-References: * CVE-2017-5754 * CVE-2021-4203 * CVE-2022-2991 * CVE-2022-36280 * CVE-2022-4662 * CVE-2022-47929 * CVE-2023-0045 * CVE-2023-0266 * CVE-2023-0590 CVSS scores: * CVE-2017-5754 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5754 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2021-4203 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2021-4203 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2022-2991 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2022-2991 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-36280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36280 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H * CVE-2022-4662 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-4662 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-47929 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2022-47929 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0045 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0266 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0266 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves nine vulnerabilities, contains two features and has 56 fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535). * CVE-2017-5754: Fixed speculative side channel attacks on various CPU platforms (bsc#1068032). * CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). * CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). * CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bsc#1206664). * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420). * CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134). * CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bsc#1207237). The following non-security bugs were fixed: * add 00f3ca2c2d66 ("mm: memcontrol: per-lruvec stats infrastructure") * add 0b3d6e6f2dd0 mm: writeback: use exact memcg dirty counts * add 168e06f7937d kernel/hung_task.c: force console verbose before panic * add 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration code and interface") * add 304ae42739b1 kernel/hung_task.c: break RCU locks based on jiffies * add 401c636a0eeb kernel/hung_task.c: show all hung tasks before panic * add Tegra repository to git_sort. * add a1c6ca3c6de7 kernel: hung_task.c: disable on suspend * add c3cc39118c36 mm: memcontrol: fix NR_WRITEBACK leak in memcg and system stats * add c892fd82cc06 mm: memcg: add __GFP_NOWARN in __memcg_schedule_kmem_cache_create() * add e27be240df53 mm: memcg: make sure memory.events is uptodate when waking pollers * add support for enabling livepatching related packages on -RT (jsc#PED-1706) * add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149) * amiflop: clean up on errors during setup (git-fixes). * audit: ensure userspace is penalized the same as the kernel when under pressure (bsc#1204514). * audit: improve robustness of the audit queue handling (bsc#1204514). * bcache: fix super block seq numbers comparision in register_cache_set() (git-fixes). * blk-cgroup: Fix memleak on error path (git-fixes). * blk-cgroup: Pre-allocate tree node on blkg_conf_prep (git-fixes). * blk-cgroup: fix missing put device in error path from blkg_conf_pref() (git- fixes). * blk-mq: fix possible memleak when register 'hctx' failed (git-fixes). * blk-mq: insert request not through ->queue_rq into sw/scheduler queue (git- fixes). * blk-mq: move cancel of requeue_work into blk_mq_release (git-fixes). * blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). * blktrace: break out of blktrace setup on concurrent calls (git-fixes). * blktrace: ensure our debugfs dir exists (git-fixes). * blktrace: fix endianness for blk_log_remap() (git-fixes). * blktrace: fix endianness in get_pdu_int() (git-fixes). * blktrace: use errno instead of bi_status (git-fixes). * block, bfq: fix overwrite of bfq_group pointer in bfq_find_set_group() (bsc#1175995,jsc#SLE-15608). * block, bfq: fix overwrite of bfq_group pointer in bfq_find_set_group() (git- fixes). * block, bfq: increase idling for weight-raised queues (git-fixes). * block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (bsc#1207102). * block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes). * block/bio-integrity: do not free 'buf' if bio_integrity_add_page() failed (git-fixes). * block/bio-integrity: fix a memory leak bug (git-fixes). * block/swim: Check drive type (git-fixes). * block/swim: Do not log an error message for an invalid ioctl (git-fixes). * block/swim: Fix IO error at end of medium (git-fixes). * block/swim: Rename macros to avoid inconsistent inverted logic (git-fixes). * block/swim: Select appropriate drive on device open (git-fixes). * block: Fix use-after-free issue accessing struct io_cq (git-fixes). * block: add a lower-level bio_add_page interface (git-fixes). * block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541). * block: fix memleak when __blk_rq_map_user_iov() is failed (git-fixes). * block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR (git-fixes). * brd: check and limit max_part par (git-fixes). * compat_ioctl: block: handle BLKGETZONESZ/BLKGETNRZONES (git-fixes). * constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit. * cpu/hotplug: Fix "SMT disabled by BIOS" detection for KVM (git-fixes). * cryptoloop: add a deprecation warning (git-fixes). * d6810d730022 ("memcg, THP, swap: make mem_cgroup_swapout() support THP") * dm bio record: save/restore bi_end_io and bi_integrity (git-fixes). * dm btree: add a defensive bounds check to insert_at() (git-fixes). * dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). * dm cache: Fix UAF in destroy() (git-fixes). * dm cache: set needs_check flag after aborting metadata (git-fixes). * dm crypt: use u64 instead of sector_t to store iv_offset (git-fixes). * dm flakey: Properly corrupt multi-page bios (git-fixes). * dm ioctl: fix misbehavior if list_versions races with module loading (git- fixes). * dm ioctl: prevent potential spectre v1 gadget (git-fixes). * dm kcopyd: Fix bug causing workqueue stalls (git-fixes). * dm raid: avoid bitmap with raid4/5/6 journal device (git-fixes). * dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). * dm space maps: do not reset space map allocation cursor when committing (git-fixes). * dm table: Remove BUG_ON(in_interrupt()) (git-fixes). * dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). * dm thin: Fix UAF in run_timer_softirq() (git-fixes). * dm thin: Use last transaction's pmd->root when commit failed (git-fixes). * dm thin: add sanity checks to thin-pool and external snapshot creation (git- fixes). * dm thin: resume even if in FAIL mode (git-fixes). * dm verity: skip verity work if I/O error when system is shutting down (git- fixes). * dm verity: use message limit for data block corruption message (git-fixes). * dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone (git-fixes). * dm: Use kzalloc for all structs with embedded biosets/mempools (git-fixes). * do not dump the threads that had been already exiting when zapped (git- fixes). * drbd: Change drbd_request_detach_interruptible's return type to int (git- fixes). * drbd: destroy workqueue when drbd device was freed (git-fixes). * drbd: do not block when adjusting "disk-options" while IO is frozen (git- fixes). * drbd: dynamically allocate shash descriptor (git-fixes). * drbd: fix potential silent data corruption (git-fixes). * drbd: fix print_st_err()'s prototype to match the definition (git-fixes). * drbd: ignore "all zero" peer volume sizes in handshake (git-fixes). * drbd: reject attach of unsuitable uuids even if connected (git-fixes). * drbd: remove usage of list iterator variable after loop (git-fixes). * drbd: use after free in drbd_create_device() (git-fixes). * drivers/block/zram/zram_drv.c: fix bug storing backing_dev (git-fixes). * drivers:md:fix a potential use-after-free bug (git-fixes). * ext4: Detect already used quota file early (bsc#1206873). * ext4: Fixup pages without buffers (bsc#1205495). * ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). * ext4: add reserved GDT blocks check (bsc#1202712). * ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). * ext4: avoid resizing to a partial cluster size (bsc#1206880). * ext4: clear mmp sequence number when remounting read-only (bsc#1207093). * ext4: continue to expand file system when the target size does not reach (bsc#1206882). * ext4: correct max_inline_xattr_value_size computing (bsc#1206878). * ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). * ext4: do not BUG if someone dirty pages without asking ext4 first (bsc#1207097). * ext4: fix a data race at inode->i_disksize (bsc#1206855). * ext4: fix argument checking in EXT4_IOC_MOVE_EXT (bsc#1207092). * ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). * ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). * ext4: fix race when reusing xattr blocks (bsc#1198971). * ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). * ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). * ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). * ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). * ext4: make ext4_lazyinit_thread freezable (bsc#1206885). * ext4: prohibit fstrim in norecovery mode (bsc#1207094). * ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713). * ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971). * ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). * ext4: use matching invalidatepage in ext4_writepage (bsc#1206858). * floppy: Add max size check for user space request (git-fixes). * ftrace: Enable trampoline when rec count returns back to one (git-fixes). * ftrace: Fix NULL pointer dereference in free_ftrace_func_mapper() (git- fixes). * ftrace: Fix updating FTRACE_FL_TRAMP (git-fixes). * ftrace: fpid_next() should increase position index (git-fixes). * git_sort: add usb-linus branch for gregkh/usb * gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp() (git-fixes). * hid: betop: check shape of output reports (git-fixes, bsc#1207186). * hid: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes, bsc#1207186). * hid: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784). * iforce: restore old iforce_dump_packet (git-fixes). * input: convert autorepeat timer to use timer_setup() (git-fixes). * input: do not use WARN() in input_alloc_absinfo() (git-fixes). * input: i8042 - Add quirk for Fujitsu Lifebook T725 (git-fixes). * input: iforce - reformat the packet dump output (git-fixes). * input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes). Heavily modified, as prerequisites for taking it as is would utterly ruin kABI * input: replace hard coded string with **func** in pr_err() (git-fixes). * input: switch to using sizeof(*type) when allocating memory (git-fixes). * input: use seq_putc() in input_seq_print_bitmap() (git-fixes). * input: use seq_puts() in input_devices_seq_show() (git-fixes). * ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). * ipmi: Move remove_work to dedicated workqueue (git-fixes). * ipmi: fix memleak when unload ipmi driver (git-fixes). * ipmi: fix use after free in _ipmi_destroy_user() (git-fixes). * isofs: reject hardware sector size > 2048 bytes (bsc#1207103). * jbd2: use the correct print format (git-fixes). * kABI: cpu/hotplug: reexport cpu_smt_control (kabi). * kbuild: clear LDFLAGS in the top Makefile (bsc#1203200). * kernel/sys.c: avoid copying possible padding bytes in copy_to_user (git- fixes). * kprobes, x86/alternatives: Use text_mutex to protect smp_alt_modules (git- fixes). * kprobes, x86/ptrace.h: Make regs_get_kernel_stack_nth() not fault on bad stack (git-fixes). * loop: Add LOOP_SET_DIRECT_IO to compat ioctl (git-fixes). * loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). * m68k/mac: Do not remap SWIM MMIO region (git-fixes). * makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200). * mbcache: add functions to delete entry if unused (bsc#1198971). * mbcache: do not reclaim used entries (bsc#1198971). * md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes). * md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). * md: fix a crash in mempool_free (git-fixes). * md: protect md_unregister_thread from reentrancy (git-fixes). * memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc() failure (bsc#1208108). * mm/filemap.c: clear page error before actual read (bsc#1206635). * module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). * nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag (git-fixes). * nbd: Fix NULL pointer in flush_workqueue (git-fixes). * nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). * nbd: add a flush_workqueue in nbd_start_device (git-fixes). * nbd: add missing config put (git-fixes). * nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). * nbd: do not requeue the same request twice (git-fixes). * nbd: fix a block_device refcount leak in nbd_release (git-fixes). * nbd: fix crash when the blksize is zero (git-fixes). * nbd: fix io hung while disconnecting device (git-fixes). * nbd: fix max number of supported devs (git-fixes). * nbd: fix possible sysfs duplicate warning (git-fixes). * nbd: fix race between nbd_alloc_config() and module removal (git-fixes). * nbd: fix shutdown and recv work deadlock v2 (git-fixes). * nbd: handle racing with error'ed out commands (git-fixes). * nbd: handle unexpected replies better (git-fixes). * nbd: make the config put is called before the notifying the waiter (git- fixes). * nbd: verify socket is supported during setup (git-fixes). * nbd:fix memory leak in nbd_get_socket() (git-fixes). * net/ethernet/freescale: rework quiesce/activate for ucc_geth (git-fixes). * net/mlx5e: Set of completion request bit should not clear other adjacent bits (git-fixes). * net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes). * net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes). * net: allwinner: Fix use correct return type for ndo_start_xmit() (git- fixes). * net: bcmgenet: suppress warnings on failed Rx SKB allocations (git-fixes). * net: bmac: Fix read of MAC address from ROM (git-fixes). * net: dsa: mv88e6xxx: Allow dsa and cpu ports in multiple vlans (git-fixes). * net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). * net: qed*: Reduce RX and TX default ring count when running inside kdump kernel (git-fixes). * net: stmmac: Fix sub-second increment (git-fixes). * net: systemport: suppress warnings on failed Rx SKB allocations (git-fixes). * net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes). * net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 (git-fixes). * net: usb: lan78xx: do not modify phy_device state concurrently (git-fixes). * net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). * net: usb: qmi_wwan: add Quectel RM520N (git-fixes). * net: usb: sr9700: Handle negative len (git-fixes). * null_blk: Handle null_add_dev() failures properly (git-fixes). * null_blk: fix spurious IO errors after failed past-wp access (git-fixes). * panic: unset panic_on_warn inside panic() (git-fixes). * parisc: Fix HP SDC hpa address output (git-fixes). * parisc: Fix serio address output (git-fixes). * pci/aspm: Correct LTR_L1.2_THRESHOLD computation (git-fixes). * pci/aspm: Declare threshold_ns as u32, not u64 (git-fixes). * pci/sysfs: Fix double free in error path (git-fixes). * pci: Check for alloc failure in pci_request_irq() (git-fixes). * pci: Fix pci_device_is_present() for VFs by checking PF (git-fixes). * pci: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). * pci: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). * prlimit: do_prlimit needs to have a speculation check (git-fixes). * ps3disk: use the default segment boundary (git-fixes). * ptrace: make ptrace() fail if the tracee changed its pid unexpectedly (git- fixes). * quota: Check next/prev free block number after reading from quota file (bsc#1206640). * quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF} quotactls (bsc#1207104). * revert "blkdev: check for valid request queue before issuing flush" (git- fixes). * revert "dm cache: fix arm link errors with inline" (git-fixes). * revert "scsi: core: run queue if SCSI device queue isn't ready and queue is idle" (git-fixes). * rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_* Dummy gcc pretends to support -mrecord-mcount option but actual gcc on ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in check failure. As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT in the exception list, replace them with a general pattern. And add OBJTOOL as well. * rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128. * rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs This makes in-tree KMPs more consistent with externally built KMPs and silences several rpmlint warnings. * rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage * rsxx: add missed destroy_workqueue calls in remove (git-fixes). * sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git- fixes). * sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git- fixes). * sbitmap: fix lockup while swapping (bsc#1206602). * scripts/CKC: Do not use empty branches file Do not use it and do not write neither. * scripts/CKC: Make checker more specific * scripts/CKC: Make checker script download branches.conf Requires curl, downloads and caches the branches.conf file. * scripts/CKC: do not output from shopt shopt outputs the status of the flag, so that git grep looks like: git grep -qi 'nocasematch off ^References:. _bsc#1202195 ' remotes/origin/SLE15-SP2-RT -- 'patches._' I do not know how it can work (it does -- maybe thanks to ^), but it's not definitely OK. So make shopt in term2regex() quiet. * scripts/CKC: simplify print_branch AFAIU, it's simply: printf "%-23s" * scripts/CKC: store local branches with $USER prefix So that on shared machines, it can be overwritten when expires. * scripts/CKC: test accepts only =, not == And put $1 into "" too. * scripts/git_sort/git_sort.py: Add arm-soc for-next tree. * scripts/wd-functions.sh: fix get_branch_name() in worktree Instead of using a hard-coded path for the git directory, use git rev-parse with --git-dir flag, introduced since 0.99.7, to find the git directory so branch name can be correctly detected while in git worktrees. * scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). * scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git- fixes). * scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes). * scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). * scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). * scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). * scsi: ipr: Fix WARNING in ipr_init() (git-fixes). * scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). * scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570). * scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570). * scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570). * scsi: qla2xxx: Fix erroneous link down (bsc#1208570). * scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570). * scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570). * scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570). * scsi: qla2xxx: Fix printk() format string (bsc#1208570). * scsi: qla2xxx: Fix stalled login (bsc#1208570). * scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570). * scsi: qla2xxx: Relocate/rename vp map (bsc#1208570). * scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570). * scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570). * scsi: qla2xxx: Remove dead code (bsc#1208570). * scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570). * scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570). * scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570). * scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570). * scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570). * scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570). * scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570). * scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570). * scsi: qla2xxx: edif: Fix clang warning (bsc#1208570). * scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570). * scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570). * scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570). * scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). * scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git- fixes). * scsi: smartpqi: use processor ID for hwqueue for non-mq case . * scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). * scsi: target: core: Add CONTROL field for trace events (git-fixes). * sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). * signal handling: do not use BUG_ON() for debugging (git-fixes). * struct dwc3: move new members to the end (git-fixes). * sunrpc: make lockless test safe (bsc#1207201). * sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN (git-fixes). * swim: fix cleanup on setup error (git-fixes). * tracing/cfi: Fix cmp_entries_* functions signature mismatch (git-fixes). * tracing: Adding NULL checks for trace_array descriptor pointer (git-fixes). * tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes). * tracing: Fix a kmemleak false positive in tracing_map (git-fixes). * tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes). * tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes). * tracing: Fix stack trace event size (git-fixes). * tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git- fixes). * tracing: Make sure trace_printk() can output as soon as it can be used (git- fixes). * tracing: Set kernel_stack's caller size properly (git-fixes). * tracing: Use address-of operator on section symbols (git-fixes). * tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes). * trigger_next should increase position index (git-fixes). * udf: Avoid accessing uninitialized data on failed inode read (bsc#1206642). * udf: Check LVID earlier (bsc#1207108). * udf: Fix BUG on corrupted inode (bsc#1207107). * udf: Fix NULL pointer dereference in udf_symlink function (bsc#1206646). * udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). * udf: Fix free space reporting for metadata and virtual partitions (bsc#1206641). * udf: Limit sparing table size (bsc#1206643). * udf: fix silent AED tagLocation corruption (bsc#1206645). * udf_get_extendedattr() had no boundary checks (bsc#1206648). * usb: dwc3: Disable phy suspend after power-on reset (git-fixes). * usb: dwc3: core: Call dwc3_core_get_phy() before initializing phys (git- fixes). * usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init during suspend/resume (git-fixes). * usb: dwc3: core: initialize ULPI before trying to get the PHY (git-fixes). * usb: dwc3: fix PHY disable sequence (git-fixes). * usb: dwc3: gadget: Fix event pending check (git-fixes). * usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). * usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes). * usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). * usb: serial: ch341: fix disabled rx timer on older devices (git-fixes). * usb: serial: console: move mutex_unlock() before usb_serial_put() (git- fixes). * virtio-blk: Fix memory leak among suspend/resume procedure (git-fixes). * virtio_console: break out of buf poll on remove (git-fixes). * virtio_console: eliminate anonymous module_init & module_exit (git-fixes). * x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk (git-fixes). * x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models (git- fixes). * x86/asm: Add instruction suffixes to bitops (git-fixes). * x86/asm: Remove unnecessary \n\t in front of CC_SET() from asm templates (git-fixes). * x86/bugs: Move the l1tf function and define pr_fmt properly (git-fixes). * x86/earlyprintk: Add a force option for pciserial device (git-fixes). * x86/entry/64: Add instruction suffix (git-fixes). * x86/fpu: Add might_fault() to user_insn() (git-fixes). * x86/hpet: Prevent potential NULL pointer dereference (git-fixes). * x86/kexec: Do not setup EFI info if EFI runtime is not enabled (git-fixes). * x86/mce-inject: Reset injection struct after injection (git-fixes). * x86/mce/mce-inject: Preset the MCE injection struct (git-fixes). * x86/mce: Fix -Wmissing-prototypes warnings (git-fixes). * x86/mm: Do not leak kernel addresses (git-fixes). * x86/speculation: Add support for STIBP always-on preferred mode (git-fixes). * x86/speculation: Change misspelled STIPB to STIBP (git-fixes). * x86: boot: Fix EFI stub alignment (git-fixes). * x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). * xen-netfront: Fix hang on device removal (bsc#1206698). * xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init (git-fixes). * xfs: Fix bulkstat compat ioctls on x32 userspace (git-fixes). * xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git- fixes). * xfs: fix attr leaf header freemap.size underflow (git-fixes). * xfs: fix leaks on corruption errors in xfs_bmap.c (git-fixes). * xfs: fix mount failure crash on invalid iclog memory access (git-fixes). * xfs: fix partially uninitialized structure in xfs_reflink_remap_extent (git- fixes). * xfs: fix realtime bitmap/summary file truncation when growing rt volume (git-fixes). * xfs: fix use-after-free race in xfs_buf_rele (git-fixes). * xfs: initialize the shortform attr header padding entry (git-fixes). * xfs: make sure the rt allocator does not run off the end (git-fixes). * xfs: require both realtime inodes to mount (git-fixes). * xhci: Do not show warning for reinit on known broken suspend (git-fixes). * zram: fix double free backing device (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-634=1 SUSE-SLE- HA-12-SP5-2023-634=1 * SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-634=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-634=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-634=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-634=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-634=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-634=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * kernel-syms-4.12.14-122.150.1 * kernel-default-debugsource-4.12.14-122.150.1 * gfs2-kmp-default-debuginfo-4.12.14-122.150.1 * kernel-default-base-debuginfo-4.12.14-122.150.1 * dlm-kmp-default-4.12.14-122.150.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.150.1 * kernel-default-base-4.12.14-122.150.1 * gfs2-kmp-default-4.12.14-122.150.1 * kernel-default-devel-4.12.14-122.150.1 * dlm-kmp-default-debuginfo-4.12.14-122.150.1 * kernel-default-debuginfo-4.12.14-122.150.1 * ocfs2-kmp-default-4.12.14-122.150.1 * cluster-md-kmp-default-4.12.14-122.150.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.150.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64) * kernel-default-4.12.14-122.150.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-devel-4.12.14-122.150.1 * kernel-macros-4.12.14-122.150.1 * kernel-source-4.12.14-122.150.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.150.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64) * kernel-default-debugsource-4.12.14-122.150.1 * gfs2-kmp-default-debuginfo-4.12.14-122.150.1 * dlm-kmp-default-4.12.14-122.150.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.150.1 * gfs2-kmp-default-4.12.14-122.150.1 * dlm-kmp-default-debuginfo-4.12.14-122.150.1 * kernel-default-debuginfo-4.12.14-122.150.1 * ocfs2-kmp-default-4.12.14-122.150.1 * cluster-md-kmp-default-4.12.14-122.150.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.150.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (nosrc) * kernel-default-4.12.14-122.150.1 * SUSE Linux Enterprise Live Patching 12-SP5 (nosrc) * kernel-default-4.12.14-122.150.1 * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kernel-default-debugsource-4.12.14-122.150.1 * kgraft-patch-4_12_14-122_150-default-1-8.3.1 * kernel-default-debuginfo-4.12.14-122.150.1 * kernel-default-kgraft-devel-4.12.14-122.150.1 * kernel-default-kgraft-4.12.14-122.150.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch nosrc) * kernel-docs-4.12.14-122.150.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-4.12.14-122.150.1 * kernel-obs-build-debugsource-4.12.14-122.150.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 nosrc x86_64) * kernel-default-4.12.14-122.150.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * kernel-syms-4.12.14-122.150.1 * kernel-default-debugsource-4.12.14-122.150.1 * kernel-default-base-debuginfo-4.12.14-122.150.1 * kernel-default-base-4.12.14-122.150.1 * kernel-default-devel-4.12.14-122.150.1 * kernel-default-debuginfo-4.12.14-122.150.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-devel-4.12.14-122.150.1 * kernel-macros-4.12.14-122.150.1 * kernel-source-4.12.14-122.150.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.150.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-122.150.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * kernel-syms-4.12.14-122.150.1 * kernel-default-debugsource-4.12.14-122.150.1 * kernel-default-base-debuginfo-4.12.14-122.150.1 * kernel-default-base-4.12.14-122.150.1 * kernel-default-devel-4.12.14-122.150.1 * kernel-default-debuginfo-4.12.14-122.150.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-devel-4.12.14-122.150.1 * kernel-macros-4.12.14-122.150.1 * kernel-source-4.12.14-122.150.1 * SUSE Linux Enterprise Server 12 SP5 (s390x) * kernel-default-man-4.12.14-122.150.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.150.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (nosrc) * kernel-default-4.12.14-122.150.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * kernel-default-extra-debuginfo-4.12.14-122.150.1 * kernel-default-debuginfo-4.12.14-122.150.1 * kernel-default-debugsource-4.12.14-122.150.1 * kernel-default-extra-4.12.14-122.150.1 ## References: * https://www.suse.com/security/cve/CVE-2017-5754.html * https://www.suse.com/security/cve/CVE-2021-4203.html * https://www.suse.com/security/cve/CVE-2022-2991.html * https://www.suse.com/security/cve/CVE-2022-36280.html * https://www.suse.com/security/cve/CVE-2022-4662.html * https://www.suse.com/security/cve/CVE-2022-47929.html * https://www.suse.com/security/cve/CVE-2023-0045.html * https://www.suse.com/security/cve/CVE-2023-0266.html * https://www.suse.com/security/cve/CVE-2023-0590.html * https://bugzilla.suse.com/show_bug.cgi?id=1068032 * https://bugzilla.suse.com/show_bug.cgi?id=1175995 * https://bugzilla.suse.com/show_bug.cgi?id=1186449 * https://bugzilla.suse.com/show_bug.cgi?id=1194535 * https://bugzilla.suse.com/show_bug.cgi?id=1198971 * https://bugzilla.suse.com/show_bug.cgi?id=1201420 * https://bugzilla.suse.com/show_bug.cgi?id=1202195 * https://bugzilla.suse.com/show_bug.cgi?id=1202712 * https://bugzilla.suse.com/show_bug.cgi?id=1202713 * https://bugzilla.suse.com/show_bug.cgi?id=1203200 * https://bugzilla.suse.com/show_bug.cgi?id=1203332 * https://bugzilla.suse.com/show_bug.cgi?id=1203693 * https://bugzilla.suse.com/show_bug.cgi?id=1204356 * https://bugzilla.suse.com/show_bug.cgi?id=1204514 * https://bugzilla.suse.com/show_bug.cgi?id=1204662 * https://bugzilla.suse.com/show_bug.cgi?id=1205149 * https://bugzilla.suse.com/show_bug.cgi?id=1205397 * https://bugzilla.suse.com/show_bug.cgi?id=1205495 * https://bugzilla.suse.com/show_bug.cgi?id=1206602 * https://bugzilla.suse.com/show_bug.cgi?id=1206635 * https://bugzilla.suse.com/show_bug.cgi?id=1206640 * https://bugzilla.suse.com/show_bug.cgi?id=1206641 * https://bugzilla.suse.com/show_bug.cgi?id=1206642 * https://bugzilla.suse.com/show_bug.cgi?id=1206643 * https://bugzilla.suse.com/show_bug.cgi?id=1206645 * https://bugzilla.suse.com/show_bug.cgi?id=1206646 * https://bugzilla.suse.com/show_bug.cgi?id=1206648 * https://bugzilla.suse.com/show_bug.cgi?id=1206649 * https://bugzilla.suse.com/show_bug.cgi?id=1206664 * https://bugzilla.suse.com/show_bug.cgi?id=1206677 * https://bugzilla.suse.com/show_bug.cgi?id=1206698 * https://bugzilla.suse.com/show_bug.cgi?id=1206784 * https://bugzilla.suse.com/show_bug.cgi?id=1206855 * https://bugzilla.suse.com/show_bug.cgi?id=1206858 * https://bugzilla.suse.com/show_bug.cgi?id=1206873 * https://bugzilla.suse.com/show_bug.cgi?id=1206876 * https://bugzilla.suse.com/show_bug.cgi?id=1206877 * https://bugzilla.suse.com/show_bug.cgi?id=1206878 * https://bugzilla.suse.com/show_bug.cgi?id=1206880 * https://bugzilla.suse.com/show_bug.cgi?id=1206882 * https://bugzilla.suse.com/show_bug.cgi?id=1206883 * https://bugzilla.suse.com/show_bug.cgi?id=1206884 * https://bugzilla.suse.com/show_bug.cgi?id=1206885 * https://bugzilla.suse.com/show_bug.cgi?id=1206887 * https://bugzilla.suse.com/show_bug.cgi?id=1206888 * https://bugzilla.suse.com/show_bug.cgi?id=1206890 * https://bugzilla.suse.com/show_bug.cgi?id=1207092 * https://bugzilla.suse.com/show_bug.cgi?id=1207093 * https://bugzilla.suse.com/show_bug.cgi?id=1207094 * https://bugzilla.suse.com/show_bug.cgi?id=1207097 * https://bugzilla.suse.com/show_bug.cgi?id=1207102 * https://bugzilla.suse.com/show_bug.cgi?id=1207103 * https://bugzilla.suse.com/show_bug.cgi?id=1207104 * https://bugzilla.suse.com/show_bug.cgi?id=1207107 * https://bugzilla.suse.com/show_bug.cgi?id=1207108 * https://bugzilla.suse.com/show_bug.cgi?id=1207134 * https://bugzilla.suse.com/show_bug.cgi?id=1207186 * https://bugzilla.suse.com/show_bug.cgi?id=1207201 * https://bugzilla.suse.com/show_bug.cgi?id=1207237 * https://bugzilla.suse.com/show_bug.cgi?id=1207773 * https://bugzilla.suse.com/show_bug.cgi?id=1207795 * https://bugzilla.suse.com/show_bug.cgi?id=1207875 * https://bugzilla.suse.com/show_bug.cgi?id=1208108 * https://bugzilla.suse.com/show_bug.cgi?id=1208541 * https://bugzilla.suse.com/show_bug.cgi?id=1208570 * https://jira.suse.com/browse/PED-1706 * https://jira.suse.com/browse/SLE-15608 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Mar 7 12:30:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 07 Mar 2023 12:30:52 -0000 Subject: SUSE-RU-2023:0645-1: moderate: Recommended update for lifecycle-data-sle-module-live-patching Message-ID: <167819225201.28591.5519452306034108401@smelt2.suse.de> # Recommended update for lifecycle-data-sle-module-live-patching Announcement ID: SUSE-RU-2023:0645-1 Rating: moderate References: * #1020320 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that has one recommended fix can now be installed. ## Description: This update for lifecycle-data-sle-module-live-patching adds lifecycle data for following live patches: * 4_12_14-150000_150_109, 4_12_14-150100_197_131, 5_14_21-150400_24_33, 5_14_21-150400_24_38, 5_3_18-150200_24_139, 5_3_18-150300_59_101, 5_3_18-150300_59_106, kernel-livepatch-5_14_21-150400_15_5-rt,*,2023-12-23 (bsc#1020320) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-645=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-645=1 * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-645=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-645=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-645=1 ## Package List: * openSUSE Leap 15.4 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.87.1 * SUSE Linux Enterprise Live Patching 15-SP1 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.87.1 * SUSE Linux Enterprise Live Patching 15-SP2 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.87.1 * SUSE Linux Enterprise Live Patching 15-SP3 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.87.1 * SUSE Linux Enterprise Live Patching 15-SP4 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.87.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1020320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Mar 7 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 07 Mar 2023 16:30:03 -0000 Subject: SUSE-SU-2023:0648-1: moderate: Security update for python-rsa Message-ID: <167820660350.25103.12125132345858217737@smelt2.suse.de> # Security update for python-rsa Announcement ID: SUSE-SU-2023:0648-1 Rating: moderate References: * #1178676 Cross-References: * CVE-2020-25658 CVSS scores: * CVE-2020-25658 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2020-25658 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-rsa fixes the following issues: * CVE-2020-25658: Fixed a Bleichenbacher timing oracle attack against RSA decryption (bsc#1178676). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-648=1 ## Package List: * Public Cloud Module 12 (noarch) * python-rsa-3.1.4-12.19.2 ## References: * https://www.suse.com/security/cve/CVE-2020-25658.html * https://bugzilla.suse.com/show_bug.cgi?id=1178676 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 08:05:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Mar 2023 09:05:57 +0100 (CET) Subject: SUSE-CU-2023:589-1: Recommended update of bci/rust Message-ID: <20230308080557.E70B0F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:589-1 Container Tags : bci/rust:1.67 , bci/rust:1.67-2.6 , bci/rust:latest Container Release : 2.6 Severity : moderate Type : recommended References : 1207928 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:630-1 Released: Mon Mar 6 14:12:35 2023 Summary: Recommended update for rust, rust1.67 Type: recommended Severity: moderate References: 1207928 This update for rust, rust1.67 fixes the following issues: rust1.67 (bsc#1207928) Version 1.67.1 (2023-02-09) =========================== - [Fix interoperability with thin archives.](https://github.com/rust-lang/rust/pull/107360) - [Fix an internal error in the compiler build process.](https://github.com/rust-lang/rust/pull/105624) - [Downgrade `clippy::uninlined_format_args` to pedantic.](https://github.com/rust-lang/rust-clippy/pull/10265) Changes in rust: - Update to version 1.67.1 - for details see the rust1.67 package The following package changes have been done: - rust1.67-1.67.1-150400.9.6.1 updated - cargo1.67-1.67.1-150400.9.6.1 updated - container:sles15-image-15.0.0-27.14.38 updated From sle-updates at lists.suse.com Wed Mar 8 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 08:30:02 -0000 Subject: SUSE-SU-2023:0649-1: moderate: Security update for rubygem-rack Message-ID: <167826420287.6081.6889598509843731918@smelt2.suse.de> # Security update for rubygem-rack Announcement ID: SUSE-SU-2023:0649-1 Rating: moderate References: * #1207597 * #1207599 Cross-References: * CVE-2022-44570 * CVE-2022-44571 CVSS scores: * CVE-2022-44570 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-44570 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-44571 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-44571 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE OpenStack Cloud Crowbar 8 * SUSE OpenStack Cloud Crowbar 9 An update that solves two vulnerabilities can now be installed. ## Description: This update for rubygem-rack fixes the following issues: * CVE-2022-44570: Fixed a potential denial of service when parsing a RFC2183 multipart boundary (bsc#1207597). * CVE-2022-44571: Fixed a potential denial of service when parsing a Range header (bsc#1207599). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-649=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-649=1 ## Package List: * SUSE OpenStack Cloud Crowbar 8 (x86_64) * ruby2.1-rubygem-rack-1.6.13-3.16.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * ruby2.1-rubygem-rack-1.6.13-3.16.1 ## References: * https://www.suse.com/security/cve/CVE-2022-44570.html * https://www.suse.com/security/cve/CVE-2022-44571.html * https://bugzilla.suse.com/show_bug.cgi?id=1207597 * https://bugzilla.suse.com/show_bug.cgi?id=1207599 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 12:30:06 -0000 Subject: SUSE-SU-2023:0671-1: important: Security update for qemu Message-ID: <167827860630.8226.3299824090338222655@smelt2.suse.de> # Security update for qemu Announcement ID: SUSE-SU-2023:0671-1 Rating: important References: * #1197653 * #1202364 * #1203788 * #1205808 * #1206527 Cross-References: * CVE-2022-1050 * CVE-2022-3165 * CVE-2022-4144 CVSS scores: * CVE-2022-1050 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2022-1050 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2022-3165 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3165 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-4144 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2022-4144 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities and has two fixes can now be installed. ## Description: This update for qemu fixes the following issues: * CVE-2022-4144: Fixed qxl_phys2virt unsafe address translation that can lead to out-of-bounds read (bsc#1205808). * CVE-2022-3165: Fixed integer underflow in vnc_client_cut_text_ext() (bsc#1203788). * CVE-2022-1050: Fixed use-after-free issue in pvrdma_exec_cmd() (bsc#1197653). Bugfixes: * Fixed deviation of guest clock (bsc#1206527). * Fixed broken "block limits" VPD emulation (bsc#1202364). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-671=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-671=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-671=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-671=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-671=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-671=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * qemu-hw-display-qxl-6.2.0-150400.37.11.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.11.1 * qemu-tools-6.2.0-150400.37.11.1 * qemu-hw-usb-redirect-6.2.0-150400.37.11.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.11.1 * qemu-debuginfo-6.2.0-150400.37.11.1 * qemu-ui-opengl-6.2.0-150400.37.11.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.11.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.11.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.11.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.11.1 * qemu-debugsource-6.2.0-150400.37.11.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.11.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.11.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.11.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.11.1 * qemu-audio-spice-6.2.0-150400.37.11.1 * qemu-6.2.0-150400.37.11.1 * qemu-ui-spice-core-6.2.0-150400.37.11.1 * qemu-chardev-spice-6.2.0-150400.37.11.1 * qemu-guest-agent-6.2.0-150400.37.11.1 * qemu-tools-debuginfo-6.2.0-150400.37.11.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.11.1 * openSUSE Leap Micro 5.3 (x86_64) * qemu-x86-6.2.0-150400.37.11.1 * qemu-accel-tcg-x86-6.2.0-150400.37.11.1 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.11.1 * qemu-x86-debuginfo-6.2.0-150400.37.11.1 * openSUSE Leap Micro 5.3 (noarch) * qemu-ipxe-1.0.0+-150400.37.11.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.11.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.11.1 * qemu-sgabios-8-150400.37.11.1 * openSUSE Leap Micro 5.3 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.11.1 * qemu-arm-6.2.0-150400.37.11.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * qemu-s390x-debuginfo-6.2.0-150400.37.11.1 * qemu-block-nfs-debuginfo-6.2.0-150400.37.11.1 * qemu-lang-6.2.0-150400.37.11.1 * qemu-block-iscsi-6.2.0-150400.37.11.1 * qemu-hw-display-qxl-6.2.0-150400.37.11.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.11.1 * qemu-hw-usb-redirect-6.2.0-150400.37.11.1 * qemu-tools-6.2.0-150400.37.11.1 * qemu-hw-usb-smartcard-6.2.0-150400.37.11.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.11.1 * qemu-accel-qtest-6.2.0-150400.37.11.1 * qemu-debuginfo-6.2.0-150400.37.11.1 * qemu-testsuite-6.2.0-150400.37.11.2 * qemu-ui-opengl-6.2.0-150400.37.11.1 * qemu-ivshmem-tools-debuginfo-6.2.0-150400.37.11.1 * qemu-x86-6.2.0-150400.37.11.1 * qemu-arm-6.2.0-150400.37.11.1 * qemu-linux-user-debugsource-6.2.0-150400.37.11.1 * qemu-audio-pa-debuginfo-6.2.0-150400.37.11.1 * qemu-audio-jack-debuginfo-6.2.0-150400.37.11.1 * qemu-chardev-baum-debuginfo-6.2.0-150400.37.11.1 * qemu-block-nfs-6.2.0-150400.37.11.1 * qemu-audio-pa-6.2.0-150400.37.11.1 * qemu-block-ssh-debuginfo-6.2.0-150400.37.11.1 * qemu-extra-6.2.0-150400.37.11.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.11.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.11.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.11.1 * qemu-ui-gtk-debuginfo-6.2.0-150400.37.11.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.11.1 * qemu-block-dmg-6.2.0-150400.37.11.1 * qemu-accel-qtest-debuginfo-6.2.0-150400.37.11.1 * qemu-ui-spice-app-debuginfo-6.2.0-150400.37.11.1 * qemu-debugsource-6.2.0-150400.37.11.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.11.1 * qemu-block-curl-6.2.0-150400.37.11.1 * qemu-ppc-debuginfo-6.2.0-150400.37.11.1 * qemu-hw-usb-host-debuginfo-6.2.0-150400.37.11.1 * qemu-block-gluster-debuginfo-6.2.0-150400.37.11.1 * qemu-hw-usb-smartcard-debuginfo-6.2.0-150400.37.11.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.11.1 * qemu-ivshmem-tools-6.2.0-150400.37.11.1 * qemu-ui-curses-debuginfo-6.2.0-150400.37.11.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.11.1 * qemu-vhost-user-gpu-debuginfo-6.2.0-150400.37.11.1 * qemu-s390x-6.2.0-150400.37.11.1 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.11.1 * qemu-block-iscsi-debuginfo-6.2.0-150400.37.11.1 * qemu-ksm-6.2.0-150400.37.11.1 * qemu-audio-jack-6.2.0-150400.37.11.1 * qemu-block-rbd-6.2.0-150400.37.11.1 * qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.11.1 * qemu-block-gluster-6.2.0-150400.37.11.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.11.1 * qemu-audio-alsa-6.2.0-150400.37.11.1 * qemu-ui-gtk-6.2.0-150400.37.11.1 * qemu-ui-curses-6.2.0-150400.37.11.1 * qemu-hw-usb-host-6.2.0-150400.37.11.1 * qemu-audio-spice-6.2.0-150400.37.11.1 * qemu-block-ssh-6.2.0-150400.37.11.1 * qemu-ui-spice-app-6.2.0-150400.37.11.1 * qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.11.1 * qemu-vhost-user-gpu-6.2.0-150400.37.11.1 * qemu-6.2.0-150400.37.11.1 * qemu-ui-spice-core-6.2.0-150400.37.11.1 * qemu-ppc-6.2.0-150400.37.11.1 * qemu-block-curl-debuginfo-6.2.0-150400.37.11.1 * qemu-audio-oss-debuginfo-6.2.0-150400.37.11.1 * qemu-chardev-baum-6.2.0-150400.37.11.1 * qemu-block-rbd-debuginfo-6.2.0-150400.37.11.1 * qemu-accel-tcg-x86-6.2.0-150400.37.11.1 * qemu-extra-debuginfo-6.2.0-150400.37.11.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-6.2.0-150400.37.11.1 * qemu-x86-debuginfo-6.2.0-150400.37.11.1 * qemu-arm-debuginfo-6.2.0-150400.37.11.1 * qemu-chardev-spice-6.2.0-150400.37.11.1 * qemu-linux-user-debuginfo-6.2.0-150400.37.11.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.11.1 * qemu-block-dmg-debuginfo-6.2.0-150400.37.11.1 * qemu-guest-agent-6.2.0-150400.37.11.1 * qemu-tools-debuginfo-6.2.0-150400.37.11.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.11.1 * qemu-audio-alsa-debuginfo-6.2.0-150400.37.11.1 * qemu-linux-user-6.2.0-150400.37.11.1 * openSUSE Leap 15.4 (noarch) * qemu-skiboot-6.2.0-150400.37.11.1 * qemu-ipxe-1.0.0+-150400.37.11.1 * qemu-SLOF-6.2.0-150400.37.11.1 * qemu-sgabios-8-150400.37.11.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.11.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.11.1 * qemu-microvm-6.2.0-150400.37.11.1 * openSUSE Leap 15.4 (s390x x86_64) * qemu-kvm-6.2.0-150400.37.11.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * qemu-hw-display-qxl-6.2.0-150400.37.11.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.11.1 * qemu-tools-6.2.0-150400.37.11.1 * qemu-hw-usb-redirect-6.2.0-150400.37.11.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.11.1 * qemu-debuginfo-6.2.0-150400.37.11.1 * qemu-ui-opengl-6.2.0-150400.37.11.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.11.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.11.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.11.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.11.1 * qemu-debugsource-6.2.0-150400.37.11.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.11.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.11.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.11.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.11.1 * qemu-audio-spice-6.2.0-150400.37.11.1 * qemu-6.2.0-150400.37.11.1 * qemu-ui-spice-core-6.2.0-150400.37.11.1 * qemu-chardev-spice-6.2.0-150400.37.11.1 * qemu-guest-agent-6.2.0-150400.37.11.1 * qemu-tools-debuginfo-6.2.0-150400.37.11.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.11.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.11.1 * qemu-arm-6.2.0-150400.37.11.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * qemu-ipxe-1.0.0+-150400.37.11.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.11.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.11.1 * qemu-sgabios-8-150400.37.11.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (s390x) * qemu-s390x-debuginfo-6.2.0-150400.37.11.1 * qemu-s390x-6.2.0-150400.37.11.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * qemu-x86-6.2.0-150400.37.11.1 * qemu-accel-tcg-x86-6.2.0-150400.37.11.1 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.11.1 * qemu-x86-debuginfo-6.2.0-150400.37.11.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * qemu-hw-display-qxl-6.2.0-150400.37.11.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.11.1 * qemu-tools-6.2.0-150400.37.11.1 * qemu-hw-usb-redirect-6.2.0-150400.37.11.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.11.1 * qemu-debuginfo-6.2.0-150400.37.11.1 * qemu-ui-opengl-6.2.0-150400.37.11.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.11.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.11.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.11.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.11.1 * qemu-debugsource-6.2.0-150400.37.11.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.11.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.11.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.11.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.11.1 * qemu-audio-spice-6.2.0-150400.37.11.1 * qemu-6.2.0-150400.37.11.1 * qemu-ui-spice-core-6.2.0-150400.37.11.1 * qemu-chardev-spice-6.2.0-150400.37.11.1 * qemu-guest-agent-6.2.0-150400.37.11.1 * qemu-tools-debuginfo-6.2.0-150400.37.11.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.11.1 * SUSE Linux Enterprise Micro 5.3 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.11.1 * qemu-arm-6.2.0-150400.37.11.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * qemu-ipxe-1.0.0+-150400.37.11.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.11.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.11.1 * qemu-sgabios-8-150400.37.11.1 * SUSE Linux Enterprise Micro 5.3 (s390x) * qemu-s390x-debuginfo-6.2.0-150400.37.11.1 * qemu-s390x-6.2.0-150400.37.11.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * qemu-x86-6.2.0-150400.37.11.1 * qemu-accel-tcg-x86-6.2.0-150400.37.11.1 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.11.1 * qemu-x86-debuginfo-6.2.0-150400.37.11.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * qemu-debugsource-6.2.0-150400.37.11.1 * qemu-tools-debuginfo-6.2.0-150400.37.11.1 * qemu-tools-6.2.0-150400.37.11.1 * qemu-debuginfo-6.2.0-150400.37.11.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * qemu-lang-6.2.0-150400.37.11.1 * qemu-block-iscsi-6.2.0-150400.37.11.1 * qemu-debuginfo-6.2.0-150400.37.11.1 * qemu-chardev-baum-debuginfo-6.2.0-150400.37.11.1 * qemu-block-ssh-debuginfo-6.2.0-150400.37.11.1 * qemu-debugsource-6.2.0-150400.37.11.1 * qemu-ui-curses-debuginfo-6.2.0-150400.37.11.1 * qemu-block-curl-6.2.0-150400.37.11.1 * qemu-hw-usb-host-debuginfo-6.2.0-150400.37.11.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.11.1 * qemu-block-iscsi-debuginfo-6.2.0-150400.37.11.1 * qemu-ksm-6.2.0-150400.37.11.1 * qemu-block-rbd-6.2.0-150400.37.11.1 * qemu-ui-curses-6.2.0-150400.37.11.1 * qemu-hw-usb-host-6.2.0-150400.37.11.1 * qemu-block-ssh-6.2.0-150400.37.11.1 * qemu-6.2.0-150400.37.11.1 * qemu-block-curl-debuginfo-6.2.0-150400.37.11.1 * qemu-block-rbd-debuginfo-6.2.0-150400.37.11.1 * qemu-guest-agent-6.2.0-150400.37.11.1 * qemu-chardev-baum-6.2.0-150400.37.11.1 * Server Applications Module 15-SP4 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.11.1 * qemu-arm-6.2.0-150400.37.11.1 * Server Applications Module 15-SP4 (aarch64 ppc64le x86_64) * qemu-hw-display-qxl-6.2.0-150400.37.11.1 * qemu-ui-gtk-debuginfo-6.2.0-150400.37.11.1 * qemu-ui-gtk-6.2.0-150400.37.11.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.11.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.11.1 * qemu-hw-usb-redirect-6.2.0-150400.37.11.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.11.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.11.1 * qemu-chardev-spice-6.2.0-150400.37.11.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.11.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.11.1 * qemu-ui-spice-app-debuginfo-6.2.0-150400.37.11.1 * qemu-ui-opengl-6.2.0-150400.37.11.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.11.1 * qemu-audio-spice-6.2.0-150400.37.11.1 * qemu-ui-spice-app-6.2.0-150400.37.11.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.11.1 * qemu-ui-spice-core-6.2.0-150400.37.11.1 * Server Applications Module 15-SP4 (noarch) * qemu-skiboot-6.2.0-150400.37.11.1 * qemu-ipxe-1.0.0+-150400.37.11.1 * qemu-SLOF-6.2.0-150400.37.11.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.11.1 * qemu-sgabios-8-150400.37.11.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.11.1 * Server Applications Module 15-SP4 (ppc64le) * qemu-ppc-debuginfo-6.2.0-150400.37.11.1 * qemu-ppc-6.2.0-150400.37.11.1 * Server Applications Module 15-SP4 (s390x x86_64) * qemu-hw-display-virtio-gpu-6.2.0-150400.37.11.1 * qemu-kvm-6.2.0-150400.37.11.1 * qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.11.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.11.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.11.1 * Server Applications Module 15-SP4 (s390x) * qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.11.1 * qemu-s390x-debuginfo-6.2.0-150400.37.11.1 * qemu-s390x-6.2.0-150400.37.11.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-6.2.0-150400.37.11.1 * Server Applications Module 15-SP4 (x86_64) * qemu-accel-tcg-x86-6.2.0-150400.37.11.1 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.11.1 * qemu-audio-pa-6.2.0-150400.37.11.1 * qemu-x86-debuginfo-6.2.0-150400.37.11.1 * qemu-audio-alsa-6.2.0-150400.37.11.1 * qemu-x86-6.2.0-150400.37.11.1 * qemu-audio-alsa-debuginfo-6.2.0-150400.37.11.1 * qemu-audio-pa-debuginfo-6.2.0-150400.37.11.1 ## References: * https://www.suse.com/security/cve/CVE-2022-1050.html * https://www.suse.com/security/cve/CVE-2022-3165.html * https://www.suse.com/security/cve/CVE-2022-4144.html * https://bugzilla.suse.com/show_bug.cgi?id=1197653 * https://bugzilla.suse.com/show_bug.cgi?id=1202364 * https://bugzilla.suse.com/show_bug.cgi?id=1203788 * https://bugzilla.suse.com/show_bug.cgi?id=1205808 * https://bugzilla.suse.com/show_bug.cgi?id=1206527 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 12:30:09 -0000 Subject: SUSE-RU-2023:0670-1: moderate: Recommended update for release-notes-sle_hpc Message-ID: <167827860910.8226.17259014010305651340@smelt2.suse.de> # Recommended update for release-notes-sle_hpc Announcement ID: SUSE-RU-2023:0670-1 Rating: moderate References: * #933411 Affected Products: * HPC Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update for release-notes-sle_hpc fixes the following issues: Version update from 15.4.20220930 to 15.4.20221130 (bsc#933411): * Added note about Slurm 22.05 (jsc#SLE-21334) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPC Module 15-SP4 zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2023-670=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-2023-670=1 ## Package List: * HPC Module 15-SP4 (noarch) * release-notes-sle_hpc-15.400000000.20221130-150400.3.9.7 * SUSE Linux Enterprise High Performance Computing 15 SP4 (noarch) * release-notes-sle_hpc-15.400000000.20221130-150400.3.9.7 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=933411 * https://jira.suse.com/browse/SLE-21334 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 12:30:12 -0000 Subject: SUSE-SU-2023:0668-1: moderate: Security update for libX11 Message-ID: <167827861217.8226.12871536618375881349@smelt2.suse.de> # Security update for libX11 Announcement ID: SUSE-SU-2023:0668-1 Rating: moderate References: * #1204425 * #1208881 Cross-References: * CVE-2022-3555 CVSS scores: * CVE-2022-3555 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3555 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for libX11 fixes the following issues: * Fixed a regression introduced with security update for CVE-2022-3555 (bsc#1204425, bsc#1208881) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-668=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-668=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-668=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-668=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-668=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-668=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-668=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-668=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libX11-6-1.6.5-150000.3.27.1 * libX11-debugsource-1.6.5-150000.3.27.1 * libX11-xcb1-1.6.5-150000.3.27.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.27.1 * libX11-6-debuginfo-1.6.5-150000.3.27.1 * openSUSE Leap Micro 5.3 (noarch) * libX11-data-1.6.5-150000.3.27.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libX11-devel-1.6.5-150000.3.27.1 * libX11-6-1.6.5-150000.3.27.1 * libX11-debugsource-1.6.5-150000.3.27.1 * libX11-xcb1-1.6.5-150000.3.27.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.27.1 * libX11-6-debuginfo-1.6.5-150000.3.27.1 * openSUSE Leap 15.4 (x86_64) * libX11-devel-32bit-1.6.5-150000.3.27.1 * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.27.1 * libX11-xcb1-32bit-1.6.5-150000.3.27.1 * libX11-6-32bit-debuginfo-1.6.5-150000.3.27.1 * libX11-6-32bit-1.6.5-150000.3.27.1 * openSUSE Leap 15.4 (noarch) * libX11-data-1.6.5-150000.3.27.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libX11-6-1.6.5-150000.3.27.1 * libX11-debugsource-1.6.5-150000.3.27.1 * libX11-xcb1-1.6.5-150000.3.27.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.27.1 * libX11-6-debuginfo-1.6.5-150000.3.27.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * libX11-data-1.6.5-150000.3.27.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libX11-6-1.6.5-150000.3.27.1 * libX11-debugsource-1.6.5-150000.3.27.1 * libX11-xcb1-1.6.5-150000.3.27.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.27.1 * libX11-6-debuginfo-1.6.5-150000.3.27.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * libX11-data-1.6.5-150000.3.27.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libX11-devel-1.6.5-150000.3.27.1 * libX11-6-1.6.5-150000.3.27.1 * libX11-debugsource-1.6.5-150000.3.27.1 * libX11-xcb1-1.6.5-150000.3.27.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.27.1 * libX11-6-debuginfo-1.6.5-150000.3.27.1 * Basesystem Module 15-SP4 (noarch) * libX11-data-1.6.5-150000.3.27.1 * Basesystem Module 15-SP4 (x86_64) * libX11-xcb1-32bit-1.6.5-150000.3.27.1 * libX11-6-32bit-debuginfo-1.6.5-150000.3.27.1 * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.27.1 * libX11-6-32bit-1.6.5-150000.3.27.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libX11-devel-1.6.5-150000.3.27.1 * libX11-6-1.6.5-150000.3.27.1 * libX11-debugsource-1.6.5-150000.3.27.1 * libX11-6-32bit-1.6.5-150000.3.27.1 * libX11-xcb1-1.6.5-150000.3.27.1 * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.27.1 * libX11-xcb1-32bit-1.6.5-150000.3.27.1 * libX11-6-32bit-debuginfo-1.6.5-150000.3.27.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.27.1 * libX11-6-debuginfo-1.6.5-150000.3.27.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * libX11-data-1.6.5-150000.3.27.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libX11-6-1.6.5-150000.3.27.1 * libX11-debugsource-1.6.5-150000.3.27.1 * libX11-xcb1-1.6.5-150000.3.27.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.27.1 * libX11-6-debuginfo-1.6.5-150000.3.27.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * libX11-data-1.6.5-150000.3.27.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libX11-6-1.6.5-150000.3.27.1 * libX11-debugsource-1.6.5-150000.3.27.1 * libX11-xcb1-1.6.5-150000.3.27.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.27.1 * libX11-6-debuginfo-1.6.5-150000.3.27.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * libX11-data-1.6.5-150000.3.27.1 ## References: * https://www.suse.com/security/cve/CVE-2022-3555.html * https://bugzilla.suse.com/show_bug.cgi?id=1204425 * https://bugzilla.suse.com/show_bug.cgi?id=1208881 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 12:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 12:30:15 -0000 Subject: SUSE-SU-2023:0667-1: moderate: Security update for libX11 Message-ID: <167827861510.8226.9353734285275099378@smelt2.suse.de> # Security update for libX11 Announcement ID: SUSE-SU-2023:0667-1 Rating: moderate References: * #1204425 * #1208881 Cross-References: * CVE-2022-3555 CVSS scores: * CVE-2022-3555 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3555 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for libX11 fixes the following issues: * Fixed regression introduced with security update for CVE-2022-3555 (bsc#1204425, bsc#1208881) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-667=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-667=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-667=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-667=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libX11-debugsource-1.6.2-12.27.1 * libX11-devel-1.6.2-12.27.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libX11-6-debuginfo-1.6.2-12.27.1 * libX11-xcb1-debuginfo-1.6.2-12.27.1 * libX11-xcb1-1.6.2-12.27.1 * libX11-debugsource-1.6.2-12.27.1 * libX11-6-1.6.2-12.27.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * libX11-data-1.6.2-12.27.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libX11-xcb1-debuginfo-32bit-1.6.2-12.27.1 * libX11-6-debuginfo-32bit-1.6.2-12.27.1 * libX11-xcb1-32bit-1.6.2-12.27.1 * libX11-6-32bit-1.6.2-12.27.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libX11-6-debuginfo-1.6.2-12.27.1 * libX11-xcb1-debuginfo-1.6.2-12.27.1 * libX11-xcb1-1.6.2-12.27.1 * libX11-debugsource-1.6.2-12.27.1 * libX11-6-1.6.2-12.27.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * libX11-data-1.6.2-12.27.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libX11-xcb1-debuginfo-32bit-1.6.2-12.27.1 * libX11-6-debuginfo-32bit-1.6.2-12.27.1 * libX11-xcb1-32bit-1.6.2-12.27.1 * libX11-6-32bit-1.6.2-12.27.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libX11-6-debuginfo-1.6.2-12.27.1 * libX11-xcb1-debuginfo-1.6.2-12.27.1 * libX11-xcb1-1.6.2-12.27.1 * libX11-debugsource-1.6.2-12.27.1 * libX11-6-1.6.2-12.27.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * libX11-data-1.6.2-12.27.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libX11-xcb1-debuginfo-32bit-1.6.2-12.27.1 * libX11-6-debuginfo-32bit-1.6.2-12.27.1 * libX11-xcb1-32bit-1.6.2-12.27.1 * libX11-6-32bit-1.6.2-12.27.1 ## References: * https://www.suse.com/security/cve/CVE-2022-3555.html * https://bugzilla.suse.com/show_bug.cgi?id=1204425 * https://bugzilla.suse.com/show_bug.cgi?id=1208881 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 12:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 12:30:18 -0000 Subject: SUSE-RU-2023:0665-1: moderate: Recommended update for pcp Message-ID: <167827861817.8226.9713833421300557817@smelt2.suse.de> # Recommended update for pcp Announcement ID: SUSE-RU-2023:0665-1 Rating: moderate References: * #1186511 * #1197796 * #1199558 Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has three recommended fixes can now be installed. ## Description: This update for pcp fixes the following issues: * Workaround intermittent build-time package preun failures by dropping PMDA Remove script invocation (bsc#1197796) * Adjust systemd service types and remove deprecated KillMode=none (bsc#1186511) * Upgrade to 5.2.5 * Client tools and utilities: * pcp-dstat: correct the sample count logic, was off-by-one * pcp-dstat: fix csv output with timestamps (no special chars) * PMDA additions, enhancements and bug fixes: * pmdazfs: new Linux ZFS metrics * pmdasockets: new Linux ss(1) metrics * pmdahacluster: new HA metrics (Pacemaker, Corosync, DRBD and SBD) * pmdabcc: netproc module: count kernel calls, not packets * pmdalinux: add hinv.cpu.thermal_throttle metrics * pmdalinux: add missing help text for new metrics, drop dups * Server-side utilities and log management scripts: * pmproxy: fix quoting of /series/metrics matched names * pmlogger: fix permissions mismatch for pmlogger tmp dir * pmlogger: fix incorrect reporting of pmcd state changes * pmie_check: explicity set a umask appropriate for pmieconf * pmlogger_check: explicity set a umask appropriate for pmlogconf * pmlogger_check: skip .NeedRewrite processing with -K * pmpost: increase timestamp resolution * pmpost: fix NOTICES file ownership changes * rc scripts: add optional logging * systemd: remove Wants=pmcd from pmlogger and pmie * libpcp, libpcp_pmda, libpcp_mmv, libpcp_web and language bindings * libpcp: redo the interp.c time_caliper changes * libpcp_web: add timer driven webgroup garbage collector * libpcp_pmda: add new function pmdaCachePurgeCallback * Misc build, infrastructure and packaging updates: * libpcp_web: fix minor memory leak on an error path (covscan) * build: fixes to ensure PCP_TMPFILE_DIR not used during the build * Security Enhanced Linux: * selinux: enable netcheck rawip_socket if icmp_socket unavailable * selinux: additional rules needed for pmie/pmlogger in fedora * Documentation and QA infrastructure: * docs: add pointers to readthedocs.io now that books live there * pcp-dstat: optionally install a man page symlink for dstat * docs: pmproxy(1) man page corrections and additions * Upgrade to 5.2.3 * Client tools and utilities: * pcp-htop: minimal version of htop with PCP backend platform * pcp-atop: add per-process network statistics * pcp-atop: result instance indexing performance optimization * pcp-atop: always restore original state of process accounting * pcp2elasticsearch: add guard around maximum long integer size * pmlogsummary: fix indom lookup for dynamic instance domains * pmseries: provide sum() and avg() query functions * pmseries: persist canonical query expressions to Redis * pmseries: fix HMSET calls when querying timeseries expression * pmseries: fix for failing queries with disjuncted qualifiers * pmseries: fix segfault in func call with globbed metric.name * Server-side utilities and log management scripts: * pmproxy: support fabricated SIDs in /series/instances requests * pmproxy: support fabricated SIDs in /series/metrics requests * pmlogger_check: add pmlc connection timeout checking current volume * pmlogctl,pmiectl: ignore saved control files after an upgrade * pmlogconf: add missing mssql template header * pmlogconf: add logger configuration files for the htop command * pmieconf: add a rule to detect and report OOM kills * pmieconf: cleanup old, no-longer-used tool integrations * pmieconf: ensure all automated invocations use the -c switch * pmieconf: fix default generated config file path * pmie_check: remove a tempfile once finished with it * PMDA additions, enhancements and bug fixes: * pmdaapache: fix buffer size to allow for multiple reads of the stream * pmdabcc: added new netproc module with per-process network metrics * pmdaproc: allow to use acct.control.enable_acct as reference counting * pmdalinux: added network.all.* metrics for physical interfaces * pmdalinux: fix case of waitio counters from /proc/stat going backwards * pmdalinux: minor tweaks to use integer math over floating point * dbpmda: send inst profile prior to instances level label requests * libpcp, libpcp_pmda, libpcp_mmv, libpcp_web and language bindings * libpcp: performance improvements for archives with dynamic indoms * libpcp: send instance profile for instances level labels requests * libpcp: make pmLookupName take a (const char **) namelist * libpcp_web: set pmseries source to all-zeroes for expressions * libpcp_web: handle fabricated SIDs in /series/values REST API * python api: fix fetchgroup max_insts size with multiple indoms * Misc build, infrastructure and packaging updates: * Security Enhanced Linux: * selinux: use matching autoconf guard for rawip_socket class * Documentation and QA infrastructure: * docs: update pmdabpftrace man page and README * docs: improvements in diagrams * docs: theme_overrides.css added for readthedocs content * docs: pmseries(1) chapter added in Users and Administrators Guide * docs: add quotes to curl calls with * in pmwebapi query strings * docs: update pmseries schema to describe expression keys * Fix a few rpmlint errors (to at least get below the 1000 mark)(bsc#1199558): * make libpcp-devel require libpcp_gui: the devel package installs a symlink pointing to that library, so anything willing to link it would fail * Call fdupes over /var/lib/pcp/testsuite * W: macro-in-comment: escape the relevant macros using %% * Filter out W: potential-bashisms for pcp-testsuite. * Own %{_datadir}/zsh and %{_datadir}/zsh/site-functions: we have no guaranteed owner of these directories in the buildroot. * Remove sysconfig dependencies, this is not the equivalent of the initscripts package and completly unneeded here; * Add missing hostname requires; * also buildrequire pkgconfig(systemd) to make sure configure detects systemd * Replace ancient RPM variables by modern equivalents. * Drop support for ancient SUSE and ancient Fedora. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-665=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-665=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * perl-PCP-MMV-5.2.5-150400.5.3.11 * pcp-pmda-weblog-5.2.5-150400.5.3.11 * pcp-5.2.5-150400.5.3.11 * pcp-import-mrtg2pcp-5.2.5-150400.5.3.11 * libpcp_gui2-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-lustrecomm-debuginfo-5.2.5-150400.5.3.11 * pcp-system-tools-5.2.5-150400.5.3.11 * pcp-pmda-zimbra-5.2.5-150400.5.3.11 * pcp-pmda-samba-5.2.5-150400.5.3.11 * pcp-pmda-named-5.2.5-150400.5.3.11 * pcp-export-pcp2spark-5.2.5-150400.5.3.11 * pcp-pmda-activemq-5.2.5-150400.5.3.11 * perl-PCP-PMDA-5.2.5-150400.5.3.11 * pcp-zeroconf-5.2.5-150400.5.3.11 * pcp-pmda-nvidia-gpu-5.2.5-150400.5.3.11 * libpcp_web1-5.2.5-150400.5.3.11 * pcp-pmda-nfsclient-5.2.5-150400.5.3.11 * pcp-export-pcp2zabbix-5.2.5-150400.5.3.11 * libpcp_web1-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-haproxy-5.2.5-150400.5.3.11 * pcp-pmda-gfs2-5.2.5-150400.5.3.11 * libpcp_mmv1-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-lmsensors-5.2.5-150400.5.3.11 * libpcp_import1-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-mic-5.2.5-150400.5.3.11 * pcp-pmda-ds389-5.2.5-150400.5.3.11 * perl-PCP-LogImport-5.2.5-150400.5.3.11 * pcp-pmda-gluster-5.2.5-150400.5.3.11 * pcp-pmda-mailq-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-roomtemp-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-smart-5.2.5-150400.5.3.11 * perl-PCP-PMDA-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-slurm-5.2.5-150400.5.3.11 * pcp-pmda-trace-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-lustrecomm-5.2.5-150400.5.3.11 * pcp-pmda-memcache-5.2.5-150400.5.3.11 * pcp-testsuite-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-nutcracker-5.2.5-150400.5.3.11 * pcp-import-collectl2pcp-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-shping-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-bind2-5.2.5-150400.5.3.11 * perl-PCP-MMV-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-systemd-5.2.5-150400.5.3.11 * pcp-pmda-nginx-5.2.5-150400.5.3.11 * pcp-pmda-sendmail-5.2.5-150400.5.3.11 * pcp-pmda-shping-5.2.5-150400.5.3.11 * libpcp_import1-5.2.5-150400.5.3.11 * pcp-pmda-sendmail-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-news-5.2.5-150400.5.3.11 * python3-pcp-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-mounts-5.2.5-150400.5.3.11 * pcp-pmda-dbping-5.2.5-150400.5.3.11 * pcp-pmda-cisco-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-bash-5.2.5-150400.5.3.11 * perl-PCP-LogImport-debuginfo-5.2.5-150400.5.3.11 * pcp-devel-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-dm-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-docker-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-mounts-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-cifs-5.2.5-150400.5.3.11 * pcp-gui-5.2.5-150400.5.3.11 * pcp-import-ganglia2pcp-5.2.5-150400.5.3.11 * pcp-pmda-oracle-5.2.5-150400.5.3.11 * python3-pcp-5.2.5-150400.5.3.11 * pcp-gui-debuginfo-5.2.5-150400.5.3.11 * perl-PCP-LogSummary-5.2.5-150400.5.3.11 * pcp-conf-5.2.5-150400.5.3.11 * pcp-pmda-gfs2-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-gpfs-5.2.5-150400.5.3.11 * pcp-import-iostat2pcp-5.2.5-150400.5.3.11 * libpcp_trace2-debuginfo-5.2.5-150400.5.3.11 * pcp-debugsource-5.2.5-150400.5.3.11 * pcp-pmda-roomtemp-5.2.5-150400.5.3.11 * pcp-pmda-bonding-5.2.5-150400.5.3.11 * pcp-pmda-postfix-5.2.5-150400.5.3.11 * pcp-pmda-snmp-5.2.5-150400.5.3.11 * pcp-pmda-rpm-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-apache-5.2.5-150400.5.3.11 * pcp-pmda-cifs-debuginfo-5.2.5-150400.5.3.11 * pcp-import-sar2pcp-5.2.5-150400.5.3.11 * pcp-pmda-rsyslog-5.2.5-150400.5.3.11 * pcp-pmda-weblog-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-logger-debuginfo-5.2.5-150400.5.3.11 * libpcp_mmv1-5.2.5-150400.5.3.11 * pcp-export-pcp2elasticsearch-5.2.5-150400.5.3.11 * pcp-pmda-cisco-5.2.5-150400.5.3.11 * pcp-pmda-lustre-5.2.5-150400.5.3.11 * libpcp3-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-dm-5.2.5-150400.5.3.11 * pcp-pmda-mailq-5.2.5-150400.5.3.11 * pcp-pmda-zswap-5.2.5-150400.5.3.11 * pcp-pmda-trace-5.2.5-150400.5.3.11 * pcp-system-tools-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-smart-debuginfo-5.2.5-150400.5.3.11 * pcp-export-pcp2graphite-5.2.5-150400.5.3.11 * pcp-pmda-docker-5.2.5-150400.5.3.11 * pcp-pmda-redis-5.2.5-150400.5.3.11 * pcp-pmda-logger-5.2.5-150400.5.3.11 * pcp-testsuite-5.2.5-150400.5.3.11 * pcp-pmda-json-5.2.5-150400.5.3.11 * pcp-export-pcp2json-5.2.5-150400.5.3.11 * pcp-pmda-unbound-5.2.5-150400.5.3.11 * pcp-pmda-elasticsearch-5.2.5-150400.5.3.11 * pcp-import-collectl2pcp-5.2.5-150400.5.3.11 * pcp-pmda-nvidia-gpu-debuginfo-5.2.5-150400.5.3.11 * libpcp_gui2-5.2.5-150400.5.3.11 * pcp-pmda-ds389log-5.2.5-150400.5.3.11 * pcp-debuginfo-5.2.5-150400.5.3.11 * pcp-export-pcp2influxdb-5.2.5-150400.5.3.11 * libpcp-devel-5.2.5-150400.5.3.11 * pcp-export-pcp2xml-5.2.5-150400.5.3.11 * pcp-pmda-bash-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-mysql-5.2.5-150400.5.3.11 * pcp-pmda-apache-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-vmware-5.2.5-150400.5.3.11 * pcp-pmda-gpsd-5.2.5-150400.5.3.11 * libpcp_trace2-5.2.5-150400.5.3.11 * pcp-pmda-summary-5.2.5-150400.5.3.11 * pcp-pmda-netfilter-5.2.5-150400.5.3.11 * pcp-pmda-summary-debuginfo-5.2.5-150400.5.3.11 * pcp-devel-5.2.5-150400.5.3.11 * libpcp3-5.2.5-150400.5.3.11 * pcp-pmda-pdns-5.2.5-150400.5.3.11 * pcp-pmda-systemd-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-rpm-5.2.5-150400.5.3.11 * openSUSE Leap 15.4 (noarch) * pcp-doc-5.2.5-150400.5.3.11 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * pcp-pmda-infiniband-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-infiniband-5.2.5-150400.5.3.11 * pcp-pmda-perfevent-debuginfo-5.2.5-150400.5.3.11 * pcp-pmda-rabbitmq-5.2.5-150400.5.3.11 * pcp-pmda-perfevent-5.2.5-150400.5.3.11 * pcp-pmda-openmetrics-5.2.5-150400.5.3.11 * pcp-pmda-netcheck-5.2.5-150400.5.3.11 * pcp-pmda-openvswitch-5.2.5-150400.5.3.11 * openSUSE Leap 15.4 (x86_64) * pcp-pmda-mssql-5.2.5-150400.5.3.11 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * perl-PCP-MMV-5.2.5-150400.5.3.11 * pcp-5.2.5-150400.5.3.11 * perl-PCP-LogSummary-5.2.5-150400.5.3.11 * pcp-conf-5.2.5-150400.5.3.11 * pcp-import-mrtg2pcp-5.2.5-150400.5.3.11 * pcp-import-iostat2pcp-5.2.5-150400.5.3.11 * libpcp_trace2-debuginfo-5.2.5-150400.5.3.11 * libpcp_gui2-debuginfo-5.2.5-150400.5.3.11 * perl-PCP-MMV-debuginfo-5.2.5-150400.5.3.11 * pcp-debugsource-5.2.5-150400.5.3.11 * pcp-system-tools-5.2.5-150400.5.3.11 * libpcp_gui2-5.2.5-150400.5.3.11 * libpcp_import1-5.2.5-150400.5.3.11 * pcp-import-sar2pcp-5.2.5-150400.5.3.11 * pcp-debuginfo-5.2.5-150400.5.3.11 * python3-pcp-debuginfo-5.2.5-150400.5.3.11 * perl-PCP-PMDA-5.2.5-150400.5.3.11 * libpcp-devel-5.2.5-150400.5.3.11 * libpcp_mmv1-5.2.5-150400.5.3.11 * libpcp_web1-5.2.5-150400.5.3.11 * perl-PCP-LogImport-debuginfo-5.2.5-150400.5.3.11 * libpcp3-debuginfo-5.2.5-150400.5.3.11 * libpcp_trace2-5.2.5-150400.5.3.11 * libpcp_web1-debuginfo-5.2.5-150400.5.3.11 * libpcp_mmv1-debuginfo-5.2.5-150400.5.3.11 * pcp-devel-debuginfo-5.2.5-150400.5.3.11 * pcp-devel-5.2.5-150400.5.3.11 * libpcp_import1-debuginfo-5.2.5-150400.5.3.11 * pcp-system-tools-debuginfo-5.2.5-150400.5.3.11 * perl-PCP-LogImport-5.2.5-150400.5.3.11 * perl-PCP-PMDA-debuginfo-5.2.5-150400.5.3.11 * libpcp3-5.2.5-150400.5.3.11 * python3-pcp-5.2.5-150400.5.3.11 * Development Tools Module 15-SP4 (noarch) * pcp-doc-5.2.5-150400.5.3.11 * Development Tools Module 15-SP4 (ppc64le) * pcp-pmda-perfevent-5.2.5-150400.5.3.11 * pcp-pmda-perfevent-debuginfo-5.2.5-150400.5.3.11 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1186511 * https://bugzilla.suse.com/show_bug.cgi?id=1197796 * https://bugzilla.suse.com/show_bug.cgi?id=1199558 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 12:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 12:30:21 -0000 Subject: SUSE-RU-2023:0664-1: important: Recommended update for perl-Term-ReadLine-Gnu Message-ID: <167827862143.8226.9445507695403416968@smelt2.suse.de> # Recommended update for perl-Term-ReadLine-Gnu Announcement ID: SUSE-RU-2023:0664-1 Rating: important References: * #966042 Affected Products: * openSUSE Leap 15.4 * SAP Applications Module 15-SP3 * SAP Applications Module 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update for perl-Term-ReadLine-Gnu fixes the following issues: * updated to 1.42 (jsc#PED-2616) see /usr/share/doc/packages/perl-Term- ReadLine-Gnu/Changes * updated to 1.41 see /usr/share/doc/packages/perl-Term-ReadLine-Gnu/Changes * Search a terminal library only when it necessary. * whole refactoring * updated to 1.40 see /usr/share/doc/packages/perl-Term-ReadLine-Gnu/Changes * updated to 1.37 see /usr/share/doc/packages/perl-Term-ReadLine-Gnu/Changes * add cpanspec.yml for autoupdates * spec: obsolete "perl-TermReadLine-Gnu" (wrongly-named package in Factory/Leap/SLE) (bsc#966042) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-664=1 * SAP Applications Module 15-SP3 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2023-664=1 * SAP Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-664=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * perl-Term-ReadLine-Gnu-1.42-150300.7.3.1 * perl-Term-ReadLine-Gnu-debugsource-1.42-150300.7.3.1 * perl-Term-ReadLine-Gnu-debuginfo-1.42-150300.7.3.1 * SAP Applications Module 15-SP3 (aarch64 ppc64le s390x x86_64) * perl-Term-ReadLine-Gnu-1.42-150300.7.3.1 * perl-Term-ReadLine-Gnu-debugsource-1.42-150300.7.3.1 * perl-Term-ReadLine-Gnu-debuginfo-1.42-150300.7.3.1 * SAP Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * perl-Term-ReadLine-Gnu-1.42-150300.7.3.1 * perl-Term-ReadLine-Gnu-debugsource-1.42-150300.7.3.1 * perl-Term-ReadLine-Gnu-debuginfo-1.42-150300.7.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=966042 * https://jira.suse.com/browse/PED-2616 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 12:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 12:30:23 -0000 Subject: SUSE-SU-2023:0663-1: important: Security update for python3 Message-ID: <167827862370.8226.10186125119516814949@smelt2.suse.de> # Security update for python3 Announcement ID: SUSE-SU-2023:0663-1 Rating: important References: * #1206673 * #1208471 Cross-References: * CVE-2022-40899 * CVE-2023-24329 CVSS scores: * CVE-2022-40899 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2022-40899 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24329 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L * CVE-2023-24329 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 * Web and Scripting Module 12 An update that solves two vulnerabilities can now be installed. ## Description: This update for python3 fixes the following issues: * CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). * CVE-2022-40899: Fixed REDoS in http.cookiejar (gh#python/cpython#17157) (bsc#1206673). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-663=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-663=1 * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-663=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-663=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-663=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-663=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-663=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-663=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-663=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-663=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-663=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libpython3_4m1_0-3.4.10-25.108.1 * libpython3_4m1_0-debuginfo-3.4.10-25.108.1 * python3-base-debugsource-3.4.10-25.108.1 * python3-base-3.4.10-25.108.1 * python3-3.4.10-25.108.1 * python3-curses-debuginfo-3.4.10-25.108.1 * python3-curses-3.4.10-25.108.1 * python3-base-debuginfo-3.4.10-25.108.1 * python3-devel-debuginfo-3.4.10-25.108.1 * python3-debugsource-3.4.10-25.108.1 * python3-debuginfo-3.4.10-25.108.1 * python3-devel-3.4.10-25.108.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libpython3_4m1_0-3.4.10-25.108.1 * libpython3_4m1_0-debuginfo-3.4.10-25.108.1 * python3-base-debugsource-3.4.10-25.108.1 * python3-base-3.4.10-25.108.1 * python3-3.4.10-25.108.1 * python3-curses-debuginfo-3.4.10-25.108.1 * python3-curses-3.4.10-25.108.1 * python3-base-debuginfo-3.4.10-25.108.1 * python3-devel-debuginfo-3.4.10-25.108.1 * python3-debugsource-3.4.10-25.108.1 * python3-debuginfo-3.4.10-25.108.1 * python3-devel-3.4.10-25.108.1 * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * libpython3_4m1_0-3.4.10-25.108.1 * libpython3_4m1_0-debuginfo-3.4.10-25.108.1 * python3-base-debugsource-3.4.10-25.108.1 * python3-base-3.4.10-25.108.1 * python3-3.4.10-25.108.1 * python3-curses-3.4.10-25.108.1 * python3-base-debuginfo-3.4.10-25.108.1 * python3-debugsource-3.4.10-25.108.1 * python3-debuginfo-3.4.10-25.108.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * libpython3_4m1_0-3.4.10-25.108.1 * libpython3_4m1_0-debuginfo-3.4.10-25.108.1 * python3-base-debugsource-3.4.10-25.108.1 * python3-base-3.4.10-25.108.1 * python3-3.4.10-25.108.1 * python3-curses-debuginfo-3.4.10-25.108.1 * python3-curses-3.4.10-25.108.1 * python3-base-debuginfo-3.4.10-25.108.1 * python3-devel-debuginfo-3.4.10-25.108.1 * python3-debugsource-3.4.10-25.108.1 * python3-debuginfo-3.4.10-25.108.1 * python3-devel-3.4.10-25.108.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * python3-dbm-debuginfo-3.4.10-25.108.1 * python3-base-debugsource-3.4.10-25.108.1 * python3-base-debuginfo-3.4.10-25.108.1 * python3-dbm-3.4.10-25.108.1 * python3-debugsource-3.4.10-25.108.1 * python3-debuginfo-3.4.10-25.108.1 * python3-devel-3.4.10-25.108.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * python3-devel-debuginfo-3.4.10-25.108.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libpython3_4m1_0-3.4.10-25.108.1 * libpython3_4m1_0-debuginfo-3.4.10-25.108.1 * python3-base-debugsource-3.4.10-25.108.1 * python3-base-3.4.10-25.108.1 * python3-3.4.10-25.108.1 * python3-curses-debuginfo-3.4.10-25.108.1 * python3-curses-3.4.10-25.108.1 * python3-base-debuginfo-3.4.10-25.108.1 * python3-debugsource-3.4.10-25.108.1 * python3-debuginfo-3.4.10-25.108.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * libpython3_4m1_0-3.4.10-25.108.1 * libpython3_4m1_0-debuginfo-3.4.10-25.108.1 * python3-base-debugsource-3.4.10-25.108.1 * python3-base-3.4.10-25.108.1 * python3-3.4.10-25.108.1 * python3-curses-debuginfo-3.4.10-25.108.1 * python3-curses-3.4.10-25.108.1 * python3-base-debuginfo-3.4.10-25.108.1 * python3-debugsource-3.4.10-25.108.1 * python3-debuginfo-3.4.10-25.108.1 * python3-devel-3.4.10-25.108.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * python3-devel-debuginfo-3.4.10-25.108.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * libpython3_4m1_0-3.4.10-25.108.1 * libpython3_4m1_0-debuginfo-3.4.10-25.108.1 * python3-base-debugsource-3.4.10-25.108.1 * python3-base-3.4.10-25.108.1 * python3-3.4.10-25.108.1 * python3-curses-debuginfo-3.4.10-25.108.1 * python3-curses-3.4.10-25.108.1 * python3-base-debuginfo-3.4.10-25.108.1 * python3-debugsource-3.4.10-25.108.1 * python3-debuginfo-3.4.10-25.108.1 * python3-devel-3.4.10-25.108.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (ppc64le s390x x86_64) * python3-devel-debuginfo-3.4.10-25.108.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libpython3_4m1_0-3.4.10-25.108.1 * libpython3_4m1_0-debuginfo-3.4.10-25.108.1 * python3-base-debugsource-3.4.10-25.108.1 * python3-base-3.4.10-25.108.1 * python3-3.4.10-25.108.1 * python3-tk-3.4.10-25.108.1 * python3-curses-debuginfo-3.4.10-25.108.1 * python3-curses-3.4.10-25.108.1 * python3-base-debuginfo-3.4.10-25.108.1 * python3-debugsource-3.4.10-25.108.1 * python3-debuginfo-3.4.10-25.108.1 * python3-tk-debuginfo-3.4.10-25.108.1 * python3-devel-3.4.10-25.108.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libpython3_4m1_0-32bit-3.4.10-25.108.1 * python3-devel-debuginfo-3.4.10-25.108.1 * python3-base-debuginfo-32bit-3.4.10-25.108.1 * libpython3_4m1_0-debuginfo-32bit-3.4.10-25.108.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libpython3_4m1_0-3.4.10-25.108.1 * libpython3_4m1_0-debuginfo-3.4.10-25.108.1 * python3-base-debugsource-3.4.10-25.108.1 * python3-base-3.4.10-25.108.1 * python3-3.4.10-25.108.1 * python3-tk-3.4.10-25.108.1 * python3-curses-debuginfo-3.4.10-25.108.1 * python3-curses-3.4.10-25.108.1 * python3-base-debuginfo-3.4.10-25.108.1 * python3-debugsource-3.4.10-25.108.1 * python3-debuginfo-3.4.10-25.108.1 * python3-tk-debuginfo-3.4.10-25.108.1 * python3-devel-3.4.10-25.108.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le s390x x86_64) * python3-devel-debuginfo-3.4.10-25.108.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libpython3_4m1_0-32bit-3.4.10-25.108.1 * python3-base-debuginfo-32bit-3.4.10-25.108.1 * libpython3_4m1_0-debuginfo-32bit-3.4.10-25.108.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libpython3_4m1_0-3.4.10-25.108.1 * libpython3_4m1_0-debuginfo-3.4.10-25.108.1 * python3-base-debugsource-3.4.10-25.108.1 * python3-base-3.4.10-25.108.1 * python3-3.4.10-25.108.1 * python3-tk-3.4.10-25.108.1 * python3-curses-debuginfo-3.4.10-25.108.1 * python3-curses-3.4.10-25.108.1 * python3-base-debuginfo-3.4.10-25.108.1 * python3-devel-debuginfo-3.4.10-25.108.1 * python3-debugsource-3.4.10-25.108.1 * python3-debuginfo-3.4.10-25.108.1 * python3-tk-debuginfo-3.4.10-25.108.1 * python3-devel-3.4.10-25.108.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libpython3_4m1_0-32bit-3.4.10-25.108.1 * python3-base-debuginfo-32bit-3.4.10-25.108.1 * libpython3_4m1_0-debuginfo-32bit-3.4.10-25.108.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40899.html * https://www.suse.com/security/cve/CVE-2023-24329.html * https://bugzilla.suse.com/show_bug.cgi?id=1206673 * https://bugzilla.suse.com/show_bug.cgi?id=1208471 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 12:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 12:30:25 -0000 Subject: SUSE-SU-2023:0662-1: important: Security update for python36 Message-ID: <167827862562.8226.5869004997310299221@smelt2.suse.de> # Security update for python36 Announcement ID: SUSE-SU-2023:0662-1 Rating: important References: * #1208471 Cross-References: * CVE-2023-24329 CVSS scores: * CVE-2023-24329 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L * CVE-2023-24329 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python36 fixes the following issues: * CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-662=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-662=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-662=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-662=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * python36-devel-3.6.15-40.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * python36-debuginfo-3.6.15-40.1 * python36-base-debuginfo-3.6.15-40.1 * python36-base-3.6.15-40.1 * python36-debugsource-3.6.15-40.1 * libpython3_6m1_0-3.6.15-40.1 * python36-3.6.15-40.1 * libpython3_6m1_0-debuginfo-3.6.15-40.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libpython3_6m1_0-32bit-3.6.15-40.1 * libpython3_6m1_0-debuginfo-32bit-3.6.15-40.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * python36-debuginfo-3.6.15-40.1 * python36-base-debuginfo-3.6.15-40.1 * python36-base-3.6.15-40.1 * python36-debugsource-3.6.15-40.1 * libpython3_6m1_0-3.6.15-40.1 * python36-3.6.15-40.1 * libpython3_6m1_0-debuginfo-3.6.15-40.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libpython3_6m1_0-32bit-3.6.15-40.1 * libpython3_6m1_0-debuginfo-32bit-3.6.15-40.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * python36-debuginfo-3.6.15-40.1 * python36-base-debuginfo-3.6.15-40.1 * python36-base-3.6.15-40.1 * python36-debugsource-3.6.15-40.1 * libpython3_6m1_0-3.6.15-40.1 * python36-3.6.15-40.1 * libpython3_6m1_0-debuginfo-3.6.15-40.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libpython3_6m1_0-32bit-3.6.15-40.1 * libpython3_6m1_0-debuginfo-32bit-3.6.15-40.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24329.html * https://bugzilla.suse.com/show_bug.cgi?id=1208471 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 12:30:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 12:30:28 -0000 Subject: SUSE-RU-2023:0659-1: moderate: Recommended update for cloud-netconfig Message-ID: <167827862857.8226.1291103513360072668@smelt2.suse.de> # Recommended update for cloud-netconfig Announcement ID: SUSE-RU-2023:0659-1 Rating: moderate References: * #1199853 * #1204549 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has two recommended fixes can now be installed. ## Description: This update for cloud-netconfig fixes the following issues: * Update to version 1.7: * Overhaul policy routing setup * Support alias IPv4 ranges * Add support for NetworkManager (bsc#1204549) * Remove dependency on netconfig * Install into libexec directory * Clear stale ifcfg files for accelerated NICs (bsc#1199853) * More debug messages * Documentation update * /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in Tumbleweed, update path ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-659=1 ## Package List: * Public Cloud Module 12 (noarch) * cloud-netconfig-ec2-1.7-27.1 * cloud-netconfig-gce-1.7-27.1 * cloud-netconfig-azure-1.7-27.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1199853 * https://bugzilla.suse.com/show_bug.cgi?id=1204549 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 12:30:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 12:30:31 -0000 Subject: SUSE-RU-2023:0658-1: moderate: Recommended update for cloud-netconfig Message-ID: <167827863142.8226.15306642137965220376@smelt2.suse.de> # Recommended update for cloud-netconfig Announcement ID: SUSE-RU-2023:0658-1 Rating: moderate References: * #1199853 * #1204549 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for cloud-netconfig fixes the following issues: * Update to version 1.7: * Overhaul policy routing setup * Support alias IPv4 ranges * Add support for NetworkManager (bsc#1204549) * Remove dependency on netconfig * Install into libexec directory * Clear stale ifcfg files for accelerated NICs (bsc#1199853) * More debug messages * Documentation update * /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in Tumbleweed, update path ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-658=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-658=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-658=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-658=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-658=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-658=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-658=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-658=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * cloud-netconfig-gce-1.7-150000.25.8.1 * cloud-netconfig-ec2-1.7-150000.25.8.1 * cloud-netconfig-azure-1.7-150000.25.8.1 * openSUSE Leap 15.4 (noarch) * cloud-netconfig-gce-1.7-150000.25.8.1 * cloud-netconfig-ec2-1.7-150000.25.8.1 * cloud-netconfig-azure-1.7-150000.25.8.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * cloud-netconfig-gce-1.7-150000.25.8.1 * cloud-netconfig-ec2-1.7-150000.25.8.1 * cloud-netconfig-azure-1.7-150000.25.8.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * cloud-netconfig-gce-1.7-150000.25.8.1 * cloud-netconfig-ec2-1.7-150000.25.8.1 * cloud-netconfig-azure-1.7-150000.25.8.1 * Public Cloud Module 15-SP1 (noarch) * cloud-netconfig-gce-1.7-150000.25.8.1 * cloud-netconfig-ec2-1.7-150000.25.8.1 * cloud-netconfig-azure-1.7-150000.25.8.1 * Public Cloud Module 15-SP2 (noarch) * cloud-netconfig-gce-1.7-150000.25.8.1 * cloud-netconfig-ec2-1.7-150000.25.8.1 * cloud-netconfig-azure-1.7-150000.25.8.1 * Public Cloud Module 15-SP3 (noarch) * cloud-netconfig-gce-1.7-150000.25.8.1 * cloud-netconfig-ec2-1.7-150000.25.8.1 * cloud-netconfig-azure-1.7-150000.25.8.1 * Public Cloud Module 15-SP4 (noarch) * cloud-netconfig-gce-1.7-150000.25.8.1 * cloud-netconfig-ec2-1.7-150000.25.8.1 * cloud-netconfig-azure-1.7-150000.25.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1199853 * https://bugzilla.suse.com/show_bug.cgi?id=1204549 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 12:30:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 12:30:33 -0000 Subject: SUSE-SU-2023:0657-1: important: Security update for xorg-x11-server Message-ID: <167827863382.8226.10481962912745461451@smelt2.suse.de> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2023:0657-1 Rating: important References: * #1205874 Cross-References: * CVE-2022-46340 CVSS scores: * CVE-2022-46340 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2022-46340 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * Fixed a regression introduced with security update for CVE-2022-46340 (bsc#1205874). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-657=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-657=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-657=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * xorg-x11-server-debugsource-1.20.3-150100.14.5.39.1 * xorg-x11-server-debuginfo-1.20.3-150100.14.5.39.1 * xorg-x11-server-1.20.3-150100.14.5.39.1 * xorg-x11-server-sdk-1.20.3-150100.14.5.39.1 * xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.39.1 * xorg-x11-server-extra-1.20.3-150100.14.5.39.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-debugsource-1.20.3-150100.14.5.39.1 * xorg-x11-server-debuginfo-1.20.3-150100.14.5.39.1 * xorg-x11-server-1.20.3-150100.14.5.39.1 * xorg-x11-server-sdk-1.20.3-150100.14.5.39.1 * xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.39.1 * xorg-x11-server-extra-1.20.3-150100.14.5.39.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * xorg-x11-server-debugsource-1.20.3-150100.14.5.39.1 * xorg-x11-server-debuginfo-1.20.3-150100.14.5.39.1 * xorg-x11-server-1.20.3-150100.14.5.39.1 * xorg-x11-server-sdk-1.20.3-150100.14.5.39.1 * xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.39.1 * xorg-x11-server-extra-1.20.3-150100.14.5.39.1 * SUSE CaaS Platform 4.0 (x86_64) * xorg-x11-server-debugsource-1.20.3-150100.14.5.39.1 * xorg-x11-server-debuginfo-1.20.3-150100.14.5.39.1 * xorg-x11-server-1.20.3-150100.14.5.39.1 * xorg-x11-server-sdk-1.20.3-150100.14.5.39.1 * xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.39.1 * xorg-x11-server-extra-1.20.3-150100.14.5.39.1 ## References: * https://www.suse.com/security/cve/CVE-2022-46340.html * https://bugzilla.suse.com/show_bug.cgi?id=1205874 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 12:30:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 12:30:36 -0000 Subject: SUSE-SU-2023:0656-1: important: Security update for xorg-x11-server Message-ID: <167827863644.8226.4437755036808402981@smelt2.suse.de> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2023:0656-1 Rating: important References: * #1205874 Cross-References: * CVE-2022-46340 CVSS scores: * CVE-2022-46340 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2022-46340 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * Fixed a regression introduced with security update for CVE-2022-46340 (bsc#1205874). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-656=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-656=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-656=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-656=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-sdk-1.19.6-10.46.1 * xorg-x11-server-debuginfo-1.19.6-10.46.1 * xorg-x11-server-debugsource-1.19.6-10.46.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * xorg-x11-server-1.19.6-10.46.1 * xorg-x11-server-extra-1.19.6-10.46.1 * xorg-x11-server-debuginfo-1.19.6-10.46.1 * xorg-x11-server-debugsource-1.19.6-10.46.1 * xorg-x11-server-extra-debuginfo-1.19.6-10.46.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-1.19.6-10.46.1 * xorg-x11-server-extra-1.19.6-10.46.1 * xorg-x11-server-debuginfo-1.19.6-10.46.1 * xorg-x11-server-debugsource-1.19.6-10.46.1 * xorg-x11-server-extra-debuginfo-1.19.6-10.46.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * xorg-x11-server-1.19.6-10.46.1 * xorg-x11-server-extra-1.19.6-10.46.1 * xorg-x11-server-debuginfo-1.19.6-10.46.1 * xorg-x11-server-debugsource-1.19.6-10.46.1 * xorg-x11-server-extra-debuginfo-1.19.6-10.46.1 ## References: * https://www.suse.com/security/cve/CVE-2022-46340.html * https://bugzilla.suse.com/show_bug.cgi?id=1205874 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 12:30:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 12:30:38 -0000 Subject: SUSE-SU-2023:0655-1: important: Security update for xorg-x11-server Message-ID: <167827863889.8226.15649087028637818941@smelt2.suse.de> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2023:0655-1 Rating: important References: * #1205874 Cross-References: * CVE-2022-46340 CVSS scores: * CVE-2022-46340 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2022-46340 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * Fixed a regression introduced with security update for CVE-2022-46340 (bsc#1205874). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-655=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-655=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-655=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-655=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-655=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * xorg-x11-server-debugsource-1.19.6-4.45.1 * xorg-x11-server-debuginfo-1.19.6-4.45.1 * xorg-x11-server-extra-debuginfo-1.19.6-4.45.1 * xorg-x11-server-extra-1.19.6-4.45.1 * xorg-x11-server-1.19.6-4.45.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * xorg-x11-server-debugsource-1.19.6-4.45.1 * xorg-x11-server-debuginfo-1.19.6-4.45.1 * xorg-x11-server-extra-debuginfo-1.19.6-4.45.1 * xorg-x11-server-extra-1.19.6-4.45.1 * xorg-x11-server-1.19.6-4.45.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * xorg-x11-server-debugsource-1.19.6-4.45.1 * xorg-x11-server-debuginfo-1.19.6-4.45.1 * xorg-x11-server-extra-debuginfo-1.19.6-4.45.1 * xorg-x11-server-extra-1.19.6-4.45.1 * xorg-x11-server-1.19.6-4.45.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * xorg-x11-server-debugsource-1.19.6-4.45.1 * xorg-x11-server-debuginfo-1.19.6-4.45.1 * xorg-x11-server-extra-debuginfo-1.19.6-4.45.1 * xorg-x11-server-extra-1.19.6-4.45.1 * xorg-x11-server-1.19.6-4.45.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-debugsource-1.19.6-4.45.1 * xorg-x11-server-debuginfo-1.19.6-4.45.1 * xorg-x11-server-extra-debuginfo-1.19.6-4.45.1 * xorg-x11-server-extra-1.19.6-4.45.1 * xorg-x11-server-1.19.6-4.45.1 ## References: * https://www.suse.com/security/cve/CVE-2022-46340.html * https://bugzilla.suse.com/show_bug.cgi?id=1205874 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 12:30:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 12:30:41 -0000 Subject: SUSE-SU-2023:0654-1: important: Security update for xwayland Message-ID: <167827864144.8226.14799525157367982380@smelt2.suse.de> # Security update for xwayland Announcement ID: SUSE-SU-2023:0654-1 Rating: important References: * #1205874 Cross-References: * CVE-2022-46340 CVSS scores: * CVE-2022-46340 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2022-46340 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for xwayland fixes the following issues: * Fixed a regression introduced with security update for CVE-2022-46340 (bsc#1205874). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-654=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-654=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * xwayland-debuginfo-21.1.4-150400.3.12.1 * xwayland-devel-21.1.4-150400.3.12.1 * xwayland-21.1.4-150400.3.12.1 * xwayland-debugsource-21.1.4-150400.3.12.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * xwayland-debuginfo-21.1.4-150400.3.12.1 * xwayland-21.1.4-150400.3.12.1 * xwayland-debugsource-21.1.4-150400.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2022-46340.html * https://bugzilla.suse.com/show_bug.cgi?id=1205874 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 12:30:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 12:30:43 -0000 Subject: SUSE-SU-2023:0653-1: important: Security update for xorg-x11-server Message-ID: <167827864393.8226.1716088710260504154@smelt2.suse.de> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2023:0653-1 Rating: important References: * #1205874 Cross-References: * CVE-2022-46340 CVSS scores: * CVE-2022-46340 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2022-46340 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that solves one vulnerability can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * Fixed a regression introduced with security update for CVE-2022-46340 (bsc#1205874). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-653=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * xorg-x11-server-7.6_1.18.3-76.63.1 * xorg-x11-server-debuginfo-7.6_1.18.3-76.63.1 * xorg-x11-server-extra-7.6_1.18.3-76.63.1 * xorg-x11-server-debugsource-7.6_1.18.3-76.63.1 * xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.63.1 ## References: * https://www.suse.com/security/cve/CVE-2022-46340.html * https://bugzilla.suse.com/show_bug.cgi?id=1205874 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 12:30:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 12:30:49 -0000 Subject: SUSE-RU-2023:0651-1: moderate: Recommended update for strongswan Message-ID: <167827864965.8226.12090399518450380290@smelt2.suse.de> # Recommended update for strongswan Announcement ID: SUSE-RU-2023:0651-1 Rating: moderate References: * #1185153 * #1199205 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that has two recommended fixes can now be installed. ## Description: This update for strongswan fixes the following issue: * Fix crash in packet sender (bsc#1199205) * Remove deprecated option "StandardOutput=syslog" from strongswan systemd unit file (bsc#1185153) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-651=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-651=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-651=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-651=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * strongswan-sqlite-5.8.2-150400.19.8.1 * strongswan-debuginfo-5.8.2-150400.19.8.1 * strongswan-mysql-debuginfo-5.8.2-150400.19.8.1 * strongswan-5.8.2-150400.19.8.1 * strongswan-debugsource-5.8.2-150400.19.8.1 * strongswan-hmac-5.8.2-150400.19.8.1 * strongswan-libs0-debuginfo-5.8.2-150400.19.8.1 * strongswan-mysql-5.8.2-150400.19.8.1 * strongswan-sqlite-debuginfo-5.8.2-150400.19.8.1 * strongswan-ipsec-debuginfo-5.8.2-150400.19.8.1 * strongswan-nm-debuginfo-5.8.2-150400.19.8.1 * strongswan-nm-5.8.2-150400.19.8.1 * strongswan-libs0-5.8.2-150400.19.8.1 * strongswan-ipsec-5.8.2-150400.19.8.1 * openSUSE Leap 15.4 (noarch) * strongswan-doc-5.8.2-150400.19.8.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * strongswan-debuginfo-5.8.2-150400.19.8.1 * strongswan-5.8.2-150400.19.8.1 * strongswan-debugsource-5.8.2-150400.19.8.1 * strongswan-hmac-5.8.2-150400.19.8.1 * strongswan-libs0-debuginfo-5.8.2-150400.19.8.1 * strongswan-ipsec-debuginfo-5.8.2-150400.19.8.1 * strongswan-libs0-5.8.2-150400.19.8.1 * strongswan-ipsec-5.8.2-150400.19.8.1 * Basesystem Module 15-SP4 (noarch) * strongswan-doc-5.8.2-150400.19.8.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * strongswan-debugsource-5.8.2-150400.19.8.1 * strongswan-nm-debuginfo-5.8.2-150400.19.8.1 * strongswan-debuginfo-5.8.2-150400.19.8.1 * strongswan-nm-5.8.2-150400.19.8.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * strongswan-debugsource-5.8.2-150400.19.8.1 * strongswan-nm-debuginfo-5.8.2-150400.19.8.1 * strongswan-debuginfo-5.8.2-150400.19.8.1 * strongswan-nm-5.8.2-150400.19.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1185153 * https://bugzilla.suse.com/show_bug.cgi?id=1199205 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 16:30:02 -0000 Subject: SUSE-SU-2023:0679-1: moderate: Security update for woodstox Message-ID: <167829300273.10447.2856860610283647000@smelt2.suse.de> # Security update for woodstox Announcement ID: SUSE-SU-2023:0679-1 Rating: moderate References: * #1203521 Cross-References: * CVE-2022-40152 CVSS scores: * CVE-2022-40152 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-40152 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for woodstox fixes the following issues: * CVE-2022-40152: Fixed stack overflow in XML serialization (bsc#1203521). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-679=1 ## Package List: * SUSE Manager Server 4.3 Module 4.3 (noarch) * woodstox-4.4.2-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40152.html * https://bugzilla.suse.com/show_bug.cgi?id=1203521 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 16:30:03 -0000 Subject: SUSE-RU-2023:0678-1: low: Recommended update for SUSE-Manager-Server-release Message-ID: <167829300386.10447.2737460476508170657@smelt2.suse.de> # Recommended update for SUSE-Manager-Server-release Announcement ID: SUSE-RU-2023:0678-1 Rating: low References: Affected Products: * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for SUSE-Manager-Server-release provides the following fix: * Adjust the EOL date for the product. ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2023-678=1 ## Package List: * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * SUSE-Manager-Server-release-4.3-150400.56.5.1 ## References: * https://jira.suse.com/browse/MSC-536 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 16:30:06 -0000 Subject: SUSE-SU-2023:0677-1: important: Security update for poppler Message-ID: <167829300699.10447.15170512643290199308@smelt2.suse.de> # Security update for poppler Announcement ID: SUSE-SU-2023:0677-1 Rating: important References: * #1181551 * #1202692 Cross-References: * CVE-2022-38784 CVSS scores: * CVE-2022-38784 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-38784 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder (bsc#1202692). Bugfixes: * Fixed issue where some PDF generators generate PDF with some wrong numbers in entry table, but the content is still valid (bsc#1181551). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-677=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-677=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-677=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-677=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-677=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-677=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-677=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-677=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-677=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-677=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-677=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-677=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-677=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-677=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-677=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpoppler89-debuginfo-0.79.0-150200.3.8.1 * libpoppler89-0.79.0-150200.3.8.1 * openSUSE Leap 15.4 (x86_64) * libpoppler89-32bit-debuginfo-0.79.0-150200.3.8.1 * libpoppler89-32bit-0.79.0-150200.3.8.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libpoppler89-debuginfo-0.79.0-150200.3.8.1 * libpoppler89-0.79.0-150200.3.8.1 * poppler-debugsource-0.79.0-150200.3.8.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libpoppler-glib8-0.79.0-150200.3.8.1 * poppler-tools-0.79.0-150200.3.8.1 * poppler-tools-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-0.79.0-150200.3.8.1 * libpoppler-glib-devel-0.79.0-150200.3.8.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.8.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.8.1 * libpoppler89-debuginfo-0.79.0-150200.3.8.1 * libpoppler-devel-0.79.0-150200.3.8.1 * libpoppler89-0.79.0-150200.3.8.1 * poppler-debugsource-0.79.0-150200.3.8.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libpoppler-glib8-0.79.0-150200.3.8.1 * poppler-tools-0.79.0-150200.3.8.1 * poppler-tools-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-0.79.0-150200.3.8.1 * libpoppler-glib-devel-0.79.0-150200.3.8.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.8.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.8.1 * libpoppler89-debuginfo-0.79.0-150200.3.8.1 * libpoppler-devel-0.79.0-150200.3.8.1 * libpoppler89-0.79.0-150200.3.8.1 * poppler-debugsource-0.79.0-150200.3.8.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libpoppler-glib8-0.79.0-150200.3.8.1 * poppler-tools-0.79.0-150200.3.8.1 * poppler-tools-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-0.79.0-150200.3.8.1 * libpoppler-glib-devel-0.79.0-150200.3.8.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.8.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.8.1 * libpoppler89-debuginfo-0.79.0-150200.3.8.1 * libpoppler-devel-0.79.0-150200.3.8.1 * libpoppler89-0.79.0-150200.3.8.1 * poppler-debugsource-0.79.0-150200.3.8.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libpoppler-glib8-0.79.0-150200.3.8.1 * poppler-tools-0.79.0-150200.3.8.1 * poppler-tools-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-0.79.0-150200.3.8.1 * libpoppler-glib-devel-0.79.0-150200.3.8.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.8.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.8.1 * libpoppler89-debuginfo-0.79.0-150200.3.8.1 * libpoppler-devel-0.79.0-150200.3.8.1 * libpoppler89-0.79.0-150200.3.8.1 * poppler-debugsource-0.79.0-150200.3.8.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libpoppler-glib8-0.79.0-150200.3.8.1 * poppler-tools-0.79.0-150200.3.8.1 * poppler-tools-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-0.79.0-150200.3.8.1 * libpoppler-glib-devel-0.79.0-150200.3.8.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.8.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.8.1 * libpoppler89-debuginfo-0.79.0-150200.3.8.1 * libpoppler-devel-0.79.0-150200.3.8.1 * libpoppler89-0.79.0-150200.3.8.1 * poppler-debugsource-0.79.0-150200.3.8.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libpoppler-glib8-0.79.0-150200.3.8.1 * poppler-tools-0.79.0-150200.3.8.1 * poppler-tools-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-0.79.0-150200.3.8.1 * libpoppler-glib-devel-0.79.0-150200.3.8.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.8.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.8.1 * libpoppler89-debuginfo-0.79.0-150200.3.8.1 * libpoppler-devel-0.79.0-150200.3.8.1 * libpoppler89-0.79.0-150200.3.8.1 * poppler-debugsource-0.79.0-150200.3.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libpoppler-glib8-0.79.0-150200.3.8.1 * poppler-tools-0.79.0-150200.3.8.1 * poppler-tools-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-0.79.0-150200.3.8.1 * libpoppler-glib-devel-0.79.0-150200.3.8.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.8.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.8.1 * libpoppler89-debuginfo-0.79.0-150200.3.8.1 * libpoppler-devel-0.79.0-150200.3.8.1 * libpoppler89-0.79.0-150200.3.8.1 * poppler-debugsource-0.79.0-150200.3.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libpoppler-glib8-0.79.0-150200.3.8.1 * poppler-tools-0.79.0-150200.3.8.1 * poppler-tools-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-0.79.0-150200.3.8.1 * libpoppler-glib-devel-0.79.0-150200.3.8.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.8.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.8.1 * libpoppler89-debuginfo-0.79.0-150200.3.8.1 * libpoppler-devel-0.79.0-150200.3.8.1 * libpoppler89-0.79.0-150200.3.8.1 * poppler-debugsource-0.79.0-150200.3.8.1 * SUSE Manager Proxy 4.2 (x86_64) * libpoppler-glib8-0.79.0-150200.3.8.1 * poppler-tools-0.79.0-150200.3.8.1 * poppler-tools-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-0.79.0-150200.3.8.1 * libpoppler-glib-devel-0.79.0-150200.3.8.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.8.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.8.1 * libpoppler89-debuginfo-0.79.0-150200.3.8.1 * libpoppler-devel-0.79.0-150200.3.8.1 * libpoppler89-0.79.0-150200.3.8.1 * poppler-debugsource-0.79.0-150200.3.8.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libpoppler-glib8-0.79.0-150200.3.8.1 * poppler-tools-0.79.0-150200.3.8.1 * poppler-tools-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-0.79.0-150200.3.8.1 * libpoppler-glib-devel-0.79.0-150200.3.8.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.8.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.8.1 * libpoppler89-debuginfo-0.79.0-150200.3.8.1 * libpoppler-devel-0.79.0-150200.3.8.1 * libpoppler89-0.79.0-150200.3.8.1 * poppler-debugsource-0.79.0-150200.3.8.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libpoppler-glib8-0.79.0-150200.3.8.1 * poppler-tools-0.79.0-150200.3.8.1 * poppler-tools-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-0.79.0-150200.3.8.1 * libpoppler-glib-devel-0.79.0-150200.3.8.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.8.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.8.1 * libpoppler89-debuginfo-0.79.0-150200.3.8.1 * libpoppler-devel-0.79.0-150200.3.8.1 * libpoppler89-0.79.0-150200.3.8.1 * poppler-debugsource-0.79.0-150200.3.8.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libpoppler-glib8-0.79.0-150200.3.8.1 * poppler-tools-0.79.0-150200.3.8.1 * poppler-tools-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-0.79.0-150200.3.8.1 * libpoppler-glib-devel-0.79.0-150200.3.8.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.8.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.8.1 * libpoppler89-debuginfo-0.79.0-150200.3.8.1 * libpoppler-devel-0.79.0-150200.3.8.1 * libpoppler89-0.79.0-150200.3.8.1 * poppler-debugsource-0.79.0-150200.3.8.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libpoppler-glib8-0.79.0-150200.3.8.1 * poppler-tools-0.79.0-150200.3.8.1 * poppler-tools-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.8.1 * libpoppler-cpp0-0.79.0-150200.3.8.1 * libpoppler-glib-devel-0.79.0-150200.3.8.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.8.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.8.1 * libpoppler89-debuginfo-0.79.0-150200.3.8.1 * libpoppler-devel-0.79.0-150200.3.8.1 * libpoppler89-0.79.0-150200.3.8.1 * poppler-debugsource-0.79.0-150200.3.8.1 ## References: * https://www.suse.com/security/cve/CVE-2022-38784.html * https://bugzilla.suse.com/show_bug.cgi?id=1181551 * https://bugzilla.suse.com/show_bug.cgi?id=1202692 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 16:30:08 -0000 Subject: SUSE-RU-2023:0676-1: moderate: Recommended update for libxml2 Message-ID: <167829300890.10447.9829043626444117860@smelt2.suse.de> # Recommended update for libxml2 Announcement ID: SUSE-RU-2023:0676-1 Rating: moderate References: * #1204585 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 An update that has one recommended fix can now be installed. ## Description: This update for libxml2 fixes the following issues: * Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-676=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-676=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-676=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-676=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-676=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python3-libxml2-python-debuginfo-2.9.7-150000.3.54.1 * python3-libxml2-python-2.9.7-150000.3.54.1 * python-libxml2-python-debugsource-2.9.7-150000.3.54.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * python3-libxml2-python-debuginfo-2.9.7-150000.3.54.1 * libxml2-debugsource-2.9.7-150000.3.54.1 * libxml2-2-2.9.7-150000.3.54.1 * libxml2-tools-debuginfo-2.9.7-150000.3.54.1 * python-libxml2-python-debugsource-2.9.7-150000.3.54.1 * libxml2-2-32bit-debuginfo-2.9.7-150000.3.54.1 * libxml2-2-32bit-2.9.7-150000.3.54.1 * python3-libxml2-python-2.9.7-150000.3.54.1 * libxml2-2-debuginfo-2.9.7-150000.3.54.1 * libxml2-devel-2.9.7-150000.3.54.1 * libxml2-tools-2.9.7-150000.3.54.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libxml2-debugsource-2.9.7-150000.3.54.1 * libxml2-2-2.9.7-150000.3.54.1 * libxml2-tools-debuginfo-2.9.7-150000.3.54.1 * libxml2-2-debuginfo-2.9.7-150000.3.54.1 * libxml2-tools-2.9.7-150000.3.54.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * python3-libxml2-python-debuginfo-2.9.7-150000.3.54.1 * libxml2-debugsource-2.9.7-150000.3.54.1 * libxml2-2-2.9.7-150000.3.54.1 * libxml2-tools-debuginfo-2.9.7-150000.3.54.1 * python-libxml2-python-debugsource-2.9.7-150000.3.54.1 * python3-libxml2-python-2.9.7-150000.3.54.1 * libxml2-2-debuginfo-2.9.7-150000.3.54.1 * libxml2-tools-2.9.7-150000.3.54.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * python3-libxml2-python-debuginfo-2.9.7-150000.3.54.1 * libxml2-debugsource-2.9.7-150000.3.54.1 * libxml2-2-2.9.7-150000.3.54.1 * libxml2-tools-debuginfo-2.9.7-150000.3.54.1 * python-libxml2-python-debugsource-2.9.7-150000.3.54.1 * python3-libxml2-python-2.9.7-150000.3.54.1 * libxml2-2-debuginfo-2.9.7-150000.3.54.1 * libxml2-tools-2.9.7-150000.3.54.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1204585 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 16:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 16:30:11 -0000 Subject: SUSE-SU-2023:0675-1: important: Security update for emacs Message-ID: <167829301128.10447.4920609016710637871@smelt2.suse.de> # Security update for emacs Announcement ID: SUSE-SU-2023:0675-1 Rating: important References: * #1208512 * #1208515 Cross-References: * CVE-2022-48337 * CVE-2022-48339 CVSS scores: * CVE-2022-48337 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48337 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48339 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2022-48339 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for emacs fixes the following issues: * CVE-2022-48337: Fixed etags local command injection vulnerability (bsc#1208515). * CVE-2022-48339: Fixed htmlfontify.el command injection vulnerability (bsc#1208512). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-675=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-675=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-675=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-675=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-675=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-675=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-675=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-675=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-675=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-675=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-675=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-675=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-675=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-675=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-675=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-675=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * emacs-debuginfo-25.3-150000.3.15.1 * emacs-x11-debuginfo-25.3-150000.3.15.1 * etags-25.3-150000.3.15.1 * emacs-nox-25.3-150000.3.15.1 * emacs-25.3-150000.3.15.1 * emacs-nox-debuginfo-25.3-150000.3.15.1 * etags-debuginfo-25.3-150000.3.15.1 * emacs-debugsource-25.3-150000.3.15.1 * emacs-x11-25.3-150000.3.15.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * emacs-el-25.3-150000.3.15.1 * emacs-info-25.3-150000.3.15.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * emacs-debuginfo-25.3-150000.3.15.1 * emacs-x11-debuginfo-25.3-150000.3.15.1 * etags-25.3-150000.3.15.1 * emacs-nox-25.3-150000.3.15.1 * emacs-25.3-150000.3.15.1 * emacs-nox-debuginfo-25.3-150000.3.15.1 * etags-debuginfo-25.3-150000.3.15.1 * emacs-debugsource-25.3-150000.3.15.1 * emacs-x11-25.3-150000.3.15.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * emacs-el-25.3-150000.3.15.1 * emacs-info-25.3-150000.3.15.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * emacs-debuginfo-25.3-150000.3.15.1 * emacs-x11-debuginfo-25.3-150000.3.15.1 * etags-25.3-150000.3.15.1 * emacs-nox-25.3-150000.3.15.1 * emacs-25.3-150000.3.15.1 * emacs-nox-debuginfo-25.3-150000.3.15.1 * etags-debuginfo-25.3-150000.3.15.1 * emacs-debugsource-25.3-150000.3.15.1 * emacs-x11-25.3-150000.3.15.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * emacs-el-25.3-150000.3.15.1 * emacs-info-25.3-150000.3.15.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * emacs-debuginfo-25.3-150000.3.15.1 * emacs-x11-debuginfo-25.3-150000.3.15.1 * etags-25.3-150000.3.15.1 * emacs-nox-25.3-150000.3.15.1 * emacs-25.3-150000.3.15.1 * emacs-nox-debuginfo-25.3-150000.3.15.1 * etags-debuginfo-25.3-150000.3.15.1 * emacs-debugsource-25.3-150000.3.15.1 * emacs-x11-25.3-150000.3.15.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * emacs-el-25.3-150000.3.15.1 * emacs-info-25.3-150000.3.15.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * emacs-debuginfo-25.3-150000.3.15.1 * emacs-x11-debuginfo-25.3-150000.3.15.1 * etags-25.3-150000.3.15.1 * emacs-nox-25.3-150000.3.15.1 * emacs-25.3-150000.3.15.1 * emacs-nox-debuginfo-25.3-150000.3.15.1 * etags-debuginfo-25.3-150000.3.15.1 * emacs-debugsource-25.3-150000.3.15.1 * emacs-x11-25.3-150000.3.15.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * emacs-el-25.3-150000.3.15.1 * emacs-info-25.3-150000.3.15.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * emacs-debuginfo-25.3-150000.3.15.1 * emacs-x11-debuginfo-25.3-150000.3.15.1 * etags-25.3-150000.3.15.1 * emacs-nox-25.3-150000.3.15.1 * emacs-25.3-150000.3.15.1 * emacs-nox-debuginfo-25.3-150000.3.15.1 * etags-debuginfo-25.3-150000.3.15.1 * emacs-debugsource-25.3-150000.3.15.1 * emacs-x11-25.3-150000.3.15.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * emacs-el-25.3-150000.3.15.1 * emacs-info-25.3-150000.3.15.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * emacs-debuginfo-25.3-150000.3.15.1 * emacs-x11-debuginfo-25.3-150000.3.15.1 * etags-25.3-150000.3.15.1 * emacs-nox-25.3-150000.3.15.1 * emacs-25.3-150000.3.15.1 * emacs-nox-debuginfo-25.3-150000.3.15.1 * etags-debuginfo-25.3-150000.3.15.1 * emacs-debugsource-25.3-150000.3.15.1 * emacs-x11-25.3-150000.3.15.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * emacs-el-25.3-150000.3.15.1 * emacs-info-25.3-150000.3.15.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * emacs-debuginfo-25.3-150000.3.15.1 * emacs-x11-debuginfo-25.3-150000.3.15.1 * etags-25.3-150000.3.15.1 * emacs-nox-25.3-150000.3.15.1 * emacs-25.3-150000.3.15.1 * emacs-nox-debuginfo-25.3-150000.3.15.1 * etags-debuginfo-25.3-150000.3.15.1 * emacs-debugsource-25.3-150000.3.15.1 * emacs-x11-25.3-150000.3.15.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * emacs-el-25.3-150000.3.15.1 * emacs-info-25.3-150000.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * emacs-debuginfo-25.3-150000.3.15.1 * emacs-x11-debuginfo-25.3-150000.3.15.1 * etags-25.3-150000.3.15.1 * emacs-nox-25.3-150000.3.15.1 * emacs-25.3-150000.3.15.1 * emacs-nox-debuginfo-25.3-150000.3.15.1 * etags-debuginfo-25.3-150000.3.15.1 * emacs-debugsource-25.3-150000.3.15.1 * emacs-x11-25.3-150000.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * emacs-el-25.3-150000.3.15.1 * emacs-info-25.3-150000.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * emacs-debuginfo-25.3-150000.3.15.1 * emacs-x11-debuginfo-25.3-150000.3.15.1 * etags-25.3-150000.3.15.1 * emacs-nox-25.3-150000.3.15.1 * emacs-25.3-150000.3.15.1 * emacs-nox-debuginfo-25.3-150000.3.15.1 * etags-debuginfo-25.3-150000.3.15.1 * emacs-debugsource-25.3-150000.3.15.1 * emacs-x11-25.3-150000.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * emacs-el-25.3-150000.3.15.1 * emacs-info-25.3-150000.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * emacs-debuginfo-25.3-150000.3.15.1 * emacs-x11-debuginfo-25.3-150000.3.15.1 * etags-25.3-150000.3.15.1 * emacs-nox-25.3-150000.3.15.1 * emacs-25.3-150000.3.15.1 * emacs-nox-debuginfo-25.3-150000.3.15.1 * etags-debuginfo-25.3-150000.3.15.1 * emacs-debugsource-25.3-150000.3.15.1 * emacs-x11-25.3-150000.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * emacs-el-25.3-150000.3.15.1 * emacs-info-25.3-150000.3.15.1 * SUSE Manager Proxy 4.2 (x86_64) * emacs-debuginfo-25.3-150000.3.15.1 * etags-25.3-150000.3.15.1 * emacs-nox-25.3-150000.3.15.1 * emacs-25.3-150000.3.15.1 * emacs-nox-debuginfo-25.3-150000.3.15.1 * etags-debuginfo-25.3-150000.3.15.1 * emacs-debugsource-25.3-150000.3.15.1 * SUSE Manager Proxy 4.2 (noarch) * emacs-el-25.3-150000.3.15.1 * emacs-info-25.3-150000.3.15.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * emacs-debuginfo-25.3-150000.3.15.1 * etags-25.3-150000.3.15.1 * emacs-nox-25.3-150000.3.15.1 * emacs-25.3-150000.3.15.1 * emacs-nox-debuginfo-25.3-150000.3.15.1 * etags-debuginfo-25.3-150000.3.15.1 * emacs-debugsource-25.3-150000.3.15.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * emacs-el-25.3-150000.3.15.1 * emacs-info-25.3-150000.3.15.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * emacs-debuginfo-25.3-150000.3.15.1 * etags-25.3-150000.3.15.1 * emacs-nox-25.3-150000.3.15.1 * emacs-25.3-150000.3.15.1 * emacs-nox-debuginfo-25.3-150000.3.15.1 * etags-debuginfo-25.3-150000.3.15.1 * emacs-debugsource-25.3-150000.3.15.1 * SUSE Manager Server 4.2 (noarch) * emacs-el-25.3-150000.3.15.1 * emacs-info-25.3-150000.3.15.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * emacs-debuginfo-25.3-150000.3.15.1 * emacs-x11-debuginfo-25.3-150000.3.15.1 * etags-25.3-150000.3.15.1 * emacs-nox-25.3-150000.3.15.1 * emacs-25.3-150000.3.15.1 * emacs-nox-debuginfo-25.3-150000.3.15.1 * etags-debuginfo-25.3-150000.3.15.1 * emacs-debugsource-25.3-150000.3.15.1 * emacs-x11-25.3-150000.3.15.1 * SUSE Enterprise Storage 7.1 (noarch) * emacs-el-25.3-150000.3.15.1 * emacs-info-25.3-150000.3.15.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * emacs-debuginfo-25.3-150000.3.15.1 * emacs-x11-debuginfo-25.3-150000.3.15.1 * etags-25.3-150000.3.15.1 * emacs-nox-25.3-150000.3.15.1 * emacs-25.3-150000.3.15.1 * emacs-nox-debuginfo-25.3-150000.3.15.1 * etags-debuginfo-25.3-150000.3.15.1 * emacs-debugsource-25.3-150000.3.15.1 * emacs-x11-25.3-150000.3.15.1 * SUSE Enterprise Storage 7 (noarch) * emacs-el-25.3-150000.3.15.1 * emacs-info-25.3-150000.3.15.1 * SUSE CaaS Platform 4.0 (x86_64) * emacs-debuginfo-25.3-150000.3.15.1 * emacs-x11-debuginfo-25.3-150000.3.15.1 * etags-25.3-150000.3.15.1 * emacs-nox-25.3-150000.3.15.1 * emacs-25.3-150000.3.15.1 * emacs-nox-debuginfo-25.3-150000.3.15.1 * etags-debuginfo-25.3-150000.3.15.1 * emacs-debugsource-25.3-150000.3.15.1 * emacs-x11-25.3-150000.3.15.1 * SUSE CaaS Platform 4.0 (noarch) * emacs-el-25.3-150000.3.15.1 * emacs-info-25.3-150000.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48337.html * https://www.suse.com/security/cve/CVE-2022-48339.html * https://bugzilla.suse.com/show_bug.cgi?id=1208512 * https://bugzilla.suse.com/show_bug.cgi?id=1208515 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 16:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 16:30:14 -0000 Subject: SUSE-SU-2023:0674-1: important: Security update for nodejs14 Message-ID: <167829301427.10447.9795304095236452823@smelt2.suse.de> # Security update for nodejs14 Announcement ID: SUSE-SU-2023:0674-1 Rating: important References: * #1208481 * #1208487 Cross-References: * CVE-2023-23918 * CVE-2023-23920 CVSS scores: * CVE-2023-23918 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-23918 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23920 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2023-23920 ( NVD ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for nodejs14 fixes the following issues: Update to 14.21.3: * CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule (bsc#1208481). * CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-674=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-674=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-674=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-674=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-674=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-674=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-674=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-674=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-674=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-674=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-674=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nodejs14-debuginfo-14.21.3-150200.15.43.1 * nodejs14-14.21.3-150200.15.43.1 * nodejs14-debugsource-14.21.3-150200.15.43.1 * nodejs14-devel-14.21.3-150200.15.43.1 * npm14-14.21.3-150200.15.43.1 * corepack14-14.21.3-150200.15.43.1 * openSUSE Leap 15.4 (noarch) * nodejs14-docs-14.21.3-150200.15.43.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nodejs14-debuginfo-14.21.3-150200.15.43.1 * nodejs14-14.21.3-150200.15.43.1 * nodejs14-debugsource-14.21.3-150200.15.43.1 * npm14-14.21.3-150200.15.43.1 * nodejs14-devel-14.21.3-150200.15.43.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs14-docs-14.21.3-150200.15.43.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nodejs14-debuginfo-14.21.3-150200.15.43.1 * nodejs14-14.21.3-150200.15.43.1 * nodejs14-debugsource-14.21.3-150200.15.43.1 * npm14-14.21.3-150200.15.43.1 * nodejs14-devel-14.21.3-150200.15.43.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.43.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs14-debuginfo-14.21.3-150200.15.43.1 * nodejs14-14.21.3-150200.15.43.1 * nodejs14-debugsource-14.21.3-150200.15.43.1 * npm14-14.21.3-150200.15.43.1 * nodejs14-devel-14.21.3-150200.15.43.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.43.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * nodejs14-debuginfo-14.21.3-150200.15.43.1 * nodejs14-14.21.3-150200.15.43.1 * nodejs14-debugsource-14.21.3-150200.15.43.1 * npm14-14.21.3-150200.15.43.1 * nodejs14-devel-14.21.3-150200.15.43.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs14-docs-14.21.3-150200.15.43.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs14-debuginfo-14.21.3-150200.15.43.1 * nodejs14-14.21.3-150200.15.43.1 * nodejs14-debugsource-14.21.3-150200.15.43.1 * npm14-14.21.3-150200.15.43.1 * nodejs14-devel-14.21.3-150200.15.43.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * nodejs14-debuginfo-14.21.3-150200.15.43.1 * nodejs14-14.21.3-150200.15.43.1 * nodejs14-debugsource-14.21.3-150200.15.43.1 * npm14-14.21.3-150200.15.43.1 * nodejs14-devel-14.21.3-150200.15.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs14-docs-14.21.3-150200.15.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs14-debuginfo-14.21.3-150200.15.43.1 * nodejs14-14.21.3-150200.15.43.1 * nodejs14-debugsource-14.21.3-150200.15.43.1 * npm14-14.21.3-150200.15.43.1 * nodejs14-devel-14.21.3-150200.15.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.43.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs14-debuginfo-14.21.3-150200.15.43.1 * nodejs14-14.21.3-150200.15.43.1 * nodejs14-debugsource-14.21.3-150200.15.43.1 * npm14-14.21.3-150200.15.43.1 * nodejs14-devel-14.21.3-150200.15.43.1 * SUSE Manager Server 4.2 (noarch) * nodejs14-docs-14.21.3-150200.15.43.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs14-debuginfo-14.21.3-150200.15.43.1 * nodejs14-14.21.3-150200.15.43.1 * nodejs14-debugsource-14.21.3-150200.15.43.1 * npm14-14.21.3-150200.15.43.1 * nodejs14-devel-14.21.3-150200.15.43.1 * SUSE Enterprise Storage 7.1 (noarch) * nodejs14-docs-14.21.3-150200.15.43.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * nodejs14-debuginfo-14.21.3-150200.15.43.1 * nodejs14-14.21.3-150200.15.43.1 * nodejs14-debugsource-14.21.3-150200.15.43.1 * npm14-14.21.3-150200.15.43.1 * nodejs14-devel-14.21.3-150200.15.43.1 * SUSE Enterprise Storage 7 (noarch) * nodejs14-docs-14.21.3-150200.15.43.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23918.html * https://www.suse.com/security/cve/CVE-2023-23920.html * https://bugzilla.suse.com/show_bug.cgi?id=1208481 * https://bugzilla.suse.com/show_bug.cgi?id=1208487 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 16:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 16:30:20 -0000 Subject: SUSE-SU-2023:0673-1: important: Security update for nodejs16 Message-ID: <167829302001.10447.16604307621389728949@smelt2.suse.de> # Security update for nodejs16 Announcement ID: SUSE-SU-2023:0673-1 Rating: important References: * #1205568 * #1208413 * #1208481 * #1208483 * #1208485 * #1208487 Cross-References: * CVE-2023-23918 * CVE-2023-23919 * CVE-2023-23920 * CVE-2023-23936 * CVE-2023-24807 CVSS scores: * CVE-2023-23918 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-23918 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23919 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23919 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23920 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2023-23920 ( NVD ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N * CVE-2023-23936 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-23936 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-24807 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24807 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves five vulnerabilities and has one fix can now be installed. ## Description: This update for nodejs16 fixes the following issues: Update to LTS version 16.19.1: * CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule (bsc#1208481). * CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library (bsc#1208483). * CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487). * CVE-2023-23936: Fixed protection against CRLF injection in host headers inside fetch API (bsc#1208485). * CVE-2023-24807: Fixed possible Regular Expression Denial of Service (ReDoS) via Headers.set() and Headers.append() methods (bsc#1208413). Bug fixes: * Workaround for failing openssl-nodejs test (bsc#1205568). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-673=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-673=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-673=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-673=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-673=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-673=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nodejs16-debugsource-16.19.1-150300.7.18.1 * nodejs16-devel-16.19.1-150300.7.18.1 * nodejs16-16.19.1-150300.7.18.1 * nodejs16-debuginfo-16.19.1-150300.7.18.1 * npm16-16.19.1-150300.7.18.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs16-docs-16.19.1-150300.7.18.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs16-debugsource-16.19.1-150300.7.18.1 * nodejs16-devel-16.19.1-150300.7.18.1 * nodejs16-16.19.1-150300.7.18.1 * nodejs16-debuginfo-16.19.1-150300.7.18.1 * npm16-16.19.1-150300.7.18.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs16-docs-16.19.1-150300.7.18.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs16-debugsource-16.19.1-150300.7.18.1 * nodejs16-devel-16.19.1-150300.7.18.1 * nodejs16-16.19.1-150300.7.18.1 * nodejs16-debuginfo-16.19.1-150300.7.18.1 * npm16-16.19.1-150300.7.18.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs16-docs-16.19.1-150300.7.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs16-debugsource-16.19.1-150300.7.18.1 * nodejs16-devel-16.19.1-150300.7.18.1 * nodejs16-16.19.1-150300.7.18.1 * nodejs16-debuginfo-16.19.1-150300.7.18.1 * npm16-16.19.1-150300.7.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs16-docs-16.19.1-150300.7.18.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs16-debugsource-16.19.1-150300.7.18.1 * nodejs16-devel-16.19.1-150300.7.18.1 * nodejs16-16.19.1-150300.7.18.1 * nodejs16-debuginfo-16.19.1-150300.7.18.1 * npm16-16.19.1-150300.7.18.1 * SUSE Manager Server 4.2 (noarch) * nodejs16-docs-16.19.1-150300.7.18.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs16-debugsource-16.19.1-150300.7.18.1 * nodejs16-devel-16.19.1-150300.7.18.1 * nodejs16-16.19.1-150300.7.18.1 * nodejs16-debuginfo-16.19.1-150300.7.18.1 * npm16-16.19.1-150300.7.18.1 * SUSE Enterprise Storage 7.1 (noarch) * nodejs16-docs-16.19.1-150300.7.18.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23918.html * https://www.suse.com/security/cve/CVE-2023-23919.html * https://www.suse.com/security/cve/CVE-2023-23920.html * https://www.suse.com/security/cve/CVE-2023-23936.html * https://www.suse.com/security/cve/CVE-2023-24807.html * https://bugzilla.suse.com/show_bug.cgi?id=1205568 * https://bugzilla.suse.com/show_bug.cgi?id=1208413 * https://bugzilla.suse.com/show_bug.cgi?id=1208481 * https://bugzilla.suse.com/show_bug.cgi?id=1208483 * https://bugzilla.suse.com/show_bug.cgi?id=1208485 * https://bugzilla.suse.com/show_bug.cgi?id=1208487 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 16:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 16:30:22 -0000 Subject: SUSE-SU-2023:0672-1: important: Security update for xen Message-ID: <167829302240.10447.5964399993661837012@smelt2.suse.de> # Security update for xen Announcement ID: SUSE-SU-2023:0672-1 Rating: important References: * #1205209 Cross-References: * CVE-2022-23824 CVSS scores: * CVE-2022-23824 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-23824 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2022-23824: Fixed multiple speculative execution issues (bnc#1205209). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-672=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-672=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-672=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-672=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 x86_64) * xen-devel-4.12.4_32-3.85.4 * xen-debugsource-4.12.4_32-3.85.4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * xen-libs-debuginfo-4.12.4_32-3.85.4 * xen-doc-html-4.12.4_32-3.85.4 * xen-debugsource-4.12.4_32-3.85.4 * xen-libs-debuginfo-32bit-4.12.4_32-3.85.4 * xen-libs-4.12.4_32-3.85.4 * xen-tools-debuginfo-4.12.4_32-3.85.4 * xen-tools-domU-4.12.4_32-3.85.4 * xen-4.12.4_32-3.85.4 * xen-tools-4.12.4_32-3.85.4 * xen-libs-32bit-4.12.4_32-3.85.4 * xen-tools-domU-debuginfo-4.12.4_32-3.85.4 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * xen-libs-debuginfo-4.12.4_32-3.85.4 * xen-doc-html-4.12.4_32-3.85.4 * xen-debugsource-4.12.4_32-3.85.4 * xen-libs-debuginfo-32bit-4.12.4_32-3.85.4 * xen-libs-4.12.4_32-3.85.4 * xen-tools-debuginfo-4.12.4_32-3.85.4 * xen-tools-domU-4.12.4_32-3.85.4 * xen-4.12.4_32-3.85.4 * xen-tools-4.12.4_32-3.85.4 * xen-libs-32bit-4.12.4_32-3.85.4 * xen-tools-domU-debuginfo-4.12.4_32-3.85.4 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * xen-libs-debuginfo-4.12.4_32-3.85.4 * xen-doc-html-4.12.4_32-3.85.4 * xen-debugsource-4.12.4_32-3.85.4 * xen-libs-debuginfo-32bit-4.12.4_32-3.85.4 * xen-libs-4.12.4_32-3.85.4 * xen-tools-debuginfo-4.12.4_32-3.85.4 * xen-tools-domU-4.12.4_32-3.85.4 * xen-4.12.4_32-3.85.4 * xen-tools-4.12.4_32-3.85.4 * xen-libs-32bit-4.12.4_32-3.85.4 * xen-tools-domU-debuginfo-4.12.4_32-3.85.4 ## References: * https://www.suse.com/security/cve/CVE-2022-23824.html * https://bugzilla.suse.com/show_bug.cgi?id=1205209 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 20:30:02 -0000 Subject: SUSE-SU-2023:0682-1: important: Security update for nodejs12 Message-ID: <167830740252.9363.14617212507119740809@smelt2.suse.de> # Security update for nodejs12 Announcement ID: SUSE-SU-2023:0682-1 Rating: important References: * #1208487 Cross-References: * CVE-2023-23920 CVSS scores: * CVE-2023-23920 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2023-23920 ( NVD ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for nodejs12 fixes the following issues: * CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-682=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-682=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-682=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-682=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-682=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-682=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-682=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-682=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-682=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-682=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-682=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * npm12-12.22.12-150200.4.44.1 * nodejs12-devel-12.22.12-150200.4.44.1 * nodejs12-12.22.12-150200.4.44.1 * nodejs12-debuginfo-12.22.12-150200.4.44.1 * nodejs12-debugsource-12.22.12-150200.4.44.1 * openSUSE Leap 15.4 (noarch) * nodejs12-docs-12.22.12-150200.4.44.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * npm12-12.22.12-150200.4.44.1 * nodejs12-devel-12.22.12-150200.4.44.1 * nodejs12-12.22.12-150200.4.44.1 * nodejs12-debuginfo-12.22.12-150200.4.44.1 * nodejs12-debugsource-12.22.12-150200.4.44.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.44.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * npm12-12.22.12-150200.4.44.1 * nodejs12-devel-12.22.12-150200.4.44.1 * nodejs12-12.22.12-150200.4.44.1 * nodejs12-debuginfo-12.22.12-150200.4.44.1 * nodejs12-debugsource-12.22.12-150200.4.44.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.44.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * npm12-12.22.12-150200.4.44.1 * nodejs12-devel-12.22.12-150200.4.44.1 * nodejs12-12.22.12-150200.4.44.1 * nodejs12-debuginfo-12.22.12-150200.4.44.1 * nodejs12-debugsource-12.22.12-150200.4.44.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.44.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * npm12-12.22.12-150200.4.44.1 * nodejs12-devel-12.22.12-150200.4.44.1 * nodejs12-12.22.12-150200.4.44.1 * nodejs12-debuginfo-12.22.12-150200.4.44.1 * nodejs12-debugsource-12.22.12-150200.4.44.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.44.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * npm12-12.22.12-150200.4.44.1 * nodejs12-devel-12.22.12-150200.4.44.1 * nodejs12-12.22.12-150200.4.44.1 * nodejs12-debuginfo-12.22.12-150200.4.44.1 * nodejs12-debugsource-12.22.12-150200.4.44.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.44.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * npm12-12.22.12-150200.4.44.1 * nodejs12-devel-12.22.12-150200.4.44.1 * nodejs12-12.22.12-150200.4.44.1 * nodejs12-debuginfo-12.22.12-150200.4.44.1 * nodejs12-debugsource-12.22.12-150200.4.44.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.44.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * npm12-12.22.12-150200.4.44.1 * nodejs12-devel-12.22.12-150200.4.44.1 * nodejs12-12.22.12-150200.4.44.1 * nodejs12-debuginfo-12.22.12-150200.4.44.1 * nodejs12-debugsource-12.22.12-150200.4.44.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.44.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * npm12-12.22.12-150200.4.44.1 * nodejs12-devel-12.22.12-150200.4.44.1 * nodejs12-12.22.12-150200.4.44.1 * nodejs12-debuginfo-12.22.12-150200.4.44.1 * nodejs12-debugsource-12.22.12-150200.4.44.1 * SUSE Manager Server 4.2 (noarch) * nodejs12-docs-12.22.12-150200.4.44.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * npm12-12.22.12-150200.4.44.1 * nodejs12-devel-12.22.12-150200.4.44.1 * nodejs12-12.22.12-150200.4.44.1 * nodejs12-debuginfo-12.22.12-150200.4.44.1 * nodejs12-debugsource-12.22.12-150200.4.44.1 * SUSE Enterprise Storage 7.1 (noarch) * nodejs12-docs-12.22.12-150200.4.44.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * npm12-12.22.12-150200.4.44.1 * nodejs12-devel-12.22.12-150200.4.44.1 * nodejs12-12.22.12-150200.4.44.1 * nodejs12-debuginfo-12.22.12-150200.4.44.1 * nodejs12-debugsource-12.22.12-150200.4.44.1 * SUSE Enterprise Storage 7 (noarch) * nodejs12-docs-12.22.12-150200.4.44.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23920.html * https://bugzilla.suse.com/show_bug.cgi?id=1208487 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 20:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 20:30:05 -0000 Subject: SUSE-SU-2023:0681-1: moderate: Security update for python-py Message-ID: <167830740541.9363.12878767704536286463@smelt2.suse.de> # Security update for python-py Announcement ID: SUSE-SU-2023:0681-1 Rating: moderate References: * #1204364 * #1208181 Cross-References: * CVE-2022-42969 CVSS scores: * CVE-2022-42969 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-42969 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for python-py fixes the following issues: Bugfixes: * Fixed bugs introduced with the fix for CVE-2022-42969 (bsc#1204364, bsc#1208181). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-681=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-681=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-681=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-681=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-681=1 ## Package List: * Public Cloud Module 12 (noarch) * python3-py-1.8.1-11.18.1 * python-py-1.8.1-11.18.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * python3-py-1.8.1-11.18.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * python3-py-1.8.1-11.18.1 * python-py-1.8.1-11.18.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * python3-py-1.8.1-11.18.1 * python-py-1.8.1-11.18.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * python3-py-1.8.1-11.18.1 * python-py-1.8.1-11.18.1 ## References: * https://www.suse.com/security/cve/CVE-2022-42969.html * https://bugzilla.suse.com/show_bug.cgi?id=1204364 * https://bugzilla.suse.com/show_bug.cgi?id=1208181 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 8 20:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Mar 2023 20:30:07 -0000 Subject: SUSE-SU-2023:0680-1: important: Security update for libxslt Message-ID: <167830740774.9363.13627863816897051486@smelt2.suse.de> # Security update for libxslt Announcement ID: SUSE-SU-2023:0680-1 Rating: important References: * #1208574 Cross-References: * CVE-2021-30560 CVSS scores: * CVE-2021-30560 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2021-30560 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for libxslt fixes the following issues: * CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-680=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-680=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-680=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-680=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-680=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-680=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-680=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-680=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-680=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-680=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-680=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-680=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-680=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-680=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-680=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-680=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-680=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-680=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-680=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-680=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libxslt-python-debugsource-1.1.32-150000.3.14.1 * libxslt-python-debuginfo-1.1.32-150000.3.14.1 * libxslt-python-1.1.32-150000.3.14.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libxslt-tools-debuginfo-1.1.32-150000.3.14.1 * libxslt-debugsource-1.1.32-150000.3.14.1 * libxslt-tools-1.1.32-150000.3.14.1 * libxslt1-1.1.32-150000.3.14.1 * libxslt-devel-1.1.32-150000.3.14.1 * libxslt1-debuginfo-1.1.32-150000.3.14.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libxslt-tools-debuginfo-1.1.32-150000.3.14.1 * libxslt-debugsource-1.1.32-150000.3.14.1 * libxslt-tools-1.1.32-150000.3.14.1 * libxslt1-1.1.32-150000.3.14.1 * libxslt-devel-1.1.32-150000.3.14.1 * libxslt1-debuginfo-1.1.32-150000.3.14.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libxslt-tools-debuginfo-1.1.32-150000.3.14.1 * libxslt-debugsource-1.1.32-150000.3.14.1 * libxslt-tools-1.1.32-150000.3.14.1 * libxslt1-1.1.32-150000.3.14.1 * libxslt-devel-1.1.32-150000.3.14.1 * libxslt1-debuginfo-1.1.32-150000.3.14.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libxslt-tools-debuginfo-1.1.32-150000.3.14.1 * libxslt-debugsource-1.1.32-150000.3.14.1 * libxslt-tools-1.1.32-150000.3.14.1 * libxslt1-1.1.32-150000.3.14.1 * libxslt-devel-1.1.32-150000.3.14.1 * libxslt1-debuginfo-1.1.32-150000.3.14.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libxslt-tools-debuginfo-1.1.32-150000.3.14.1 * libxslt-debugsource-1.1.32-150000.3.14.1 * libxslt-tools-1.1.32-150000.3.14.1 * libxslt1-1.1.32-150000.3.14.1 * libxslt-devel-1.1.32-150000.3.14.1 * libxslt1-debuginfo-1.1.32-150000.3.14.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libxslt-tools-debuginfo-1.1.32-150000.3.14.1 * libxslt-debugsource-1.1.32-150000.3.14.1 * libxslt-tools-1.1.32-150000.3.14.1 * libxslt1-1.1.32-150000.3.14.1 * libxslt-devel-1.1.32-150000.3.14.1 * libxslt1-debuginfo-1.1.32-150000.3.14.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libxslt-tools-debuginfo-1.1.32-150000.3.14.1 * libxslt-debugsource-1.1.32-150000.3.14.1 * libxslt-tools-1.1.32-150000.3.14.1 * libxslt1-1.1.32-150000.3.14.1 * libxslt-devel-1.1.32-150000.3.14.1 * libxslt1-debuginfo-1.1.32-150000.3.14.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libxslt-tools-debuginfo-1.1.32-150000.3.14.1 * libxslt-debugsource-1.1.32-150000.3.14.1 * libxslt-tools-1.1.32-150000.3.14.1 * libxslt1-1.1.32-150000.3.14.1 * libxslt-devel-1.1.32-150000.3.14.1 * libxslt1-debuginfo-1.1.32-150000.3.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libxslt-tools-debuginfo-1.1.32-150000.3.14.1 * libxslt-debugsource-1.1.32-150000.3.14.1 * libxslt-tools-1.1.32-150000.3.14.1 * libxslt1-1.1.32-150000.3.14.1 * libxslt-devel-1.1.32-150000.3.14.1 * libxslt1-debuginfo-1.1.32-150000.3.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libxslt-tools-debuginfo-1.1.32-150000.3.14.1 * libxslt-debugsource-1.1.32-150000.3.14.1 * libxslt-tools-1.1.32-150000.3.14.1 * libxslt1-1.1.32-150000.3.14.1 * libxslt-devel-1.1.32-150000.3.14.1 * libxslt1-debuginfo-1.1.32-150000.3.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libxslt-tools-debuginfo-1.1.32-150000.3.14.1 * libxslt-debugsource-1.1.32-150000.3.14.1 * libxslt-tools-1.1.32-150000.3.14.1 * libxslt1-1.1.32-150000.3.14.1 * libxslt-devel-1.1.32-150000.3.14.1 * libxslt1-debuginfo-1.1.32-150000.3.14.1 * SUSE Manager Proxy 4.2 (x86_64) * libxslt-tools-debuginfo-1.1.32-150000.3.14.1 * libxslt-debugsource-1.1.32-150000.3.14.1 * libxslt-tools-1.1.32-150000.3.14.1 * libxslt1-1.1.32-150000.3.14.1 * libxslt-devel-1.1.32-150000.3.14.1 * libxslt1-debuginfo-1.1.32-150000.3.14.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libxslt-tools-debuginfo-1.1.32-150000.3.14.1 * libxslt-debugsource-1.1.32-150000.3.14.1 * libxslt-tools-1.1.32-150000.3.14.1 * libxslt1-1.1.32-150000.3.14.1 * libxslt-devel-1.1.32-150000.3.14.1 * libxslt1-debuginfo-1.1.32-150000.3.14.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libxslt-tools-debuginfo-1.1.32-150000.3.14.1 * libxslt-debugsource-1.1.32-150000.3.14.1 * libxslt-tools-1.1.32-150000.3.14.1 * libxslt1-1.1.32-150000.3.14.1 * libxslt-devel-1.1.32-150000.3.14.1 * libxslt1-debuginfo-1.1.32-150000.3.14.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libxslt-tools-debuginfo-1.1.32-150000.3.14.1 * libxslt-debugsource-1.1.32-150000.3.14.1 * libxslt-tools-1.1.32-150000.3.14.1 * libxslt1-1.1.32-150000.3.14.1 * libxslt-devel-1.1.32-150000.3.14.1 * libxslt1-debuginfo-1.1.32-150000.3.14.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libxslt-tools-debuginfo-1.1.32-150000.3.14.1 * libxslt-debugsource-1.1.32-150000.3.14.1 * libxslt-tools-1.1.32-150000.3.14.1 * libxslt1-1.1.32-150000.3.14.1 * libxslt-devel-1.1.32-150000.3.14.1 * libxslt1-debuginfo-1.1.32-150000.3.14.1 * SUSE CaaS Platform 4.0 (x86_64) * libxslt-tools-debuginfo-1.1.32-150000.3.14.1 * libxslt-debugsource-1.1.32-150000.3.14.1 * libxslt-tools-1.1.32-150000.3.14.1 * libxslt1-1.1.32-150000.3.14.1 * libxslt-devel-1.1.32-150000.3.14.1 * libxslt1-debuginfo-1.1.32-150000.3.14.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libxslt1-debuginfo-1.1.32-150000.3.14.1 * libxslt1-1.1.32-150000.3.14.1 * libxslt-debugsource-1.1.32-150000.3.14.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libxslt1-debuginfo-1.1.32-150000.3.14.1 * libxslt1-1.1.32-150000.3.14.1 * libxslt-debugsource-1.1.32-150000.3.14.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libxslt1-debuginfo-1.1.32-150000.3.14.1 * libxslt1-1.1.32-150000.3.14.1 * libxslt-debugsource-1.1.32-150000.3.14.1 ## References: * https://www.suse.com/security/cve/CVE-2021-30560.html * https://bugzilla.suse.com/show_bug.cgi?id=1208574 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 9 08:07:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Mar 2023 09:07:10 +0100 (CET) Subject: SUSE-CU-2023:592-1: Security update of bci/nodejs Message-ID: <20230309080710.3B582F479@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:592-1 Container Tags : bci/node:14 , bci/node:14-36.46 , bci/nodejs:14 , bci/nodejs:14-36.46 Container Release : 36.46 Severity : important Type : security References : 1208481 1208487 CVE-2023-23918 CVE-2023-23920 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:674-1 Released: Wed Mar 8 14:29:04 2023 Summary: Security update for nodejs14 Type: security Severity: important References: 1208481,1208487,CVE-2023-23918,CVE-2023-23920 This update for nodejs14 fixes the following issues: Update to 14.21.3: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule (bsc#1208481). - CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487). The following package changes have been done: - nodejs14-14.21.3-150200.15.43.1 updated - npm14-14.21.3-150200.15.43.1 updated From sle-updates at lists.suse.com Thu Mar 9 08:08:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Mar 2023 09:08:28 +0100 (CET) Subject: SUSE-CU-2023:594-1: Security update of bci/openjdk Message-ID: <20230309080828.1C1E4F479@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:594-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-34.46 Container Release : 34.46 Severity : moderate Type : security References : 1204425 1208881 CVE-2022-3555 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:668-1 Released: Wed Mar 8 11:17:33 2023 Summary: Security update for libX11 Type: security Severity: moderate References: 1204425,1208881,CVE-2022-3555 This update for libX11 fixes the following issues: - Fixed a regression introduced with security update for CVE-2022-3555 (bsc#1204425, bsc#1208881) The following package changes have been done: - libX11-data-1.6.5-150000.3.27.1 updated - libX11-6-1.6.5-150000.3.27.1 updated From sle-updates at lists.suse.com Thu Mar 9 08:08:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Mar 2023 09:08:42 +0100 (CET) Subject: SUSE-CU-2023:595-1: Security update of bci/openjdk Message-ID: <20230309080842.DE389F479@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:595-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.31 , bci/openjdk:latest Container Release : 12.31 Severity : moderate Type : security References : 1204425 1208881 CVE-2022-3555 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:668-1 Released: Wed Mar 8 11:17:33 2023 Summary: Security update for libX11 Type: security Severity: moderate References: 1204425,1208881,CVE-2022-3555 This update for libX11 fixes the following issues: - Fixed a regression introduced with security update for CVE-2022-3555 (bsc#1204425, bsc#1208881) The following package changes have been done: - libX11-data-1.6.5-150000.3.27.1 updated - libX11-6-1.6.5-150000.3.27.1 updated From sle-updates at lists.suse.com Thu Mar 9 08:08:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Mar 2023 09:08:57 +0100 (CET) Subject: SUSE-CU-2023:597-1: Security update of bci/bci-init Message-ID: <20230309080857.29089F479@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:597-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.3.40 Container Release : 3.40 Severity : important Type : security References : 1029961 1120610 1120610 1130496 1130496 1181131 1181131 1184124 1200657 1200657 1202436 1202436 1202436 1203600 1207753 CVE-2018-20482 CVE-2018-20482 CVE-2019-9923 CVE-2019-9923 CVE-2021-20193 CVE-2021-20193 CVE-2022-48303 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:926-1 Released: Wed Apr 10 16:33:12 2019 Summary: Security update for tar Type: security Severity: moderate References: 1120610,1130496,CVE-2018-20482,CVE-2019-9923 This update for tar fixes the following issues: Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:974-1 Released: Mon Mar 29 19:31:27 2021 Summary: Security update for tar Type: security Severity: low References: 1181131,CVE-2021-20193 This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2193-1 Released: Mon Jun 28 18:38:43 2021 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1184124 This update for tar fixes the following issues: - Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1548-1 Released: Thu May 5 16:45:28 2022 Summary: Security update for tar Type: security Severity: moderate References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2735-1 Released: Wed Aug 10 04:31:41 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657 This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2844-1 Released: Thu Aug 18 14:41:25 2022 Summary: Recommended update for tar Type: recommended Severity: important References: 1202436 This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4312-1 Released: Fri Dec 2 11:16:47 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657,1203600 This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:179-1 Released: Thu Jan 26 21:54:30 2023 Summary: Recommended update for tar Type: recommended Severity: low References: 1202436 This update for tar fixes the following issue: - Fix hang when unpacking test tarball (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). The following package changes have been done: - libgcrypt20-1.9.4-150500.10.11 updated - libgcrypt20-hmac-1.9.4-150500.10.11 updated - libopenssl1_1-1.1.1l-150500.13.2 updated - libopenssl1_1-hmac-1.1.1l-150500.13.2 updated - sles-release-15.5-150500.33.2 updated - tar-1.34-150000.3.31.1 added - container:sles15-image-15.0.0-34.2.4 updated From sle-updates at lists.suse.com Thu Mar 9 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Mar 2023 08:30:02 -0000 Subject: SUSE-SU-2023:0088-2: moderate: Security update for python-wheel Message-ID: <167835060280.11600.11278446322855907914@smelt2.suse.de> # Security update for python-wheel Announcement ID: SUSE-SU-2023:0088-2 Rating: moderate References: * #1206670 Cross-References: * CVE-2022-40898 CVSS scores: * CVE-2022-40898 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-40898 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 6 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for python-wheel fixes the following issues: * CVE-2022-40898: Fixed an excessive use of CPU that could be triggered via a crafted regular expression (bsc#1206670). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-88=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-88=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-88=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-88=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-88=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-88=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-88=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-88=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-88=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-88=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-88=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-88=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-88=1 * SUSE Enterprise Storage 6 zypper in -t patch SUSE-Storage-6-2023-88=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-88=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-88=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * python3-wheel-0.32.3-150100.6.5.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * python3-wheel-0.32.3-150100.6.5.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * python3-wheel-0.32.3-150100.6.5.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * python3-wheel-0.32.3-150100.6.5.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * python3-wheel-0.32.3-150100.6.5.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * python3-wheel-0.32.3-150100.6.5.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * python3-wheel-0.32.3-150100.6.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * python3-wheel-0.32.3-150100.6.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * python3-wheel-0.32.3-150100.6.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * python3-wheel-0.32.3-150100.6.5.1 * SUSE Manager Proxy 4.2 (noarch) * python3-wheel-0.32.3-150100.6.5.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * python3-wheel-0.32.3-150100.6.5.1 * SUSE Manager Server 4.2 (noarch) * python3-wheel-0.32.3-150100.6.5.1 * SUSE Enterprise Storage 6 (noarch) * python3-wheel-0.32.3-150100.6.5.1 * SUSE Enterprise Storage 7.1 (noarch) * python3-wheel-0.32.3-150100.6.5.1 * SUSE Enterprise Storage 7 (noarch) * python3-wheel-0.32.3-150100.6.5.1 * SUSE CaaS Platform 4.0 (noarch) * python3-wheel-0.32.3-150100.6.5.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40898.html * https://bugzilla.suse.com/show_bug.cgi?id=1206670 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 9 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Mar 2023 12:30:07 -0000 Subject: SUSE-SU-2023:0684-1: important: Security update for openssl Message-ID: <167836500781.17358.6092233667936625324@smelt2.suse.de> # Security update for openssl Announcement ID: SUSE-SU-2023:0684-1 Rating: important References: * #1201627 * #1202062 * #1207533 * #1207534 * #1207536 Cross-References: * CVE-2022-4304 * CVE-2023-0215 * CVE-2023-0286 CVSS scores: * CVE-2022-4304 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-4304 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0215 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0215 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0286 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2023-0286 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that solves three vulnerabilities and has two fixes can now be installed. ## Description: This update for openssl fixes the following issues: * CVE-2023-0286: Fixed X.400 address type confusion in X.509 GeneralNameFixed (bsc#1207533). * CVE-2023-0215: Fixed a use-after-free following BIO_new_NDEF (bsc#1207536). * CVE-2022-4304: Fixed a timing oracle in RSA decryption (bsc#1207534). The following non-security bug were fixed: * Fix DH key generation in FIPS mode, add support for constant BN for DH parameters (bsc#1202062). * Update further expiring certificates that affect tests (bsc#1201627). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-684=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libopenssl1_0_0-32bit-1.0.2j-60.86.1 * openssl-1.0.2j-60.86.1 * openssl-debugsource-1.0.2j-60.86.1 * libopenssl-devel-1.0.2j-60.86.1 * libopenssl1_0_0-hmac-32bit-1.0.2j-60.86.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.86.1 * libopenssl1_0_0-1.0.2j-60.86.1 * openssl-debuginfo-1.0.2j-60.86.1 * libopenssl1_0_0-hmac-1.0.2j-60.86.1 * libopenssl1_0_0-debuginfo-1.0.2j-60.86.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * openssl-doc-1.0.2j-60.86.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4304.html * https://www.suse.com/security/cve/CVE-2023-0215.html * https://www.suse.com/security/cve/CVE-2023-0286.html * https://bugzilla.suse.com/show_bug.cgi?id=1201627 * https://bugzilla.suse.com/show_bug.cgi?id=1202062 * https://bugzilla.suse.com/show_bug.cgi?id=1207533 * https://bugzilla.suse.com/show_bug.cgi?id=1207534 * https://bugzilla.suse.com/show_bug.cgi?id=1207536 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 9 12:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Mar 2023 12:30:10 -0000 Subject: SUSE-SU-2023:0683-1: important: Security update for xorg-x11-server Message-ID: <167836501044.17358.1040912606266485474@smelt2.suse.de> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2023:0683-1 Rating: important References: * #1205874 Cross-References: * CVE-2022-46340 CVSS scores: * CVE-2022-46340 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2022-46340 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * Fixed a regression introduced with security update for CVE-2022-46340 (bsc#1205874). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-683=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-683=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-683=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-683=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-683=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-683=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-683=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-683=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-683=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-683=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-683=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-683=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-683=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-683=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-683=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-wayland-1.20.3-150200.22.5.69.1 * xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.69.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * xorg-x11-server-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-1.20.3-150200.22.5.69.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.69.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * xorg-x11-server-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-1.20.3-150200.22.5.69.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.69.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * xorg-x11-server-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-1.20.3-150200.22.5.69.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.69.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * xorg-x11-server-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-1.20.3-150200.22.5.69.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.69.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-1.20.3-150200.22.5.69.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.69.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-1.20.3-150200.22.5.69.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.69.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * xorg-x11-server-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-1.20.3-150200.22.5.69.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.69.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * xorg-x11-server-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-1.20.3-150200.22.5.69.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.69.1 * SUSE Manager Proxy 4.2 (x86_64) * xorg-x11-server-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-1.20.3-150200.22.5.69.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.69.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * xorg-x11-server-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-1.20.3-150200.22.5.69.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.69.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * xorg-x11-server-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-1.20.3-150200.22.5.69.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.69.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * xorg-x11-server-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-wayland-1.20.3-150200.22.5.69.1 * xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.69.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * xorg-x11-server-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-1.20.3-150200.22.5.69.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.69.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * xorg-x11-server-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.69.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.69.1 * xorg-x11-server-extra-1.20.3-150200.22.5.69.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.69.1 ## References: * https://www.suse.com/security/cve/CVE-2022-46340.html * https://bugzilla.suse.com/show_bug.cgi?id=1205874 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 9 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Mar 2023 16:30:05 -0000 Subject: SUSE-SU-2023:0692-1: moderate: Security update for xen Message-ID: <167837940573.15505.13593313534377510166@smelt2.suse.de> # Security update for xen Announcement ID: SUSE-SU-2023:0692-1 Rating: moderate References: * #1027519 * #1205792 * #1208286 Cross-References: * CVE-2022-27672 CVSS scores: * CVE-2022-27672 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has two fixes can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2022-27672: Fixed speculative execution vulnerability due to RAS being dynamically partitioned between non-idle threads (bsc#1208286). Bugfixes: * Fixed launch-xenstore error (bsc#1205792) * Fixed issues in VMX (bsc#1027519). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-692=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-692=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-692=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-692=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-692=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-692=1 ## Package List: * openSUSE Leap Micro 5.3 (x86_64) * xen-libs-debuginfo-4.16.3_04-150400.4.22.1 * xen-debugsource-4.16.3_04-150400.4.22.1 * xen-libs-4.16.3_04-150400.4.22.1 * openSUSE Leap 15.4 (aarch64 x86_64) * xen-tools-domU-debuginfo-4.16.3_04-150400.4.22.1 * xen-libs-4.16.3_04-150400.4.22.1 * xen-4.16.3_04-150400.4.22.1 * xen-tools-4.16.3_04-150400.4.22.1 * xen-tools-debuginfo-4.16.3_04-150400.4.22.1 * xen-debugsource-4.16.3_04-150400.4.22.1 * xen-devel-4.16.3_04-150400.4.22.1 * xen-tools-domU-4.16.3_04-150400.4.22.1 * xen-libs-debuginfo-4.16.3_04-150400.4.22.1 * xen-doc-html-4.16.3_04-150400.4.22.1 * openSUSE Leap 15.4 (x86_64) * xen-libs-32bit-4.16.3_04-150400.4.22.1 * xen-libs-32bit-debuginfo-4.16.3_04-150400.4.22.1 * openSUSE Leap 15.4 (noarch) * xen-tools-xendomains-wait-disk-4.16.3_04-150400.4.22.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * xen-libs-debuginfo-4.16.3_04-150400.4.22.1 * xen-debugsource-4.16.3_04-150400.4.22.1 * xen-libs-4.16.3_04-150400.4.22.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * xen-libs-debuginfo-4.16.3_04-150400.4.22.1 * xen-debugsource-4.16.3_04-150400.4.22.1 * xen-libs-4.16.3_04-150400.4.22.1 * Basesystem Module 15-SP4 (x86_64) * xen-tools-domU-debuginfo-4.16.3_04-150400.4.22.1 * xen-libs-4.16.3_04-150400.4.22.1 * xen-debugsource-4.16.3_04-150400.4.22.1 * xen-tools-domU-4.16.3_04-150400.4.22.1 * xen-libs-debuginfo-4.16.3_04-150400.4.22.1 * Server Applications Module 15-SP4 (x86_64) * xen-4.16.3_04-150400.4.22.1 * xen-tools-4.16.3_04-150400.4.22.1 * xen-debugsource-4.16.3_04-150400.4.22.1 * xen-devel-4.16.3_04-150400.4.22.1 * xen-tools-debuginfo-4.16.3_04-150400.4.22.1 * Server Applications Module 15-SP4 (noarch) * xen-tools-xendomains-wait-disk-4.16.3_04-150400.4.22.1 ## References: * https://www.suse.com/security/cve/CVE-2022-27672.html * https://bugzilla.suse.com/show_bug.cgi?id=1027519 * https://bugzilla.suse.com/show_bug.cgi?id=1205792 * https://bugzilla.suse.com/show_bug.cgi?id=1208286 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 9 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Mar 2023 16:30:08 -0000 Subject: SUSE-SU-2023:0691-1: moderate: Security update for hdf5 Message-ID: <167837940823.15505.8023287933200564367@smelt2.suse.de> # Security update for hdf5 Announcement ID: SUSE-SU-2023:0691-1 Rating: moderate References: * #1207973 Cross-References: * CVE-2021-37501 CVSS scores: * CVE-2021-37501 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2021-37501 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * HPC Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for hdf5 fixes the following issues: * CVE-2021-37501: Fixed overflow in calculation of data buffer due to bogus input file (bsc#1207973). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPC Module 12 zypper in -t patch SUSE-SLE-Module-HPC-12-2023-691=1 ## Package List: * HPC Module 12 (noarch) * hdf5-gnu-mvapich2-hpc-devel-1.10.8-3.18.1 * hdf5-gnu-hpc-devel-1.10.8-3.18.1 * hdf5-gnu-openmpi1-hpc-devel-1.10.8-3.18.1 * HPC Module 12 (aarch64 x86_64) * hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-3.18.1 * libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-3.18.1 * libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-3.18.1 * libhdf5_fortran_1_10_8-gnu-openmpi1-hpc-1.10.8-3.18.1 * libhdf5_hl-gnu-hpc-1.10.8-3.18.1 * libhdf5_hl_1_10_8-gnu-hpc-1.10.8-3.18.1 * libhdf5-gnu-hpc-1.10.8-3.18.1 * libhdf5_hl_1_10_8-gnu-openmpi1-hpc-debuginfo-1.10.8-3.18.1 * libhdf5hl_fortran_1_10_8-gnu-openmpi1-hpc-debuginfo-1.10.8-3.18.1 * hdf5_1_10_8-gnu-openmpi1-hpc-devel-static-1.10.8-3.18.1 * libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-3.18.1 * libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-3.18.1 * libhdf5_1_10_8-gnu-openmpi1-hpc-debuginfo-1.10.8-3.18.1 * libhdf5_hl-gnu-mvapich2-hpc-1.10.8-3.18.1 * libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-3.18.1 * hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-3.18.1 * libhdf5_1_10_8-gnu-openmpi1-hpc-1.10.8-3.18.1 * libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-3.18.1 * hdf5_1_10_8-gnu-hpc-devel-1.10.8-3.18.1 * libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-3.18.1 * libhdf5_hl_cpp-gnu-hpc-1.10.8-3.18.1 * hdf5_1_10_8-gnu-openmpi1-hpc-debuginfo-1.10.8-3.18.1 * hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-3.18.1 * hdf5_1_10_8-gnu-hpc-1.10.8-3.18.1 * libhdf5_1_10_8-gnu-hpc-1.10.8-3.18.1 * libhdf5_fortran-gnu-openmpi1-hpc-1.10.8-3.18.1 * libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-3.18.1 * libhdf5-gnu-mvapich2-hpc-1.10.8-3.18.1 * libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-3.18.1 * hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-3.18.1 * libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-3.18.1 * libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-3.18.1 * hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-3.18.1 * hdf5_1_10_8-gnu-openmpi1-hpc-debugsource-1.10.8-3.18.1 * libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-3.18.1 * hdf5_1_10_8-gnu-openmpi1-hpc-module-1.10.8-3.18.1 * libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-3.18.1 * libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-3.18.1 * libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-3.18.1 * libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-3.18.1 * libhdf5hl_fortran_1_10_8-gnu-openmpi1-hpc-1.10.8-3.18.1 * hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-3.18.1 * hdf5_1_10_8-gnu-hpc-module-1.10.8-3.18.1 * libhdf5_hl_fortran-gnu-hpc-1.10.8-3.18.1 * hdf5_1_10_8-gnu-openmpi1-hpc-1.10.8-3.18.1 * libhdf5_hl-gnu-openmpi1-hpc-1.10.8-3.18.1 * libhdf5_fortran_1_10_8-gnu-openmpi1-hpc-debuginfo-1.10.8-3.18.1 * libhdf5_hl_1_10_8-gnu-openmpi1-hpc-1.10.8-3.18.1 * libhdf5_hl_fortran-gnu-openmpi1-hpc-1.10.8-3.18.1 * libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-3.18.1 * libhdf5_fortran-gnu-hpc-1.10.8-3.18.1 * libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-3.18.1 * hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-3.18.1 * libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-3.18.1 * libhdf5_cpp-gnu-hpc-1.10.8-3.18.1 * hdf5_1_10_8-gnu-openmpi1-hpc-devel-1.10.8-3.18.1 * hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-3.18.1 * libhdf5-gnu-openmpi1-hpc-1.10.8-3.18.1 * libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-3.18.1 * hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2021-37501.html * https://bugzilla.suse.com/show_bug.cgi?id=1207973 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 10 08:08:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Mar 2023 09:08:16 +0100 (CET) Subject: SUSE-CU-2023:600-1: Recommended update of suse/sle15 Message-ID: <20230310080816.D7BD1F479@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:600-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.743 Container Release : 6.2.743 Severity : moderate Type : recommended References : 1204585 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz The following package changes have been done: - libxml2-2-2.9.7-150000.3.54.1 updated From sle-updates at lists.suse.com Fri Mar 10 08:09:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Mar 2023 09:09:56 +0100 (CET) Subject: SUSE-CU-2023:601-1: Recommended update of suse/sle15 Message-ID: <20230310080956.8F215F479@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:601-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.110 , suse/sle15:15.3 , suse/sle15:15.3.17.20.110 Container Release : 17.20.110 Severity : moderate Type : recommended References : 1204585 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz The following package changes have been done: - libxml2-2-2.9.7-150000.3.54.1 updated From sle-updates at lists.suse.com Fri Mar 10 08:11:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Mar 2023 09:11:49 +0100 (CET) Subject: SUSE-CU-2023:604-1: Security update of bci/openjdk-devel Message-ID: <20230310081149.5C8F6F479@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:604-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-38.99 Container Release : 38.99 Severity : moderate Type : security References : 1204425 1208881 CVE-2022-3555 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:668-1 Released: Wed Mar 8 11:17:33 2023 Summary: Security update for libX11 Type: security Severity: moderate References: 1204425,1208881,CVE-2022-3555 This update for libX11 fixes the following issues: - Fixed a regression introduced with security update for CVE-2022-3555 (bsc#1204425, bsc#1208881) The following package changes have been done: - libX11-data-1.6.5-150000.3.27.1 updated - libX11-6-1.6.5-150000.3.27.1 updated - container:bci-openjdk-11-15.4.11-34.47 updated From sle-updates at lists.suse.com Fri Mar 10 08:12:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Mar 2023 09:12:08 +0100 (CET) Subject: SUSE-CU-2023:605-1: Security update of bci/openjdk-devel Message-ID: <20230310081208.25CE0F479@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:605-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-13.60 , bci/openjdk-devel:latest Container Release : 13.60 Severity : moderate Type : security References : 1204425 1208881 CVE-2022-3555 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:668-1 Released: Wed Mar 8 11:17:33 2023 Summary: Security update for libX11 Type: security Severity: moderate References: 1204425,1208881,CVE-2022-3555 This update for libX11 fixes the following issues: - Fixed a regression introduced with security update for CVE-2022-3555 (bsc#1204425, bsc#1208881) The following package changes have been done: - libX11-data-1.6.5-150000.3.27.1 updated - libX11-6-1.6.5-150000.3.27.1 updated - container:bci-openjdk-17-15.4.17-12.32 updated From sle-updates at lists.suse.com Fri Mar 10 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Mar 2023 08:30:02 -0000 Subject: SUSE-SU-2023:0693-1: important: Security update for redis Message-ID: <167843700283.8930.11581587437827469769@smelt2.suse.de> # Security update for redis Announcement ID: SUSE-SU-2023:0693-1 Rating: important References: * #1208790 * #1208793 Cross-References: * CVE-2022-36021 * CVE-2023-25155 CVSS scores: * CVE-2022-36021 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36021 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25155 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2023-25155 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for redis fixes the following issues: * CVE-2022-36021: Fixed integer overflow in RANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands (bsc#1208790). * CVE-2023-25155: Fixed integer Overflow in RAND commands can lead to assertion (bsc#1208793). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-693=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-693=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-693=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-693=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-693=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-693=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-693=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-693=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-693=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-693=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-693=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-693=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-693=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * redis-6.0.14-150200.6.20.1 * redis-debuginfo-6.0.14-150200.6.20.1 * redis-debugsource-6.0.14-150200.6.20.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * redis-6.0.14-150200.6.20.1 * redis-debuginfo-6.0.14-150200.6.20.1 * redis-debugsource-6.0.14-150200.6.20.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * redis-6.0.14-150200.6.20.1 * redis-debuginfo-6.0.14-150200.6.20.1 * redis-debugsource-6.0.14-150200.6.20.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * redis-6.0.14-150200.6.20.1 * redis-debuginfo-6.0.14-150200.6.20.1 * redis-debugsource-6.0.14-150200.6.20.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * redis-6.0.14-150200.6.20.1 * redis-debuginfo-6.0.14-150200.6.20.1 * redis-debugsource-6.0.14-150200.6.20.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * redis-6.0.14-150200.6.20.1 * redis-debuginfo-6.0.14-150200.6.20.1 * redis-debugsource-6.0.14-150200.6.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * redis-6.0.14-150200.6.20.1 * redis-debuginfo-6.0.14-150200.6.20.1 * redis-debugsource-6.0.14-150200.6.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * redis-6.0.14-150200.6.20.1 * redis-debuginfo-6.0.14-150200.6.20.1 * redis-debugsource-6.0.14-150200.6.20.1 * SUSE Manager Proxy 4.2 (x86_64) * redis-6.0.14-150200.6.20.1 * redis-debuginfo-6.0.14-150200.6.20.1 * redis-debugsource-6.0.14-150200.6.20.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * redis-6.0.14-150200.6.20.1 * redis-debuginfo-6.0.14-150200.6.20.1 * redis-debugsource-6.0.14-150200.6.20.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * redis-6.0.14-150200.6.20.1 * redis-debuginfo-6.0.14-150200.6.20.1 * redis-debugsource-6.0.14-150200.6.20.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * redis-6.0.14-150200.6.20.1 * redis-debuginfo-6.0.14-150200.6.20.1 * redis-debugsource-6.0.14-150200.6.20.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * redis-6.0.14-150200.6.20.1 * redis-debuginfo-6.0.14-150200.6.20.1 * redis-debugsource-6.0.14-150200.6.20.1 ## References: * https://www.suse.com/security/cve/CVE-2022-36021.html * https://www.suse.com/security/cve/CVE-2023-25155.html * https://bugzilla.suse.com/show_bug.cgi?id=1208790 * https://bugzilla.suse.com/show_bug.cgi?id=1208793 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 10 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Mar 2023 12:30:02 -0000 Subject: SUSE-SU-2023:0704-1: important: Security update for python-Django Message-ID: <167845140242.19564.5259688629712528546@smelt2.suse.de> # Security update for python-Django Announcement ID: SUSE-SU-2023:0704-1 Rating: important References: * #1208082 Cross-References: * CVE-2023-24580 CVSS scores: * CVE-2023-24580 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24580 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * HPE Helion OpenStack 8 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise Server 12 SP3 * SUSE OpenStack Cloud 8 * SUSE OpenStack Cloud Crowbar 8 An update that solves one vulnerability can now be installed. ## Description: This update for python-Django fixes the following issues: * CVE-2023-24580: Fixed DOS in file uploads (bsc#1208082). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPE Helion OpenStack 8 zypper in -t patch HPE-Helion-OpenStack-8-2023-704=1 * SUSE OpenStack Cloud 8 zypper in -t patch SUSE-OpenStack-Cloud-8-2023-704=1 * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-704=1 ## Package List: * HPE Helion OpenStack 8 (noarch) * python-Django-1.11.29-3.45.1 * SUSE OpenStack Cloud 8 (noarch) * python-Django-1.11.29-3.45.1 * SUSE OpenStack Cloud Crowbar 8 (noarch) * python-Django-1.11.29-3.45.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24580.html * https://bugzilla.suse.com/show_bug.cgi?id=1208082 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 10 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Mar 2023 12:30:04 -0000 Subject: SUSE-RU-2023:0703-1: moderate: Recommended update for drbd Message-ID: <167845140455.19564.12550245443805705387@smelt2.suse.de> # Recommended update for drbd Announcement ID: SUSE-RU-2023:0703-1 Rating: moderate References: * #1207127 Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for drbd fixes the following issues: * Fix error causing application to become unresponsive (bsc#1207127) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-703=1 * SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-703=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * drbd-9.0.14+git.62f906cf-11.27.1 * drbd-kmp-default-debuginfo-9.0.14+git.62f906cf_k4.12.14_122.150-11.27.1 * drbd-kmp-default-9.0.14+git.62f906cf_k4.12.14_122.150-11.27.1 * drbd-debugsource-9.0.14+git.62f906cf-11.27.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64) * drbd-9.0.14+git.62f906cf-11.27.1 * drbd-kmp-default-debuginfo-9.0.14+git.62f906cf_k4.12.14_122.150-11.27.1 * drbd-kmp-default-9.0.14+git.62f906cf_k4.12.14_122.150-11.27.1 * drbd-debugsource-9.0.14+git.62f906cf-11.27.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207127 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 10 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Mar 2023 12:30:05 -0000 Subject: SUSE-FU-2023:0702-1: moderate: Feature update for patterns-wsl Message-ID: <167845140561.19564.10315592211259938082@smelt2.suse.de> # Feature update for patterns-wsl Announcement ID: SUSE-FU-2023:0702-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for patterns-wsl fixes the following issues: * Add support for a subset of systemd on WSL (jsc#PED-3213) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-702=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-702=1 ## Package List: * openSUSE Leap 15.4 (noarch) * patterns-wsl-base-20221221-150400.3.8.1 * patterns-wsl-gui-20221221-150400.3.8.1 * Basesystem Module 15-SP4 (noarch) * patterns-wsl-base-20221221-150400.3.8.1 * patterns-wsl-systemd-20221221-150400.3.8.1 * patterns-wsl-gui-20221221-150400.3.8.1 ## References: * https://jira.suse.com/browse/PED-3213 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 10 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Mar 2023 12:30:07 -0000 Subject: SUSE-RU-2023:0701-1: moderate: Recommended update for multipath-tools Message-ID: <167845140772.19564.4528893217599301597@smelt2.suse.de> # Recommended update for multipath-tools Announcement ID: SUSE-RU-2023:0701-1 Rating: moderate References: * #1207232 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has one recommended fix can now be installed. ## Description: This update for multipath-tools fixes the following issue: * Fix "rpm --verify" (bsc#1207232) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-701=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-701=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-701=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-701=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-701=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-701=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-701=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-701=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-701=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-701=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-701=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-701=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp-devel-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-devel-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp0_2_0-0.8.5+126+suse.8ce8da5-150300.2.17.1 * kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * kpartx-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp0_2_0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libmpath0-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp-devel-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-devel-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp0_2_0-0.8.5+126+suse.8ce8da5-150300.2.17.1 * kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * kpartx-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp0_2_0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libmpath0-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp-devel-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-devel-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp0_2_0-0.8.5+126+suse.8ce8da5-150300.2.17.1 * kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * kpartx-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp0_2_0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libmpath0-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp-devel-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-devel-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp0_2_0-0.8.5+126+suse.8ce8da5-150300.2.17.1 * kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * kpartx-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp0_2_0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libmpath0-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp-devel-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-devel-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp0_2_0-0.8.5+126+suse.8ce8da5-150300.2.17.1 * kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * kpartx-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp0_2_0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libmpath0-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * SUSE Manager Proxy 4.2 (x86_64) * libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp-devel-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-devel-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp0_2_0-0.8.5+126+suse.8ce8da5-150300.2.17.1 * kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * kpartx-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp0_2_0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libmpath0-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp-devel-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-devel-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp0_2_0-0.8.5+126+suse.8ce8da5-150300.2.17.1 * kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * kpartx-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp0_2_0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libmpath0-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp-devel-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-devel-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp0_2_0-0.8.5+126+suse.8ce8da5-150300.2.17.1 * kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * kpartx-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp0_2_0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libmpath0-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp-devel-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-devel-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp0_2_0-0.8.5+126+suse.8ce8da5-150300.2.17.1 * kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * kpartx-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libdmmp0_2_0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libmpath0-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * kpartx-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libmpath0-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * kpartx-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libmpath0-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 * kpartx-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.17.1 * libmpath0-0.8.5+126+suse.8ce8da5-150300.2.17.1 * multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207232 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 10 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Mar 2023 12:30:09 -0000 Subject: SUSE-RU-2023:0700-1: moderate: Recommended update for multipath-tools Message-ID: <167845140966.19564.5213124797063529699@smelt2.suse.de> # Recommended update for multipath-tools Announcement ID: SUSE-RU-2023:0700-1 Rating: moderate References: * #1207232 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for multipath-tools fixes the following issue: * Fix "rpm --verify" (bsc#1207232) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-700=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-700=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-700=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-700=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-700=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * kpartx-debuginfo-0.9.0+62+suse.3e048d4-150400.4.10.1 * libmpath0-0.9.0+62+suse.3e048d4-150400.4.10.1 * multipath-tools-debuginfo-0.9.0+62+suse.3e048d4-150400.4.10.1 * kpartx-0.9.0+62+suse.3e048d4-150400.4.10.1 * libmpath0-debuginfo-0.9.0+62+suse.3e048d4-150400.4.10.1 * multipath-tools-0.9.0+62+suse.3e048d4-150400.4.10.1 * multipath-tools-debugsource-0.9.0+62+suse.3e048d4-150400.4.10.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kpartx-debuginfo-0.9.0+62+suse.3e048d4-150400.4.10.1 * libmpath0-0.9.0+62+suse.3e048d4-150400.4.10.1 * libdmmp0_2_0-0.9.0+62+suse.3e048d4-150400.4.10.1 * multipath-tools-devel-0.9.0+62+suse.3e048d4-150400.4.10.1 * multipath-tools-debuginfo-0.9.0+62+suse.3e048d4-150400.4.10.1 * kpartx-0.9.0+62+suse.3e048d4-150400.4.10.1 * libmpath0-debuginfo-0.9.0+62+suse.3e048d4-150400.4.10.1 * libdmmp-devel-0.9.0+62+suse.3e048d4-150400.4.10.1 * multipath-tools-0.9.0+62+suse.3e048d4-150400.4.10.1 * multipath-tools-debugsource-0.9.0+62+suse.3e048d4-150400.4.10.1 * libdmmp0_2_0-debuginfo-0.9.0+62+suse.3e048d4-150400.4.10.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kpartx-debuginfo-0.9.0+62+suse.3e048d4-150400.4.10.1 * libmpath0-0.9.0+62+suse.3e048d4-150400.4.10.1 * multipath-tools-debuginfo-0.9.0+62+suse.3e048d4-150400.4.10.1 * kpartx-0.9.0+62+suse.3e048d4-150400.4.10.1 * libmpath0-debuginfo-0.9.0+62+suse.3e048d4-150400.4.10.1 * multipath-tools-0.9.0+62+suse.3e048d4-150400.4.10.1 * multipath-tools-debugsource-0.9.0+62+suse.3e048d4-150400.4.10.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kpartx-debuginfo-0.9.0+62+suse.3e048d4-150400.4.10.1 * libmpath0-0.9.0+62+suse.3e048d4-150400.4.10.1 * multipath-tools-debuginfo-0.9.0+62+suse.3e048d4-150400.4.10.1 * kpartx-0.9.0+62+suse.3e048d4-150400.4.10.1 * libmpath0-debuginfo-0.9.0+62+suse.3e048d4-150400.4.10.1 * multipath-tools-0.9.0+62+suse.3e048d4-150400.4.10.1 * multipath-tools-debugsource-0.9.0+62+suse.3e048d4-150400.4.10.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kpartx-debuginfo-0.9.0+62+suse.3e048d4-150400.4.10.1 * libmpath0-0.9.0+62+suse.3e048d4-150400.4.10.1 * libdmmp0_2_0-0.9.0+62+suse.3e048d4-150400.4.10.1 * multipath-tools-devel-0.9.0+62+suse.3e048d4-150400.4.10.1 * multipath-tools-debuginfo-0.9.0+62+suse.3e048d4-150400.4.10.1 * kpartx-0.9.0+62+suse.3e048d4-150400.4.10.1 * libmpath0-debuginfo-0.9.0+62+suse.3e048d4-150400.4.10.1 * libdmmp-devel-0.9.0+62+suse.3e048d4-150400.4.10.1 * multipath-tools-0.9.0+62+suse.3e048d4-150400.4.10.1 * multipath-tools-debugsource-0.9.0+62+suse.3e048d4-150400.4.10.1 * libdmmp0_2_0-debuginfo-0.9.0+62+suse.3e048d4-150400.4.10.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207232 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 10 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Mar 2023 12:30:11 -0000 Subject: SUSE-RU-2023:0699-1: moderate: Recommended update for multipath-tools Message-ID: <167845141147.19564.5169722810360520364@smelt2.suse.de> # Recommended update for multipath-tools Announcement ID: SUSE-RU-2023:0699-1 Rating: moderate References: * #1207232 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that has one recommended fix can now be installed. ## Description: This update for multipath-tools fixes the following issue: * Fix "rpm --verify" (bsc#1207232) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-699=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-699=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-699=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libdmmp0_2_0-debuginfo-0.7.9+232+suse.cbc3754-150100.3.23.1 * kpartx-debuginfo-0.7.9+232+suse.cbc3754-150100.3.23.1 * multipath-tools-0.7.9+232+suse.cbc3754-150100.3.23.1 * multipath-tools-debugsource-0.7.9+232+suse.cbc3754-150100.3.23.1 * multipath-tools-devel-0.7.9+232+suse.cbc3754-150100.3.23.1 * multipath-tools-debuginfo-0.7.9+232+suse.cbc3754-150100.3.23.1 * libdmmp0_2_0-0.7.9+232+suse.cbc3754-150100.3.23.1 * kpartx-0.7.9+232+suse.cbc3754-150100.3.23.1 * libdmmp-devel-0.7.9+232+suse.cbc3754-150100.3.23.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libdmmp0_2_0-debuginfo-0.7.9+232+suse.cbc3754-150100.3.23.1 * kpartx-debuginfo-0.7.9+232+suse.cbc3754-150100.3.23.1 * multipath-tools-0.7.9+232+suse.cbc3754-150100.3.23.1 * multipath-tools-debugsource-0.7.9+232+suse.cbc3754-150100.3.23.1 * multipath-tools-devel-0.7.9+232+suse.cbc3754-150100.3.23.1 * multipath-tools-debuginfo-0.7.9+232+suse.cbc3754-150100.3.23.1 * libdmmp0_2_0-0.7.9+232+suse.cbc3754-150100.3.23.1 * kpartx-0.7.9+232+suse.cbc3754-150100.3.23.1 * libdmmp-devel-0.7.9+232+suse.cbc3754-150100.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libdmmp0_2_0-debuginfo-0.7.9+232+suse.cbc3754-150100.3.23.1 * kpartx-debuginfo-0.7.9+232+suse.cbc3754-150100.3.23.1 * multipath-tools-0.7.9+232+suse.cbc3754-150100.3.23.1 * multipath-tools-debugsource-0.7.9+232+suse.cbc3754-150100.3.23.1 * multipath-tools-devel-0.7.9+232+suse.cbc3754-150100.3.23.1 * multipath-tools-debuginfo-0.7.9+232+suse.cbc3754-150100.3.23.1 * libdmmp0_2_0-0.7.9+232+suse.cbc3754-150100.3.23.1 * kpartx-0.7.9+232+suse.cbc3754-150100.3.23.1 * libdmmp-devel-0.7.9+232+suse.cbc3754-150100.3.23.1 * SUSE CaaS Platform 4.0 (x86_64) * libdmmp0_2_0-debuginfo-0.7.9+232+suse.cbc3754-150100.3.23.1 * kpartx-debuginfo-0.7.9+232+suse.cbc3754-150100.3.23.1 * multipath-tools-0.7.9+232+suse.cbc3754-150100.3.23.1 * multipath-tools-debugsource-0.7.9+232+suse.cbc3754-150100.3.23.1 * multipath-tools-devel-0.7.9+232+suse.cbc3754-150100.3.23.1 * multipath-tools-debuginfo-0.7.9+232+suse.cbc3754-150100.3.23.1 * libdmmp0_2_0-0.7.9+232+suse.cbc3754-150100.3.23.1 * kpartx-0.7.9+232+suse.cbc3754-150100.3.23.1 * libdmmp-devel-0.7.9+232+suse.cbc3754-150100.3.23.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207232 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 10 12:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Mar 2023 12:30:13 -0000 Subject: SUSE-RU-2023:0698-1: moderate: Recommended update for multipath-tools Message-ID: <167845141341.19564.16136624882943629313@smelt2.suse.de> # Recommended update for multipath-tools Announcement ID: SUSE-RU-2023:0698-1 Rating: moderate References: * #1207232 Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that has one recommended fix can now be installed. ## Description: This update for multipath-tools fixes the following issue: * Fix "rpm --verify" (bsc#1207232) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-698=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-698=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-698=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-698=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * multipath-tools-devel-0.8.2+182.6d41865-150200.4.17.1 * multipath-tools-debugsource-0.8.2+182.6d41865-150200.4.17.1 * libdmmp-devel-0.8.2+182.6d41865-150200.4.17.1 * multipath-tools-0.8.2+182.6d41865-150200.4.17.1 * multipath-tools-debuginfo-0.8.2+182.6d41865-150200.4.17.1 * kpartx-0.8.2+182.6d41865-150200.4.17.1 * libdmmp0_2_0-debuginfo-0.8.2+182.6d41865-150200.4.17.1 * libdmmp0_2_0-0.8.2+182.6d41865-150200.4.17.1 * kpartx-debuginfo-0.8.2+182.6d41865-150200.4.17.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * multipath-tools-devel-0.8.2+182.6d41865-150200.4.17.1 * multipath-tools-debugsource-0.8.2+182.6d41865-150200.4.17.1 * libdmmp-devel-0.8.2+182.6d41865-150200.4.17.1 * multipath-tools-0.8.2+182.6d41865-150200.4.17.1 * multipath-tools-debuginfo-0.8.2+182.6d41865-150200.4.17.1 * kpartx-0.8.2+182.6d41865-150200.4.17.1 * libdmmp0_2_0-debuginfo-0.8.2+182.6d41865-150200.4.17.1 * libdmmp0_2_0-0.8.2+182.6d41865-150200.4.17.1 * kpartx-debuginfo-0.8.2+182.6d41865-150200.4.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * multipath-tools-devel-0.8.2+182.6d41865-150200.4.17.1 * multipath-tools-debugsource-0.8.2+182.6d41865-150200.4.17.1 * libdmmp-devel-0.8.2+182.6d41865-150200.4.17.1 * multipath-tools-0.8.2+182.6d41865-150200.4.17.1 * multipath-tools-debuginfo-0.8.2+182.6d41865-150200.4.17.1 * kpartx-0.8.2+182.6d41865-150200.4.17.1 * libdmmp0_2_0-debuginfo-0.8.2+182.6d41865-150200.4.17.1 * libdmmp0_2_0-0.8.2+182.6d41865-150200.4.17.1 * kpartx-debuginfo-0.8.2+182.6d41865-150200.4.17.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * multipath-tools-devel-0.8.2+182.6d41865-150200.4.17.1 * multipath-tools-debugsource-0.8.2+182.6d41865-150200.4.17.1 * libdmmp-devel-0.8.2+182.6d41865-150200.4.17.1 * multipath-tools-0.8.2+182.6d41865-150200.4.17.1 * multipath-tools-debuginfo-0.8.2+182.6d41865-150200.4.17.1 * kpartx-0.8.2+182.6d41865-150200.4.17.1 * libdmmp0_2_0-debuginfo-0.8.2+182.6d41865-150200.4.17.1 * libdmmp0_2_0-0.8.2+182.6d41865-150200.4.17.1 * kpartx-debuginfo-0.8.2+182.6d41865-150200.4.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207232 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 10 12:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Mar 2023 12:30:15 -0000 Subject: SUSE-SU-2023:0697-1: important: Security update for tomcat Message-ID: <167845141571.19564.11741713867360453453@smelt2.suse.de> # Security update for tomcat Announcement ID: SUSE-SU-2023:0697-1 Rating: important References: * #1208513 Cross-References: * CVE-2023-24998 CVSS scores: * CVE-2023-24998 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24998 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for tomcat fixes the following issues: * CVE-2023-24998: Fixed FileUpload DoS with excessive parts (bsc#1208513). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-697=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-697=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-697=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * tomcat-admin-webapps-9.0.36-150100.4.87.1 * tomcat-webapps-9.0.36-150100.4.87.1 * tomcat-servlet-4_0-api-9.0.36-150100.4.87.1 * tomcat-lib-9.0.36-150100.4.87.1 * tomcat-jsp-2_3-api-9.0.36-150100.4.87.1 * tomcat-9.0.36-150100.4.87.1 * tomcat-el-3_0-api-9.0.36-150100.4.87.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * tomcat-admin-webapps-9.0.36-150100.4.87.1 * tomcat-webapps-9.0.36-150100.4.87.1 * tomcat-servlet-4_0-api-9.0.36-150100.4.87.1 * tomcat-lib-9.0.36-150100.4.87.1 * tomcat-jsp-2_3-api-9.0.36-150100.4.87.1 * tomcat-9.0.36-150100.4.87.1 * tomcat-el-3_0-api-9.0.36-150100.4.87.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * tomcat-admin-webapps-9.0.36-150100.4.87.1 * tomcat-webapps-9.0.36-150100.4.87.1 * tomcat-servlet-4_0-api-9.0.36-150100.4.87.1 * tomcat-lib-9.0.36-150100.4.87.1 * tomcat-jsp-2_3-api-9.0.36-150100.4.87.1 * tomcat-9.0.36-150100.4.87.1 * tomcat-el-3_0-api-9.0.36-150100.4.87.1 * SUSE CaaS Platform 4.0 (noarch) * tomcat-admin-webapps-9.0.36-150100.4.87.1 * tomcat-webapps-9.0.36-150100.4.87.1 * tomcat-servlet-4_0-api-9.0.36-150100.4.87.1 * tomcat-lib-9.0.36-150100.4.87.1 * tomcat-jsp-2_3-api-9.0.36-150100.4.87.1 * tomcat-9.0.36-150100.4.87.1 * tomcat-el-3_0-api-9.0.36-150100.4.87.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24998.html * https://bugzilla.suse.com/show_bug.cgi?id=1208513 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 10 12:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Mar 2023 12:30:18 -0000 Subject: SUSE-SU-2023:0696-1: important: Security update for tomcat Message-ID: <167845141831.19564.12640775275307313122@smelt2.suse.de> # Security update for tomcat Announcement ID: SUSE-SU-2023:0696-1 Rating: important References: * #1208513 Cross-References: * CVE-2023-24998 CVSS scores: * CVE-2023-24998 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24998 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for tomcat fixes the following issues: * CVE-2023-24998: Fixed FileUpload DoS with excessive parts (bsc#1208513). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-696=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-696=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-696=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-696=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-696=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-696=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-696=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-696=1 ## Package List: * SUSE OpenStack Cloud 9 (noarch) * tomcat-el-3_0-api-9.0.36-3.99.1 * tomcat-webapps-9.0.36-3.99.1 * tomcat-admin-webapps-9.0.36-3.99.1 * tomcat-docs-webapp-9.0.36-3.99.1 * tomcat-lib-9.0.36-3.99.1 * tomcat-javadoc-9.0.36-3.99.1 * tomcat-servlet-4_0-api-9.0.36-3.99.1 * tomcat-jsp-2_3-api-9.0.36-3.99.1 * tomcat-9.0.36-3.99.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * tomcat-el-3_0-api-9.0.36-3.99.1 * tomcat-webapps-9.0.36-3.99.1 * tomcat-admin-webapps-9.0.36-3.99.1 * tomcat-docs-webapp-9.0.36-3.99.1 * tomcat-lib-9.0.36-3.99.1 * tomcat-javadoc-9.0.36-3.99.1 * tomcat-servlet-4_0-api-9.0.36-3.99.1 * tomcat-jsp-2_3-api-9.0.36-3.99.1 * tomcat-9.0.36-3.99.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * tomcat-el-3_0-api-9.0.36-3.99.1 * tomcat-webapps-9.0.36-3.99.1 * tomcat-admin-webapps-9.0.36-3.99.1 * tomcat-docs-webapp-9.0.36-3.99.1 * tomcat-lib-9.0.36-3.99.1 * tomcat-javadoc-9.0.36-3.99.1 * tomcat-servlet-4_0-api-9.0.36-3.99.1 * tomcat-jsp-2_3-api-9.0.36-3.99.1 * tomcat-9.0.36-3.99.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * tomcat-el-3_0-api-9.0.36-3.99.1 * tomcat-webapps-9.0.36-3.99.1 * tomcat-admin-webapps-9.0.36-3.99.1 * tomcat-docs-webapp-9.0.36-3.99.1 * tomcat-lib-9.0.36-3.99.1 * tomcat-javadoc-9.0.36-3.99.1 * tomcat-servlet-4_0-api-9.0.36-3.99.1 * tomcat-jsp-2_3-api-9.0.36-3.99.1 * tomcat-9.0.36-3.99.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * tomcat-el-3_0-api-9.0.36-3.99.1 * tomcat-webapps-9.0.36-3.99.1 * tomcat-admin-webapps-9.0.36-3.99.1 * tomcat-docs-webapp-9.0.36-3.99.1 * tomcat-lib-9.0.36-3.99.1 * tomcat-javadoc-9.0.36-3.99.1 * tomcat-servlet-4_0-api-9.0.36-3.99.1 * tomcat-jsp-2_3-api-9.0.36-3.99.1 * tomcat-9.0.36-3.99.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * tomcat-el-3_0-api-9.0.36-3.99.1 * tomcat-webapps-9.0.36-3.99.1 * tomcat-admin-webapps-9.0.36-3.99.1 * tomcat-docs-webapp-9.0.36-3.99.1 * tomcat-lib-9.0.36-3.99.1 * tomcat-javadoc-9.0.36-3.99.1 * tomcat-servlet-4_0-api-9.0.36-3.99.1 * tomcat-jsp-2_3-api-9.0.36-3.99.1 * tomcat-9.0.36-3.99.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * tomcat-el-3_0-api-9.0.36-3.99.1 * tomcat-webapps-9.0.36-3.99.1 * tomcat-admin-webapps-9.0.36-3.99.1 * tomcat-docs-webapp-9.0.36-3.99.1 * tomcat-lib-9.0.36-3.99.1 * tomcat-javadoc-9.0.36-3.99.1 * tomcat-servlet-4_0-api-9.0.36-3.99.1 * tomcat-jsp-2_3-api-9.0.36-3.99.1 * tomcat-9.0.36-3.99.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * tomcat-el-3_0-api-9.0.36-3.99.1 * tomcat-webapps-9.0.36-3.99.1 * tomcat-admin-webapps-9.0.36-3.99.1 * tomcat-docs-webapp-9.0.36-3.99.1 * tomcat-lib-9.0.36-3.99.1 * tomcat-javadoc-9.0.36-3.99.1 * tomcat-servlet-4_0-api-9.0.36-3.99.1 * tomcat-jsp-2_3-api-9.0.36-3.99.1 * tomcat-9.0.36-3.99.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24998.html * https://bugzilla.suse.com/show_bug.cgi?id=1208513 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 10 12:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Mar 2023 12:30:20 -0000 Subject: SUSE-SU-2023:0695-1: important: Security update for tomcat Message-ID: <167845142086.19564.4444554267725313636@smelt2.suse.de> # Security update for tomcat Announcement ID: SUSE-SU-2023:0695-1 Rating: important References: * #1208513 Cross-References: * CVE-2023-24998 CVSS scores: * CVE-2023-24998 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24998 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that solves one vulnerability can now be installed. ## Description: This update for tomcat fixes the following issues: * CVE-2023-24998: Fixed FileUpload DoS with excessive parts (bsc#1208513). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-695=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * tomcat-8.0.53-29.63.1 * tomcat-el-3_0-api-8.0.53-29.63.1 * tomcat-webapps-8.0.53-29.63.1 * tomcat-servlet-3_1-api-8.0.53-29.63.1 * tomcat-admin-webapps-8.0.53-29.63.1 * tomcat-jsp-2_3-api-8.0.53-29.63.1 * tomcat-javadoc-8.0.53-29.63.1 * tomcat-docs-webapp-8.0.53-29.63.1 * tomcat-lib-8.0.53-29.63.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24998.html * https://bugzilla.suse.com/show_bug.cgi?id=1208513 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 10 12:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Mar 2023 12:30:23 -0000 Subject: SUSE-SU-2023:0694-1: important: Security update for redis Message-ID: <167845142386.19564.15300087096145423142@smelt2.suse.de> # Security update for redis Announcement ID: SUSE-SU-2023:0694-1 Rating: important References: * #1208235 * #1208790 * #1208793 Cross-References: * CVE-2022-36021 * CVE-2023-25155 CVSS scores: * CVE-2022-36021 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36021 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25155 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2023-25155 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for redis fixes the following issues: * CVE-2022-36021: Fixed integer overflow in RANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands (bsc#1208790). * CVE-2023-25155: Fixed integer Overflow in RAND commands can lead to assertion (bsc#1208793). The following non-security bug was fixed: * Fixed redis-sentinel not starting due to the hardening in the systemd service (bsc#1208235). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-694=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-694=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * redis-6.2.6-150400.3.16.1 * redis-debugsource-6.2.6-150400.3.16.1 * redis-debuginfo-6.2.6-150400.3.16.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * redis-6.2.6-150400.3.16.1 * redis-debugsource-6.2.6-150400.3.16.1 * redis-debuginfo-6.2.6-150400.3.16.1 ## References: * https://www.suse.com/security/cve/CVE-2022-36021.html * https://www.suse.com/security/cve/CVE-2023-25155.html * https://bugzilla.suse.com/show_bug.cgi?id=1208235 * https://bugzilla.suse.com/show_bug.cgi?id=1208790 * https://bugzilla.suse.com/show_bug.cgi?id=1208793 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 10 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Mar 2023 16:30:03 -0000 Subject: SUSE-RU-2023:0709-1: moderate: Recommended update for console-setup Message-ID: <167846580319.16511.12339040527395403891@smelt2.suse.de> # Recommended update for console-setup Announcement ID: SUSE-RU-2023:0709-1 Rating: moderate References: * #1202853 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for console-setup and kbd fixes the following issue: * Fix Caps_Lock mapping for us.map and others (bsc#1202853) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-709=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-709=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-709=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-709=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-709=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * kbd-debuginfo-2.4.0-150400.5.3.1 * kbd-2.4.0-150400.5.3.1 * kbd-debugsource-2.4.0-150400.5.3.1 * openSUSE Leap Micro 5.3 (noarch) * kbd-legacy-2.4.0-150400.5.3.1 * openSUSE Leap 15.4 (noarch) * kbd-legacy-2.4.0-150400.5.3.1 * console-setup-1.134-150000.5.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kbd-debuginfo-2.4.0-150400.5.3.1 * kbd-2.4.0-150400.5.3.1 * kbd-debugsource-2.4.0-150400.5.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kbd-debuginfo-2.4.0-150400.5.3.1 * kbd-2.4.0-150400.5.3.1 * kbd-debugsource-2.4.0-150400.5.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * kbd-legacy-2.4.0-150400.5.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kbd-debuginfo-2.4.0-150400.5.3.1 * kbd-2.4.0-150400.5.3.1 * kbd-debugsource-2.4.0-150400.5.3.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * kbd-legacy-2.4.0-150400.5.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kbd-debuginfo-2.4.0-150400.5.3.1 * kbd-2.4.0-150400.5.3.1 * kbd-debugsource-2.4.0-150400.5.3.1 * Basesystem Module 15-SP4 (noarch) * kbd-legacy-2.4.0-150400.5.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1202853 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 10 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Mar 2023 16:30:07 -0000 Subject: SUSE-RU-2023:0708-1: moderate: Recommended update for openssh Message-ID: <167846580758.16511.15770066502595528082@smelt2.suse.de> # Recommended update for openssh Announcement ID: SUSE-RU-2023:0708-1 Rating: moderate References: * #1179465 Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that has one recommended fix can now be installed. ## Description: This update for openssh fixes the following issues: * Update dbus environment only for "ssh -X" connections (bsc#1179465). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-708=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-708=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-708=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-708=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * openssh-helpers-8.1p1-150200.5.31.2 * openssh-fips-8.1p1-150200.5.31.2 * openssh-askpass-gnome-debuginfo-8.1p1-150200.5.31.2 * openssh-helpers-debuginfo-8.1p1-150200.5.31.2 * openssh-8.1p1-150200.5.31.2 * openssh-askpass-gnome-debugsource-8.1p1-150200.5.31.2 * openssh-debugsource-8.1p1-150200.5.31.2 * openssh-askpass-gnome-8.1p1-150200.5.31.2 * openssh-debuginfo-8.1p1-150200.5.31.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * openssh-helpers-8.1p1-150200.5.31.2 * openssh-fips-8.1p1-150200.5.31.2 * openssh-askpass-gnome-debuginfo-8.1p1-150200.5.31.2 * openssh-helpers-debuginfo-8.1p1-150200.5.31.2 * openssh-8.1p1-150200.5.31.2 * openssh-askpass-gnome-debugsource-8.1p1-150200.5.31.2 * openssh-debugsource-8.1p1-150200.5.31.2 * openssh-askpass-gnome-8.1p1-150200.5.31.2 * openssh-debuginfo-8.1p1-150200.5.31.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * openssh-helpers-8.1p1-150200.5.31.2 * openssh-fips-8.1p1-150200.5.31.2 * openssh-askpass-gnome-debuginfo-8.1p1-150200.5.31.2 * openssh-helpers-debuginfo-8.1p1-150200.5.31.2 * openssh-8.1p1-150200.5.31.2 * openssh-askpass-gnome-debugsource-8.1p1-150200.5.31.2 * openssh-debugsource-8.1p1-150200.5.31.2 * openssh-askpass-gnome-8.1p1-150200.5.31.2 * openssh-debuginfo-8.1p1-150200.5.31.2 * SUSE Enterprise Storage 7 (aarch64 x86_64) * openssh-helpers-8.1p1-150200.5.31.2 * openssh-fips-8.1p1-150200.5.31.2 * openssh-askpass-gnome-debuginfo-8.1p1-150200.5.31.2 * openssh-helpers-debuginfo-8.1p1-150200.5.31.2 * openssh-8.1p1-150200.5.31.2 * openssh-askpass-gnome-debugsource-8.1p1-150200.5.31.2 * openssh-debugsource-8.1p1-150200.5.31.2 * openssh-askpass-gnome-8.1p1-150200.5.31.2 * openssh-debuginfo-8.1p1-150200.5.31.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1179465 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 10 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Mar 2023 16:30:09 -0000 Subject: SUSE-SU-2023:0707-1: important: Security update for python39 Message-ID: <167846580969.16511.1467626439830076275@smelt2.suse.de> # Security update for python39 Announcement ID: SUSE-SU-2023:0707-1 Rating: important References: * #1208471 Cross-References: * CVE-2015-20107 * CVE-2022-37454 * CVE-2022-42919 * CVE-2022-45061 * CVE-2023-24329 CVSS scores: * CVE-2015-20107 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L * CVE-2015-20107 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L * CVE-2022-37454 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-37454 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-42919 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-42919 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45061 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-45061 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24329 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L * CVE-2023-24329 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves five vulnerabilities can now be installed. ## Description: This update for python39 fixes the following issues: * CVE-2023-24329: Fixed blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). Update to 3.9.16: \- python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server log. This is done by changing the http.server BaseHTTPRequestHandler .log_message method to replace control characters with a \xHH hex escape before printing. \- Avoid publishing list of active per-interpreter audit hooks via the gc module \- The IDNA codec decoder used on DNS hostnames by socket or asyncio related name resolution functions no longer involves a quadratic algorithm. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name (CVE-2015-20107). \- Update bundled libexpat to 2.5.0 \- Port XKCP?s fix for the buffer overflows in SHA-3 (CVE-2022-37454). \- On Linux the multiprocessing module returns to using filesystem backed unix domain sockets for communication with the forkserver process instead of the Linux abstract socket namespace. Only code that chooses to use the ?forkserver? start method is affected. Abstract sockets have no permissions and could allow any user on the system in the same network namespace (often the whole system) to inject code into the multiprocessing forkserver process. This was a potential privilege escalation. Filesystem based socket permissions restrict this to the forkserver process user as was the default in Python 3.8 and earlier. This prevents Linux CVE-2022-42919. \- The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-707=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-707=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-707=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-707=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-707=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-707=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-707=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-707=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-707=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-707=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python39-devel-3.9.16-150300.4.24.1 * python39-testsuite-debuginfo-3.9.16-150300.4.24.1 * python39-idle-3.9.16-150300.4.24.1 * python39-3.9.16-150300.4.24.1 * python39-base-3.9.16-150300.4.24.1 * python39-dbm-3.9.16-150300.4.24.1 * python39-debuginfo-3.9.16-150300.4.24.1 * python39-tk-debuginfo-3.9.16-150300.4.24.1 * libpython3_9-1_0-debuginfo-3.9.16-150300.4.24.1 * python39-core-debugsource-3.9.16-150300.4.24.1 * python39-debugsource-3.9.16-150300.4.24.1 * python39-curses-debuginfo-3.9.16-150300.4.24.1 * python39-curses-3.9.16-150300.4.24.1 * python39-tools-3.9.16-150300.4.24.1 * python39-dbm-debuginfo-3.9.16-150300.4.24.1 * python39-doc-3.9.16-150300.4.24.1 * python39-base-debuginfo-3.9.16-150300.4.24.1 * python39-testsuite-3.9.16-150300.4.24.1 * python39-tk-3.9.16-150300.4.24.1 * python39-doc-devhelp-3.9.16-150300.4.24.1 * libpython3_9-1_0-3.9.16-150300.4.24.1 * openSUSE Leap 15.4 (x86_64) * python39-32bit-debuginfo-3.9.16-150300.4.24.1 * python39-base-32bit-3.9.16-150300.4.24.1 * libpython3_9-1_0-32bit-3.9.16-150300.4.24.1 * python39-32bit-3.9.16-150300.4.24.1 * libpython3_9-1_0-32bit-debuginfo-3.9.16-150300.4.24.1 * python39-base-32bit-debuginfo-3.9.16-150300.4.24.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * python39-core-debugsource-3.9.16-150300.4.24.1 * python39-debugsource-3.9.16-150300.4.24.1 * python39-devel-3.9.16-150300.4.24.1 * python39-debuginfo-3.9.16-150300.4.24.1 * python39-tk-3.9.16-150300.4.24.1 * python39-idle-3.9.16-150300.4.24.1 * python39-3.9.16-150300.4.24.1 * python39-base-3.9.16-150300.4.24.1 * libpython3_9-1_0-3.9.16-150300.4.24.1 * python39-curses-debuginfo-3.9.16-150300.4.24.1 * python39-dbm-3.9.16-150300.4.24.1 * python39-curses-3.9.16-150300.4.24.1 * python39-tools-3.9.16-150300.4.24.1 * python39-dbm-debuginfo-3.9.16-150300.4.24.1 * python39-base-debuginfo-3.9.16-150300.4.24.1 * python39-tk-debuginfo-3.9.16-150300.4.24.1 * libpython3_9-1_0-debuginfo-3.9.16-150300.4.24.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * python39-core-debugsource-3.9.16-150300.4.24.1 * python39-debugsource-3.9.16-150300.4.24.1 * python39-devel-3.9.16-150300.4.24.1 * python39-debuginfo-3.9.16-150300.4.24.1 * python39-tk-3.9.16-150300.4.24.1 * python39-idle-3.9.16-150300.4.24.1 * python39-3.9.16-150300.4.24.1 * python39-base-3.9.16-150300.4.24.1 * libpython3_9-1_0-3.9.16-150300.4.24.1 * python39-curses-debuginfo-3.9.16-150300.4.24.1 * python39-dbm-3.9.16-150300.4.24.1 * python39-curses-3.9.16-150300.4.24.1 * python39-tools-3.9.16-150300.4.24.1 * python39-dbm-debuginfo-3.9.16-150300.4.24.1 * python39-base-debuginfo-3.9.16-150300.4.24.1 * python39-tk-debuginfo-3.9.16-150300.4.24.1 * libpython3_9-1_0-debuginfo-3.9.16-150300.4.24.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * python39-core-debugsource-3.9.16-150300.4.24.1 * python39-debugsource-3.9.16-150300.4.24.1 * python39-devel-3.9.16-150300.4.24.1 * python39-debuginfo-3.9.16-150300.4.24.1 * python39-tk-3.9.16-150300.4.24.1 * python39-idle-3.9.16-150300.4.24.1 * python39-3.9.16-150300.4.24.1 * python39-base-3.9.16-150300.4.24.1 * libpython3_9-1_0-3.9.16-150300.4.24.1 * python39-curses-debuginfo-3.9.16-150300.4.24.1 * python39-dbm-3.9.16-150300.4.24.1 * python39-curses-3.9.16-150300.4.24.1 * python39-tools-3.9.16-150300.4.24.1 * python39-dbm-debuginfo-3.9.16-150300.4.24.1 * python39-base-debuginfo-3.9.16-150300.4.24.1 * python39-tk-debuginfo-3.9.16-150300.4.24.1 * libpython3_9-1_0-debuginfo-3.9.16-150300.4.24.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * python39-core-debugsource-3.9.16-150300.4.24.1 * python39-debugsource-3.9.16-150300.4.24.1 * python39-devel-3.9.16-150300.4.24.1 * python39-debuginfo-3.9.16-150300.4.24.1 * python39-tk-3.9.16-150300.4.24.1 * python39-idle-3.9.16-150300.4.24.1 * python39-3.9.16-150300.4.24.1 * python39-base-3.9.16-150300.4.24.1 * libpython3_9-1_0-3.9.16-150300.4.24.1 * python39-curses-debuginfo-3.9.16-150300.4.24.1 * python39-dbm-3.9.16-150300.4.24.1 * python39-curses-3.9.16-150300.4.24.1 * python39-tools-3.9.16-150300.4.24.1 * python39-dbm-debuginfo-3.9.16-150300.4.24.1 * python39-base-debuginfo-3.9.16-150300.4.24.1 * python39-tk-debuginfo-3.9.16-150300.4.24.1 * libpython3_9-1_0-debuginfo-3.9.16-150300.4.24.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * python39-core-debugsource-3.9.16-150300.4.24.1 * python39-debugsource-3.9.16-150300.4.24.1 * python39-devel-3.9.16-150300.4.24.1 * python39-debuginfo-3.9.16-150300.4.24.1 * python39-tk-3.9.16-150300.4.24.1 * python39-idle-3.9.16-150300.4.24.1 * python39-3.9.16-150300.4.24.1 * python39-base-3.9.16-150300.4.24.1 * libpython3_9-1_0-3.9.16-150300.4.24.1 * python39-curses-debuginfo-3.9.16-150300.4.24.1 * python39-dbm-3.9.16-150300.4.24.1 * python39-curses-3.9.16-150300.4.24.1 * python39-tools-3.9.16-150300.4.24.1 * python39-dbm-debuginfo-3.9.16-150300.4.24.1 * python39-base-debuginfo-3.9.16-150300.4.24.1 * python39-tk-debuginfo-3.9.16-150300.4.24.1 * libpython3_9-1_0-debuginfo-3.9.16-150300.4.24.1 * SUSE Manager Proxy 4.2 (x86_64) * python39-core-debugsource-3.9.16-150300.4.24.1 * python39-debugsource-3.9.16-150300.4.24.1 * python39-devel-3.9.16-150300.4.24.1 * python39-debuginfo-3.9.16-150300.4.24.1 * python39-tk-3.9.16-150300.4.24.1 * python39-idle-3.9.16-150300.4.24.1 * python39-3.9.16-150300.4.24.1 * python39-base-3.9.16-150300.4.24.1 * libpython3_9-1_0-3.9.16-150300.4.24.1 * python39-curses-debuginfo-3.9.16-150300.4.24.1 * python39-dbm-3.9.16-150300.4.24.1 * python39-curses-3.9.16-150300.4.24.1 * python39-dbm-debuginfo-3.9.16-150300.4.24.1 * python39-base-debuginfo-3.9.16-150300.4.24.1 * python39-tk-debuginfo-3.9.16-150300.4.24.1 * libpython3_9-1_0-debuginfo-3.9.16-150300.4.24.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * python39-core-debugsource-3.9.16-150300.4.24.1 * python39-debugsource-3.9.16-150300.4.24.1 * python39-devel-3.9.16-150300.4.24.1 * python39-debuginfo-3.9.16-150300.4.24.1 * python39-tk-3.9.16-150300.4.24.1 * python39-idle-3.9.16-150300.4.24.1 * python39-3.9.16-150300.4.24.1 * python39-base-3.9.16-150300.4.24.1 * libpython3_9-1_0-3.9.16-150300.4.24.1 * python39-curses-debuginfo-3.9.16-150300.4.24.1 * python39-dbm-3.9.16-150300.4.24.1 * python39-curses-3.9.16-150300.4.24.1 * python39-dbm-debuginfo-3.9.16-150300.4.24.1 * python39-base-debuginfo-3.9.16-150300.4.24.1 * python39-tk-debuginfo-3.9.16-150300.4.24.1 * libpython3_9-1_0-debuginfo-3.9.16-150300.4.24.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * python39-core-debugsource-3.9.16-150300.4.24.1 * python39-debugsource-3.9.16-150300.4.24.1 * python39-devel-3.9.16-150300.4.24.1 * python39-debuginfo-3.9.16-150300.4.24.1 * python39-tk-3.9.16-150300.4.24.1 * python39-idle-3.9.16-150300.4.24.1 * python39-3.9.16-150300.4.24.1 * python39-base-3.9.16-150300.4.24.1 * libpython3_9-1_0-3.9.16-150300.4.24.1 * python39-curses-debuginfo-3.9.16-150300.4.24.1 * python39-dbm-3.9.16-150300.4.24.1 * python39-curses-3.9.16-150300.4.24.1 * python39-dbm-debuginfo-3.9.16-150300.4.24.1 * python39-base-debuginfo-3.9.16-150300.4.24.1 * python39-tk-debuginfo-3.9.16-150300.4.24.1 * libpython3_9-1_0-debuginfo-3.9.16-150300.4.24.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * python39-core-debugsource-3.9.16-150300.4.24.1 * python39-debugsource-3.9.16-150300.4.24.1 * python39-devel-3.9.16-150300.4.24.1 * python39-debuginfo-3.9.16-150300.4.24.1 * python39-tk-3.9.16-150300.4.24.1 * python39-idle-3.9.16-150300.4.24.1 * python39-3.9.16-150300.4.24.1 * python39-base-3.9.16-150300.4.24.1 * libpython3_9-1_0-3.9.16-150300.4.24.1 * python39-curses-debuginfo-3.9.16-150300.4.24.1 * python39-dbm-3.9.16-150300.4.24.1 * python39-curses-3.9.16-150300.4.24.1 * python39-tools-3.9.16-150300.4.24.1 * python39-dbm-debuginfo-3.9.16-150300.4.24.1 * python39-base-debuginfo-3.9.16-150300.4.24.1 * python39-tk-debuginfo-3.9.16-150300.4.24.1 * libpython3_9-1_0-debuginfo-3.9.16-150300.4.24.1 ## References: * https://www.suse.com/security/cve/CVE-2015-20107.html * https://www.suse.com/security/cve/CVE-2022-37454.html * https://www.suse.com/security/cve/CVE-2022-42919.html * https://www.suse.com/security/cve/CVE-2022-45061.html * https://www.suse.com/security/cve/CVE-2023-24329.html * https://bugzilla.suse.com/show_bug.cgi?id=1208471 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 10 16:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Mar 2023 16:30:12 -0000 Subject: SUSE-SU-2023:0705-1: important: Security update for postgresql14 Message-ID: <167846581201.16511.1812697555484375059@smelt2.suse.de> # Security update for postgresql14 Announcement ID: SUSE-SU-2023:0705-1 Rating: important References: * #1208102 Cross-References: * CVE-2022-41862 CVSS scores: * CVE-2022-41862 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for postgresql14 fixes the following issues: Update to 14.7: * CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-705=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-705=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-705=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-705=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-705=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-705=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-705=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-705=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-705=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-705=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-705=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-705=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-705=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-705=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-705=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-705=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-705=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * postgresql14-pltcl-14.7-150200.5.23.1 * postgresql14-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-14.7-150200.5.23.1 * postgresql14-plperl-debuginfo-14.7-150200.5.23.1 * postgresql14-contrib-14.7-150200.5.23.1 * postgresql14-plperl-14.7-150200.5.23.1 * postgresql14-plpython-14.7-150200.5.23.1 * postgresql14-llvmjit-14.7-150200.5.23.1 * postgresql14-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-server-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-server-devel-14.7-150200.5.23.1 * postgresql14-contrib-debuginfo-14.7-150200.5.23.1 * postgresql14-plpython-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-debuginfo-14.7-150200.5.23.1 * postgresql14-llvmjit-debuginfo-14.7-150200.5.23.1 * postgresql14-llvmjit-devel-14.7-150200.5.23.1 * postgresql14-debugsource-14.7-150200.5.23.1 * postgresql14-14.7-150200.5.23.1 * postgresql14-server-debuginfo-14.7-150200.5.23.1 * postgresql14-server-14.7-150200.5.23.1 * postgresql14-test-14.7-150200.5.23.1 * openSUSE Leap 15.4 (noarch) * postgresql14-docs-14.7-150200.5.23.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql14-14.7-150200.5.23.1 * postgresql14-debuginfo-14.7-150200.5.23.1 * postgresql14-debugsource-14.7-150200.5.23.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql14-llvmjit-devel-14.7-150200.5.23.1 * postgresql14-debugsource-14.7-150200.5.23.1 * postgresql14-llvmjit-14.7-150200.5.23.1 * postgresql14-test-14.7-150200.5.23.1 * postgresql14-debuginfo-14.7-150200.5.23.1 * postgresql14-llvmjit-debuginfo-14.7-150200.5.23.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql14-contrib-14.7-150200.5.23.1 * postgresql14-plperl-14.7-150200.5.23.1 * postgresql14-debugsource-14.7-150200.5.23.1 * postgresql14-plpython-14.7-150200.5.23.1 * postgresql14-server-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-contrib-debuginfo-14.7-150200.5.23.1 * postgresql14-server-debuginfo-14.7-150200.5.23.1 * postgresql14-server-devel-14.7-150200.5.23.1 * postgresql14-server-14.7-150200.5.23.1 * postgresql14-plpython-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-14.7-150200.5.23.1 * postgresql14-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-14.7-150200.5.23.1 * postgresql14-plperl-debuginfo-14.7-150200.5.23.1 * Server Applications Module 15-SP4 (noarch) * postgresql14-docs-14.7-150200.5.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * postgresql14-contrib-14.7-150200.5.23.1 * postgresql14-plperl-14.7-150200.5.23.1 * postgresql14-debugsource-14.7-150200.5.23.1 * postgresql14-plpython-14.7-150200.5.23.1 * postgresql14-server-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-14.7-150200.5.23.1 * postgresql14-contrib-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-server-debuginfo-14.7-150200.5.23.1 * postgresql14-server-14.7-150200.5.23.1 * postgresql14-server-devel-14.7-150200.5.23.1 * postgresql14-plpython-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-14.7-150200.5.23.1 * postgresql14-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-14.7-150200.5.23.1 * postgresql14-plperl-debuginfo-14.7-150200.5.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * postgresql14-docs-14.7-150200.5.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * postgresql14-contrib-14.7-150200.5.23.1 * postgresql14-plperl-14.7-150200.5.23.1 * postgresql14-debugsource-14.7-150200.5.23.1 * postgresql14-plpython-14.7-150200.5.23.1 * postgresql14-server-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-14.7-150200.5.23.1 * postgresql14-contrib-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-server-debuginfo-14.7-150200.5.23.1 * postgresql14-server-14.7-150200.5.23.1 * postgresql14-server-devel-14.7-150200.5.23.1 * postgresql14-plpython-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-14.7-150200.5.23.1 * postgresql14-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-14.7-150200.5.23.1 * postgresql14-plperl-debuginfo-14.7-150200.5.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * postgresql14-docs-14.7-150200.5.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * postgresql14-contrib-14.7-150200.5.23.1 * postgresql14-plperl-14.7-150200.5.23.1 * postgresql14-debugsource-14.7-150200.5.23.1 * postgresql14-plpython-14.7-150200.5.23.1 * postgresql14-server-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-14.7-150200.5.23.1 * postgresql14-contrib-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-server-debuginfo-14.7-150200.5.23.1 * postgresql14-server-14.7-150200.5.23.1 * postgresql14-server-devel-14.7-150200.5.23.1 * postgresql14-plpython-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-14.7-150200.5.23.1 * postgresql14-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-14.7-150200.5.23.1 * postgresql14-plperl-debuginfo-14.7-150200.5.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * postgresql14-docs-14.7-150200.5.23.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * postgresql14-contrib-14.7-150200.5.23.1 * postgresql14-plperl-14.7-150200.5.23.1 * postgresql14-debugsource-14.7-150200.5.23.1 * postgresql14-plpython-14.7-150200.5.23.1 * postgresql14-server-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-14.7-150200.5.23.1 * postgresql14-contrib-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-server-debuginfo-14.7-150200.5.23.1 * postgresql14-server-14.7-150200.5.23.1 * postgresql14-server-devel-14.7-150200.5.23.1 * postgresql14-plpython-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-14.7-150200.5.23.1 * postgresql14-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-14.7-150200.5.23.1 * postgresql14-plperl-debuginfo-14.7-150200.5.23.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * postgresql14-docs-14.7-150200.5.23.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * postgresql14-contrib-14.7-150200.5.23.1 * postgresql14-plperl-14.7-150200.5.23.1 * postgresql14-debugsource-14.7-150200.5.23.1 * postgresql14-plpython-14.7-150200.5.23.1 * postgresql14-server-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-14.7-150200.5.23.1 * postgresql14-contrib-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-server-debuginfo-14.7-150200.5.23.1 * postgresql14-server-14.7-150200.5.23.1 * postgresql14-server-devel-14.7-150200.5.23.1 * postgresql14-plpython-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-14.7-150200.5.23.1 * postgresql14-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-14.7-150200.5.23.1 * postgresql14-plperl-debuginfo-14.7-150200.5.23.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * postgresql14-docs-14.7-150200.5.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * postgresql14-contrib-14.7-150200.5.23.1 * postgresql14-plperl-14.7-150200.5.23.1 * postgresql14-debugsource-14.7-150200.5.23.1 * postgresql14-plpython-14.7-150200.5.23.1 * postgresql14-server-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-14.7-150200.5.23.1 * postgresql14-contrib-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-server-debuginfo-14.7-150200.5.23.1 * postgresql14-server-14.7-150200.5.23.1 * postgresql14-server-devel-14.7-150200.5.23.1 * postgresql14-plpython-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-14.7-150200.5.23.1 * postgresql14-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-14.7-150200.5.23.1 * postgresql14-plperl-debuginfo-14.7-150200.5.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * postgresql14-docs-14.7-150200.5.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * postgresql14-contrib-14.7-150200.5.23.1 * postgresql14-plperl-14.7-150200.5.23.1 * postgresql14-debugsource-14.7-150200.5.23.1 * postgresql14-plpython-14.7-150200.5.23.1 * postgresql14-server-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-14.7-150200.5.23.1 * postgresql14-contrib-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-server-debuginfo-14.7-150200.5.23.1 * postgresql14-server-14.7-150200.5.23.1 * postgresql14-server-devel-14.7-150200.5.23.1 * postgresql14-plpython-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-14.7-150200.5.23.1 * postgresql14-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-14.7-150200.5.23.1 * postgresql14-plperl-debuginfo-14.7-150200.5.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * postgresql14-docs-14.7-150200.5.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * postgresql14-contrib-14.7-150200.5.23.1 * postgresql14-plperl-14.7-150200.5.23.1 * postgresql14-debugsource-14.7-150200.5.23.1 * postgresql14-plpython-14.7-150200.5.23.1 * postgresql14-server-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-14.7-150200.5.23.1 * postgresql14-contrib-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-server-debuginfo-14.7-150200.5.23.1 * postgresql14-server-14.7-150200.5.23.1 * postgresql14-server-devel-14.7-150200.5.23.1 * postgresql14-plpython-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-14.7-150200.5.23.1 * postgresql14-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-14.7-150200.5.23.1 * postgresql14-plperl-debuginfo-14.7-150200.5.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * postgresql14-docs-14.7-150200.5.23.1 * SUSE Manager Proxy 4.2 (x86_64) * postgresql14-contrib-14.7-150200.5.23.1 * postgresql14-plperl-14.7-150200.5.23.1 * postgresql14-debugsource-14.7-150200.5.23.1 * postgresql14-plpython-14.7-150200.5.23.1 * postgresql14-server-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-14.7-150200.5.23.1 * postgresql14-contrib-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-server-debuginfo-14.7-150200.5.23.1 * postgresql14-server-14.7-150200.5.23.1 * postgresql14-server-devel-14.7-150200.5.23.1 * postgresql14-plpython-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-14.7-150200.5.23.1 * postgresql14-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-14.7-150200.5.23.1 * postgresql14-plperl-debuginfo-14.7-150200.5.23.1 * SUSE Manager Proxy 4.2 (noarch) * postgresql14-docs-14.7-150200.5.23.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * postgresql14-contrib-14.7-150200.5.23.1 * postgresql14-plperl-14.7-150200.5.23.1 * postgresql14-debugsource-14.7-150200.5.23.1 * postgresql14-plpython-14.7-150200.5.23.1 * postgresql14-server-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-14.7-150200.5.23.1 * postgresql14-contrib-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-server-debuginfo-14.7-150200.5.23.1 * postgresql14-server-14.7-150200.5.23.1 * postgresql14-server-devel-14.7-150200.5.23.1 * postgresql14-plpython-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-14.7-150200.5.23.1 * postgresql14-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-14.7-150200.5.23.1 * postgresql14-plperl-debuginfo-14.7-150200.5.23.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * postgresql14-docs-14.7-150200.5.23.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * postgresql14-contrib-14.7-150200.5.23.1 * postgresql14-plperl-14.7-150200.5.23.1 * postgresql14-debugsource-14.7-150200.5.23.1 * postgresql14-plpython-14.7-150200.5.23.1 * postgresql14-server-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-14.7-150200.5.23.1 * postgresql14-contrib-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-server-debuginfo-14.7-150200.5.23.1 * postgresql14-server-14.7-150200.5.23.1 * postgresql14-server-devel-14.7-150200.5.23.1 * postgresql14-plpython-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-14.7-150200.5.23.1 * postgresql14-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-14.7-150200.5.23.1 * postgresql14-plperl-debuginfo-14.7-150200.5.23.1 * SUSE Manager Server 4.2 (noarch) * postgresql14-docs-14.7-150200.5.23.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * postgresql14-contrib-14.7-150200.5.23.1 * postgresql14-plperl-14.7-150200.5.23.1 * postgresql14-debugsource-14.7-150200.5.23.1 * postgresql14-plpython-14.7-150200.5.23.1 * postgresql14-server-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-14.7-150200.5.23.1 * postgresql14-contrib-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-server-debuginfo-14.7-150200.5.23.1 * postgresql14-server-14.7-150200.5.23.1 * postgresql14-server-devel-14.7-150200.5.23.1 * postgresql14-plpython-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-14.7-150200.5.23.1 * postgresql14-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-14.7-150200.5.23.1 * postgresql14-plperl-debuginfo-14.7-150200.5.23.1 * SUSE Enterprise Storage 7.1 (noarch) * postgresql14-docs-14.7-150200.5.23.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * postgresql14-contrib-14.7-150200.5.23.1 * postgresql14-plperl-14.7-150200.5.23.1 * postgresql14-debugsource-14.7-150200.5.23.1 * postgresql14-plpython-14.7-150200.5.23.1 * postgresql14-server-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-14.7-150200.5.23.1 * postgresql14-contrib-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-debuginfo-14.7-150200.5.23.1 * postgresql14-server-debuginfo-14.7-150200.5.23.1 * postgresql14-server-14.7-150200.5.23.1 * postgresql14-server-devel-14.7-150200.5.23.1 * postgresql14-plpython-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-14.7-150200.5.23.1 * postgresql14-debuginfo-14.7-150200.5.23.1 * postgresql14-pltcl-debuginfo-14.7-150200.5.23.1 * postgresql14-devel-14.7-150200.5.23.1 * postgresql14-plperl-debuginfo-14.7-150200.5.23.1 * SUSE Enterprise Storage 7 (noarch) * postgresql14-docs-14.7-150200.5.23.1 ## References: * https://www.suse.com/security/cve/CVE-2022-41862.html * https://bugzilla.suse.com/show_bug.cgi?id=1208102 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Mar 11 08:03:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 11 Mar 2023 09:03:35 +0100 (CET) Subject: SUSE-CU-2023:614-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20230311080335.D6217F479@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:614-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.89 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.89 Severity : moderate Type : recommended References : 1202853 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:709-1 Released: Fri Mar 10 16:04:41 2023 Summary: Recommended update for console-setup Type: recommended Severity: moderate References: 1202853 This update for console-setup and kbd fixes the following issue: - Fix Caps_Lock mapping for us.map and others (bsc#1202853) The following package changes have been done: - kbd-legacy-2.4.0-150400.5.3.1 updated - kbd-2.4.0-150400.5.3.1 updated From sle-updates at lists.suse.com Sat Mar 11 08:03:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 11 Mar 2023 09:03:46 +0100 (CET) Subject: SUSE-CU-2023:615-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20230311080346.15703F479@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:615-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-3.2.70 , suse/sle-micro/5.4/toolbox:latest Container Release : 3.2.70 Severity : moderate Type : recommended References : 1202853 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:709-1 Released: Fri Mar 10 16:04:41 2023 Summary: Recommended update for console-setup Type: recommended Severity: moderate References: 1202853 This update for console-setup and kbd fixes the following issue: - Fix Caps_Lock mapping for us.map and others (bsc#1202853) The following package changes have been done: - kbd-legacy-2.4.0-150400.5.3.1 updated - kbd-2.4.0-150400.5.3.1 updated From sle-updates at lists.suse.com Sat Mar 11 08:04:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 11 Mar 2023 09:04:43 +0100 (CET) Subject: SUSE-CU-2023:616-1: Recommended update of bci/bci-init Message-ID: <20230311080443.1D68EF479@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:616-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.25.25 , bci/bci-init:latest Container Release : 25.25 Severity : moderate Type : recommended References : 1202853 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:709-1 Released: Fri Mar 10 16:04:41 2023 Summary: Recommended update for console-setup Type: recommended Severity: moderate References: 1202853 This update for console-setup and kbd fixes the following issue: - Fix Caps_Lock mapping for us.map and others (bsc#1202853) The following package changes have been done: - kbd-legacy-2.4.0-150400.5.3.1 updated - kbd-2.4.0-150400.5.3.1 updated From sle-updates at lists.suse.com Sun Mar 12 08:03:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 12 Mar 2023 09:03:25 +0100 (CET) Subject: SUSE-CU-2023:619-1: Recommended update of bci/bci-init Message-ID: <20230312080325.CB8CEF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:619-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.3.49 Container Release : 3.49 Severity : moderate Type : recommended References : 1202853 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:709-1 Released: Fri Mar 10 16:04:41 2023 Summary: Recommended update for console-setup Type: recommended Severity: moderate References: 1202853 This update for console-setup and kbd fixes the following issue: - Fix Caps_Lock mapping for us.map and others (bsc#1202853) The following package changes have been done: - sles-release-15.5-150500.35.1 updated - kbd-legacy-2.4.0-150400.5.3.1 updated - kbd-2.4.0-150400.5.3.1 updated - container:sles15-image-15.0.0-35.2.2 updated From sle-updates at lists.suse.com Mon Mar 13 12:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Mar 2023 12:30:01 -0000 Subject: SUSE-RU-2023:0716-1: moderate: Recommended update for rt-tests Message-ID: <167871060139.6684.16473693063974104719@smelt2.suse.de> # Recommended update for rt-tests Announcement ID: SUSE-RU-2023:0716-1 Rating: moderate References: Affected Products: * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Real Time Module 15-SP4 An update that contains one feature can now be installed. ## Description: This update for rt-tests fixes the following issues: Version update from 2.2 to 2.4 (jsc#SLE-23995): * Add aarch64 support for oslat * Add the `--default-system` option in cyclictest This runs cyclictest without attempting any tuning. Power management is not suppressed so cyclictest measures the system as it is configured. This may result in worse realtime behaviour, but is sometimes what you are trying to measure. * Fix parsing of affinity when there is a space * Fixes in cyclicdeadline and deadline_test to prevent double mounting of cgroups * Fixes in cyclictest to address memory access violation issues for verbose with no affinity mask * hwlatdetect: Add option to specify cpumask * Increase the buf size to 2048 when parse cpuinfo * oslat: Print offending cpu number when above threshold * rt-numa: ignore runtime cpumask if '-a CPULIST' is specified * Significant clean-ups and fixes to hwlatdetect * For the complete list of changes you can consult: * 2.4: https://lore.kernel.org/linux-rt- users/20220708150017.13462-1-jkacur at redhat.com/ * 2.3: https://lore.kernel.org/linux-rt- users/20211210184649.11084-1-jkacur at redhat.com/ * Backport runtime fixes from upcomming release: * Fix threads being affined even when '-a' isn't set when using cyclictest * Remove arbitrary num of threads limits * Add error checking to connect and getsockname * Update hwlatdetect to integer division to prevent an error when calculating width, which assumes an integer ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Real Time Module 15-SP4 zypper in -t patch SUSE-SLE-Module-RT-15-SP4-2023-716=1 ## Package List: * SUSE Real Time Module 15-SP4 (x86_64) * rt-tests-debuginfo-2.4-150400.3.3.1 * rt-tests-2.4-150400.3.3.1 * rt-tests-debugsource-2.4-150400.3.3.1 ## References: * https://jira.suse.com/browse/SLE-23995 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Mar 13 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Mar 2023 12:30:06 -0000 Subject: SUSE-SU-2023:0715-1: important: Security update for nodejs18 Message-ID: <167871060643.6684.329433803243236283@smelt2.suse.de> # Security update for nodejs18 Announcement ID: SUSE-SU-2023:0715-1 Rating: important References: * #1208413 * #1208481 * #1208483 * #1208485 * #1208487 Cross-References: * CVE-2023-23918 * CVE-2023-23919 * CVE-2023-23920 * CVE-2023-23936 * CVE-2023-24807 CVSS scores: * CVE-2023-23918 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-23918 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23919 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23919 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23920 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2023-23920 ( NVD ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N * CVE-2023-23936 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-23936 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-24807 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24807 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * Web and Scripting Module 12 An update that solves five vulnerabilities can now be installed. ## Description: This update for nodejs18 fixes the following issues: Update to NodeJS 18.14.2 LTS: * CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule (bsc#1208481). * CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library (bsc#1208483). * CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487). * CVE-2023-23936: Fixed protection against CRLF injection in host headers inside fetch API (bsc#1208485). * CVE-2023-24807: Fixed possible Regular Expression Denial of Service (ReDoS) via Headers.set() and Headers.append() methods (bsc#1208413). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-715=1 ## Package List: * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * npm18-18.14.2-8.6.2 * nodejs18-18.14.2-8.6.2 * nodejs18-devel-18.14.2-8.6.2 * nodejs18-debuginfo-18.14.2-8.6.2 * nodejs18-debugsource-18.14.2-8.6.2 * Web and Scripting Module 12 (noarch) * nodejs18-docs-18.14.2-8.6.2 ## References: * https://www.suse.com/security/cve/CVE-2023-23918.html * https://www.suse.com/security/cve/CVE-2023-23919.html * https://www.suse.com/security/cve/CVE-2023-23920.html * https://www.suse.com/security/cve/CVE-2023-23936.html * https://www.suse.com/security/cve/CVE-2023-24807.html * https://bugzilla.suse.com/show_bug.cgi?id=1208413 * https://bugzilla.suse.com/show_bug.cgi?id=1208481 * https://bugzilla.suse.com/show_bug.cgi?id=1208483 * https://bugzilla.suse.com/show_bug.cgi?id=1208485 * https://bugzilla.suse.com/show_bug.cgi?id=1208487 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Mar 13 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Mar 2023 12:30:08 -0000 Subject: SUSE-RU-2023:0714-1: important: Recommended update for rpm Message-ID: <167871060841.6684.13155345374761243513@smelt2.suse.de> # Recommended update for rpm Announcement ID: SUSE-RU-2023:0714-1 Rating: important References: * #1207294 Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.2 Module 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.2 Module 4.2 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that has one recommended fix can now be installed. ## Description: This update for rpm fixes the following issues: * Fix missing python(abi) for 3.XX versions (bsc#1207294) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-714=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-714=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-714=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-714=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-714=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-714=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-714=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-714=1 * SUSE Manager Proxy 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-714=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-714=1 * SUSE Manager Server 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-714=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-714=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-714=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-714=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-714=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-714=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * rpm-ndb-4.14.3-150300.55.1 * rpm-ndb-debugsource-4.14.3-150300.55.1 * python3-rpm-4.14.3-150300.55.1 * python-rpm-debugsource-4.14.3-150300.55.1 * rpm-ndb-debuginfo-4.14.3-150300.55.1 * rpm-debuginfo-4.14.3-150300.55.1 * rpm-4.14.3-150300.55.1 * rpm-debugsource-4.14.3-150300.55.1 * python3-rpm-debuginfo-4.14.3-150300.55.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * rpm-build-debuginfo-4.14.3-150300.55.1 * rpm-build-4.14.3-150300.55.1 * rpm-ndb-4.14.3-150300.55.1 * rpm-ndb-debugsource-4.14.3-150300.55.1 * python3-rpm-4.14.3-150300.55.1 * rpm-devel-4.14.3-150300.55.1 * python-rpm-debugsource-4.14.3-150300.55.1 * rpm-ndb-debuginfo-4.14.3-150300.55.1 * rpm-debuginfo-4.14.3-150300.55.1 * rpm-4.14.3-150300.55.1 * rpm-debugsource-4.14.3-150300.55.1 * python3-rpm-debuginfo-4.14.3-150300.55.1 * openSUSE Leap 15.4 (x86_64) * rpm-ndb-32bit-debuginfo-4.14.3-150300.55.1 * rpm-ndb-32bit-4.14.3-150300.55.1 * rpm-32bit-debuginfo-4.14.3-150300.55.1 * rpm-32bit-4.14.3-150300.55.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * rpm-ndb-4.14.3-150300.55.1 * rpm-ndb-debugsource-4.14.3-150300.55.1 * python3-rpm-4.14.3-150300.55.1 * python-rpm-debugsource-4.14.3-150300.55.1 * rpm-ndb-debuginfo-4.14.3-150300.55.1 * rpm-debuginfo-4.14.3-150300.55.1 * rpm-4.14.3-150300.55.1 * rpm-debugsource-4.14.3-150300.55.1 * python3-rpm-debuginfo-4.14.3-150300.55.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * rpm-ndb-4.14.3-150300.55.1 * rpm-ndb-debugsource-4.14.3-150300.55.1 * python3-rpm-4.14.3-150300.55.1 * python-rpm-debugsource-4.14.3-150300.55.1 * rpm-ndb-debuginfo-4.14.3-150300.55.1 * rpm-debuginfo-4.14.3-150300.55.1 * rpm-4.14.3-150300.55.1 * rpm-debugsource-4.14.3-150300.55.1 * python3-rpm-debuginfo-4.14.3-150300.55.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-rpm-4.14.3-150300.55.1 * rpm-devel-4.14.3-150300.55.1 * python-rpm-debugsource-4.14.3-150300.55.1 * rpm-debuginfo-4.14.3-150300.55.1 * rpm-4.14.3-150300.55.1 * rpm-debugsource-4.14.3-150300.55.1 * python3-rpm-debuginfo-4.14.3-150300.55.1 * Basesystem Module 15-SP4 (x86_64) * rpm-32bit-debuginfo-4.14.3-150300.55.1 * rpm-32bit-4.14.3-150300.55.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rpm-build-debuginfo-4.14.3-150300.55.1 * rpm-debuginfo-4.14.3-150300.55.1 * rpm-build-4.14.3-150300.55.1 * rpm-debugsource-4.14.3-150300.55.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * rpm-ndb-debugsource-4.14.3-150300.55.1 * rpm-ndb-4.14.3-150300.55.1 * rpm-ndb-debuginfo-4.14.3-150300.55.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rpm-ndb-debugsource-4.14.3-150300.55.1 * rpm-ndb-4.14.3-150300.55.1 * rpm-ndb-debuginfo-4.14.3-150300.55.1 * SUSE Manager Proxy 4.2 Module 4.2 (aarch64 ppc64le s390x x86_64) * rpm-build-debuginfo-4.14.3-150300.55.1 * rpm-debuginfo-4.14.3-150300.55.1 * rpm-build-4.14.3-150300.55.1 * rpm-debugsource-4.14.3-150300.55.1 * SUSE Manager Proxy 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * rpm-build-debuginfo-4.14.3-150300.55.1 * rpm-debuginfo-4.14.3-150300.55.1 * rpm-build-4.14.3-150300.55.1 * rpm-debugsource-4.14.3-150300.55.1 * SUSE Manager Server 4.2 Module 4.2 (aarch64 ppc64le s390x x86_64) * rpm-build-debuginfo-4.14.3-150300.55.1 * rpm-debuginfo-4.14.3-150300.55.1 * rpm-build-4.14.3-150300.55.1 * rpm-debugsource-4.14.3-150300.55.1 * SUSE Manager Server 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * rpm-build-debuginfo-4.14.3-150300.55.1 * rpm-debuginfo-4.14.3-150300.55.1 * rpm-build-4.14.3-150300.55.1 * rpm-debugsource-4.14.3-150300.55.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * rpm-build-debuginfo-4.14.3-150300.55.1 * rpm-32bit-debuginfo-4.14.3-150300.55.1 * rpm-build-4.14.3-150300.55.1 * python3-rpm-4.14.3-150300.55.1 * rpm-devel-4.14.3-150300.55.1 * python-rpm-debugsource-4.14.3-150300.55.1 * rpm-32bit-4.14.3-150300.55.1 * rpm-debuginfo-4.14.3-150300.55.1 * rpm-4.14.3-150300.55.1 * rpm-debugsource-4.14.3-150300.55.1 * python3-rpm-debuginfo-4.14.3-150300.55.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * python3-rpm-4.14.3-150300.55.1 * python-rpm-debugsource-4.14.3-150300.55.1 * rpm-debuginfo-4.14.3-150300.55.1 * rpm-4.14.3-150300.55.1 * rpm-debugsource-4.14.3-150300.55.1 * python3-rpm-debuginfo-4.14.3-150300.55.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * rpm-ndb-4.14.3-150300.55.1 * rpm-ndb-debugsource-4.14.3-150300.55.1 * python3-rpm-4.14.3-150300.55.1 * python-rpm-debugsource-4.14.3-150300.55.1 * rpm-ndb-debuginfo-4.14.3-150300.55.1 * rpm-debuginfo-4.14.3-150300.55.1 * rpm-4.14.3-150300.55.1 * rpm-debugsource-4.14.3-150300.55.1 * python3-rpm-debuginfo-4.14.3-150300.55.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * rpm-ndb-4.14.3-150300.55.1 * rpm-ndb-debugsource-4.14.3-150300.55.1 * python3-rpm-4.14.3-150300.55.1 * python-rpm-debugsource-4.14.3-150300.55.1 * rpm-ndb-debuginfo-4.14.3-150300.55.1 * rpm-debuginfo-4.14.3-150300.55.1 * rpm-4.14.3-150300.55.1 * rpm-debugsource-4.14.3-150300.55.1 * python3-rpm-debuginfo-4.14.3-150300.55.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207294 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Mar 13 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Mar 2023 12:30:09 -0000 Subject: SUSE-RU-2023:0713-1: moderate: Recommended update for suse-build-key Message-ID: <167871060963.6684.18294356182061146489@smelt2.suse.de> # Recommended update for suse-build-key Announcement ID: SUSE-RU-2023:0713-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for suse-build-key fixes the following issues: This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise 15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch to mid of 2023. (jsc#PED-2777) * gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories). * gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories). * suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages. * build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem: New RSA 4096 key for the SUSE registry registry.suse.com, installed as suse- container-key-2023.pem and suse-container-key-2023.asc * suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem: New PTF container signing key for registry.suse.com/ptf/ space. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-713=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-713=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-713=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-713=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-713=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-713=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-713=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-713=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-713=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-713=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-713=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-713=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-713=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-713=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-713=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-713=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-713=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-713=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-713=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-713=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-713=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-713=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-713=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-713=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * suse-build-key-12.0-150000.8.31.1 * openSUSE Leap 15.4 (noarch) * suse-build-key-12.0-150000.8.31.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * suse-build-key-12.0-150000.8.31.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * suse-build-key-12.0-150000.8.31.1 * Basesystem Module 15-SP4 (noarch) * suse-build-key-12.0-150000.8.31.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * suse-build-key-12.0-150000.8.31.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * suse-build-key-12.0-150000.8.31.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * suse-build-key-12.0-150000.8.31.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * suse-build-key-12.0-150000.8.31.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * suse-build-key-12.0-150000.8.31.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * suse-build-key-12.0-150000.8.31.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * suse-build-key-12.0-150000.8.31.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * suse-build-key-12.0-150000.8.31.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * suse-build-key-12.0-150000.8.31.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * suse-build-key-12.0-150000.8.31.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * suse-build-key-12.0-150000.8.31.1 * SUSE Manager Proxy 4.2 (noarch) * suse-build-key-12.0-150000.8.31.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * suse-build-key-12.0-150000.8.31.1 * SUSE Manager Server 4.2 (noarch) * suse-build-key-12.0-150000.8.31.1 * SUSE Enterprise Storage 7.1 (noarch) * suse-build-key-12.0-150000.8.31.1 * SUSE Enterprise Storage 7 (noarch) * suse-build-key-12.0-150000.8.31.1 * SUSE CaaS Platform 4.0 (noarch) * suse-build-key-12.0-150000.8.31.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * suse-build-key-12.0-150000.8.31.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * suse-build-key-12.0-150000.8.31.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * suse-build-key-12.0-150000.8.31.1 ## References: * https://jira.suse.com/browse/PED-2777 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Mar 13 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Mar 2023 12:30:11 -0000 Subject: SUSE-RU-2023:0688-1: low: Recommended update for strongswan Message-ID: <167871061125.6684.6708223122479068463@smelt2.suse.de> # Recommended update for strongswan Announcement ID: SUSE-RU-2023:0688-1 Rating: low References: * #1185153 Affected Products: * SUSE Linux Enterprise Real Time 15 SP3 An update that has one recommended fix can now be installed. ## Description: This update for strongswan fixes the following issues: * Remove deprecated option "StandardOutput=syslog" from strongswan systemd unit file (bsc#1185153) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-688=1 ## Package List: * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * strongswan-hmac-5.8.2-150200.11.36.1 * strongswan-libs0-5.8.2-150200.11.36.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.36.1 * strongswan-5.8.2-150200.11.36.1 * strongswan-debugsource-5.8.2-150200.11.36.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.36.1 * strongswan-debuginfo-5.8.2-150200.11.36.1 * strongswan-ipsec-5.8.2-150200.11.36.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * strongswan-doc-5.8.2-150200.11.36.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1185153 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Mar 13 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Mar 2023 12:30:12 -0000 Subject: SUSE-RU-2023:0687-1: moderate: Recommended update for cargo-packaging Message-ID: <167871061216.6684.743664938213966406@smelt2.suse.de> # Recommended update for cargo-packaging Announcement ID: SUSE-RU-2023:0687-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 An update that can now be installed. ## Description: This update for cargo-packaging fixes the following issues: Add supporting sources for cargo metadata extraction * cargo-packaging-1.2.0+0.tar.xz * cargo_config * vendor.tar.xz Update to version 1.2.0+0: * marcos.cargo: add path parameter in cargo_install (#3) Update to version 1.1.0 * Improve support for bundle metadata in rpm provides Update to version 1.0.0~git8.6919af0: * Disable incremental builds as they don't work with sccache and don't help in obs * Add depends on zstd to allow zst compression in rust projects Update to version 1.0.0~git7.63c3500: * Improve macros when libgit is a dependency ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-687=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * cargo-packaging-1.2.0+0-150400.3.3.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Mar 13 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Mar 2023 12:30:14 -0000 Subject: SUSE-RU-2023:0686-1: moderate: Recommended update for post-build-checks-malwarescan Message-ID: <167871061414.6684.11299326881471488731@smelt2.suse.de> # Recommended update for post-build-checks-malwarescan Announcement ID: SUSE-RU-2023:0686-1 Rating: moderate References: * #1199055 Affected Products: * openSUSE Leap 15.4 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update for post-build-checks-malwarescan fixes the following issues: * revert EXCLUDELIST on qemu (false positive is fixed - related to bsc#1199055) * skip unpacking debuginfo/debugsource: sources are checked already and debuginfo contains no executable code * use clamscan -r as it is faster than the xargs -P 0 execution (jsc#PED-3641) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-686=1 ## Package List: * openSUSE Leap 15.4 (noarch) * post-build-checks-malwarescan-0.1-150400.15.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1199055 * https://jira.suse.com/browse/PED-3641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Mar 13 12:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Mar 2023 12:30:16 -0000 Subject: SUSE-SU-2023:0685-1: moderate: Security update for java-1_8_0-openj9 Message-ID: <167871061681.6684.5325413372054473662@smelt2.suse.de> # Security update for java-1_8_0-openj9 Announcement ID: SUSE-SU-2023:0685-1 Rating: moderate References: * #1207248 * #1207249 Cross-References: * CVE-2023-21830 * CVE-2023-21843 CVSS scores: * CVE-2023-21830 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21830 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21843 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21843 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.4 An update that solves two vulnerabilities can now be installed. ## Description: This update for java-1_8_0-openj9 fixes the following issues: * CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249). * CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-685=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openj9-demo-debuginfo-1.8.0.362-150200.3.30.1 * java-1_8_0-openj9-headless-debuginfo-1.8.0.362-150200.3.30.1 * java-1_8_0-openj9-devel-debuginfo-1.8.0.362-150200.3.30.1 * java-1_8_0-openj9-debugsource-1.8.0.362-150200.3.30.1 * java-1_8_0-openj9-debuginfo-1.8.0.362-150200.3.30.1 * java-1_8_0-openj9-demo-1.8.0.362-150200.3.30.1 * java-1_8_0-openj9-headless-1.8.0.362-150200.3.30.1 * java-1_8_0-openj9-src-1.8.0.362-150200.3.30.1 * java-1_8_0-openj9-devel-1.8.0.362-150200.3.30.1 * java-1_8_0-openj9-1.8.0.362-150200.3.30.1 * java-1_8_0-openj9-accessibility-1.8.0.362-150200.3.30.1 * openSUSE Leap 15.4 (noarch) * java-1_8_0-openj9-javadoc-1.8.0.362-150200.3.30.1 ## References: * https://www.suse.com/security/cve/CVE-2023-21830.html * https://www.suse.com/security/cve/CVE-2023-21843.html * https://bugzilla.suse.com/show_bug.cgi?id=1207248 * https://bugzilla.suse.com/show_bug.cgi?id=1207249 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Mar 13 12:48:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Mar 2023 13:48:36 +0100 (CET) Subject: SUSE-CU-2023:626-1: Security update of ses/7.1/cephcsi/cephcsi Message-ID: <20230313124836.F0DD9F479@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:626-1 Container Tags : ses/7.1/cephcsi/cephcsi:3.8.0 , ses/7.1/cephcsi/cephcsi:3.8.0.0.3.2.635 , ses/7.1/cephcsi/cephcsi:latest , ses/7.1/cephcsi/cephcsi:sle15.3.pacific , ses/7.1/cephcsi/cephcsi:v3.8.0 , ses/7.1/cephcsi/cephcsi:v3.8.0.0 Container Release : 3.2.635 Severity : important Type : security References : 1178168 1182066 1198331 1199282 1204585 1208574 CVE-2020-25659 CVE-2020-36242 CVE-2021-30560 ----------------------------------------------------------------- The container ses/7.1/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:604-1 Released: Thu Mar 2 15:51:55 2023 Summary: Security update for python-cryptography, python-cryptography-vectors Type: security Severity: important References: 1178168,1182066,1198331,1199282,CVE-2020-25659,CVE-2020-36242 This update for python-cryptography, python-cryptography-vectors fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - CVE-2020-36242: Fixed a bug where certain sequences of update() calls could result in integer overflow (bsc#1182066). - CVE-2020-25659: Fixed Bleichenbacher vulnerabilities (bsc#1178168). - update to 3.3.2 (bsc#1198331) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:680-1 Released: Wed Mar 8 17:14:06 2023 Summary: Security update for libxslt Type: security Severity: important References: 1208574,CVE-2021-30560 This update for libxslt fixes the following issues: - CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:711-1 Released: Sun Mar 12 12:59:43 2023 Summary: Recommended update for ceph-csi Type: recommended Severity: moderate References: This update for ceph-csi fixes the following issues: - Update to 3.8.0 Features: - RBD - fscrypt support - Add fscrypt integration with the Ceph CSI KMS. Supports ext4 on RBD. Snapshots are supported as well. - Brief docs for fscrypt support - Provide new command line configuration to enable read affinity - CephFS - Shallow volumes for the ROX accessModes by default - Shallow volumes as default for cephfs ROX clones/restore for better performance. - Add fscrypt support for volumes, snapshots, and clones - There are dependencies with kernel and ceph Enhancements: - Update kubernetes dependencies to 1.26.1 * Update go-ceph to 0.20.0 * Update packages in release image * Add basic upgrade documentation for Helm Charts * Update rook installation to default latest version * Add extraArgs for sidecars * csidriver added to helper scripts * Lift the minimum supported version of ceph to v15.0.0 * Update csi spec to v1.7.0 * Add commonLabels value to helm charts Bug Fixes: * Make inode metrics optional in FilesystemNodeGetVolumeStats for CephFS * Discover if StagingTargetPath in NodeExpandVolume exists * Set disableInUseChecks on rbd volume * Skip expanding for BackingSnapshot volume * Fix CVEs in image * Ignore stderr for ceph osd blocklist when there is no error * Check volume details from original volumeID * Setup encryption if rbdVol exits during CreateVol * Return error if last sync time is not present * Return abnormal if the mount is corrupted * Fix namespace name update in metadata and rados object * Remove dummy image workaround * Get description from remote status - Fix mdl configuration - ParseAcceptLanguage takes a long time to parse complex tags E2E: - Run E2E tests with kubernetes v1.26 release - Many tests are added to make sure we stay with backward compatibility for existing features of v3.7 - New tests are added for features introduced in this release - Lots of cleanup and deprecated API removals were done on the test framework CI: - Update golang to 1.19.5 - Many Mergify enhancements for better CI resource utilization - Add GitHub action to trigger E2E Breaking Changes: - Removal of option to run cephcsi as both controller and node server. The following package changes have been done: - ceph-csi-3.8.0+git0.e13e72a-150300.3.9.1 updated - libxml2-2-2.9.7-150000.3.54.1 updated - libxslt1-1.1.32-150000.3.14.1 updated - python3-cryptography-3.3.2-150200.16.1 updated - container:ceph-image-1.0.0-3.2.416 updated From sle-updates at lists.suse.com Mon Mar 13 12:48:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Mar 2023 13:48:42 +0100 (CET) Subject: SUSE-CU-2023:627-1: Recommended update of ses/7.1/ceph/grafana Message-ID: <20230313124842.E0E02F479@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/grafana ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:627-1 Container Tags : ses/7.1/ceph/grafana:8.5.15 , ses/7.1/ceph/grafana:8.5.15.2.2.401 , ses/7.1/ceph/grafana:latest , ses/7.1/ceph/grafana:sle15.3.pacific Container Release : 2.2.401 Severity : moderate Type : recommended References : 1204585 ----------------------------------------------------------------- The container ses/7.1/ceph/grafana was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz The following package changes have been done: - libxml2-2-2.9.7-150000.3.54.1 updated - container:sles15-image-15.0.0-17.20.111 updated From sle-updates at lists.suse.com Mon Mar 13 12:48:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Mar 2023 13:48:49 +0100 (CET) Subject: SUSE-CU-2023:628-1: Recommended update of ses/7.1/ceph/haproxy Message-ID: <20230313124849.1BAFCF479@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/haproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:628-1 Container Tags : ses/7.1/ceph/haproxy:2.0.14 , ses/7.1/ceph/haproxy:2.0.14.3.5.338 , ses/7.1/ceph/haproxy:latest , ses/7.1/ceph/haproxy:sle15.3.pacific Container Release : 3.5.338 Severity : moderate Type : recommended References : 1204585 ----------------------------------------------------------------- The container ses/7.1/ceph/haproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz The following package changes have been done: - libxml2-2-2.9.7-150000.3.54.1 updated - container:sles15-image-15.0.0-17.20.111 updated From sle-updates at lists.suse.com Mon Mar 13 12:48:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Mar 2023 13:48:57 +0100 (CET) Subject: SUSE-CU-2023:629-1: Security update of ses/7.1/ceph/ceph Message-ID: <20230313124857.EF65BF479@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:629-1 Container Tags : ses/7.1/ceph/ceph:16.2.9.536 , ses/7.1/ceph/ceph:16.2.9.536.3.2.417 , ses/7.1/ceph/ceph:latest , ses/7.1/ceph/ceph:sle15.3.pacific Container Release : 3.2.417 Severity : important Type : security References : 1178168 1182066 1198331 1199282 1204585 1208574 CVE-2020-25659 CVE-2020-36242 CVE-2021-30560 ----------------------------------------------------------------- The container ses/7.1/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:604-1 Released: Thu Mar 2 15:51:55 2023 Summary: Security update for python-cryptography, python-cryptography-vectors Type: security Severity: important References: 1178168,1182066,1198331,1199282,CVE-2020-25659,CVE-2020-36242 This update for python-cryptography, python-cryptography-vectors fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - CVE-2020-36242: Fixed a bug where certain sequences of update() calls could result in integer overflow (bsc#1182066). - CVE-2020-25659: Fixed Bleichenbacher vulnerabilities (bsc#1178168). - update to 3.3.2 (bsc#1198331) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:680-1 Released: Wed Mar 8 17:14:06 2023 Summary: Security update for libxslt Type: security Severity: important References: 1208574,CVE-2021-30560 This update for libxslt fixes the following issues: - CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). The following package changes have been done: - libxml2-2-2.9.7-150000.3.54.1 updated - libxslt1-1.1.32-150000.3.14.1 updated - python3-cryptography-3.3.2-150200.16.1 updated - container:sles15-image-15.0.0-17.20.111 updated From sle-updates at lists.suse.com Mon Mar 13 12:49:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Mar 2023 13:49:04 +0100 (CET) Subject: SUSE-CU-2023:630-1: Recommended update of ses/7.1/ceph/keepalived Message-ID: <20230313124904.3B3B8F479@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/keepalived ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:630-1 Container Tags : ses/7.1/ceph/keepalived:2.0.19 , ses/7.1/ceph/keepalived:2.0.19.3.5.324 , ses/7.1/ceph/keepalived:latest , ses/7.1/ceph/keepalived:sle15.3.pacific Container Release : 3.5.324 Severity : moderate Type : recommended References : 1204585 ----------------------------------------------------------------- The container ses/7.1/ceph/keepalived was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz The following package changes have been done: - libxml2-2-2.9.7-150000.3.54.1 updated - container:sles15-image-15.0.0-17.20.111 updated From sle-updates at lists.suse.com Mon Mar 13 12:49:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Mar 2023 13:49:09 +0100 (CET) Subject: SUSE-CU-2023:631-1: Recommended update of ses/7.1/cephcsi/csi-attacher Message-ID: <20230313124909.35184F479@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-attacher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:631-1 Container Tags : ses/7.1/cephcsi/csi-attacher:v3.5.0 , ses/7.1/cephcsi/csi-attacher:v3.5.0-rev1 , ses/7.1/cephcsi/csi-attacher:v3.5.0-rev1-build2.2.383 Container Release : 2.2.383 Severity : moderate Type : recommended References : 1204585 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-attacher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz The following package changes have been done: - libxml2-2-2.9.7-150000.3.54.1 updated - container:sles15-image-15.0.0-17.20.111 updated From sle-updates at lists.suse.com Mon Mar 13 12:49:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Mar 2023 13:49:13 +0100 (CET) Subject: SUSE-CU-2023:632-1: Recommended update of ses/7.1/cephcsi/csi-node-driver-registrar Message-ID: <20230313124913.4A187F479@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-node-driver-registrar ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:632-1 Container Tags : ses/7.1/cephcsi/csi-node-driver-registrar:v2.5.1 , ses/7.1/cephcsi/csi-node-driver-registrar:v2.5.1-rev1 , ses/7.1/cephcsi/csi-node-driver-registrar:v2.5.1-rev1-build2.2.388 Container Release : 2.2.388 Severity : moderate Type : recommended References : 1204585 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-node-driver-registrar was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz The following package changes have been done: - libxml2-2-2.9.7-150000.3.54.1 updated - container:sles15-image-15.0.0-17.20.111 updated From sle-updates at lists.suse.com Mon Mar 13 12:49:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Mar 2023 13:49:18 +0100 (CET) Subject: SUSE-CU-2023:633-1: Recommended update of ses/7.1/cephcsi/csi-provisioner Message-ID: <20230313124918.85D63F479@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-provisioner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:633-1 Container Tags : ses/7.1/cephcsi/csi-provisioner:v3.2.1 , ses/7.1/cephcsi/csi-provisioner:v3.2.1-rev1 , ses/7.1/cephcsi/csi-provisioner:v3.2.1-rev1-build2.2.382 Container Release : 2.2.382 Severity : moderate Type : recommended References : 1204585 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-provisioner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz The following package changes have been done: - libxml2-2-2.9.7-150000.3.54.1 updated - container:sles15-image-15.0.0-17.20.111 updated From sle-updates at lists.suse.com Mon Mar 13 12:49:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Mar 2023 13:49:23 +0100 (CET) Subject: SUSE-CU-2023:634-1: Recommended update of ses/7.1/cephcsi/csi-resizer Message-ID: <20230313124923.91C02F479@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-resizer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:634-1 Container Tags : ses/7.1/cephcsi/csi-resizer:v1.5.0 , ses/7.1/cephcsi/csi-resizer:v1.5.0-rev1 , ses/7.1/cephcsi/csi-resizer:v1.5.0-rev1-build2.2.378 Container Release : 2.2.378 Severity : moderate Type : recommended References : 1204585 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-resizer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz The following package changes have been done: - libxml2-2-2.9.7-150000.3.54.1 updated - container:sles15-image-15.0.0-17.20.111 updated From sle-updates at lists.suse.com Mon Mar 13 12:49:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Mar 2023 13:49:28 +0100 (CET) Subject: SUSE-CU-2023:635-1: Recommended update of ses/7.1/cephcsi/csi-snapshotter Message-ID: <20230313124928.19719F479@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-snapshotter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:635-1 Container Tags : ses/7.1/cephcsi/csi-snapshotter:v6.0.1 , ses/7.1/cephcsi/csi-snapshotter:v6.0.1-rev1 , ses/7.1/cephcsi/csi-snapshotter:v6.0.1-rev1-build2.2.376 Container Release : 2.2.376 Severity : moderate Type : recommended References : 1204585 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-snapshotter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz The following package changes have been done: - libxml2-2-2.9.7-150000.3.54.1 updated - container:sles15-image-15.0.0-17.20.111 updated From sle-updates at lists.suse.com Mon Mar 13 12:49:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Mar 2023 13:49:32 +0100 (CET) Subject: SUSE-CU-2023:636-1: Recommended update of ses/7.1/ceph/prometheus-alertmanager Message-ID: <20230313124932.D2BBAF479@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/prometheus-alertmanager ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:636-1 Container Tags : ses/7.1/ceph/prometheus-alertmanager:0.23.0 , ses/7.1/ceph/prometheus-alertmanager:0.23.0.3.2.377 , ses/7.1/ceph/prometheus-alertmanager:latest , ses/7.1/ceph/prometheus-alertmanager:sle15.3.pacific Container Release : 3.2.377 Severity : moderate Type : recommended References : 1204585 ----------------------------------------------------------------- The container ses/7.1/ceph/prometheus-alertmanager was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz The following package changes have been done: - libxml2-2-2.9.7-150000.3.54.1 updated - container:sles15-image-15.0.0-17.20.111 updated From sle-updates at lists.suse.com Mon Mar 13 12:49:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Mar 2023 13:49:38 +0100 (CET) Subject: SUSE-CU-2023:637-1: Recommended update of ses/7.1/ceph/prometheus-node-exporter Message-ID: <20230313124938.1742EF479@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/prometheus-node-exporter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:637-1 Container Tags : ses/7.1/ceph/prometheus-node-exporter:1.3.0 , ses/7.1/ceph/prometheus-node-exporter:1.3.0.3.2.367 , ses/7.1/ceph/prometheus-node-exporter:latest , ses/7.1/ceph/prometheus-node-exporter:sle15.3.pacific Container Release : 3.2.367 Severity : moderate Type : recommended References : 1204585 ----------------------------------------------------------------- The container ses/7.1/ceph/prometheus-node-exporter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz The following package changes have been done: - libxml2-2-2.9.7-150000.3.54.1 updated - container:sles15-image-15.0.0-17.20.111 updated From sle-updates at lists.suse.com Mon Mar 13 12:49:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Mar 2023 13:49:43 +0100 (CET) Subject: SUSE-CU-2023:638-1: Recommended update of ses/7.1/ceph/prometheus-server Message-ID: <20230313124943.34D56F479@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/prometheus-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:638-1 Container Tags : ses/7.1/ceph/prometheus-server:2.32.1 , ses/7.1/ceph/prometheus-server:2.32.1.3.2.360 , ses/7.1/ceph/prometheus-server:latest , ses/7.1/ceph/prometheus-server:sle15.3.pacific Container Release : 3.2.360 Severity : moderate Type : recommended References : 1204585 ----------------------------------------------------------------- The container ses/7.1/ceph/prometheus-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz The following package changes have been done: - libxml2-2-2.9.7-150000.3.54.1 updated - container:sles15-image-15.0.0-17.20.111 updated From sle-updates at lists.suse.com Mon Mar 13 12:49:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Mar 2023 13:49:47 +0100 (CET) Subject: SUSE-CU-2023:639-1: Recommended update of ses/7.1/ceph/prometheus-snmp_notifier Message-ID: <20230313124947.A4CDDF479@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/prometheus-snmp_notifier ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:639-1 Container Tags : ses/7.1/ceph/prometheus-snmp_notifier:1.2.1 , ses/7.1/ceph/prometheus-snmp_notifier:1.2.1.2.2.350 , ses/7.1/ceph/prometheus-snmp_notifier:latest , ses/7.1/ceph/prometheus-snmp_notifier:sle15.3.pacific Container Release : 2.2.350 Severity : moderate Type : recommended References : 1204585 ----------------------------------------------------------------- The container ses/7.1/ceph/prometheus-snmp_notifier was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz The following package changes have been done: - libxml2-2-2.9.7-150000.3.54.1 updated - container:sles15-image-15.0.0-17.20.111 updated From sle-updates at lists.suse.com Mon Mar 13 12:49:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Mar 2023 13:49:54 +0100 (CET) Subject: SUSE-CU-2023:640-1: Security update of ses/7.1/rook/ceph Message-ID: <20230313124954.6ADA3F479@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:640-1 Container Tags : ses/7.1/rook/ceph:1.10.1 , ses/7.1/rook/ceph:1.10.1.16 , ses/7.1/rook/ceph:1.10.1.16.4.5.337 , ses/7.1/rook/ceph:latest , ses/7.1/rook/ceph:sle15.3.pacific Container Release : 4.5.337 Severity : important Type : security References : 1178168 1182066 1198331 1199282 1204585 1208574 CVE-2020-25659 CVE-2020-36242 CVE-2021-30560 ----------------------------------------------------------------- The container ses/7.1/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:604-1 Released: Thu Mar 2 15:51:55 2023 Summary: Security update for python-cryptography, python-cryptography-vectors Type: security Severity: important References: 1178168,1182066,1198331,1199282,CVE-2020-25659,CVE-2020-36242 This update for python-cryptography, python-cryptography-vectors fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - CVE-2020-36242: Fixed a bug where certain sequences of update() calls could result in integer overflow (bsc#1182066). - CVE-2020-25659: Fixed Bleichenbacher vulnerabilities (bsc#1178168). - update to 3.3.2 (bsc#1198331) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:680-1 Released: Wed Mar 8 17:14:06 2023 Summary: Security update for libxslt Type: security Severity: important References: 1208574,CVE-2021-30560 This update for libxslt fixes the following issues: - CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). The following package changes have been done: - libxml2-2-2.9.7-150000.3.54.1 updated - libxslt1-1.1.32-150000.3.14.1 updated - python3-cryptography-3.3.2-150200.16.1 updated - container:sles15-image-15.0.0-17.20.111 updated From sle-updates at lists.suse.com Tue Mar 14 08:01:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 09:01:58 +0100 (CET) Subject: SUSE-IU-2023:154-1: Security update of suse-sles-15-sp4-chost-byos-v20230310-x86_64-gen2 Message-ID: <20230314080158.9C893F46D@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230310-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:154-1 Image Tags : suse-sles-15-sp4-chost-byos-v20230310-x86_64-gen2:20230310 Image Release : Severity : important Type : security References : 1027519 1065729 1069169 1103388 1104120 1106523 1121410 1168806 1170160 1170160 1180422 1180482 1182482 1182482 1185697 1185861 1185863 1186056 1186449 1186745 1186749 1187948 1190091 1191256 1191375 1192868 1193629 1194338 1194869 1195175 1195655 1196058 1196332 1196332 1196335 1199701 1200110 1202436 1202853 1204063 1204356 1204662 1204929 1205175 1205244 1205495 1205792 1206006 1206036 1206056 1206057 1206258 1206363 1206459 1206616 1206677 1206784 1207010 1207034 1207036 1207050 1207125 1207134 1207149 1207158 1207183 1207183 1207184 1207186 1207190 1207237 1207263 1207269 1207497 1207500 1207501 1207506 1207507 1207734 1207753 1207769 1207789 1207795 1207842 1207878 1207933 1207990 1207991 1207992 1207994 1208067 1208143 1208146 1208237 1208286 1208443 CVE-2020-24588 CVE-2022-27672 CVE-2022-4382 CVE-2022-45061 CVE-2022-47929 CVE-2022-48303 CVE-2022-4904 CVE-2023-0122 CVE-2023-0179 CVE-2023-0266 CVE-2023-0361 CVE-2023-0590 CVE-2023-23454 CVE-2023-23455 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20230310-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2022-1 Released: Wed Sep 26 09:48:09 2018 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1103388,1104120,1106523 This update fixes the following issues: hwdata: - Update to version 0.314: + Updated pci, usb and vendor ids. spacewalk-backend: - Channels to be actually un-subscribed from the assigned systems when being removed using spacewalk-remove-channel tool. (bsc#1104120) - Take only text files from /srv/salt to make spacewalk-debug smaller. (bsc#1103388) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1022-1 Released: Wed Apr 24 13:46:51 2019 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1121410 This update for hwdata fixes the following issues: Update to version 0.320 (bsc#1121410): - Updated the pci, usb and vendor ids vendor and product databases. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1261-1 Released: Tue May 12 18:40:18 2020 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1168806 This update for hwdata fixes the following issues: Update from version 0.320 to version 0.324 (bsc#1168806) - Updated pci, usb and vendor ids. - Replace pciutils-ids package providing compatibility symbolic link ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:421-1 Released: Wed Feb 10 12:05:23 2021 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1180422,1180482 This update for hwdata fixes the following issues: - Added merge-pciids.pl to fully duplicate behavior of pciutils-ids (bsc#1180422, bsc#1180482) - Updated pci, usb and vendor ids. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:880-1 Released: Fri Mar 19 04:14:38 2021 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1170160,1182482 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1182482, bsc#1170160, jsc#SLE-13791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1950-1 Released: Thu Jun 10 14:42:00 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1170160,1182482,1185697 This update for hwdata fixes the following issues: - Update to version 0.347: + Updated pci, usb and vendor ids. (bsc#1185697) - Update to version 0.346: + Updated pci, usb and vendor ids. (bsc#1182482, jsc#SLE-13791, bsc#1170160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2447-1 Released: Thu Jul 22 08:26:29 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1186749,1187948 This update for hwdata fixes the following issue: - Version 0.349: Updated pci, usb and vendor ids (bsc#1187948). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2973-1 Released: Tue Sep 7 16:56:08 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1190091 This update for hwdata fixes the following issue: - Update pci, usb and vendor ids (bsc#1190091) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3832-1 Released: Wed Dec 1 14:51:19 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1191375 This update for hwdata fixes the following issue: - Update to version 0.353 (bsc#1191375) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:100-1 Released: Tue Jan 18 05:20:03 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1194338 This update for hwdata fixes the following issues: - Update hwdata from version 0.353 to 0.355 which includes updated pci, usb and vendor ids (bsc#1194338) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1204-1 Released: Thu Apr 14 12:15:55 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1196332 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1703-1 Released: Tue May 17 12:13:36 2022 Summary: Recommended update for hwdata Type: recommended Severity: important References: 1196332 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3135-1 Released: Wed Sep 7 08:39:31 2022 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1200110 This update for hwdata fixes the following issue: - Update pci, usb and vendor ids to version 0.360 (bsc#1200110) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4063-1 Released: Fri Nov 18 09:07:50 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:46-1 Released: Mon Jan 9 10:35:21 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:433-1 Released: Thu Feb 16 08:42:45 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1185861,1185863,1186449,1191256,1192868,1193629,1194869,1195175,1195655,1196058,1199701,1204063,1204356,1204662,1205495,1206006,1206036,1206056,1206057,1206258,1206363,1206459,1206616,1206677,1206784,1207010,1207034,1207036,1207050,1207125,1207134,1207149,1207158,1207184,1207186,1207190,1207237,1207263,1207269,1207497,1207500,1207501,1207506,1207507,1207734,1207769,1207795,1207842,1207878,1207933,CVE-2020-24588,CVE-2022-4382,CVE-2022-47929,CVE-2023-0122,CVE-2023-0179,CVE-2023-0266,CVE-2023-0590,CVE-2023-23454,CVE-2023-23455 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). - CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). - CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bnc#1207050). - CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race condition among the superblock operations inside the gadgetfs code (bsc#1206258). - CVE-2020-24588: Fixed injection of arbitrary network packets against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n) (bsc#1199701). The following non-security bugs were fixed: - ACPI: EC: Fix EC address space handler unregistration (bsc#1207149). - ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149). - ACPI: PRM: Check whether EFI runtime is available (git-fixes). - ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149). - ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149). - ALSA: control-led: use strscpy in set_led_id() (git-fixes). - ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (git-fixes). - ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (git-fixes). - ALSA: hda/realtek - Turn on power early (git-fixes). - ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes). - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes). - ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle (git-fixes). - ALSA: hda: cs35l41: Do not return -EINVAL from system suspend/resume (git-fixes). - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (git-fixes). - ALSA: usb-audio: Make sure to stop endpoints before closing EPs (git-fixes). - ALSA: usb-audio: Relax hw constraints for implicit fb sync (git-fixes). - ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (git-fixes). - ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (git-fixes). - ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes). - ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes). - ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes). - ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes). - ARM: imx: add missing of_node_put() (git-fixes). - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes). - ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes). - ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes). - ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes). - ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes). - ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (git-fixes). - ASoC: wm8904: fix wrong outputs volume after power reactivation (git-fixes). - Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (git-fixes). - Bluetooth: hci_qca: Fix driver shutdown on closed serdev (git-fixes). - Documentation: Remove bogus claim about del_timer_sync() (git-fixes). - HID: betop: check shape of output reports (git-fixes). - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: check empty report_list in bigben_probe() (git-fixes). - HID: check empty report_list in hid_validate_values() (git-fixes). - HID: drop assumptions on non-empty lists (git-fixes, bsc#1206784). - HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes). - HID: playstation: sanity check DualSense calibration data (git-fixes). - HID: revert CHERRY_MOUSE_000C quirk (git-fixes). - IB/hfi1: Fix expected receive setup error exit issues (git-fixes) - IB/hfi1: Immediately remove invalid memory from hardware (git-fixes) - IB/hfi1: Reject a zero-length user expected buffer (git-fixes) - IB/hfi1: Remove user expected buffer invalidate race (git-fixes) - IB/hfi1: Reserve user expected TIDs (git-fixes) - IB/mad: Do not call to function that might sleep while in atomic context (git-fixes). - KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init() (bsc#1206616). - PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP (bsc#1207269). - PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (git-fixes). - RDMA/core: Fix ib block iterator counter overflow (bsc#1207878). - RDMA/core: Fix ib block iterator counter overflow (git-fixes) - RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes) - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes) - RDMA/rxe: Prevent faulty rkey generation (git-fixes) - RDMA/srp: Move large values to a new enum for gcc13 (git-fixes) - Revert 'ARM: dts: armada-38x: Fix compatible string for gpios' (git-fixes). - Revert 'ARM: dts: armada-39x: Fix compatible string for gpios' (git-fixes). - Revert 'Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode' (git-fixes). - Revert 'Revert 'block, bfq: honor already-setup queue merges'' (git-fixes). - Revert 'arm64: dts: meson-sm1-odroid-hc4: disable unused USB PHY0' (git-fixes). - Revert 'wifi: mac80211: fix memory leak in ieee80211_if_add()' (git-fixes). - SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes). - USB: gadget: Fix use-after-free during usb config switch (git-fixes). - USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes). - USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes). - USB: serial: option: add Quectel EC200U modem (git-fixes). - USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes). - USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes). - USB: serial: option: add Quectel EM05CN modem (git-fixes). - VMCI: Use threaded irqs instead of tasklets (git-fixes). - arm64: atomics: format whitespace consistently (git-fixes). - arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes). - arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (git-fixes). - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes). - arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes). - arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes). - arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes). - arm64: dts: qcom: msm8992: Do not use sfpb mutex (git-fixes). - arm64: efi: Execute runtime services from a dedicated stack (git-fixes). - ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes). - ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - bfq: fix use-after-free in bfq_dispatch_request (git-fixes). - bfq: fix waker_bfqq inconsistency crash (git-fixes). - blk-throttle: prevent overflow while calculating wait time (git-fixes). - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - block, bfq: do not move oom_bfqq (git-fixes). - block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes). - block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes). - block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes). - block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes). - block/bfq_wf2q: correct weight to ioprio (git-fixes). - block/bio: remove duplicate append pages code (git-fixes). - block: check minor range in device_add_disk() (git-fixes). - block: ensure iov_iter advances for added pages (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes). - block: use bdev_get_queue() in bio.c (git-fixes). - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (git-fixes). - bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes). - bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes). - bnxt_en: add dynamic debug support for HWRM messages (git-fixes). - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git-fixes). - bnxt_en: fix the handling of PCIE-AER (git-fixes). - bnxt_en: refactor bnxt_cancel_reservations() (git-fixes). - btrfs: add helper to delete a dir entry from a log tree (bsc#1207263). - btrfs: avoid inode logging during rename and link when possible (bsc#1207263). - btrfs: avoid logging all directory changes during renames (bsc#1207263). - btrfs: backport recent fixes for send/receive into SLE15 SP4/SP5 (bsc#1206036 bsc#1207500 ltc#201363). - btrfs: do not log unnecessary boundary keys when logging directory (bsc#1207263). - btrfs: fix assertion failure when logging directory key range item (bsc#1207263). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056 bsc#1207507 ltc#201367). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057 bsc#1207506 ltc#201368). - btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158). - btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158). - btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes). - btrfs: join running log transaction when logging new name (bsc#1207263). - btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158). - btrfs: pass the dentry to btrfs_log_new_name() instead of the inode (bsc#1207263). - btrfs: prepare extents to be logged before locking a log tree path (bsc#1207263). - btrfs: put initial index value of a directory in a constant (bsc#1207263). - btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158). - btrfs: qgroup: remove outdated TODO comments (bsc#1207158). - btrfs: remove unnecessary NULL check for the new inode during rename exchange (bsc#1207263). - btrfs: remove useless path release in the fast fsync path (bsc#1207263). - btrfs: remove write and wait of struct walk_control (bsc#1207263). - btrfs: stop copying old dir items when logging a directory (bsc#1207263). - btrfs: stop doing unnecessary log updates during a rename (bsc#1207263). - btrfs: stop trying to log subdirectories created in past transactions (bsc#1207263). - btrfs: use single variable to track return value at btrfs_log_inode() (bsc#1207263). - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes). - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes). - cifs: Fix uninitialized memory read for smb311 posix symlink create (git-fixes). - cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629). - cifs: do not include page data when checking signature (git-fixes). - cifs: do not query ifaces on smb1 mounts (git-fixes). - cifs: don't take exclusive lock for updating target hints (bsc#1193629). - cifs: fix double free on failed kerberos auth (git-fixes). - cifs: fix file info setting in cifs_open_file() (git-fixes). - cifs: fix file info setting in cifs_query_path_info() (git-fixes). - cifs: fix potential deadlock in cache_refresh_path() (git-fixes). - cifs: fix potential memory leaks in session setup (bsc#1193629). - cifs: fix race in assemble_neg_contexts() (bsc#1193629). - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629). - cifs: handle cache lookup errors different than -ENOENT (bsc#1193629). - cifs: ignore ipc reconnect failures during dfs failover (bsc#1193629). - cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1193629). - cifs: remove duplicate code in __refresh_tcon() (bsc#1193629). - cifs: remove redundant assignment to the variable match (bsc#1193629). - cifs: remove unused function (bsc#1193629). - comedi: adv_pci1760: Fix PWM instruction handling (git-fixes). - config: arm64: Fix Freescale LPUART dependency (boo#1204063). - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes). - cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes). - crypto: fixed DH and ECDH implemention for FIPS PCT (jsc#SLE-21132,bsc#1191256,bsc#1207184). - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: clear the journal on suspend (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix alloc_dax error handling in alloc_dev (git-fixes). - dm: requeue IO if mapping table not yet available (git-fixes). - dmaengine: Fix double increment of client_count in dma_chan_get() (git-fixes). - dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable (git-fixes). - dmaengine: idxd: Let probe fail when workqueue cannot be enabled (git-fixes). - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-fixes). - dmaengine: lgm: Move DT parsing after initialization (git-fixes). - dmaengine: tegra210-adma: fix global intr clear (git-fixes). - dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG (git-fixes). - dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (git-fixes). - docs: Fix the docs build with Sphinx 6.0 (git-fixes). - driver core: Fix test_async_probe_init saves device in wrong array (git-fixes). - drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - drm/amd/display: Calculate output_color_space after pixel encoding adjustment (git-fixes). - drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (git-fixes). - drm/amd/display: Fix set scaling doesn's work (git-fixes). - drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734). - drm/amd/display: fix issues with driver unload (git-fixes). - drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes). - drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes). - drm/amdgpu: drop experimental flag on aldebaran (git-fixes). - drm/hyperv: Add error message for fb size greater than allocated (git-fixes). - drm/i915/adlp: Fix typo for reference clock (git-fixes). - drm/i915/display: Check source height is > 0 (git-fixes). - drm/i915/gt: Reset twice (git-fixes). - drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-fixes). - drm/i915: Fix potential bit_17 double-free (git-fixes). - drm/i915: re-disable RC6p on Sandy Bridge (git-fixes). - drm/msm/adreno: Make adreno quirks not overwrite each other (git-fixes). - drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer (git-fixes). - drm/msm: another fix for the headless Adreno GPU (git-fixes). - drm/panfrost: fix GENERIC_ATOMIC64 dependency (git-fixes). - drm/vc4: hdmi: make CEC adapter name unique (git-fixes). - drm/virtio: Fix GEM handle creation UAF (git-fixes). - drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes). - dt-bindings: msm/dsi: Do not require vcca-supply on 14nm PHY (git-fixes). - dt-bindings: msm/dsi: Do not require vdds-supply on 10nm PHY (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix description of core clock (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (git-fixes). - dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (git-fixes). - efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes). - efi: fix userspace infinite retry read efivars after EFI runtime services page fault (git-fixes). - efi: rt-wrapper: Add missing include (git-fixes). - efi: tpm: Avoid READ_ONCE() for accessing the event log (git-fixes). - ext4: Fixup pages without buffers (bsc#1205495). - extcon: usbc-tusb320: fix kernel-doc warning (git-fixes). - fbcon: Check font dimension limits (git-fixes). - fbdev: omapfb: avoid stack overflow warning (git-fixes). - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_notification (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_response (git-fixes). - fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-fixes). - fs: remove __sync_filesystem (git-fixes). - ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes). - ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes). - git_sort: add usb-linus branch for gregkh/usb - gsmi: fix null-deref in gsmi_get_variable (git-fixes). - hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes). - i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes). - i2c: mv64xxx: Remove shutdown method from driver (git-fixes). - i40e: Disallow ip4 and ip6 l4_4_bytes (git-fixes). - i40e: Fix error handling in i40e_init_module() (git-fixes). - i40e: Fix not setting default xps_cpus after reset (git-fixes). - igb: Allocate MSI-X vector when testing (git-fixes). - iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes). - iio: adc: stm32-dfsdm: fill module aliases (git-fixes). - iio: hid: fix the retval in accel_3d_capture_sample (git-fixes). - iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes). - iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes). - iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes). - iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes). - iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes). - iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes). - iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes). - iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes). - iio:adc:twl6030: Enable measurement of VAC (git-fixes). - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes). - ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459). - ipmi:ssif: Increase the message retry time (bsc#1206459). - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (git-fixes). - ixgbevf: Fix resource leak in ixgbevf_init_module() (git-fixes). - jbd2: use the correct print format (git-fixes). - kABI workaround for struct acpi_ec (bsc#1207149). - kABI: Preserve TRACE_EVENT_FL values (git-fixes). - kabi/severities: add mlx5 internal symbols - l2tp: Do not sleep and disable BH under writer-side sk_callback_lock (git-fixes). - loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - mei: me: add meteor lake point M DID (git-fixes). - memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (git-fixes). - memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (git-fixes). - memory: tegra: Remove clients SID override programming (git-fixes). - misc: fastrpc: Do not remove map on creater_process and device_release (git-fixes). - misc: fastrpc: Fix use-after-free race condition for maps (git-fixes). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - mm: compaction: kABI: avoid pglist_data kABI breakage (bsc#1207010). - mm: compaction: support triggering of proactive compaction by user (bsc#1207010). - mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (git-fixes). - mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (git-fixes). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes). - mt76: mt7921: avoid unnecessary spin_lock/spin_unlock in mt7921_mcu_tx_done_event (git-fixes). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - net/mlx4: Check retval of mlx4_bitmap_init (git-fixes). - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842). - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (git-fixes). - net: ena: Fix error handling in ena_init() (git-fixes). - net: liquidio: release resources when liquidio driver open failed (git-fixes). - net: liquidio: simplify if expression (git-fixes). - net: macvlan: Use built-in RCU list checking (git-fixes). - net: macvlan: fix memory leaks of macvlan_common_newlink (git-fixes). - net: mdio: validate parameter addr in mdiobus_get_phy() (git-fixes). - net: nfc: Fix use-after-free in local_cleanup() (git-fixes). - net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes). - net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes). - net: tun: Fix memory leaks of napi_get_frags (git-fixes). - net: tun: Fix use-after-free in tun_detach() (git-fixes). - net: tun: call napi_schedule_prep() to ensure we own a napi (git-fixes). - net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes). - net: usb: sr9700: Handle negative len (git-fixes). - net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (git-fixes). - netrom: Fix use-after-free caused by accept on already connected socket (git-fixes). - netrom: Fix use-after-free of a listening socket (git-fixes). - nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - octeontx2-af: Fix reference count issue in rvu_sdp_init() (jsc#SLE-24682). - octeontx2-af: debugsfs: fix pci device refcount leak (git-fixes). - octeontx2-pf: Add check for devm_kcalloc (git-fixes). - octeontx2-pf: Fix potential memory leak in otx2_init_tc() (jsc#SLE-24682). - of/address: Return an error when no valid dma-ranges are found (git-fixes). - phy: Revert 'phy: qualcomm: usb28nm: Add MDM9607 init sequence' (git-fixes). - phy: phy-can-transceiver: Skip warning if no 'max-bitrate' (git-fixes). - phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (git-fixes). - phy: ti: fix Kconfig warning and operator precedence (git-fixes). - pinctrl: amd: Add dynamic debugging for active GPIOs (git-fixes). - pinctrl: rockchip: fix mux route data for rk3568 (git-fixes). - platform/surface: aggregator: Add missing call to ssam_request_sync_free() (git-fixes). - platform/surface: aggregator: Ignore command messages not intended for us (git-fixes). - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes). - platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting (git-fixes). - platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present (git-fixes). - platform/x86: sony-laptop: Do not turn off 0x153 keyboard backlight during probe (git-fixes). - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes). - powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869). - powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869). - powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes). - powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869). - powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869). - powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869). - powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869). - qlcnic: fix sleep-in-atomic-context bugs caused by msleep (git-fixes). - r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes). - r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes). - regulator: da9211: Use irq handler when ready (git-fixes). - rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage - s390/qeth: fix various format strings (git-fixes). - sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes) - sched/core: Introduce sched_asym_cpucap_active() (git-fixes) - sched/cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes) - sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes) - sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes) - sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes) - sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes) - scsi: Revert 'scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT' (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - scsi: efct: Fix possible memleak in efct_device_init() (git-fixes). - scsi: elx: libefc: Fix second parameter type in state callbacks (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes). - scsi: scsi_debug: Fix a warning in resp_report_zones() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_verify() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes). - scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (bsc#1206006). - scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes). - scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes). - scsi: ufs: core: Enable link lost interrupt (git-fixes). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests: Provide local define of __cpuid_count() (git-fixes). - serial: 8250_dma: Fix DMA Rx rearm race (git-fixes). - serial: atmel: fix incorrect baudrate setup (git-fixes). - serial: pch_uart: Pass correct sg to dma_unmap_sg() (git-fixes). - sfc: fix potential memleak in __ef100_hard_start_xmit() (git-fixes). - soc: imx8m: Fix incorrect check for of_clk_get_by_name() (git-fixes). - spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes). - staging: mt7621-dts: change some node hex addresses to lower case (git-fixes). - staging: vchiq_arm: fix enum vchiq_status return types (git-fixes). - swim3: add missing major.h include (git-fixes). - tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (git-fixes). - thermal/core: Remove duplicate information when an error occurs (git-fixes). - thunderbolt: Do not call PM runtime functions in tb_retimer_scan() (git-fixes). - thunderbolt: Do not report errors if on-board retimers are found (git-fixes). - thunderbolt: Use correct function to calculate maximum USB3 link rate (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation. - tick/sched: Fix non-kernel-doc comment (git-fixes). - tomoyo: fix broken dependency on *.conf.default (git-fixes). - tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes). - tracing/hist: Fix issue of losting command info in error_log (git-fixes). - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-fixes). - tracing/hist: Fix wrong return value in parse_action_params() (git-fixes). - tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes). - tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing/probes: Handle system names with hyphens (git-fixes). - tracing: Add '__rel_loc' using trace event macros (git-fixes). - tracing: Add DYNAMIC flag for dynamic events (git-fixes). - tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes). - tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing: Do not use out-of-sync va_list in event printing (git-fixes). - tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes). - tracing: Fix a kmemleak false positive in tracing_map (git-fixes). - tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes). - tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes). - tracing: Fix issue of missing one synthetic field (git-fixes). - tracing: Fix mismatched comment in __string_len (git-fixes). - tracing: Fix possible memory leak in __create_synth_event() error path (git-fixes). - tracing: Fix race where histograms can be called before the event (git-fixes). - tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes). - tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes). - tracing: Fix warning on variable 'struct trace_array' (git-fixes). - tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-fixes). - tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes). - tracing: Have type enum modifications copy the strings (git-fixes). - tracing: Make tp_printk work on syscall tracepoints (git-fixes). - tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes). - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes). - tty: fix possible null-ptr-defer in spk_ttyio_release (git-fixes). - tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer (git-fixes). - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (git-fixes). - usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes). - usb: cdns3: remove fetched trb from cache before dequeuing (git-fixes). - usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes). - usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes). - usb: fotg210-udc: Fix ages old endianness issues (git-fixes). - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (git-fixes). - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes). - usb: gadget: f_hid: fix refcount leak on error path (git-fixes). - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-fixes). - usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes). - usb: gadget: g_webcam: Send color matching descriptor per frame (git-fixes). - usb: gadget: udc: core: Print error code in usb_gadget_probe_driver() (git-fixes). - usb: gadget: udc: core: Revise comments for USB ep enable/disable (git-fixes). - usb: gadget: udc: core: Use pr_fmt() to prefix messages (git-fixes). - usb: gadget: udc: core: remove usage of list iterator past the loop body (git-fixes). - usb: host: ehci-fsl: Fix module alias (git-fixes). - usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes). - usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes). - usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git-fixes). - usb: xhci: Check endpoint is valid before dereferencing it (git-fixes). - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes). - vfs: make sync_filesystem return errors from ->sync_fs (git-fixes). - virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes). - virtio-net: correctly enable callback during start_xmit (git-fixes). - virtio_pci: modify ENOENT to EINVAL (git-fixes). - w1: fix WARNING after calling w1_process() (git-fixes). - w1: fix deadloop in __w1_remove_master_device() (git-fixes). - wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes) - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). - wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (git-fixes). - wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes). - wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (git-fixes). - wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (git-fixes). - wifi: mt76: sdio: poll sta stat when device transmits data (git-fixes). - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (git-fixes). - x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes). - x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes). - xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes). - xfs: fix incorrect error-out in xfs_remove (git-fixes). - xfs: fix incorrect i_nlink caused by inode racing (git-fixes). - xfs: fix maxlevels comparisons in the btree staging code (git-fixes). - xfs: fix memory leak in xfs_errortag_init (git-fixes). - xfs: get rid of assert from xfs_btree_islastblock (git-fixes). - xfs: get root inode correctly at bulkstat (git-fixes). - xfs: initialize the check_owner object fully (git-fixes). - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes). - xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes). - xfs: return errors in xfs_fs_sync_fs (git-fixes). - xfs: xfstest fails with error missing kernel patch (git-fixes bsc#1207501 ltc#201370). - xhci-pci: set the dma max_seg_size (git-fixes). - xhci: Fix null pointer dereference when host dies (git-fixes). - zram: Delete patch for regression addressed (bsc#1207933). - zram: do not lookup algorithm in backends table (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:439-1 Released: Thu Feb 16 13:09:30 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1069169,1186056,1204929,1205175 This update for dracut fixes the following issues: - Exclude USB drivers in strict hostonly mode (bsc#1186056) - Warn if included with no multipath devices and no user conf (bsc#1069169) - Improve detection of installed kernel versions (bsc#1205175) - chown using rpc default group (bsc#1204929) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:475-1 Released: Wed Feb 22 10:49:14 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1207183,1208143,1208146,CVE-2023-0361 This update for gnutls fixes the following issues: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143). - FIPS: Make the jitterentropy calls thread-safe (bsc#1208146). - FIPS: GnuTLS DH/ECDH PCT public key regeneration (bsc#1207183). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:486-1 Released: Thu Feb 23 10:38:13 2023 Summary: Security update for c-ares Type: security Severity: important References: 1208067,CVE-2022-4904 This update for c-ares fixes the following issues: Updated to version 1.19.0: - CVE-2022-4904: Fixed missing string length check in config_sortlist() (bsc#1208067). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:549-1 Released: Mon Feb 27 17:35:07 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1205244,1208443,CVE-2022-45061 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:588-1 Released: Wed Mar 1 14:19:35 2023 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1186745,1196335 This update for kdump fixes the following issues: - run kdump.service only after kdump-early.service (bsc#1196335) - don't skip infiniband interfaces (bsc#1186745) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:632-1 Released: Mon Mar 6 20:33:59 2023 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1207183,1208237 This update for gnutls fixes the following issues: - FIPS: Fix pct_test() return code in case of error (bsc#1207183) - Increase the limit of TLS PSK usernames from 128 to 65535 characters. [bsc#1208237, jsc#PED-1562] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:692-1 Released: Thu Mar 9 16:06:04 2023 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1205792,1208286,CVE-2022-27672 This update for xen fixes the following issues: - CVE-2022-27672: Fixed speculative execution vulnerability due to RAS being dynamically partitioned between non-idle threads (bsc#1208286). Bugfixes: - Fixed launch-xenstore error (bsc#1205792) - Fixed issues in VMX (bsc#1027519). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:709-1 Released: Fri Mar 10 16:04:41 2023 Summary: Recommended update for console-setup Type: recommended Severity: moderate References: 1202853 This update for console-setup and kbd fixes the following issue: - Fix Caps_Lock mapping for us.map and others (bsc#1202853) The following package changes have been done: - curl-7.79.1-150400.5.15.1 updated - dracut-mkinitrd-deprecated-055+suse.331.g05b9ccb7-150400.3.16.1 updated - dracut-055+suse.331.g05b9ccb7-150400.3.16.1 updated - hwdata-0.365-150000.3.54.1 added - kbd-legacy-2.4.0-150400.5.3.1 updated - kbd-2.4.0-150400.5.3.1 updated - kdump-1.0.2+git20.g64239cc-150400.3.11.1 updated - kernel-default-5.14.21-150400.24.46.1 updated - libcares2-1.19.0-150000.3.20.1 updated - libcurl4-7.79.1-150400.5.15.1 updated - libgnutls30-3.7.3-150400.4.32.1 updated - libjitterentropy3-3.4.0-150000.1.9.1 updated - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libpython3_6m1_0-3.6.15-150300.10.40.1 updated - librelp0-1.2.15-1.15 added - libsystemd0-249.15-150400.8.22.1 updated - libudev1-249.15-150400.8.22.1 updated - openssl-1_1-1.1.1l-150400.7.25.1 updated - python3-base-3.6.15-150300.10.40.1 updated - python3-3.6.15-150300.10.40.1 updated - sle-module-basesystem-release-15.4-150400.55.1 added - sle-module-containers-release-15.4-150400.55.1 added - sle-module-public-cloud-release-15.4-150400.55.1 added - sle-module-server-applications-release-15.4-150400.55.1 added - systemd-sysvinit-249.15-150400.8.22.1 updated - systemd-249.15-150400.8.22.1 updated - tar-1.34-150000.3.31.1 updated - udev-249.15-150400.8.22.1 updated - xen-libs-4.16.3_04-150400.4.22.1 updated - pciutils-ids-20200324-3.6.1 removed - vlan-1.9-1.27 removed From sle-updates at lists.suse.com Tue Mar 14 08:02:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 09:02:05 +0100 (CET) Subject: SUSE-IU-2023:155-1: Security update of suse-sles-15-sp4-chost-byos-v20230310-hvm-ssd-x86_64 Message-ID: <20230314080205.2B128F46D@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230310-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:155-1 Image Tags : suse-sles-15-sp4-chost-byos-v20230310-hvm-ssd-x86_64:20230310 Image Release : Severity : important Type : security References : 1027519 1065729 1069169 1103388 1104120 1106523 1121410 1168806 1170160 1170160 1180422 1180482 1182482 1182482 1185697 1185861 1185863 1186056 1186449 1186745 1186749 1187948 1190091 1191256 1191375 1192868 1193629 1194338 1194869 1195175 1195655 1196058 1196332 1196332 1196335 1199701 1200110 1202436 1202853 1204063 1204356 1204662 1204929 1205175 1205244 1205495 1205792 1206006 1206036 1206056 1206057 1206258 1206363 1206459 1206616 1206677 1206784 1207010 1207034 1207036 1207050 1207125 1207134 1207149 1207158 1207183 1207183 1207184 1207186 1207190 1207237 1207263 1207269 1207497 1207500 1207501 1207506 1207507 1207734 1207753 1207769 1207789 1207795 1207842 1207878 1207933 1207990 1207991 1207992 1207994 1208067 1208143 1208146 1208237 1208286 1208443 CVE-2020-24588 CVE-2022-27672 CVE-2022-4382 CVE-2022-45061 CVE-2022-47929 CVE-2022-48303 CVE-2022-4904 CVE-2023-0122 CVE-2023-0179 CVE-2023-0266 CVE-2023-0361 CVE-2023-0590 CVE-2023-23454 CVE-2023-23455 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20230310-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2022-1 Released: Wed Sep 26 09:48:09 2018 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1103388,1104120,1106523 This update fixes the following issues: hwdata: - Update to version 0.314: + Updated pci, usb and vendor ids. spacewalk-backend: - Channels to be actually un-subscribed from the assigned systems when being removed using spacewalk-remove-channel tool. (bsc#1104120) - Take only text files from /srv/salt to make spacewalk-debug smaller. (bsc#1103388) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1022-1 Released: Wed Apr 24 13:46:51 2019 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1121410 This update for hwdata fixes the following issues: Update to version 0.320 (bsc#1121410): - Updated the pci, usb and vendor ids vendor and product databases. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1261-1 Released: Tue May 12 18:40:18 2020 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1168806 This update for hwdata fixes the following issues: Update from version 0.320 to version 0.324 (bsc#1168806) - Updated pci, usb and vendor ids. - Replace pciutils-ids package providing compatibility symbolic link ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:421-1 Released: Wed Feb 10 12:05:23 2021 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1180422,1180482 This update for hwdata fixes the following issues: - Added merge-pciids.pl to fully duplicate behavior of pciutils-ids (bsc#1180422, bsc#1180482) - Updated pci, usb and vendor ids. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:880-1 Released: Fri Mar 19 04:14:38 2021 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1170160,1182482 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1182482, bsc#1170160, jsc#SLE-13791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1950-1 Released: Thu Jun 10 14:42:00 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1170160,1182482,1185697 This update for hwdata fixes the following issues: - Update to version 0.347: + Updated pci, usb and vendor ids. (bsc#1185697) - Update to version 0.346: + Updated pci, usb and vendor ids. (bsc#1182482, jsc#SLE-13791, bsc#1170160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2447-1 Released: Thu Jul 22 08:26:29 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1186749,1187948 This update for hwdata fixes the following issue: - Version 0.349: Updated pci, usb and vendor ids (bsc#1187948). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2973-1 Released: Tue Sep 7 16:56:08 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1190091 This update for hwdata fixes the following issue: - Update pci, usb and vendor ids (bsc#1190091) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3832-1 Released: Wed Dec 1 14:51:19 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1191375 This update for hwdata fixes the following issue: - Update to version 0.353 (bsc#1191375) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:100-1 Released: Tue Jan 18 05:20:03 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1194338 This update for hwdata fixes the following issues: - Update hwdata from version 0.353 to 0.355 which includes updated pci, usb and vendor ids (bsc#1194338) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1204-1 Released: Thu Apr 14 12:15:55 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1196332 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1703-1 Released: Tue May 17 12:13:36 2022 Summary: Recommended update for hwdata Type: recommended Severity: important References: 1196332 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3135-1 Released: Wed Sep 7 08:39:31 2022 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1200110 This update for hwdata fixes the following issue: - Update pci, usb and vendor ids to version 0.360 (bsc#1200110) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4063-1 Released: Fri Nov 18 09:07:50 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:46-1 Released: Mon Jan 9 10:35:21 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:433-1 Released: Thu Feb 16 08:42:45 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1185861,1185863,1186449,1191256,1192868,1193629,1194869,1195175,1195655,1196058,1199701,1204063,1204356,1204662,1205495,1206006,1206036,1206056,1206057,1206258,1206363,1206459,1206616,1206677,1206784,1207010,1207034,1207036,1207050,1207125,1207134,1207149,1207158,1207184,1207186,1207190,1207237,1207263,1207269,1207497,1207500,1207501,1207506,1207507,1207734,1207769,1207795,1207842,1207878,1207933,CVE-2020-24588,CVE-2022-4382,CVE-2022-47929,CVE-2023-0122,CVE-2023-0179,CVE-2023-0266,CVE-2023-0590,CVE-2023-23454,CVE-2023-23455 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). - CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). - CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bnc#1207050). - CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race condition among the superblock operations inside the gadgetfs code (bsc#1206258). - CVE-2020-24588: Fixed injection of arbitrary network packets against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n) (bsc#1199701). The following non-security bugs were fixed: - ACPI: EC: Fix EC address space handler unregistration (bsc#1207149). - ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149). - ACPI: PRM: Check whether EFI runtime is available (git-fixes). - ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149). - ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149). - ALSA: control-led: use strscpy in set_led_id() (git-fixes). - ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (git-fixes). - ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (git-fixes). - ALSA: hda/realtek - Turn on power early (git-fixes). - ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes). - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes). - ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle (git-fixes). - ALSA: hda: cs35l41: Do not return -EINVAL from system suspend/resume (git-fixes). - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (git-fixes). - ALSA: usb-audio: Make sure to stop endpoints before closing EPs (git-fixes). - ALSA: usb-audio: Relax hw constraints for implicit fb sync (git-fixes). - ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (git-fixes). - ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (git-fixes). - ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes). - ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes). - ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes). - ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes). - ARM: imx: add missing of_node_put() (git-fixes). - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes). - ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes). - ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes). - ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes). - ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes). - ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (git-fixes). - ASoC: wm8904: fix wrong outputs volume after power reactivation (git-fixes). - Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (git-fixes). - Bluetooth: hci_qca: Fix driver shutdown on closed serdev (git-fixes). - Documentation: Remove bogus claim about del_timer_sync() (git-fixes). - HID: betop: check shape of output reports (git-fixes). - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: check empty report_list in bigben_probe() (git-fixes). - HID: check empty report_list in hid_validate_values() (git-fixes). - HID: drop assumptions on non-empty lists (git-fixes, bsc#1206784). - HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes). - HID: playstation: sanity check DualSense calibration data (git-fixes). - HID: revert CHERRY_MOUSE_000C quirk (git-fixes). - IB/hfi1: Fix expected receive setup error exit issues (git-fixes) - IB/hfi1: Immediately remove invalid memory from hardware (git-fixes) - IB/hfi1: Reject a zero-length user expected buffer (git-fixes) - IB/hfi1: Remove user expected buffer invalidate race (git-fixes) - IB/hfi1: Reserve user expected TIDs (git-fixes) - IB/mad: Do not call to function that might sleep while in atomic context (git-fixes). - KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init() (bsc#1206616). - PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP (bsc#1207269). - PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (git-fixes). - RDMA/core: Fix ib block iterator counter overflow (bsc#1207878). - RDMA/core: Fix ib block iterator counter overflow (git-fixes) - RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes) - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes) - RDMA/rxe: Prevent faulty rkey generation (git-fixes) - RDMA/srp: Move large values to a new enum for gcc13 (git-fixes) - Revert 'ARM: dts: armada-38x: Fix compatible string for gpios' (git-fixes). - Revert 'ARM: dts: armada-39x: Fix compatible string for gpios' (git-fixes). - Revert 'Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode' (git-fixes). - Revert 'Revert 'block, bfq: honor already-setup queue merges'' (git-fixes). - Revert 'arm64: dts: meson-sm1-odroid-hc4: disable unused USB PHY0' (git-fixes). - Revert 'wifi: mac80211: fix memory leak in ieee80211_if_add()' (git-fixes). - SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes). - USB: gadget: Fix use-after-free during usb config switch (git-fixes). - USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes). - USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes). - USB: serial: option: add Quectel EC200U modem (git-fixes). - USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes). - USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes). - USB: serial: option: add Quectel EM05CN modem (git-fixes). - VMCI: Use threaded irqs instead of tasklets (git-fixes). - arm64: atomics: format whitespace consistently (git-fixes). - arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes). - arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (git-fixes). - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes). - arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes). - arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes). - arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes). - arm64: dts: qcom: msm8992: Do not use sfpb mutex (git-fixes). - arm64: efi: Execute runtime services from a dedicated stack (git-fixes). - ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes). - ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - bfq: fix use-after-free in bfq_dispatch_request (git-fixes). - bfq: fix waker_bfqq inconsistency crash (git-fixes). - blk-throttle: prevent overflow while calculating wait time (git-fixes). - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - block, bfq: do not move oom_bfqq (git-fixes). - block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes). - block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes). - block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes). - block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes). - block/bfq_wf2q: correct weight to ioprio (git-fixes). - block/bio: remove duplicate append pages code (git-fixes). - block: check minor range in device_add_disk() (git-fixes). - block: ensure iov_iter advances for added pages (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes). - block: use bdev_get_queue() in bio.c (git-fixes). - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (git-fixes). - bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes). - bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes). - bnxt_en: add dynamic debug support for HWRM messages (git-fixes). - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git-fixes). - bnxt_en: fix the handling of PCIE-AER (git-fixes). - bnxt_en: refactor bnxt_cancel_reservations() (git-fixes). - btrfs: add helper to delete a dir entry from a log tree (bsc#1207263). - btrfs: avoid inode logging during rename and link when possible (bsc#1207263). - btrfs: avoid logging all directory changes during renames (bsc#1207263). - btrfs: backport recent fixes for send/receive into SLE15 SP4/SP5 (bsc#1206036 bsc#1207500 ltc#201363). - btrfs: do not log unnecessary boundary keys when logging directory (bsc#1207263). - btrfs: fix assertion failure when logging directory key range item (bsc#1207263). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056 bsc#1207507 ltc#201367). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057 bsc#1207506 ltc#201368). - btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158). - btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158). - btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes). - btrfs: join running log transaction when logging new name (bsc#1207263). - btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158). - btrfs: pass the dentry to btrfs_log_new_name() instead of the inode (bsc#1207263). - btrfs: prepare extents to be logged before locking a log tree path (bsc#1207263). - btrfs: put initial index value of a directory in a constant (bsc#1207263). - btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158). - btrfs: qgroup: remove outdated TODO comments (bsc#1207158). - btrfs: remove unnecessary NULL check for the new inode during rename exchange (bsc#1207263). - btrfs: remove useless path release in the fast fsync path (bsc#1207263). - btrfs: remove write and wait of struct walk_control (bsc#1207263). - btrfs: stop copying old dir items when logging a directory (bsc#1207263). - btrfs: stop doing unnecessary log updates during a rename (bsc#1207263). - btrfs: stop trying to log subdirectories created in past transactions (bsc#1207263). - btrfs: use single variable to track return value at btrfs_log_inode() (bsc#1207263). - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes). - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes). - cifs: Fix uninitialized memory read for smb311 posix symlink create (git-fixes). - cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629). - cifs: do not include page data when checking signature (git-fixes). - cifs: do not query ifaces on smb1 mounts (git-fixes). - cifs: don't take exclusive lock for updating target hints (bsc#1193629). - cifs: fix double free on failed kerberos auth (git-fixes). - cifs: fix file info setting in cifs_open_file() (git-fixes). - cifs: fix file info setting in cifs_query_path_info() (git-fixes). - cifs: fix potential deadlock in cache_refresh_path() (git-fixes). - cifs: fix potential memory leaks in session setup (bsc#1193629). - cifs: fix race in assemble_neg_contexts() (bsc#1193629). - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629). - cifs: handle cache lookup errors different than -ENOENT (bsc#1193629). - cifs: ignore ipc reconnect failures during dfs failover (bsc#1193629). - cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1193629). - cifs: remove duplicate code in __refresh_tcon() (bsc#1193629). - cifs: remove redundant assignment to the variable match (bsc#1193629). - cifs: remove unused function (bsc#1193629). - comedi: adv_pci1760: Fix PWM instruction handling (git-fixes). - config: arm64: Fix Freescale LPUART dependency (boo#1204063). - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes). - cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes). - crypto: fixed DH and ECDH implemention for FIPS PCT (jsc#SLE-21132,bsc#1191256,bsc#1207184). - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: clear the journal on suspend (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix alloc_dax error handling in alloc_dev (git-fixes). - dm: requeue IO if mapping table not yet available (git-fixes). - dmaengine: Fix double increment of client_count in dma_chan_get() (git-fixes). - dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable (git-fixes). - dmaengine: idxd: Let probe fail when workqueue cannot be enabled (git-fixes). - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-fixes). - dmaengine: lgm: Move DT parsing after initialization (git-fixes). - dmaengine: tegra210-adma: fix global intr clear (git-fixes). - dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG (git-fixes). - dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (git-fixes). - docs: Fix the docs build with Sphinx 6.0 (git-fixes). - driver core: Fix test_async_probe_init saves device in wrong array (git-fixes). - drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - drm/amd/display: Calculate output_color_space after pixel encoding adjustment (git-fixes). - drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (git-fixes). - drm/amd/display: Fix set scaling doesn's work (git-fixes). - drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734). - drm/amd/display: fix issues with driver unload (git-fixes). - drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes). - drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes). - drm/amdgpu: drop experimental flag on aldebaran (git-fixes). - drm/hyperv: Add error message for fb size greater than allocated (git-fixes). - drm/i915/adlp: Fix typo for reference clock (git-fixes). - drm/i915/display: Check source height is > 0 (git-fixes). - drm/i915/gt: Reset twice (git-fixes). - drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-fixes). - drm/i915: Fix potential bit_17 double-free (git-fixes). - drm/i915: re-disable RC6p on Sandy Bridge (git-fixes). - drm/msm/adreno: Make adreno quirks not overwrite each other (git-fixes). - drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer (git-fixes). - drm/msm: another fix for the headless Adreno GPU (git-fixes). - drm/panfrost: fix GENERIC_ATOMIC64 dependency (git-fixes). - drm/vc4: hdmi: make CEC adapter name unique (git-fixes). - drm/virtio: Fix GEM handle creation UAF (git-fixes). - drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes). - dt-bindings: msm/dsi: Do not require vcca-supply on 14nm PHY (git-fixes). - dt-bindings: msm/dsi: Do not require vdds-supply on 10nm PHY (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix description of core clock (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (git-fixes). - dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (git-fixes). - efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes). - efi: fix userspace infinite retry read efivars after EFI runtime services page fault (git-fixes). - efi: rt-wrapper: Add missing include (git-fixes). - efi: tpm: Avoid READ_ONCE() for accessing the event log (git-fixes). - ext4: Fixup pages without buffers (bsc#1205495). - extcon: usbc-tusb320: fix kernel-doc warning (git-fixes). - fbcon: Check font dimension limits (git-fixes). - fbdev: omapfb: avoid stack overflow warning (git-fixes). - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_notification (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_response (git-fixes). - fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-fixes). - fs: remove __sync_filesystem (git-fixes). - ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes). - ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes). - git_sort: add usb-linus branch for gregkh/usb - gsmi: fix null-deref in gsmi_get_variable (git-fixes). - hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes). - i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes). - i2c: mv64xxx: Remove shutdown method from driver (git-fixes). - i40e: Disallow ip4 and ip6 l4_4_bytes (git-fixes). - i40e: Fix error handling in i40e_init_module() (git-fixes). - i40e: Fix not setting default xps_cpus after reset (git-fixes). - igb: Allocate MSI-X vector when testing (git-fixes). - iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes). - iio: adc: stm32-dfsdm: fill module aliases (git-fixes). - iio: hid: fix the retval in accel_3d_capture_sample (git-fixes). - iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes). - iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes). - iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes). - iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes). - iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes). - iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes). - iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes). - iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes). - iio:adc:twl6030: Enable measurement of VAC (git-fixes). - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes). - ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459). - ipmi:ssif: Increase the message retry time (bsc#1206459). - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (git-fixes). - ixgbevf: Fix resource leak in ixgbevf_init_module() (git-fixes). - jbd2: use the correct print format (git-fixes). - kABI workaround for struct acpi_ec (bsc#1207149). - kABI: Preserve TRACE_EVENT_FL values (git-fixes). - kabi/severities: add mlx5 internal symbols - l2tp: Do not sleep and disable BH under writer-side sk_callback_lock (git-fixes). - loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - mei: me: add meteor lake point M DID (git-fixes). - memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (git-fixes). - memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (git-fixes). - memory: tegra: Remove clients SID override programming (git-fixes). - misc: fastrpc: Do not remove map on creater_process and device_release (git-fixes). - misc: fastrpc: Fix use-after-free race condition for maps (git-fixes). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - mm: compaction: kABI: avoid pglist_data kABI breakage (bsc#1207010). - mm: compaction: support triggering of proactive compaction by user (bsc#1207010). - mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (git-fixes). - mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (git-fixes). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes). - mt76: mt7921: avoid unnecessary spin_lock/spin_unlock in mt7921_mcu_tx_done_event (git-fixes). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - net/mlx4: Check retval of mlx4_bitmap_init (git-fixes). - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842). - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (git-fixes). - net: ena: Fix error handling in ena_init() (git-fixes). - net: liquidio: release resources when liquidio driver open failed (git-fixes). - net: liquidio: simplify if expression (git-fixes). - net: macvlan: Use built-in RCU list checking (git-fixes). - net: macvlan: fix memory leaks of macvlan_common_newlink (git-fixes). - net: mdio: validate parameter addr in mdiobus_get_phy() (git-fixes). - net: nfc: Fix use-after-free in local_cleanup() (git-fixes). - net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes). - net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes). - net: tun: Fix memory leaks of napi_get_frags (git-fixes). - net: tun: Fix use-after-free in tun_detach() (git-fixes). - net: tun: call napi_schedule_prep() to ensure we own a napi (git-fixes). - net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes). - net: usb: sr9700: Handle negative len (git-fixes). - net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (git-fixes). - netrom: Fix use-after-free caused by accept on already connected socket (git-fixes). - netrom: Fix use-after-free of a listening socket (git-fixes). - nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - octeontx2-af: Fix reference count issue in rvu_sdp_init() (jsc#SLE-24682). - octeontx2-af: debugsfs: fix pci device refcount leak (git-fixes). - octeontx2-pf: Add check for devm_kcalloc (git-fixes). - octeontx2-pf: Fix potential memory leak in otx2_init_tc() (jsc#SLE-24682). - of/address: Return an error when no valid dma-ranges are found (git-fixes). - phy: Revert 'phy: qualcomm: usb28nm: Add MDM9607 init sequence' (git-fixes). - phy: phy-can-transceiver: Skip warning if no 'max-bitrate' (git-fixes). - phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (git-fixes). - phy: ti: fix Kconfig warning and operator precedence (git-fixes). - pinctrl: amd: Add dynamic debugging for active GPIOs (git-fixes). - pinctrl: rockchip: fix mux route data for rk3568 (git-fixes). - platform/surface: aggregator: Add missing call to ssam_request_sync_free() (git-fixes). - platform/surface: aggregator: Ignore command messages not intended for us (git-fixes). - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes). - platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting (git-fixes). - platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present (git-fixes). - platform/x86: sony-laptop: Do not turn off 0x153 keyboard backlight during probe (git-fixes). - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes). - powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869). - powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869). - powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes). - powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869). - powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869). - powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869). - powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869). - qlcnic: fix sleep-in-atomic-context bugs caused by msleep (git-fixes). - r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes). - r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes). - regulator: da9211: Use irq handler when ready (git-fixes). - rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage - s390/qeth: fix various format strings (git-fixes). - sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes) - sched/core: Introduce sched_asym_cpucap_active() (git-fixes) - sched/cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes) - sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes) - sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes) - sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes) - sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes) - scsi: Revert 'scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT' (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - scsi: efct: Fix possible memleak in efct_device_init() (git-fixes). - scsi: elx: libefc: Fix second parameter type in state callbacks (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes). - scsi: scsi_debug: Fix a warning in resp_report_zones() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_verify() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes). - scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (bsc#1206006). - scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes). - scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes). - scsi: ufs: core: Enable link lost interrupt (git-fixes). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests: Provide local define of __cpuid_count() (git-fixes). - serial: 8250_dma: Fix DMA Rx rearm race (git-fixes). - serial: atmel: fix incorrect baudrate setup (git-fixes). - serial: pch_uart: Pass correct sg to dma_unmap_sg() (git-fixes). - sfc: fix potential memleak in __ef100_hard_start_xmit() (git-fixes). - soc: imx8m: Fix incorrect check for of_clk_get_by_name() (git-fixes). - spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes). - staging: mt7621-dts: change some node hex addresses to lower case (git-fixes). - staging: vchiq_arm: fix enum vchiq_status return types (git-fixes). - swim3: add missing major.h include (git-fixes). - tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (git-fixes). - thermal/core: Remove duplicate information when an error occurs (git-fixes). - thunderbolt: Do not call PM runtime functions in tb_retimer_scan() (git-fixes). - thunderbolt: Do not report errors if on-board retimers are found (git-fixes). - thunderbolt: Use correct function to calculate maximum USB3 link rate (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation. - tick/sched: Fix non-kernel-doc comment (git-fixes). - tomoyo: fix broken dependency on *.conf.default (git-fixes). - tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes). - tracing/hist: Fix issue of losting command info in error_log (git-fixes). - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-fixes). - tracing/hist: Fix wrong return value in parse_action_params() (git-fixes). - tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes). - tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing/probes: Handle system names with hyphens (git-fixes). - tracing: Add '__rel_loc' using trace event macros (git-fixes). - tracing: Add DYNAMIC flag for dynamic events (git-fixes). - tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes). - tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing: Do not use out-of-sync va_list in event printing (git-fixes). - tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes). - tracing: Fix a kmemleak false positive in tracing_map (git-fixes). - tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes). - tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes). - tracing: Fix issue of missing one synthetic field (git-fixes). - tracing: Fix mismatched comment in __string_len (git-fixes). - tracing: Fix possible memory leak in __create_synth_event() error path (git-fixes). - tracing: Fix race where histograms can be called before the event (git-fixes). - tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes). - tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes). - tracing: Fix warning on variable 'struct trace_array' (git-fixes). - tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-fixes). - tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes). - tracing: Have type enum modifications copy the strings (git-fixes). - tracing: Make tp_printk work on syscall tracepoints (git-fixes). - tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes). - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes). - tty: fix possible null-ptr-defer in spk_ttyio_release (git-fixes). - tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer (git-fixes). - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (git-fixes). - usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes). - usb: cdns3: remove fetched trb from cache before dequeuing (git-fixes). - usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes). - usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes). - usb: fotg210-udc: Fix ages old endianness issues (git-fixes). - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (git-fixes). - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes). - usb: gadget: f_hid: fix refcount leak on error path (git-fixes). - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-fixes). - usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes). - usb: gadget: g_webcam: Send color matching descriptor per frame (git-fixes). - usb: gadget: udc: core: Print error code in usb_gadget_probe_driver() (git-fixes). - usb: gadget: udc: core: Revise comments for USB ep enable/disable (git-fixes). - usb: gadget: udc: core: Use pr_fmt() to prefix messages (git-fixes). - usb: gadget: udc: core: remove usage of list iterator past the loop body (git-fixes). - usb: host: ehci-fsl: Fix module alias (git-fixes). - usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes). - usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes). - usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git-fixes). - usb: xhci: Check endpoint is valid before dereferencing it (git-fixes). - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes). - vfs: make sync_filesystem return errors from ->sync_fs (git-fixes). - virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes). - virtio-net: correctly enable callback during start_xmit (git-fixes). - virtio_pci: modify ENOENT to EINVAL (git-fixes). - w1: fix WARNING after calling w1_process() (git-fixes). - w1: fix deadloop in __w1_remove_master_device() (git-fixes). - wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes) - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). - wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (git-fixes). - wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes). - wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (git-fixes). - wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (git-fixes). - wifi: mt76: sdio: poll sta stat when device transmits data (git-fixes). - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (git-fixes). - x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes). - x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes). - xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes). - xfs: fix incorrect error-out in xfs_remove (git-fixes). - xfs: fix incorrect i_nlink caused by inode racing (git-fixes). - xfs: fix maxlevels comparisons in the btree staging code (git-fixes). - xfs: fix memory leak in xfs_errortag_init (git-fixes). - xfs: get rid of assert from xfs_btree_islastblock (git-fixes). - xfs: get root inode correctly at bulkstat (git-fixes). - xfs: initialize the check_owner object fully (git-fixes). - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes). - xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes). - xfs: return errors in xfs_fs_sync_fs (git-fixes). - xfs: xfstest fails with error missing kernel patch (git-fixes bsc#1207501 ltc#201370). - xhci-pci: set the dma max_seg_size (git-fixes). - xhci: Fix null pointer dereference when host dies (git-fixes). - zram: Delete patch for regression addressed (bsc#1207933). - zram: do not lookup algorithm in backends table (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:439-1 Released: Thu Feb 16 13:09:30 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1069169,1186056,1204929,1205175 This update for dracut fixes the following issues: - Exclude USB drivers in strict hostonly mode (bsc#1186056) - Warn if included with no multipath devices and no user conf (bsc#1069169) - Improve detection of installed kernel versions (bsc#1205175) - chown using rpc default group (bsc#1204929) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:475-1 Released: Wed Feb 22 10:49:14 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1207183,1208143,1208146,CVE-2023-0361 This update for gnutls fixes the following issues: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143). - FIPS: Make the jitterentropy calls thread-safe (bsc#1208146). - FIPS: GnuTLS DH/ECDH PCT public key regeneration (bsc#1207183). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:486-1 Released: Thu Feb 23 10:38:13 2023 Summary: Security update for c-ares Type: security Severity: important References: 1208067,CVE-2022-4904 This update for c-ares fixes the following issues: Updated to version 1.19.0: - CVE-2022-4904: Fixed missing string length check in config_sortlist() (bsc#1208067). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:549-1 Released: Mon Feb 27 17:35:07 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1205244,1208443,CVE-2022-45061 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:588-1 Released: Wed Mar 1 14:19:35 2023 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1186745,1196335 This update for kdump fixes the following issues: - run kdump.service only after kdump-early.service (bsc#1196335) - don't skip infiniband interfaces (bsc#1186745) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:632-1 Released: Mon Mar 6 20:33:59 2023 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1207183,1208237 This update for gnutls fixes the following issues: - FIPS: Fix pct_test() return code in case of error (bsc#1207183) - Increase the limit of TLS PSK usernames from 128 to 65535 characters. [bsc#1208237, jsc#PED-1562] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:692-1 Released: Thu Mar 9 16:06:04 2023 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1205792,1208286,CVE-2022-27672 This update for xen fixes the following issues: - CVE-2022-27672: Fixed speculative execution vulnerability due to RAS being dynamically partitioned between non-idle threads (bsc#1208286). Bugfixes: - Fixed launch-xenstore error (bsc#1205792) - Fixed issues in VMX (bsc#1027519). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:709-1 Released: Fri Mar 10 16:04:41 2023 Summary: Recommended update for console-setup Type: recommended Severity: moderate References: 1202853 This update for console-setup and kbd fixes the following issue: - Fix Caps_Lock mapping for us.map and others (bsc#1202853) The following package changes have been done: - curl-7.79.1-150400.5.15.1 updated - dracut-mkinitrd-deprecated-055+suse.331.g05b9ccb7-150400.3.16.1 updated - dracut-055+suse.331.g05b9ccb7-150400.3.16.1 updated - hwdata-0.365-150000.3.54.1 added - kbd-legacy-2.4.0-150400.5.3.1 updated - kbd-2.4.0-150400.5.3.1 updated - kdump-1.0.2+git20.g64239cc-150400.3.11.1 updated - kernel-default-5.14.21-150400.24.46.1 updated - libcares2-1.19.0-150000.3.20.1 updated - libcurl4-7.79.1-150400.5.15.1 updated - libgnutls30-3.7.3-150400.4.32.1 updated - libjitterentropy3-3.4.0-150000.1.9.1 updated - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libpython3_6m1_0-3.6.15-150300.10.40.1 updated - librelp0-1.2.15-1.15 added - libsystemd0-249.15-150400.8.22.1 updated - libudev1-249.15-150400.8.22.1 updated - openssl-1_1-1.1.1l-150400.7.25.1 updated - python3-base-3.6.15-150300.10.40.1 updated - python3-3.6.15-150300.10.40.1 updated - sle-module-basesystem-release-15.4-150400.55.1 added - sle-module-containers-release-15.4-150400.55.1 added - sle-module-public-cloud-release-15.4-150400.55.1 added - sle-module-server-applications-release-15.4-150400.55.1 added - systemd-sysvinit-249.15-150400.8.22.1 updated - systemd-249.15-150400.8.22.1 updated - tar-1.34-150000.3.31.1 updated - udev-249.15-150400.8.22.1 updated - xen-libs-4.16.3_04-150400.4.22.1 updated - xen-tools-domU-4.16.3_04-150400.4.22.1 updated - pciutils-ids-20200324-3.6.1 removed - vlan-1.9-1.27 removed From sle-updates at lists.suse.com Tue Mar 14 08:02:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 09:02:13 +0100 (CET) Subject: SUSE-IU-2023:156-1: Security update of sles-15-sp4-chost-byos-v20230310-arm64 Message-ID: <20230314080213.24E3BF46D@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20230310-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:156-1 Image Tags : sles-15-sp4-chost-byos-v20230310-arm64:20230310 Image Release : Severity : important Type : security References : 1027519 1065729 1069169 1103388 1104120 1106523 1121410 1168806 1170160 1170160 1180422 1180482 1182482 1182482 1184123 1185697 1185861 1185863 1186056 1186399 1186449 1186745 1186749 1187948 1190091 1191256 1191375 1191468 1191468 1192868 1193629 1194338 1194869 1195175 1195391 1195437 1195438 1195655 1195838 1195838 1196058 1196332 1196332 1196335 1199503 1199504 1199701 1199956 1199990 1199994 1200044 1200089 1200110 1201501 1201700 1201701 1201701 1201717 1202436 1202853 1203163 1203204 1204063 1204068 1204091 1204356 1204662 1204929 1204975 1205019 1205175 1205244 1205495 1205657 1205792 1205873 1206006 1206036 1206056 1206057 1206258 1206363 1206459 1206616 1206677 1206784 1207010 1207034 1207036 1207050 1207125 1207134 1207149 1207158 1207159 1207183 1207183 1207184 1207186 1207190 1207237 1207263 1207269 1207497 1207500 1207501 1207506 1207507 1207734 1207753 1207769 1207789 1207795 1207842 1207878 1207933 1207990 1207991 1207992 1207994 1208067 1208143 1208146 1208237 1208286 1208443 1208723 1208723 CVE-2020-24588 CVE-2021-38297 CVE-2021-38297 CVE-2022-23806 CVE-2022-23806 CVE-2022-27672 CVE-2022-4382 CVE-2022-45061 CVE-2022-47929 CVE-2022-48303 CVE-2022-4904 CVE-2023-0122 CVE-2023-0179 CVE-2023-0266 CVE-2023-0361 CVE-2023-0590 CVE-2023-23454 CVE-2023-23455 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20230310-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2022-1 Released: Wed Sep 26 09:48:09 2018 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1103388,1104120,1106523 This update fixes the following issues: hwdata: - Update to version 0.314: + Updated pci, usb and vendor ids. spacewalk-backend: - Channels to be actually un-subscribed from the assigned systems when being removed using spacewalk-remove-channel tool. (bsc#1104120) - Take only text files from /srv/salt to make spacewalk-debug smaller. (bsc#1103388) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1022-1 Released: Wed Apr 24 13:46:51 2019 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1121410 This update for hwdata fixes the following issues: Update to version 0.320 (bsc#1121410): - Updated the pci, usb and vendor ids vendor and product databases. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1261-1 Released: Tue May 12 18:40:18 2020 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1168806 This update for hwdata fixes the following issues: Update from version 0.320 to version 0.324 (bsc#1168806) - Updated pci, usb and vendor ids. - Replace pciutils-ids package providing compatibility symbolic link ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:421-1 Released: Wed Feb 10 12:05:23 2021 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1180422,1180482 This update for hwdata fixes the following issues: - Added merge-pciids.pl to fully duplicate behavior of pciutils-ids (bsc#1180422, bsc#1180482) - Updated pci, usb and vendor ids. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:880-1 Released: Fri Mar 19 04:14:38 2021 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1170160,1182482 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1182482, bsc#1170160, jsc#SLE-13791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1478-1 Released: Tue May 4 14:05:38 2021 Summary: Recommended update for libhugetlbfs Type: recommended Severity: moderate References: 1184123 This update for libhugetlbfs fixes the following issues: - Hardening: Link as PIE (bsc#1184123) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1950-1 Released: Thu Jun 10 14:42:00 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1170160,1182482,1185697 This update for hwdata fixes the following issues: - Update to version 0.347: + Updated pci, usb and vendor ids. (bsc#1185697) - Update to version 0.346: + Updated pci, usb and vendor ids. (bsc#1182482, jsc#SLE-13791, bsc#1170160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2447-1 Released: Thu Jul 22 08:26:29 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1186749,1187948 This update for hwdata fixes the following issue: - Version 0.349: Updated pci, usb and vendor ids (bsc#1187948). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2973-1 Released: Tue Sep 7 16:56:08 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1190091 This update for hwdata fixes the following issue: - Update pci, usb and vendor ids (bsc#1190091) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3832-1 Released: Wed Dec 1 14:51:19 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1191375 This update for hwdata fixes the following issue: - Update to version 0.353 (bsc#1191375) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:100-1 Released: Tue Jan 18 05:20:03 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1194338 This update for hwdata fixes the following issues: - Update hwdata from version 0.353 to 0.355 which includes updated pci, usb and vendor ids (bsc#1194338) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1204-1 Released: Thu Apr 14 12:15:55 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1196332 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1703-1 Released: Tue May 17 12:13:36 2022 Summary: Recommended update for hwdata Type: recommended Severity: important References: 1196332 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2711-1 Released: Tue Aug 9 12:35:23 2022 Summary: Recommended update for libnvme, nvme-cli Type: recommended Severity: moderate References: 1199503,1199504,1199956,1199990,1199994,1200044 This update for libnvme, nvme-cli fixes the following issues: - Reduce log noise and export error codes (bsc#1199994 bsc#1199503) - Apply configuration from JSON file (bsc#1199503) - fabrics: Already connected uses a different error code (bsc#1199994) - fabrics: skip connect if the transport types don't match (bsc#1199994) - nvme-print: Show ANA state only for one namespace (bsc#1200044 bsc#1199956 bsc#1199990) - fabrics: Honor config file for connect-all (bsc#1199504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3135-1 Released: Wed Sep 7 08:39:31 2022 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1200110 This update for hwdata fixes the following issue: - Update pci, usb and vendor ids to version 0.360 (bsc#1200110) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4047-1 Released: Thu Nov 17 14:03:05 2022 Summary: Recommended update for nvme-cli Type: recommended Severity: moderate References: 1186399,1201701 This update for nvme-cli fixes the following issues: - Support auto discovery, add %systemd_ordering to spec file (bsc#1186399) - fabrics: Remove dhchap-ctrl-secret from discover/connect-all (bsc#1201701) - Various other fabrics related bug fixes were added. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4049-1 Released: Thu Nov 17 14:04:02 2022 Summary: Recommended update for libnvme Type: recommended Severity: moderate References: 1201501,1201700,1201701,1201717 This update for libnvme fixes the following issues: - Fixes for controller authentication (bsc#1201501 bsc#1201700 bsc#1201701 bsc#1201717) - Subsystem scanning logic - Fabrics improvements ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4063-1 Released: Fri Nov 18 09:07:50 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4382-1 Released: Fri Dec 9 04:00:36 2022 Summary: Recommended update for libnvme Type: recommended Severity: important References: 1200089,1203163,1203204,1205019 This update for libnvme fixes the following issues: libnvme: - Fix 'connect-all' failures when handling JSON configuration file (bsc#1205019) nvme-cli: - Honor JSON config file in 'connect-all' command (bsc#1203204 bsc#1203163) - Add 'show-topology' command (bsc#1200089) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:18-1 Released: Tue Jan 3 12:22:32 2023 Summary: Recommended update for libnvme, nvme-cli, nvme-stas Type: recommended Severity: important References: 1204975,1205657,1205873 This update for libnvme, nvme-cli and nvme-stas fixes the following issues: libnvme, nvme-cli: - Fix 'persistent' handling during connect-all with JSON file (bsc#1205657) nvme-stas: - Avahi: Handle upper/lower case 'NQN/nqn' in TXT attribute (bsc#1205873) - staslib: Trim whitespaces at the source (bsc#1204975) - stafd: Add 'origin' parameter to DC controller objects ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:46-1 Released: Mon Jan 9 10:35:21 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:433-1 Released: Thu Feb 16 08:42:45 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1185861,1185863,1186449,1191256,1192868,1193629,1194869,1195175,1195655,1196058,1199701,1204063,1204356,1204662,1205495,1206006,1206036,1206056,1206057,1206258,1206363,1206459,1206616,1206677,1206784,1207010,1207034,1207036,1207050,1207125,1207134,1207149,1207158,1207184,1207186,1207190,1207237,1207263,1207269,1207497,1207500,1207501,1207506,1207507,1207734,1207769,1207795,1207842,1207878,1207933,CVE-2020-24588,CVE-2022-4382,CVE-2022-47929,CVE-2023-0122,CVE-2023-0179,CVE-2023-0266,CVE-2023-0590,CVE-2023-23454,CVE-2023-23455 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). - CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). - CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bnc#1207050). - CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race condition among the superblock operations inside the gadgetfs code (bsc#1206258). - CVE-2020-24588: Fixed injection of arbitrary network packets against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n) (bsc#1199701). The following non-security bugs were fixed: - ACPI: EC: Fix EC address space handler unregistration (bsc#1207149). - ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149). - ACPI: PRM: Check whether EFI runtime is available (git-fixes). - ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149). - ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149). - ALSA: control-led: use strscpy in set_led_id() (git-fixes). - ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (git-fixes). - ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (git-fixes). - ALSA: hda/realtek - Turn on power early (git-fixes). - ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes). - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes). - ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle (git-fixes). - ALSA: hda: cs35l41: Do not return -EINVAL from system suspend/resume (git-fixes). - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (git-fixes). - ALSA: usb-audio: Make sure to stop endpoints before closing EPs (git-fixes). - ALSA: usb-audio: Relax hw constraints for implicit fb sync (git-fixes). - ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (git-fixes). - ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (git-fixes). - ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes). - ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes). - ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes). - ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes). - ARM: imx: add missing of_node_put() (git-fixes). - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes). - ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes). - ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes). - ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes). - ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes). - ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (git-fixes). - ASoC: wm8904: fix wrong outputs volume after power reactivation (git-fixes). - Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (git-fixes). - Bluetooth: hci_qca: Fix driver shutdown on closed serdev (git-fixes). - Documentation: Remove bogus claim about del_timer_sync() (git-fixes). - HID: betop: check shape of output reports (git-fixes). - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: check empty report_list in bigben_probe() (git-fixes). - HID: check empty report_list in hid_validate_values() (git-fixes). - HID: drop assumptions on non-empty lists (git-fixes, bsc#1206784). - HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes). - HID: playstation: sanity check DualSense calibration data (git-fixes). - HID: revert CHERRY_MOUSE_000C quirk (git-fixes). - IB/hfi1: Fix expected receive setup error exit issues (git-fixes) - IB/hfi1: Immediately remove invalid memory from hardware (git-fixes) - IB/hfi1: Reject a zero-length user expected buffer (git-fixes) - IB/hfi1: Remove user expected buffer invalidate race (git-fixes) - IB/hfi1: Reserve user expected TIDs (git-fixes) - IB/mad: Do not call to function that might sleep while in atomic context (git-fixes). - KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init() (bsc#1206616). - PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP (bsc#1207269). - PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (git-fixes). - RDMA/core: Fix ib block iterator counter overflow (bsc#1207878). - RDMA/core: Fix ib block iterator counter overflow (git-fixes) - RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes) - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes) - RDMA/rxe: Prevent faulty rkey generation (git-fixes) - RDMA/srp: Move large values to a new enum for gcc13 (git-fixes) - Revert 'ARM: dts: armada-38x: Fix compatible string for gpios' (git-fixes). - Revert 'ARM: dts: armada-39x: Fix compatible string for gpios' (git-fixes). - Revert 'Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode' (git-fixes). - Revert 'Revert 'block, bfq: honor already-setup queue merges'' (git-fixes). - Revert 'arm64: dts: meson-sm1-odroid-hc4: disable unused USB PHY0' (git-fixes). - Revert 'wifi: mac80211: fix memory leak in ieee80211_if_add()' (git-fixes). - SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes). - USB: gadget: Fix use-after-free during usb config switch (git-fixes). - USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes). - USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes). - USB: serial: option: add Quectel EC200U modem (git-fixes). - USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes). - USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes). - USB: serial: option: add Quectel EM05CN modem (git-fixes). - VMCI: Use threaded irqs instead of tasklets (git-fixes). - arm64: atomics: format whitespace consistently (git-fixes). - arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes). - arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (git-fixes). - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes). - arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes). - arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes). - arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes). - arm64: dts: qcom: msm8992: Do not use sfpb mutex (git-fixes). - arm64: efi: Execute runtime services from a dedicated stack (git-fixes). - ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes). - ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - bfq: fix use-after-free in bfq_dispatch_request (git-fixes). - bfq: fix waker_bfqq inconsistency crash (git-fixes). - blk-throttle: prevent overflow while calculating wait time (git-fixes). - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - block, bfq: do not move oom_bfqq (git-fixes). - block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes). - block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes). - block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes). - block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes). - block/bfq_wf2q: correct weight to ioprio (git-fixes). - block/bio: remove duplicate append pages code (git-fixes). - block: check minor range in device_add_disk() (git-fixes). - block: ensure iov_iter advances for added pages (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes). - block: use bdev_get_queue() in bio.c (git-fixes). - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (git-fixes). - bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes). - bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes). - bnxt_en: add dynamic debug support for HWRM messages (git-fixes). - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git-fixes). - bnxt_en: fix the handling of PCIE-AER (git-fixes). - bnxt_en: refactor bnxt_cancel_reservations() (git-fixes). - btrfs: add helper to delete a dir entry from a log tree (bsc#1207263). - btrfs: avoid inode logging during rename and link when possible (bsc#1207263). - btrfs: avoid logging all directory changes during renames (bsc#1207263). - btrfs: backport recent fixes for send/receive into SLE15 SP4/SP5 (bsc#1206036 bsc#1207500 ltc#201363). - btrfs: do not log unnecessary boundary keys when logging directory (bsc#1207263). - btrfs: fix assertion failure when logging directory key range item (bsc#1207263). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056 bsc#1207507 ltc#201367). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057 bsc#1207506 ltc#201368). - btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158). - btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158). - btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes). - btrfs: join running log transaction when logging new name (bsc#1207263). - btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158). - btrfs: pass the dentry to btrfs_log_new_name() instead of the inode (bsc#1207263). - btrfs: prepare extents to be logged before locking a log tree path (bsc#1207263). - btrfs: put initial index value of a directory in a constant (bsc#1207263). - btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158). - btrfs: qgroup: remove outdated TODO comments (bsc#1207158). - btrfs: remove unnecessary NULL check for the new inode during rename exchange (bsc#1207263). - btrfs: remove useless path release in the fast fsync path (bsc#1207263). - btrfs: remove write and wait of struct walk_control (bsc#1207263). - btrfs: stop copying old dir items when logging a directory (bsc#1207263). - btrfs: stop doing unnecessary log updates during a rename (bsc#1207263). - btrfs: stop trying to log subdirectories created in past transactions (bsc#1207263). - btrfs: use single variable to track return value at btrfs_log_inode() (bsc#1207263). - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes). - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes). - cifs: Fix uninitialized memory read for smb311 posix symlink create (git-fixes). - cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629). - cifs: do not include page data when checking signature (git-fixes). - cifs: do not query ifaces on smb1 mounts (git-fixes). - cifs: don't take exclusive lock for updating target hints (bsc#1193629). - cifs: fix double free on failed kerberos auth (git-fixes). - cifs: fix file info setting in cifs_open_file() (git-fixes). - cifs: fix file info setting in cifs_query_path_info() (git-fixes). - cifs: fix potential deadlock in cache_refresh_path() (git-fixes). - cifs: fix potential memory leaks in session setup (bsc#1193629). - cifs: fix race in assemble_neg_contexts() (bsc#1193629). - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629). - cifs: handle cache lookup errors different than -ENOENT (bsc#1193629). - cifs: ignore ipc reconnect failures during dfs failover (bsc#1193629). - cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1193629). - cifs: remove duplicate code in __refresh_tcon() (bsc#1193629). - cifs: remove redundant assignment to the variable match (bsc#1193629). - cifs: remove unused function (bsc#1193629). - comedi: adv_pci1760: Fix PWM instruction handling (git-fixes). - config: arm64: Fix Freescale LPUART dependency (boo#1204063). - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes). - cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes). - crypto: fixed DH and ECDH implemention for FIPS PCT (jsc#SLE-21132,bsc#1191256,bsc#1207184). - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: clear the journal on suspend (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix alloc_dax error handling in alloc_dev (git-fixes). - dm: requeue IO if mapping table not yet available (git-fixes). - dmaengine: Fix double increment of client_count in dma_chan_get() (git-fixes). - dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable (git-fixes). - dmaengine: idxd: Let probe fail when workqueue cannot be enabled (git-fixes). - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-fixes). - dmaengine: lgm: Move DT parsing after initialization (git-fixes). - dmaengine: tegra210-adma: fix global intr clear (git-fixes). - dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG (git-fixes). - dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (git-fixes). - docs: Fix the docs build with Sphinx 6.0 (git-fixes). - driver core: Fix test_async_probe_init saves device in wrong array (git-fixes). - drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - drm/amd/display: Calculate output_color_space after pixel encoding adjustment (git-fixes). - drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (git-fixes). - drm/amd/display: Fix set scaling doesn's work (git-fixes). - drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734). - drm/amd/display: fix issues with driver unload (git-fixes). - drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes). - drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes). - drm/amdgpu: drop experimental flag on aldebaran (git-fixes). - drm/hyperv: Add error message for fb size greater than allocated (git-fixes). - drm/i915/adlp: Fix typo for reference clock (git-fixes). - drm/i915/display: Check source height is > 0 (git-fixes). - drm/i915/gt: Reset twice (git-fixes). - drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-fixes). - drm/i915: Fix potential bit_17 double-free (git-fixes). - drm/i915: re-disable RC6p on Sandy Bridge (git-fixes). - drm/msm/adreno: Make adreno quirks not overwrite each other (git-fixes). - drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer (git-fixes). - drm/msm: another fix for the headless Adreno GPU (git-fixes). - drm/panfrost: fix GENERIC_ATOMIC64 dependency (git-fixes). - drm/vc4: hdmi: make CEC adapter name unique (git-fixes). - drm/virtio: Fix GEM handle creation UAF (git-fixes). - drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes). - dt-bindings: msm/dsi: Do not require vcca-supply on 14nm PHY (git-fixes). - dt-bindings: msm/dsi: Do not require vdds-supply on 10nm PHY (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix description of core clock (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (git-fixes). - dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (git-fixes). - efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes). - efi: fix userspace infinite retry read efivars after EFI runtime services page fault (git-fixes). - efi: rt-wrapper: Add missing include (git-fixes). - efi: tpm: Avoid READ_ONCE() for accessing the event log (git-fixes). - ext4: Fixup pages without buffers (bsc#1205495). - extcon: usbc-tusb320: fix kernel-doc warning (git-fixes). - fbcon: Check font dimension limits (git-fixes). - fbdev: omapfb: avoid stack overflow warning (git-fixes). - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_notification (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_response (git-fixes). - fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-fixes). - fs: remove __sync_filesystem (git-fixes). - ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes). - ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes). - git_sort: add usb-linus branch for gregkh/usb - gsmi: fix null-deref in gsmi_get_variable (git-fixes). - hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes). - i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes). - i2c: mv64xxx: Remove shutdown method from driver (git-fixes). - i40e: Disallow ip4 and ip6 l4_4_bytes (git-fixes). - i40e: Fix error handling in i40e_init_module() (git-fixes). - i40e: Fix not setting default xps_cpus after reset (git-fixes). - igb: Allocate MSI-X vector when testing (git-fixes). - iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes). - iio: adc: stm32-dfsdm: fill module aliases (git-fixes). - iio: hid: fix the retval in accel_3d_capture_sample (git-fixes). - iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes). - iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes). - iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes). - iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes). - iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes). - iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes). - iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes). - iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes). - iio:adc:twl6030: Enable measurement of VAC (git-fixes). - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes). - ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459). - ipmi:ssif: Increase the message retry time (bsc#1206459). - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (git-fixes). - ixgbevf: Fix resource leak in ixgbevf_init_module() (git-fixes). - jbd2: use the correct print format (git-fixes). - kABI workaround for struct acpi_ec (bsc#1207149). - kABI: Preserve TRACE_EVENT_FL values (git-fixes). - kabi/severities: add mlx5 internal symbols - l2tp: Do not sleep and disable BH under writer-side sk_callback_lock (git-fixes). - loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - mei: me: add meteor lake point M DID (git-fixes). - memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (git-fixes). - memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (git-fixes). - memory: tegra: Remove clients SID override programming (git-fixes). - misc: fastrpc: Do not remove map on creater_process and device_release (git-fixes). - misc: fastrpc: Fix use-after-free race condition for maps (git-fixes). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - mm: compaction: kABI: avoid pglist_data kABI breakage (bsc#1207010). - mm: compaction: support triggering of proactive compaction by user (bsc#1207010). - mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (git-fixes). - mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (git-fixes). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes). - mt76: mt7921: avoid unnecessary spin_lock/spin_unlock in mt7921_mcu_tx_done_event (git-fixes). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - net/mlx4: Check retval of mlx4_bitmap_init (git-fixes). - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842). - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (git-fixes). - net: ena: Fix error handling in ena_init() (git-fixes). - net: liquidio: release resources when liquidio driver open failed (git-fixes). - net: liquidio: simplify if expression (git-fixes). - net: macvlan: Use built-in RCU list checking (git-fixes). - net: macvlan: fix memory leaks of macvlan_common_newlink (git-fixes). - net: mdio: validate parameter addr in mdiobus_get_phy() (git-fixes). - net: nfc: Fix use-after-free in local_cleanup() (git-fixes). - net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes). - net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes). - net: tun: Fix memory leaks of napi_get_frags (git-fixes). - net: tun: Fix use-after-free in tun_detach() (git-fixes). - net: tun: call napi_schedule_prep() to ensure we own a napi (git-fixes). - net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes). - net: usb: sr9700: Handle negative len (git-fixes). - net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (git-fixes). - netrom: Fix use-after-free caused by accept on already connected socket (git-fixes). - netrom: Fix use-after-free of a listening socket (git-fixes). - nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - octeontx2-af: Fix reference count issue in rvu_sdp_init() (jsc#SLE-24682). - octeontx2-af: debugsfs: fix pci device refcount leak (git-fixes). - octeontx2-pf: Add check for devm_kcalloc (git-fixes). - octeontx2-pf: Fix potential memory leak in otx2_init_tc() (jsc#SLE-24682). - of/address: Return an error when no valid dma-ranges are found (git-fixes). - phy: Revert 'phy: qualcomm: usb28nm: Add MDM9607 init sequence' (git-fixes). - phy: phy-can-transceiver: Skip warning if no 'max-bitrate' (git-fixes). - phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (git-fixes). - phy: ti: fix Kconfig warning and operator precedence (git-fixes). - pinctrl: amd: Add dynamic debugging for active GPIOs (git-fixes). - pinctrl: rockchip: fix mux route data for rk3568 (git-fixes). - platform/surface: aggregator: Add missing call to ssam_request_sync_free() (git-fixes). - platform/surface: aggregator: Ignore command messages not intended for us (git-fixes). - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes). - platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting (git-fixes). - platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present (git-fixes). - platform/x86: sony-laptop: Do not turn off 0x153 keyboard backlight during probe (git-fixes). - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes). - powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869). - powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869). - powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes). - powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869). - powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869). - powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869). - powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869). - qlcnic: fix sleep-in-atomic-context bugs caused by msleep (git-fixes). - r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes). - r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes). - regulator: da9211: Use irq handler when ready (git-fixes). - rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage - s390/qeth: fix various format strings (git-fixes). - sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes) - sched/core: Introduce sched_asym_cpucap_active() (git-fixes) - sched/cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes) - sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes) - sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes) - sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes) - sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes) - scsi: Revert 'scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT' (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - scsi: efct: Fix possible memleak in efct_device_init() (git-fixes). - scsi: elx: libefc: Fix second parameter type in state callbacks (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes). - scsi: scsi_debug: Fix a warning in resp_report_zones() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_verify() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes). - scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (bsc#1206006). - scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes). - scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes). - scsi: ufs: core: Enable link lost interrupt (git-fixes). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests: Provide local define of __cpuid_count() (git-fixes). - serial: 8250_dma: Fix DMA Rx rearm race (git-fixes). - serial: atmel: fix incorrect baudrate setup (git-fixes). - serial: pch_uart: Pass correct sg to dma_unmap_sg() (git-fixes). - sfc: fix potential memleak in __ef100_hard_start_xmit() (git-fixes). - soc: imx8m: Fix incorrect check for of_clk_get_by_name() (git-fixes). - spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes). - staging: mt7621-dts: change some node hex addresses to lower case (git-fixes). - staging: vchiq_arm: fix enum vchiq_status return types (git-fixes). - swim3: add missing major.h include (git-fixes). - tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (git-fixes). - thermal/core: Remove duplicate information when an error occurs (git-fixes). - thunderbolt: Do not call PM runtime functions in tb_retimer_scan() (git-fixes). - thunderbolt: Do not report errors if on-board retimers are found (git-fixes). - thunderbolt: Use correct function to calculate maximum USB3 link rate (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation. - tick/sched: Fix non-kernel-doc comment (git-fixes). - tomoyo: fix broken dependency on *.conf.default (git-fixes). - tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes). - tracing/hist: Fix issue of losting command info in error_log (git-fixes). - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-fixes). - tracing/hist: Fix wrong return value in parse_action_params() (git-fixes). - tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes). - tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing/probes: Handle system names with hyphens (git-fixes). - tracing: Add '__rel_loc' using trace event macros (git-fixes). - tracing: Add DYNAMIC flag for dynamic events (git-fixes). - tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes). - tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing: Do not use out-of-sync va_list in event printing (git-fixes). - tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes). - tracing: Fix a kmemleak false positive in tracing_map (git-fixes). - tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes). - tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes). - tracing: Fix issue of missing one synthetic field (git-fixes). - tracing: Fix mismatched comment in __string_len (git-fixes). - tracing: Fix possible memory leak in __create_synth_event() error path (git-fixes). - tracing: Fix race where histograms can be called before the event (git-fixes). - tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes). - tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes). - tracing: Fix warning on variable 'struct trace_array' (git-fixes). - tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-fixes). - tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes). - tracing: Have type enum modifications copy the strings (git-fixes). - tracing: Make tp_printk work on syscall tracepoints (git-fixes). - tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes). - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes). - tty: fix possible null-ptr-defer in spk_ttyio_release (git-fixes). - tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer (git-fixes). - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (git-fixes). - usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes). - usb: cdns3: remove fetched trb from cache before dequeuing (git-fixes). - usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes). - usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes). - usb: fotg210-udc: Fix ages old endianness issues (git-fixes). - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (git-fixes). - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes). - usb: gadget: f_hid: fix refcount leak on error path (git-fixes). - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-fixes). - usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes). - usb: gadget: g_webcam: Send color matching descriptor per frame (git-fixes). - usb: gadget: udc: core: Print error code in usb_gadget_probe_driver() (git-fixes). - usb: gadget: udc: core: Revise comments for USB ep enable/disable (git-fixes). - usb: gadget: udc: core: Use pr_fmt() to prefix messages (git-fixes). - usb: gadget: udc: core: remove usage of list iterator past the loop body (git-fixes). - usb: host: ehci-fsl: Fix module alias (git-fixes). - usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes). - usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes). - usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git-fixes). - usb: xhci: Check endpoint is valid before dereferencing it (git-fixes). - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes). - vfs: make sync_filesystem return errors from ->sync_fs (git-fixes). - virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes). - virtio-net: correctly enable callback during start_xmit (git-fixes). - virtio_pci: modify ENOENT to EINVAL (git-fixes). - w1: fix WARNING after calling w1_process() (git-fixes). - w1: fix deadloop in __w1_remove_master_device() (git-fixes). - wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes) - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). - wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (git-fixes). - wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes). - wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (git-fixes). - wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (git-fixes). - wifi: mt76: sdio: poll sta stat when device transmits data (git-fixes). - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (git-fixes). - x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes). - x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes). - xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes). - xfs: fix incorrect error-out in xfs_remove (git-fixes). - xfs: fix incorrect i_nlink caused by inode racing (git-fixes). - xfs: fix maxlevels comparisons in the btree staging code (git-fixes). - xfs: fix memory leak in xfs_errortag_init (git-fixes). - xfs: get rid of assert from xfs_btree_islastblock (git-fixes). - xfs: get root inode correctly at bulkstat (git-fixes). - xfs: initialize the check_owner object fully (git-fixes). - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes). - xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes). - xfs: return errors in xfs_fs_sync_fs (git-fixes). - xfs: xfstest fails with error missing kernel patch (git-fixes bsc#1207501 ltc#201370). - xhci-pci: set the dma max_seg_size (git-fixes). - xhci: Fix null pointer dereference when host dies (git-fixes). - zram: Delete patch for regression addressed (bsc#1207933). - zram: do not lookup algorithm in backends table (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:439-1 Released: Thu Feb 16 13:09:30 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1069169,1186056,1204929,1205175 This update for dracut fixes the following issues: - Exclude USB drivers in strict hostonly mode (bsc#1186056) - Warn if included with no multipath devices and no user conf (bsc#1069169) - Improve detection of installed kernel versions (bsc#1205175) - chown using rpc default group (bsc#1204929) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:475-1 Released: Wed Feb 22 10:49:14 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1207183,1208143,1208146,CVE-2023-0361 This update for gnutls fixes the following issues: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143). - FIPS: Make the jitterentropy calls thread-safe (bsc#1208146). - FIPS: GnuTLS DH/ECDH PCT public key regeneration (bsc#1207183). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:477-1 Released: Wed Feb 22 14:00:53 2023 Summary: Recommended update for google-guest-configs Type: recommended Severity: moderate References: 1195437,1195438,1204068,1204091 This update for google-guest-configs fixes the following issues: - Add nvme-cli to Requires (bsc#1204068, bsc#1204091) - Update to version 20220211.00 (bsc#1195437, bsc#1195438) * Set NVMe-PD IO timeout to 4294967295. (#32) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:486-1 Released: Thu Feb 23 10:38:13 2023 Summary: Security update for c-ares Type: security Severity: important References: 1208067,CVE-2022-4904 This update for c-ares fixes the following issues: Updated to version 1.19.0: - CVE-2022-4904: Fixed missing string length check in config_sortlist() (bsc#1208067). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:549-1 Released: Mon Feb 27 17:35:07 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1205244,1208443,CVE-2022-45061 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:588-1 Released: Wed Mar 1 14:19:35 2023 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1186745,1196335 This update for kdump fixes the following issues: - run kdump.service only after kdump-early.service (bsc#1196335) - don't skip infiniband interfaces (bsc#1186745) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:600-1 Released: Thu Mar 2 14:52:36 2023 Summary: Security update for google-guest-agent Type: security Severity: important References: 1191468,1195391,1195838,1208723,CVE-2021-38297,CVE-2022-23806 This update for google-guest-agent fixes the following issues: Updated to version 20230222.00 and bumped go API version to 1.18 to address the following (bsc#1208723): - CVE-2021-38297: Fixed data overwrite when passing large arguments to GOARCH=wasm GOOS=js (bsc#1191468). - CVE-2022-23806: Fixed Curve.IsOnCurve to incorrectly return true (bsc#1195838). Bugfixes: - Avoid bashism in post-install scripts (bsc#1195391). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:602-1 Released: Thu Mar 2 14:53:51 2023 Summary: Security update for google-osconfig-agent Type: security Severity: important References: 1191468,1195838,1208723,CVE-2021-38297,CVE-2022-23806 This update for google-osconfig-agent fixes the following issues: Updated to version 20230222.00 and bumped go API version to 1.18 to address the following (bsc#1208723): - CVE-2021-38297: Fixed data overwrite when passing large arguments to GOARCH=wasm GOOS=js (bsc#1191468). - CVE-2022-23806: Fixed Curve.IsOnCurve to incorrectly return true (bsc#1195838). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:626-1 Released: Mon Mar 6 11:24:15 2023 Summary: Recommended update for libnvme Type: recommended Severity: important References: 1207159 This update for libnvme fixes the following issues: - Fix import error in python-libnvme (bsc#1207159) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:632-1 Released: Mon Mar 6 20:33:59 2023 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1207183,1208237 This update for gnutls fixes the following issues: - FIPS: Fix pct_test() return code in case of error (bsc#1207183) - Increase the limit of TLS PSK usernames from 128 to 65535 characters. [bsc#1208237, jsc#PED-1562] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:692-1 Released: Thu Mar 9 16:06:04 2023 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1205792,1208286,CVE-2022-27672 This update for xen fixes the following issues: - CVE-2022-27672: Fixed speculative execution vulnerability due to RAS being dynamically partitioned between non-idle threads (bsc#1208286). Bugfixes: - Fixed launch-xenstore error (bsc#1205792) - Fixed issues in VMX (bsc#1027519). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:709-1 Released: Fri Mar 10 16:04:41 2023 Summary: Recommended update for console-setup Type: recommended Severity: moderate References: 1202853 This update for console-setup and kbd fixes the following issue: - Fix Caps_Lock mapping for us.map and others (bsc#1202853) The following package changes have been done: - curl-7.79.1-150400.5.15.1 updated - dracut-mkinitrd-deprecated-055+suse.331.g05b9ccb7-150400.3.16.1 updated - dracut-055+suse.331.g05b9ccb7-150400.3.16.1 updated - google-guest-agent-20230221.00-150000.1.34.1 updated - google-guest-configs-20220211.00-150400.13.3.1 updated - google-osconfig-agent-20230222.00-150000.1.27.1 updated - hwdata-0.365-150000.3.54.1 added - kbd-legacy-2.4.0-150400.5.3.1 updated - kbd-2.4.0-150400.5.3.1 updated - kdump-1.0.2+git20.g64239cc-150400.3.11.1 updated - kernel-default-5.14.21-150400.24.46.1 updated - libcares2-1.19.0-150000.3.20.1 updated - libcurl4-7.79.1-150400.5.15.1 updated - libgnutls30-3.7.3-150400.4.32.1 updated - libhugetlbfs-2.20-3.3.1 added - libjitterentropy3-3.4.0-150000.1.9.1 updated - libnvme1-1.0-150400.3.15.1 added - libopenssl1_1-1.1.1l-150400.7.25.1 updated - libpython3_6m1_0-3.6.15-150300.10.40.1 updated - librelp0-1.2.15-1.15 added - libsystemd0-249.15-150400.8.22.1 updated - libudev1-249.15-150400.8.22.1 updated - nvme-cli-2.0-150400.3.12.1 added - openssl-1_1-1.1.1l-150400.7.25.1 updated - python3-base-3.6.15-150300.10.40.1 updated - python3-3.6.15-150300.10.40.1 updated - sle-module-basesystem-release-15.4-150400.55.1 added - sle-module-containers-release-15.4-150400.55.1 added - sle-module-public-cloud-release-15.4-150400.55.1 added - sle-module-server-applications-release-15.4-150400.55.1 added - systemd-sysvinit-249.15-150400.8.22.1 updated - systemd-249.15-150400.8.22.1 updated - tar-1.34-150000.3.31.1 updated - udev-249.15-150400.8.22.1 updated - xen-libs-4.16.3_04-150400.4.22.1 updated - pciutils-ids-20200324-3.6.1 removed - vlan-1.9-1.27 removed From sle-updates at lists.suse.com Tue Mar 14 08:05:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 09:05:50 +0100 (CET) Subject: SUSE-CU-2023:642-1: Recommended update of suse/sle15 Message-ID: <20230314080550.E7DDDF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:642-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.745 Container Release : 6.2.745 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:713-1 Released: Mon Mar 13 10:25:04 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: This update for suse-build-key fixes the following issues: This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise 15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch to mid of 2023. (jsc#PED-2777) - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories). - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories). - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages. - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem: New RSA 4096 key for the SUSE registry registry.suse.com, installed as suse-container-key-2023.pem and suse-container-key-2023.asc - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem: New PTF container signing key for registry.suse.com/ptf/ space. The following package changes have been done: - suse-build-key-12.0-150000.8.31.1 updated From sle-updates at lists.suse.com Tue Mar 14 08:07:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 09:07:15 +0100 (CET) Subject: SUSE-CU-2023:643-1: Recommended update of suse/sle15 Message-ID: <20230314080715.044BBF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:643-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.273 Container Release : 9.5.273 Severity : moderate Type : recommended References : 1204585 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:713-1 Released: Mon Mar 13 10:25:04 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: This update for suse-build-key fixes the following issues: This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise 15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch to mid of 2023. (jsc#PED-2777) - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories). - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories). - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages. - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem: New RSA 4096 key for the SUSE registry registry.suse.com, installed as suse-container-key-2023.pem and suse-container-key-2023.asc - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem: New PTF container signing key for registry.suse.com/ptf/ space. The following package changes have been done: - libxml2-2-2.9.7-150000.3.54.1 updated - suse-build-key-12.0-150000.8.31.1 updated From sle-updates at lists.suse.com Tue Mar 14 08:08:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 09:08:23 +0100 (CET) Subject: SUSE-CU-2023:644-1: Recommended update of suse/sle15 Message-ID: <20230314080823.95F78F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:644-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.112 , suse/sle15:15.3 , suse/sle15:15.3.17.20.112 Container Release : 17.20.112 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:713-1 Released: Mon Mar 13 10:25:04 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: This update for suse-build-key fixes the following issues: This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise 15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch to mid of 2023. (jsc#PED-2777) - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories). - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories). - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages. - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem: New RSA 4096 key for the SUSE registry registry.suse.com, installed as suse-container-key-2023.pem and suse-container-key-2023.asc - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem: New PTF container signing key for registry.suse.com/ptf/ space. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated - suse-build-key-12.0-150000.8.31.1 updated From sle-updates at lists.suse.com Tue Mar 14 08:08:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 09:08:57 +0100 (CET) Subject: SUSE-CU-2023:645-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230314080857.DEB29F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:645-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-29.10 , bci/dotnet-aspnet:6.0.14 , bci/dotnet-aspnet:6.0.14-29.10 Container Release : 29.10 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated From sle-updates at lists.suse.com Tue Mar 14 08:08:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 09:08:59 +0100 (CET) Subject: SUSE-CU-2023:646-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230314080859.A95F9F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:646-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-9.10 , bci/dotnet-aspnet:7.0.3 , bci/dotnet-aspnet:7.0.3-9.10 , bci/dotnet-aspnet:latest Container Release : 9.10 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated From sle-updates at lists.suse.com Tue Mar 14 08:09:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 09:09:35 +0100 (CET) Subject: SUSE-CU-2023:647-1: Recommended update of bci/dotnet-sdk Message-ID: <20230314080935.290C9F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:647-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-31.10 , bci/dotnet-sdk:6.0.14 , bci/dotnet-sdk:6.0.14-31.10 Container Release : 31.10 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated From sle-updates at lists.suse.com Tue Mar 14 08:09:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 09:09:37 +0100 (CET) Subject: SUSE-CU-2023:648-1: Recommended update of bci/dotnet-sdk Message-ID: <20230314080937.2E9F0F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:648-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-9.10 , bci/dotnet-sdk:7.0.3 , bci/dotnet-sdk:7.0.3-9.10 , bci/dotnet-sdk:latest Container Release : 9.10 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated From sle-updates at lists.suse.com Tue Mar 14 08:10:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 09:10:10 +0100 (CET) Subject: SUSE-CU-2023:650-1: Recommended update of bci/dotnet-runtime Message-ID: <20230314081010.B155EF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:650-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-9.10 , bci/dotnet-runtime:7.0.3 , bci/dotnet-runtime:7.0.3-9.10 , bci/dotnet-runtime:latest Container Release : 9.10 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated From sle-updates at lists.suse.com Tue Mar 14 08:10:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 09:10:08 +0100 (CET) Subject: SUSE-CU-2023:649-1: Recommended update of bci/dotnet-runtime Message-ID: <20230314081008.D49DAF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:649-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-28.10 , bci/dotnet-runtime:6.0.14 , bci/dotnet-runtime:6.0.14-28.10 Container Release : 28.10 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated From sle-updates at lists.suse.com Tue Mar 14 08:10:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 09:10:37 +0100 (CET) Subject: SUSE-CU-2023:651-1: Recommended update of bci/golang Message-ID: <20230314081037.59010F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:651-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-19.47 Container Release : 19.47 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated From sle-updates at lists.suse.com Tue Mar 14 08:10:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 09:10:59 +0100 (CET) Subject: SUSE-CU-2023:652-1: Recommended update of bci/golang Message-ID: <20230314081059.3D388F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:652-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-20.32 , bci/golang:latest Container Release : 20.32 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated From sle-updates at lists.suse.com Tue Mar 14 08:11:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 09:11:28 +0100 (CET) Subject: SUSE-CU-2023:653-1: Recommended update of bci/bci-init Message-ID: <20230314081128.E6798F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:653-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.25.27 , bci/bci-init:latest Container Release : 25.27 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated From sle-updates at lists.suse.com Tue Mar 14 08:11:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 09:11:38 +0100 (CET) Subject: SUSE-CU-2023:654-1: Recommended update of bci/bci-minimal Message-ID: <20230314081138.D9BB5F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:654-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.17.4 , bci/bci-minimal:latest Container Release : 17.4 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated From sle-updates at lists.suse.com Tue Mar 14 08:12:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 09:12:07 +0100 (CET) Subject: SUSE-CU-2023:655-1: Recommended update of bci/nodejs Message-ID: <20230314081207.E7DCAF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:655-1 Container Tags : bci/node:14 , bci/node:14-36.49 , bci/nodejs:14 , bci/nodejs:14-36.49 Container Release : 36.49 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated From sle-updates at lists.suse.com Tue Mar 14 08:12:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 09:12:32 +0100 (CET) Subject: SUSE-CU-2023:656-1: Recommended update of bci/nodejs Message-ID: <20230314081232.07C22F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:656-1 Container Tags : bci/node:16 , bci/node:16-14.12 , bci/nodejs:16 , bci/nodejs:16-14.12 Container Release : 14.12 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated From sle-updates at lists.suse.com Tue Mar 14 08:12:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 09:12:35 +0100 (CET) Subject: SUSE-CU-2023:657-1: Recommended update of bci/nodejs Message-ID: <20230314081235.23997F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:657-1 Container Tags : bci/node:18 , bci/node:18-2.11 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-2.11 , bci/nodejs:latest Container Release : 2.11 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated From sle-updates at lists.suse.com Tue Mar 14 08:13:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 09:13:11 +0100 (CET) Subject: SUSE-CU-2023:658-1: Recommended update of bci/openjdk-devel Message-ID: <20230314081311.7C533F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:658-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-38.103 Container Release : 38.103 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated - container:bci-openjdk-11-15.4.11-34.49 updated From sle-updates at lists.suse.com Tue Mar 14 08:13:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 09:13:41 +0100 (CET) Subject: SUSE-CU-2023:659-1: Recommended update of bci/openjdk Message-ID: <20230314081341.1FC36F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:659-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-34.49 Container Release : 34.49 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated From sle-updates at lists.suse.com Tue Mar 14 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 08:30:03 -0000 Subject: SUSE-RU-2023:0717-1: moderate: Recommended update for supportutils-plugin-ses Message-ID: <167878260359.19720.15944486605368222815@smelt2.suse.de> # Recommended update for supportutils-plugin-ses Announcement ID: SUSE-RU-2023:0717-1 Rating: moderate References: * #1204398 * #1205490 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Server 15 SP3 An update that has two recommended fixes can now be installed. ## Description: This update for supportutils-plugin-ses fixes the following issues: * Update to version 7.1+git.1674542629.ec200fa: * refactor listing running daemons * collect some more stats via daemon socket * censor rgw_frontend_ssl_certificate in `ceph orch ls` output (bsc#1204398) * rook: collect storageclasses info (bsc#1205490) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-717=1 ## Package List: * SUSE Enterprise Storage 7.1 (noarch) * supportutils-plugin-ses-7.1+git.1674542629.ec200fa-150300.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1204398 * https://bugzilla.suse.com/show_bug.cgi?id=1205490 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Mar 14 12:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 12:30:01 -0000 Subject: SUSE-FU-2023:0719-1: moderate: Feature update for perf Message-ID: <167879700135.3643.1261355447179315436@smelt2.suse.de> # Feature update for perf Announcement ID: SUSE-FU-2023:0719-1 Rating: moderate References: Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains two features can now be installed. ## Description: This update for perf fixes the following issues: * Fix build issues relating to binutils update and incorporate additional feature detection changes * Add AMD Genoa support (jsc#SLE-24792, jsc#SLE-24578) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-719=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-719=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * perf-debuginfo-5.14.21-150400.44.13.1 * perf-devel-5.14.21-150400.44.13.1 * perf-5.14.21-150400.44.13.1 * perf-debugsource-5.14.21-150400.44.13.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * perf-debuginfo-5.14.21-150400.44.13.1 * perf-devel-5.14.21-150400.44.13.1 * perf-5.14.21-150400.44.13.1 * perf-debugsource-5.14.21-150400.44.13.1 ## References: * https://jira.suse.com/browse/SLE-24578 * https://jira.suse.com/browse/SLE-24792 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Mar 14 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 12:30:03 -0000 Subject: SUSE-RU-2023:0718-1: moderate: Recommended update for gnu-compilers-hpc Message-ID: <167879700363.3643.6564109592049866648@smelt2.suse.de> # Recommended update for gnu-compilers-hpc Announcement ID: SUSE-RU-2023:0718-1 Rating: moderate References: * #1191381 Affected Products: * HPC Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update for gnu-compilers-hpc fixes the following issues: * Fix compatibility for SLE-12 * Add support for gcc12 (jsc#PED-2834). * Fix _multibuild with correct list of gcc version. * Update packaging macros (bsc#1191381) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPC Module 12 zypper in -t patch SUSE-SLE-Module-HPC-12-2023-718=1 ## Package List: * HPC Module 12 (noarch) * gnu10-compilers-hpc-1.4-23.1 * gnu-compilers-hpc-1.4-23.1 * gnu11-compilers-hpc-macros-devel-1.4-23.1 * gnu11-compilers-hpc-devel-1.4-23.1 * gnu-compilers-hpc-devel-1.4-23.1 * gnu9-compilers-hpc-1.4-23.1 * gnu10-compilers-hpc-devel-1.4-23.1 * gnu10-compilers-hpc-macros-devel-1.4-23.1 * gnu-compilers-hpc-macros-devel-1.4-23.1 * gnu8-compilers-hpc-1.4-23.1 * gnu11-compilers-hpc-1.4-23.1 * gnu9-compilers-hpc-macros-devel-1.4-23.1 * gnu8-compilers-hpc-devel-1.4-23.1 * gnu8-compilers-hpc-macros-devel-1.4-23.1 * gnu9-compilers-hpc-devel-1.4-23.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1191381 * https://jira.suse.com/browse/PED-2834 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Mar 14 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 16:30:02 -0000 Subject: SUSE-SU-2023:0728-1: important: Security update for MozillaFirefox Message-ID: <167881140245.27643.15401395315070569976@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:0728-1 Rating: important References: * #1209173 Cross-References: * CVE-2023-25748 * CVE-2023-25749 * CVE-2023-25750 * CVE-2023-25751 * CVE-2023-25752 * CVE-2023-28159 * CVE-2023-28160 * CVE-2023-28161 * CVE-2023-28162 * CVE-2023-28163 * CVE-2023-28164 * CVE-2023-28176 * CVE-2023-28177 CVSS scores: Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves 13 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Update to version 102.9.0 ESR (bsc#1209173): * CVE-2023-28159: Fullscreen Notification could have been hidden by download popups on Android * CVE-2023-25748: Fullscreen Notification could have been hidden by window prompts on Android * CVE-2023-25749: Firefox for Android may have opened third-party apps without a prompt * CVE-2023-25750: Potential ServiceWorker cache leak during private browsing mode * CVE-2023-25751: Incorrect code generation during JIT compilation * CVE-2023-28160: Redirect to Web Extension files may have leaked local path * CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation * CVE-2023-28161: One-time permissions granted to a local file were extended to other local files loaded in the same tab * CVE-2023-28162: Invalid downcast in Worklets * CVE-2023-25752: Potential out-of-bounds when accessing throttled streams * CVE-2023-28163: Windows Save As dialog resolved environment variables * CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 * CVE-2023-28177: Memory safety bugs fixed in Firefox 111 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-728=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-728=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-728=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * MozillaFirefox-translations-common-102.9.0-150000.150.79.1 * MozillaFirefox-devel-102.9.0-150000.150.79.1 * MozillaFirefox-102.9.0-150000.150.79.1 * MozillaFirefox-debuginfo-102.9.0-150000.150.79.1 * MozillaFirefox-translations-other-102.9.0-150000.150.79.1 * MozillaFirefox-debugsource-102.9.0-150000.150.79.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-102.9.0-150000.150.79.1 * MozillaFirefox-devel-102.9.0-150000.150.79.1 * MozillaFirefox-102.9.0-150000.150.79.1 * MozillaFirefox-debuginfo-102.9.0-150000.150.79.1 * MozillaFirefox-translations-other-102.9.0-150000.150.79.1 * MozillaFirefox-debugsource-102.9.0-150000.150.79.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * MozillaFirefox-translations-common-102.9.0-150000.150.79.1 * MozillaFirefox-devel-102.9.0-150000.150.79.1 * MozillaFirefox-102.9.0-150000.150.79.1 * MozillaFirefox-debuginfo-102.9.0-150000.150.79.1 * MozillaFirefox-translations-other-102.9.0-150000.150.79.1 * MozillaFirefox-debugsource-102.9.0-150000.150.79.1 * SUSE CaaS Platform 4.0 (x86_64) * MozillaFirefox-translations-common-102.9.0-150000.150.79.1 * MozillaFirefox-devel-102.9.0-150000.150.79.1 * MozillaFirefox-102.9.0-150000.150.79.1 * MozillaFirefox-debuginfo-102.9.0-150000.150.79.1 * MozillaFirefox-translations-other-102.9.0-150000.150.79.1 * MozillaFirefox-debugsource-102.9.0-150000.150.79.1 ## References: * https://www.suse.com/security/cve/CVE-2023-25748.html * https://www.suse.com/security/cve/CVE-2023-25749.html * https://www.suse.com/security/cve/CVE-2023-25750.html * https://www.suse.com/security/cve/CVE-2023-25751.html * https://www.suse.com/security/cve/CVE-2023-25752.html * https://www.suse.com/security/cve/CVE-2023-28159.html * https://www.suse.com/security/cve/CVE-2023-28160.html * https://www.suse.com/security/cve/CVE-2023-28161.html * https://www.suse.com/security/cve/CVE-2023-28162.html * https://www.suse.com/security/cve/CVE-2023-28163.html * https://www.suse.com/security/cve/CVE-2023-28164.html * https://www.suse.com/security/cve/CVE-2023-28176.html * https://www.suse.com/security/cve/CVE-2023-28177.html * https://bugzilla.suse.com/show_bug.cgi?id=1209173 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Mar 14 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 16:30:03 -0000 Subject: SUSE-RU-2023:0726-1: moderate: Recommended update for python-shaptools Message-ID: <167881140368.27643.8042268688242975423@smelt2.suse.de> # Recommended update for python-shaptools Announcement ID: SUSE-RU-2023:0726-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 * SAP Applications Module 15-SP2 * SAP Applications Module 15-SP3 * SAP Applications Module 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Server 4.2 * SUSE Manager Server 4.2 Module 4.2 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that can now be installed. ## Description: This update for python-shaptools and salt-shaptools fixes the following issues: * python-shaptools Version 0.3.13: Add HANA add_hosts feature Forces Instance nr always with 2 positions filled with 0 Forces right formatting on HANA OS admin user. * salt-shaptools Version 0.3.17: Add HANA add_hosts feature Workaround to detect aws cloud_provider Do not raise exception on empty HANA query results Add module query to HANA Fix typo to fix uninstalled state Add cluster init support for OCFS2 device qdevice support: it can be created when initializing a cluster ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-726=1 * SAP Applications Module 15-SP2 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2023-726=1 * SAP Applications Module 15-SP3 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2023-726=1 * SAP Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-726=1 * SUSE Manager Server 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-726=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-726=1 ## Package List: * openSUSE Leap 15.4 (noarch) * salt-shaptools-0.3.17+git.1651504665.6e49c5b-150200.3.9.1 * python3-shaptools-0.3.13+git.1673855974.f208fad-150200.3.12.1 * SAP Applications Module 15-SP2 (noarch) * salt-shaptools-0.3.17+git.1651504665.6e49c5b-150200.3.9.1 * python3-shaptools-0.3.13+git.1673855974.f208fad-150200.3.12.1 * SAP Applications Module 15-SP3 (noarch) * salt-shaptools-0.3.17+git.1651504665.6e49c5b-150200.3.9.1 * python3-shaptools-0.3.13+git.1673855974.f208fad-150200.3.12.1 * SAP Applications Module 15-SP4 (noarch) * salt-shaptools-0.3.17+git.1651504665.6e49c5b-150200.3.9.1 * python3-shaptools-0.3.13+git.1673855974.f208fad-150200.3.12.1 * SUSE Manager Server 4.2 Module 4.2 (noarch) * salt-shaptools-0.3.17+git.1651504665.6e49c5b-150200.3.9.1 * SUSE Manager Server 4.3 Module 4.3 (noarch) * salt-shaptools-0.3.17+git.1651504665.6e49c5b-150200.3.9.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Mar 14 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 16:30:05 -0000 Subject: SUSE-SU-2023:0725-1: important: Security update for rubygem-rack Message-ID: <167881140564.27643.15887596192671772500@smelt2.suse.de> # Security update for rubygem-rack Announcement ID: SUSE-SU-2023:0725-1 Rating: important References: * #1209095 Cross-References: * CVE-2023-27530 CVSS scores: * CVE-2023-27530 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for rubygem-rack fixes the following issues: * CVE-2023-27530: Fixed denial of service in Multipart MIME parsing (bsc#1209095). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-725=1 * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-725=1 * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-725=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-725=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-725=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rack-doc-2.0.8-150000.3.15.1 * ruby2.5-rubygem-rack-2.0.8-150000.3.15.1 * ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.15.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rack-2.0.8-150000.3.15.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rack-2.0.8-150000.3.15.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rack-2.0.8-150000.3.15.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rack-2.0.8-150000.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-27530.html * https://bugzilla.suse.com/show_bug.cgi?id=1209095 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Mar 14 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 16:30:09 -0000 Subject: SUSE-SU-2023:0724-1: important: Security update for python Message-ID: <167881140907.27643.11878413117668730983@smelt2.suse.de> # Security update for python Announcement ID: SUSE-SU-2023:0724-1 Rating: important References: * #1202666 * #1205244 * #1208471 Cross-References: * CVE-2022-45061 * CVE-2023-24329 CVSS scores: * CVE-2022-45061 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-45061 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24329 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L * CVE-2023-24329 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for python fixes the following issues: * CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). * CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). The following non-security bug was fixed: * Making compileall.py compliant with year 2038 (bsc#1202666, gh#python/cpython#79171). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-724=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-724=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-724=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-724=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-724=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-724=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-724=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-724=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-724=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-724=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-724=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-724=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-724=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-724=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-724=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-724=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-724=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-724=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python-debugsource-2.7.18-150000.48.1 * python-tk-debuginfo-2.7.18-150000.48.1 * python-xml-2.7.18-150000.48.1 * python-2.7.18-150000.48.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.48.1 * python-base-debugsource-2.7.18-150000.48.1 * python-demo-2.7.18-150000.48.1 * python-gdbm-debuginfo-2.7.18-150000.48.1 * libpython2_7-1_0-2.7.18-150000.48.1 * python-idle-2.7.18-150000.48.1 * python-tk-2.7.18-150000.48.1 * python-xml-debuginfo-2.7.18-150000.48.1 * python-curses-2.7.18-150000.48.1 * python-base-2.7.18-150000.48.1 * python-gdbm-2.7.18-150000.48.1 * python-base-debuginfo-2.7.18-150000.48.1 * python-debuginfo-2.7.18-150000.48.1 * python-curses-debuginfo-2.7.18-150000.48.1 * python-devel-2.7.18-150000.48.1 * openSUSE Leap 15.4 (x86_64) * python-base-32bit-2.7.18-150000.48.1 * python-32bit-2.7.18-150000.48.1 * libpython2_7-1_0-32bit-2.7.18-150000.48.1 * libpython2_7-1_0-32bit-debuginfo-2.7.18-150000.48.1 * python-32bit-debuginfo-2.7.18-150000.48.1 * python-base-32bit-debuginfo-2.7.18-150000.48.1 * openSUSE Leap 15.4 (noarch) * python-doc-pdf-2.7.18-150000.48.1 * python-doc-2.7.18-150000.48.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * python-base-debugsource-2.7.18-150000.48.1 * python-base-debuginfo-2.7.18-150000.48.1 * python-devel-2.7.18-150000.48.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * python-debugsource-2.7.18-150000.48.1 * python-tk-debuginfo-2.7.18-150000.48.1 * python-xml-2.7.18-150000.48.1 * python-2.7.18-150000.48.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.48.1 * python-base-debugsource-2.7.18-150000.48.1 * python-gdbm-debuginfo-2.7.18-150000.48.1 * libpython2_7-1_0-2.7.18-150000.48.1 * python-tk-2.7.18-150000.48.1 * python-xml-debuginfo-2.7.18-150000.48.1 * python-curses-2.7.18-150000.48.1 * python-base-2.7.18-150000.48.1 * python-gdbm-2.7.18-150000.48.1 * python-base-debuginfo-2.7.18-150000.48.1 * python-debuginfo-2.7.18-150000.48.1 * python-curses-debuginfo-2.7.18-150000.48.1 * python-devel-2.7.18-150000.48.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * python-debugsource-2.7.18-150000.48.1 * python-tk-debuginfo-2.7.18-150000.48.1 * python-xml-2.7.18-150000.48.1 * python-2.7.18-150000.48.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.48.1 * python-base-debugsource-2.7.18-150000.48.1 * python-gdbm-debuginfo-2.7.18-150000.48.1 * libpython2_7-1_0-2.7.18-150000.48.1 * python-tk-2.7.18-150000.48.1 * python-xml-debuginfo-2.7.18-150000.48.1 * python-curses-2.7.18-150000.48.1 * python-base-2.7.18-150000.48.1 * python-gdbm-2.7.18-150000.48.1 * python-base-debuginfo-2.7.18-150000.48.1 * python-debuginfo-2.7.18-150000.48.1 * python-curses-debuginfo-2.7.18-150000.48.1 * python-devel-2.7.18-150000.48.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * python-debugsource-2.7.18-150000.48.1 * python-tk-debuginfo-2.7.18-150000.48.1 * python-xml-2.7.18-150000.48.1 * python-2.7.18-150000.48.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.48.1 * python-base-debugsource-2.7.18-150000.48.1 * libpython2_7-1_0-2.7.18-150000.48.1 * python-tk-2.7.18-150000.48.1 * python-xml-debuginfo-2.7.18-150000.48.1 * python-base-2.7.18-150000.48.1 * python-base-debuginfo-2.7.18-150000.48.1 * python-debuginfo-2.7.18-150000.48.1 * python-devel-2.7.18-150000.48.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * python-debugsource-2.7.18-150000.48.1 * python-tk-debuginfo-2.7.18-150000.48.1 * python-xml-2.7.18-150000.48.1 * python-2.7.18-150000.48.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.48.1 * python-base-debugsource-2.7.18-150000.48.1 * libpython2_7-1_0-2.7.18-150000.48.1 * python-tk-2.7.18-150000.48.1 * python-xml-debuginfo-2.7.18-150000.48.1 * python-base-2.7.18-150000.48.1 * python-base-debuginfo-2.7.18-150000.48.1 * python-debuginfo-2.7.18-150000.48.1 * python-devel-2.7.18-150000.48.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * python-debugsource-2.7.18-150000.48.1 * python-tk-debuginfo-2.7.18-150000.48.1 * python-xml-2.7.18-150000.48.1 * python-2.7.18-150000.48.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.48.1 * python-base-debugsource-2.7.18-150000.48.1 * libpython2_7-1_0-2.7.18-150000.48.1 * python-tk-2.7.18-150000.48.1 * python-xml-debuginfo-2.7.18-150000.48.1 * python-base-2.7.18-150000.48.1 * python-base-debuginfo-2.7.18-150000.48.1 * python-debuginfo-2.7.18-150000.48.1 * python-devel-2.7.18-150000.48.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * python-debugsource-2.7.18-150000.48.1 * python-tk-debuginfo-2.7.18-150000.48.1 * python-xml-2.7.18-150000.48.1 * python-2.7.18-150000.48.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.48.1 * python-base-debugsource-2.7.18-150000.48.1 * python-gdbm-debuginfo-2.7.18-150000.48.1 * libpython2_7-1_0-2.7.18-150000.48.1 * python-tk-2.7.18-150000.48.1 * python-xml-debuginfo-2.7.18-150000.48.1 * python-curses-2.7.18-150000.48.1 * python-base-2.7.18-150000.48.1 * python-gdbm-2.7.18-150000.48.1 * python-base-debuginfo-2.7.18-150000.48.1 * python-debuginfo-2.7.18-150000.48.1 * python-curses-debuginfo-2.7.18-150000.48.1 * python-devel-2.7.18-150000.48.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * python-debugsource-2.7.18-150000.48.1 * python-tk-debuginfo-2.7.18-150000.48.1 * python-xml-2.7.18-150000.48.1 * python-2.7.18-150000.48.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.48.1 * python-base-debugsource-2.7.18-150000.48.1 * python-gdbm-debuginfo-2.7.18-150000.48.1 * libpython2_7-1_0-2.7.18-150000.48.1 * python-tk-2.7.18-150000.48.1 * python-xml-debuginfo-2.7.18-150000.48.1 * python-curses-2.7.18-150000.48.1 * python-base-2.7.18-150000.48.1 * python-gdbm-2.7.18-150000.48.1 * python-base-debuginfo-2.7.18-150000.48.1 * python-debuginfo-2.7.18-150000.48.1 * python-curses-debuginfo-2.7.18-150000.48.1 * python-devel-2.7.18-150000.48.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * python-debugsource-2.7.18-150000.48.1 * python-tk-debuginfo-2.7.18-150000.48.1 * python-xml-2.7.18-150000.48.1 * python-2.7.18-150000.48.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.48.1 * python-base-debugsource-2.7.18-150000.48.1 * libpython2_7-1_0-2.7.18-150000.48.1 * python-tk-2.7.18-150000.48.1 * python-xml-debuginfo-2.7.18-150000.48.1 * python-base-2.7.18-150000.48.1 * python-base-debuginfo-2.7.18-150000.48.1 * python-debuginfo-2.7.18-150000.48.1 * python-devel-2.7.18-150000.48.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * python-debugsource-2.7.18-150000.48.1 * python-tk-debuginfo-2.7.18-150000.48.1 * python-xml-2.7.18-150000.48.1 * python-2.7.18-150000.48.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.48.1 * python-base-debugsource-2.7.18-150000.48.1 * python-gdbm-debuginfo-2.7.18-150000.48.1 * libpython2_7-1_0-2.7.18-150000.48.1 * python-tk-2.7.18-150000.48.1 * python-xml-debuginfo-2.7.18-150000.48.1 * python-curses-2.7.18-150000.48.1 * python-base-2.7.18-150000.48.1 * python-gdbm-2.7.18-150000.48.1 * python-base-debuginfo-2.7.18-150000.48.1 * python-debuginfo-2.7.18-150000.48.1 * python-curses-debuginfo-2.7.18-150000.48.1 * python-devel-2.7.18-150000.48.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * python-debugsource-2.7.18-150000.48.1 * python-tk-debuginfo-2.7.18-150000.48.1 * python-xml-2.7.18-150000.48.1 * python-2.7.18-150000.48.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.48.1 * python-base-debugsource-2.7.18-150000.48.1 * python-gdbm-debuginfo-2.7.18-150000.48.1 * libpython2_7-1_0-2.7.18-150000.48.1 * python-tk-2.7.18-150000.48.1 * python-xml-debuginfo-2.7.18-150000.48.1 * python-curses-2.7.18-150000.48.1 * python-base-2.7.18-150000.48.1 * python-gdbm-2.7.18-150000.48.1 * python-base-debuginfo-2.7.18-150000.48.1 * python-debuginfo-2.7.18-150000.48.1 * python-curses-debuginfo-2.7.18-150000.48.1 * python-devel-2.7.18-150000.48.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * python-debugsource-2.7.18-150000.48.1 * python-tk-debuginfo-2.7.18-150000.48.1 * python-xml-2.7.18-150000.48.1 * python-2.7.18-150000.48.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.48.1 * python-base-debugsource-2.7.18-150000.48.1 * libpython2_7-1_0-2.7.18-150000.48.1 * python-tk-2.7.18-150000.48.1 * python-xml-debuginfo-2.7.18-150000.48.1 * python-base-2.7.18-150000.48.1 * python-base-debuginfo-2.7.18-150000.48.1 * python-debuginfo-2.7.18-150000.48.1 * python-devel-2.7.18-150000.48.1 * SUSE Manager Proxy 4.2 (x86_64) * python-debugsource-2.7.18-150000.48.1 * python-2.7.18-150000.48.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.48.1 * python-base-debugsource-2.7.18-150000.48.1 * libpython2_7-1_0-2.7.18-150000.48.1 * python-base-2.7.18-150000.48.1 * python-base-debuginfo-2.7.18-150000.48.1 * python-debuginfo-2.7.18-150000.48.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * python-debugsource-2.7.18-150000.48.1 * python-2.7.18-150000.48.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.48.1 * python-base-debugsource-2.7.18-150000.48.1 * libpython2_7-1_0-2.7.18-150000.48.1 * python-base-2.7.18-150000.48.1 * python-base-debuginfo-2.7.18-150000.48.1 * python-debuginfo-2.7.18-150000.48.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * python-debugsource-2.7.18-150000.48.1 * python-xml-2.7.18-150000.48.1 * python-2.7.18-150000.48.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.48.1 * python-base-debugsource-2.7.18-150000.48.1 * python-gdbm-debuginfo-2.7.18-150000.48.1 * libpython2_7-1_0-2.7.18-150000.48.1 * python-xml-debuginfo-2.7.18-150000.48.1 * python-curses-2.7.18-150000.48.1 * python-base-2.7.18-150000.48.1 * python-gdbm-2.7.18-150000.48.1 * python-base-debuginfo-2.7.18-150000.48.1 * python-debuginfo-2.7.18-150000.48.1 * python-curses-debuginfo-2.7.18-150000.48.1 * python-devel-2.7.18-150000.48.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * python-debugsource-2.7.18-150000.48.1 * python-tk-debuginfo-2.7.18-150000.48.1 * python-xml-2.7.18-150000.48.1 * python-2.7.18-150000.48.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.48.1 * python-base-debugsource-2.7.18-150000.48.1 * libpython2_7-1_0-2.7.18-150000.48.1 * python-tk-2.7.18-150000.48.1 * python-xml-debuginfo-2.7.18-150000.48.1 * python-base-2.7.18-150000.48.1 * python-base-debuginfo-2.7.18-150000.48.1 * python-debuginfo-2.7.18-150000.48.1 * python-devel-2.7.18-150000.48.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * python-debugsource-2.7.18-150000.48.1 * python-tk-debuginfo-2.7.18-150000.48.1 * python-xml-2.7.18-150000.48.1 * python-2.7.18-150000.48.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.48.1 * python-base-debugsource-2.7.18-150000.48.1 * python-gdbm-debuginfo-2.7.18-150000.48.1 * libpython2_7-1_0-2.7.18-150000.48.1 * python-tk-2.7.18-150000.48.1 * python-xml-debuginfo-2.7.18-150000.48.1 * python-curses-2.7.18-150000.48.1 * python-base-2.7.18-150000.48.1 * python-gdbm-2.7.18-150000.48.1 * python-base-debuginfo-2.7.18-150000.48.1 * python-debuginfo-2.7.18-150000.48.1 * python-curses-debuginfo-2.7.18-150000.48.1 * python-devel-2.7.18-150000.48.1 * SUSE CaaS Platform 4.0 (x86_64) * python-debugsource-2.7.18-150000.48.1 * python-tk-debuginfo-2.7.18-150000.48.1 * python-xml-2.7.18-150000.48.1 * python-2.7.18-150000.48.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.48.1 * python-base-debugsource-2.7.18-150000.48.1 * python-gdbm-debuginfo-2.7.18-150000.48.1 * libpython2_7-1_0-2.7.18-150000.48.1 * python-tk-2.7.18-150000.48.1 * python-xml-debuginfo-2.7.18-150000.48.1 * python-curses-2.7.18-150000.48.1 * python-base-2.7.18-150000.48.1 * python-gdbm-2.7.18-150000.48.1 * python-base-debuginfo-2.7.18-150000.48.1 * python-debuginfo-2.7.18-150000.48.1 * python-curses-debuginfo-2.7.18-150000.48.1 * python-devel-2.7.18-150000.48.1 ## References: * https://www.suse.com/security/cve/CVE-2022-45061.html * https://www.suse.com/security/cve/CVE-2023-24329.html * https://bugzilla.suse.com/show_bug.cgi?id=1202666 * https://bugzilla.suse.com/show_bug.cgi?id=1205244 * https://bugzilla.suse.com/show_bug.cgi?id=1208471 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Mar 14 16:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 16:30:11 -0000 Subject: SUSE-RU-2023:0723-1: moderate: Recommended update for powerman Message-ID: <167881141137.27643.491478533628434126@smelt2.suse.de> # Recommended update for powerman Announcement ID: SUSE-RU-2023:0723-1 Rating: moderate References: * #1185180 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has one recommended fix can now be installed. ## Description: This update for powerman fixes the following issues: * version update to 2.3.26 * Log power state changes to syslog * Fix default systemd unit file path for 'make distcheck' * Added: etc/kvm.dev, tc/kvm-ssh.dev, etc/openbmc.dev, etc/rancid-cisco- poe.dev * Fix misinterpretation of error strings in ipmipower.dev * Fix PIDFile under /run (bsc#1185180) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-723=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-723=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-723=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-723=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-723=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-723=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-723=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-723=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-723=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-723=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-723=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-723=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-723=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-723=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-723=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-723=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * powerman-debugsource-2.3.26-150000.4.3.1 * libpowerman0-debuginfo-2.3.26-150000.4.3.1 * libpowerman0-2.3.26-150000.4.3.1 * powerman-2.3.26-150000.4.3.1 * powerman-debuginfo-2.3.26-150000.4.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * powerman-debugsource-2.3.26-150000.4.3.1 * libpowerman0-debuginfo-2.3.26-150000.4.3.1 * libpowerman0-2.3.26-150000.4.3.1 * powerman-2.3.26-150000.4.3.1 * powerman-debuginfo-2.3.26-150000.4.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * powerman-debugsource-2.3.26-150000.4.3.1 * libpowerman0-debuginfo-2.3.26-150000.4.3.1 * libpowerman0-2.3.26-150000.4.3.1 * powerman-2.3.26-150000.4.3.1 * powerman-debuginfo-2.3.26-150000.4.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * powerman-debugsource-2.3.26-150000.4.3.1 * libpowerman0-debuginfo-2.3.26-150000.4.3.1 * libpowerman0-2.3.26-150000.4.3.1 * powerman-2.3.26-150000.4.3.1 * powerman-debuginfo-2.3.26-150000.4.3.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * powerman-debugsource-2.3.26-150000.4.3.1 * libpowerman0-debuginfo-2.3.26-150000.4.3.1 * libpowerman0-2.3.26-150000.4.3.1 * powerman-2.3.26-150000.4.3.1 * powerman-debuginfo-2.3.26-150000.4.3.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * powerman-debugsource-2.3.26-150000.4.3.1 * libpowerman0-debuginfo-2.3.26-150000.4.3.1 * libpowerman0-2.3.26-150000.4.3.1 * powerman-2.3.26-150000.4.3.1 * powerman-debuginfo-2.3.26-150000.4.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * powerman-debugsource-2.3.26-150000.4.3.1 * libpowerman0-debuginfo-2.3.26-150000.4.3.1 * libpowerman0-2.3.26-150000.4.3.1 * powerman-2.3.26-150000.4.3.1 * powerman-debuginfo-2.3.26-150000.4.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * powerman-debugsource-2.3.26-150000.4.3.1 * libpowerman0-debuginfo-2.3.26-150000.4.3.1 * libpowerman0-2.3.26-150000.4.3.1 * powerman-2.3.26-150000.4.3.1 * powerman-debuginfo-2.3.26-150000.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * powerman-debugsource-2.3.26-150000.4.3.1 * libpowerman0-debuginfo-2.3.26-150000.4.3.1 * libpowerman0-2.3.26-150000.4.3.1 * powerman-2.3.26-150000.4.3.1 * powerman-debuginfo-2.3.26-150000.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * powerman-debugsource-2.3.26-150000.4.3.1 * libpowerman0-debuginfo-2.3.26-150000.4.3.1 * libpowerman0-2.3.26-150000.4.3.1 * powerman-2.3.26-150000.4.3.1 * powerman-debuginfo-2.3.26-150000.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * powerman-debugsource-2.3.26-150000.4.3.1 * libpowerman0-debuginfo-2.3.26-150000.4.3.1 * libpowerman0-2.3.26-150000.4.3.1 * powerman-2.3.26-150000.4.3.1 * powerman-debuginfo-2.3.26-150000.4.3.1 * SUSE Manager Proxy 4.2 (x86_64) * powerman-debugsource-2.3.26-150000.4.3.1 * libpowerman0-debuginfo-2.3.26-150000.4.3.1 * libpowerman0-2.3.26-150000.4.3.1 * powerman-2.3.26-150000.4.3.1 * powerman-debuginfo-2.3.26-150000.4.3.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * powerman-debugsource-2.3.26-150000.4.3.1 * libpowerman0-debuginfo-2.3.26-150000.4.3.1 * libpowerman0-2.3.26-150000.4.3.1 * powerman-2.3.26-150000.4.3.1 * powerman-debuginfo-2.3.26-150000.4.3.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * powerman-debugsource-2.3.26-150000.4.3.1 * libpowerman0-debuginfo-2.3.26-150000.4.3.1 * libpowerman0-2.3.26-150000.4.3.1 * powerman-2.3.26-150000.4.3.1 * powerman-debuginfo-2.3.26-150000.4.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * powerman-debugsource-2.3.26-150000.4.3.1 * libpowerman0-debuginfo-2.3.26-150000.4.3.1 * libpowerman0-2.3.26-150000.4.3.1 * powerman-2.3.26-150000.4.3.1 * powerman-debuginfo-2.3.26-150000.4.3.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * powerman-debugsource-2.3.26-150000.4.3.1 * libpowerman0-debuginfo-2.3.26-150000.4.3.1 * libpowerman0-2.3.26-150000.4.3.1 * powerman-2.3.26-150000.4.3.1 * powerman-debuginfo-2.3.26-150000.4.3.1 * SUSE CaaS Platform 4.0 (x86_64) * powerman-debugsource-2.3.26-150000.4.3.1 * libpowerman0-debuginfo-2.3.26-150000.4.3.1 * libpowerman0-2.3.26-150000.4.3.1 * powerman-2.3.26-150000.4.3.1 * powerman-debuginfo-2.3.26-150000.4.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1185180 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Mar 14 16:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 16:30:13 -0000 Subject: SUSE-SU-2023:0722-1: moderate: Security update for python-cryptography Message-ID: <167881141333.27643.8406873388393481737@smelt2.suse.de> # Security update for python-cryptography Announcement ID: SUSE-SU-2023:0722-1 Rating: moderate References: * #1208036 Cross-References: * CVE-2023-23931 CVSS scores: * CVE-2023-23931 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-23931 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-cryptography fixes the following issues: * CVE-2023-23931: Fixed memory corruption due to invalidly changed immutable object (bsc#1208036). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-722=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-722=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-722=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-722=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-722=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * python3-cryptography-debuginfo-3.3.2-150400.16.6.1 * python3-cryptography-3.3.2-150400.16.6.1 * python-cryptography-debugsource-3.3.2-150400.16.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python3-cryptography-debuginfo-3.3.2-150400.16.6.1 * python3-cryptography-3.3.2-150400.16.6.1 * python-cryptography-debugsource-3.3.2-150400.16.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * python3-cryptography-debuginfo-3.3.2-150400.16.6.1 * python3-cryptography-3.3.2-150400.16.6.1 * python-cryptography-debugsource-3.3.2-150400.16.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * python3-cryptography-debuginfo-3.3.2-150400.16.6.1 * python3-cryptography-3.3.2-150400.16.6.1 * python-cryptography-debugsource-3.3.2-150400.16.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-cryptography-debuginfo-3.3.2-150400.16.6.1 * python3-cryptography-3.3.2-150400.16.6.1 * python-cryptography-debugsource-3.3.2-150400.16.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23931.html * https://bugzilla.suse.com/show_bug.cgi?id=1208036 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Mar 14 16:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 16:30:15 -0000 Subject: SUSE-RU-2023:0721-1: moderate: Recommended update for libvirt Message-ID: <167881141597.27643.192534243734012881@smelt2.suse.de> # Recommended update for libvirt Announcement ID: SUSE-RU-2023:0721-1 Rating: moderate References: * #1203536 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for libvirt fixes the following issue: * cpu_map: Drop pconfig from Icelake-Server CPU model (bsc#1203536) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-721=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-721=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-721=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-721=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libvirt-debugsource-5.1.0-13.34.1 * libvirt-devel-5.1.0-13.34.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libvirt-daemon-driver-storage-mpath-5.1.0-13.34.1 * libvirt-daemon-driver-storage-logical-5.1.0-13.34.1 * libvirt-daemon-driver-storage-rbd-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-storage-scsi-5.1.0-13.34.1 * libvirt-daemon-config-network-5.1.0-13.34.1 * libvirt-daemon-driver-lxc-5.1.0-13.34.1 * libvirt-daemon-driver-interface-debuginfo-5.1.0-13.34.1 * libvirt-libs-debuginfo-5.1.0-13.34.1 * libvirt-nss-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-storage-mpath-debuginfo-5.1.0-13.34.1 * libvirt-daemon-hooks-5.1.0-13.34.1 * libvirt-lock-sanlock-5.1.0-13.34.1 * libvirt-daemon-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-network-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-nwfilter-5.1.0-13.34.1 * libvirt-daemon-driver-storage-scsi-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-nodedev-5.1.0-13.34.1 * libvirt-admin-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-interface-5.1.0-13.34.1 * libvirt-5.1.0-13.34.1 * libvirt-daemon-driver-secret-5.1.0-13.34.1 * libvirt-daemon-driver-storage-disk-5.1.0-13.34.1 * libvirt-daemon-driver-storage-core-5.1.0-13.34.1 * libvirt-lock-sanlock-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-network-5.1.0-13.34.1 * libvirt-nss-5.1.0-13.34.1 * libvirt-daemon-lxc-5.1.0-13.34.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-storage-logical-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-storage-core-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-secret-debuginfo-5.1.0-13.34.1 * libvirt-admin-5.1.0-13.34.1 * libvirt-debugsource-5.1.0-13.34.1 * libvirt-libs-5.1.0-13.34.1 * libvirt-daemon-driver-qemu-5.1.0-13.34.1 * libvirt-daemon-config-nwfilter-5.1.0-13.34.1 * libvirt-daemon-driver-qemu-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-storage-disk-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-storage-rbd-5.1.0-13.34.1 * libvirt-daemon-driver-storage-iscsi-5.1.0-13.34.1 * libvirt-client-5.1.0-13.34.1 * libvirt-daemon-driver-storage-5.1.0-13.34.1 * libvirt-client-debuginfo-5.1.0-13.34.1 * libvirt-daemon-qemu-5.1.0-13.34.1 * libvirt-doc-5.1.0-13.34.1 * libvirt-daemon-driver-nwfilter-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-lxc-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-nodedev-debuginfo-5.1.0-13.34.1 * libvirt-daemon-5.1.0-13.34.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libvirt-daemon-driver-libxl-5.1.0-13.34.1 * libvirt-daemon-xen-5.1.0-13.34.1 * libvirt-daemon-driver-libxl-debuginfo-5.1.0-13.34.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libvirt-daemon-driver-storage-mpath-5.1.0-13.34.1 * libvirt-daemon-driver-storage-logical-5.1.0-13.34.1 * libvirt-daemon-driver-storage-scsi-5.1.0-13.34.1 * libvirt-daemon-config-network-5.1.0-13.34.1 * libvirt-daemon-driver-lxc-5.1.0-13.34.1 * libvirt-daemon-driver-interface-debuginfo-5.1.0-13.34.1 * libvirt-libs-debuginfo-5.1.0-13.34.1 * libvirt-nss-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-storage-mpath-debuginfo-5.1.0-13.34.1 * libvirt-daemon-hooks-5.1.0-13.34.1 * libvirt-lock-sanlock-5.1.0-13.34.1 * libvirt-daemon-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-network-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-nwfilter-5.1.0-13.34.1 * libvirt-daemon-driver-storage-scsi-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-nodedev-5.1.0-13.34.1 * libvirt-admin-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-interface-5.1.0-13.34.1 * libvirt-5.1.0-13.34.1 * libvirt-daemon-driver-secret-5.1.0-13.34.1 * libvirt-daemon-driver-storage-disk-5.1.0-13.34.1 * libvirt-daemon-driver-storage-core-5.1.0-13.34.1 * libvirt-lock-sanlock-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-network-5.1.0-13.34.1 * libvirt-nss-5.1.0-13.34.1 * libvirt-daemon-lxc-5.1.0-13.34.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-storage-logical-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-storage-core-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-secret-debuginfo-5.1.0-13.34.1 * libvirt-admin-5.1.0-13.34.1 * libvirt-debugsource-5.1.0-13.34.1 * libvirt-libs-5.1.0-13.34.1 * libvirt-daemon-driver-qemu-5.1.0-13.34.1 * libvirt-daemon-config-nwfilter-5.1.0-13.34.1 * libvirt-daemon-driver-qemu-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-storage-disk-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-storage-iscsi-5.1.0-13.34.1 * libvirt-client-5.1.0-13.34.1 * libvirt-daemon-driver-storage-5.1.0-13.34.1 * libvirt-client-debuginfo-5.1.0-13.34.1 * libvirt-daemon-qemu-5.1.0-13.34.1 * libvirt-doc-5.1.0-13.34.1 * libvirt-daemon-driver-nwfilter-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-lxc-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-nodedev-debuginfo-5.1.0-13.34.1 * libvirt-daemon-5.1.0-13.34.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-storage-rbd-5.1.0-13.34.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * libvirt-daemon-driver-libxl-5.1.0-13.34.1 * libvirt-daemon-xen-5.1.0-13.34.1 * libvirt-daemon-driver-libxl-debuginfo-5.1.0-13.34.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libvirt-daemon-driver-storage-mpath-5.1.0-13.34.1 * libvirt-daemon-driver-storage-logical-5.1.0-13.34.1 * libvirt-daemon-driver-storage-scsi-5.1.0-13.34.1 * libvirt-daemon-config-network-5.1.0-13.34.1 * libvirt-daemon-driver-lxc-5.1.0-13.34.1 * libvirt-daemon-driver-interface-debuginfo-5.1.0-13.34.1 * libvirt-libs-debuginfo-5.1.0-13.34.1 * libvirt-nss-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-storage-mpath-debuginfo-5.1.0-13.34.1 * libvirt-daemon-hooks-5.1.0-13.34.1 * libvirt-lock-sanlock-5.1.0-13.34.1 * libvirt-daemon-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-network-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-nwfilter-5.1.0-13.34.1 * libvirt-daemon-driver-storage-scsi-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-nodedev-5.1.0-13.34.1 * libvirt-admin-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-interface-5.1.0-13.34.1 * libvirt-5.1.0-13.34.1 * libvirt-daemon-driver-secret-5.1.0-13.34.1 * libvirt-daemon-driver-storage-disk-5.1.0-13.34.1 * libvirt-daemon-driver-storage-core-5.1.0-13.34.1 * libvirt-lock-sanlock-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-network-5.1.0-13.34.1 * libvirt-nss-5.1.0-13.34.1 * libvirt-daemon-lxc-5.1.0-13.34.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-storage-logical-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-storage-core-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-secret-debuginfo-5.1.0-13.34.1 * libvirt-admin-5.1.0-13.34.1 * libvirt-debugsource-5.1.0-13.34.1 * libvirt-libs-5.1.0-13.34.1 * libvirt-daemon-driver-qemu-5.1.0-13.34.1 * libvirt-daemon-config-nwfilter-5.1.0-13.34.1 * libvirt-daemon-driver-qemu-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-storage-disk-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-storage-iscsi-5.1.0-13.34.1 * libvirt-client-5.1.0-13.34.1 * libvirt-daemon-driver-storage-5.1.0-13.34.1 * libvirt-client-debuginfo-5.1.0-13.34.1 * libvirt-daemon-qemu-5.1.0-13.34.1 * libvirt-doc-5.1.0-13.34.1 * libvirt-daemon-driver-nwfilter-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-lxc-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-nodedev-debuginfo-5.1.0-13.34.1 * libvirt-daemon-5.1.0-13.34.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libvirt-daemon-driver-storage-rbd-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-libxl-debuginfo-5.1.0-13.34.1 * libvirt-daemon-driver-libxl-5.1.0-13.34.1 * libvirt-daemon-xen-5.1.0-13.34.1 * libvirt-daemon-driver-storage-rbd-5.1.0-13.34.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1203536 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Mar 14 16:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 16:30:18 -0000 Subject: SUSE-SU-2023:0720-1: moderate: Security update for java-1_8_0-openjdk Message-ID: <167881141898.27643.16770808442164344878@smelt2.suse.de> # Security update for java-1_8_0-openjdk Announcement ID: SUSE-SU-2023:0720-1 Rating: moderate References: * #1207248 * #1207249 Cross-References: * CVE-2023-21830 * CVE-2023-21843 CVSS scores: * CVE-2023-21830 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21830 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21843 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21843 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Legacy Module 15-SP4 * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for java-1_8_0-openjdk fixes the following issues: Updated to version jdk8u362 (icedtea-3.26.0): * CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249). * CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-720=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-720=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-720=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-720=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-720=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-720=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-720=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-720=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-720=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-720=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-720=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-720=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-accessibility-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-demo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-src-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debugsource-1.8.0.362-150000.3.76.1 * openSUSE Leap 15.4 (noarch) * java-1_8_0-openjdk-javadoc-1.8.0.362-150000.3.76.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-demo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debugsource-1.8.0.362-150000.3.76.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-demo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debugsource-1.8.0.362-150000.3.76.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-demo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debugsource-1.8.0.362-150000.3.76.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-demo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debugsource-1.8.0.362-150000.3.76.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-demo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debugsource-1.8.0.362-150000.3.76.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-demo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debugsource-1.8.0.362-150000.3.76.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-demo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debugsource-1.8.0.362-150000.3.76.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-demo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debugsource-1.8.0.362-150000.3.76.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-demo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debugsource-1.8.0.362-150000.3.76.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-demo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debugsource-1.8.0.362-150000.3.76.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-demo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debugsource-1.8.0.362-150000.3.76.1 * SUSE CaaS Platform 4.0 (x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-demo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debuginfo-1.8.0.362-150000.3.76.1 * java-1_8_0-openjdk-debugsource-1.8.0.362-150000.3.76.1 ## References: * https://www.suse.com/security/cve/CVE-2023-21830.html * https://www.suse.com/security/cve/CVE-2023-21843.html * https://bugzilla.suse.com/show_bug.cgi?id=1207248 * https://bugzilla.suse.com/show_bug.cgi?id=1207249 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Mar 14 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 20:30:04 -0000 Subject: SUSE-SU-2023:0736-1: important: Security update for python3 Message-ID: <167882580416.20125.315157287206121435@smelt2.suse.de> # Security update for python3 Announcement ID: SUSE-SU-2023:0736-1 Rating: important References: * #1188607 * #1208443 * #1208471 Cross-References: * CVE-2023-24329 CVSS scores: * CVE-2023-24329 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L * CVE-2023-24329 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability and has two fixes can now be installed. ## Description: This update for python3 fixes the following issues: * CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bugs were fixed: * Fixed a crash in the garbage collection (bsc#1188607) * Fixed email.generator.py to not replace a non-existent header (bsc#1208443, gh#python/cpython#71508). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-736=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-736=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-736=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-736=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-736=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-736=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-736=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-736=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * python3-testsuite-3.6.15-150000.3.124.1 * python3-tk-3.6.15-150000.3.124.1 * python3-3.6.15-150000.3.124.1 * python3-base-3.6.15-150000.3.124.1 * python3-debugsource-3.6.15-150000.3.124.1 * python3-idle-3.6.15-150000.3.124.1 * libpython3_6m1_0-debuginfo-3.6.15-150000.3.124.1 * python3-dbm-debuginfo-3.6.15-150000.3.124.1 * python3-base-debuginfo-3.6.15-150000.3.124.1 * python3-devel-debuginfo-3.6.15-150000.3.124.1 * python3-debuginfo-3.6.15-150000.3.124.1 * python3-tk-debuginfo-3.6.15-150000.3.124.1 * python3-curses-debuginfo-3.6.15-150000.3.124.1 * python3-tools-3.6.15-150000.3.124.1 * libpython3_6m1_0-3.6.15-150000.3.124.1 * python3-core-debugsource-3.6.15-150000.3.124.1 * python3-curses-3.6.15-150000.3.124.1 * python3-devel-3.6.15-150000.3.124.1 * python3-dbm-3.6.15-150000.3.124.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * python3-tk-3.6.15-150000.3.124.1 * python3-3.6.15-150000.3.124.1 * python3-base-3.6.15-150000.3.124.1 * python3-debugsource-3.6.15-150000.3.124.1 * python3-idle-3.6.15-150000.3.124.1 * libpython3_6m1_0-debuginfo-3.6.15-150000.3.124.1 * python3-dbm-debuginfo-3.6.15-150000.3.124.1 * python3-base-debuginfo-3.6.15-150000.3.124.1 * python3-devel-debuginfo-3.6.15-150000.3.124.1 * python3-debuginfo-3.6.15-150000.3.124.1 * python3-tk-debuginfo-3.6.15-150000.3.124.1 * python3-curses-debuginfo-3.6.15-150000.3.124.1 * python3-tools-3.6.15-150000.3.124.1 * libpython3_6m1_0-3.6.15-150000.3.124.1 * python3-core-debugsource-3.6.15-150000.3.124.1 * python3-curses-3.6.15-150000.3.124.1 * python3-devel-3.6.15-150000.3.124.1 * python3-dbm-3.6.15-150000.3.124.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * python3-testsuite-3.6.15-150000.3.124.1 * python3-tk-3.6.15-150000.3.124.1 * python3-3.6.15-150000.3.124.1 * python3-base-3.6.15-150000.3.124.1 * python3-debugsource-3.6.15-150000.3.124.1 * python3-idle-3.6.15-150000.3.124.1 * libpython3_6m1_0-debuginfo-3.6.15-150000.3.124.1 * python3-dbm-debuginfo-3.6.15-150000.3.124.1 * python3-base-debuginfo-3.6.15-150000.3.124.1 * python3-devel-debuginfo-3.6.15-150000.3.124.1 * python3-debuginfo-3.6.15-150000.3.124.1 * python3-tk-debuginfo-3.6.15-150000.3.124.1 * python3-curses-debuginfo-3.6.15-150000.3.124.1 * python3-tools-3.6.15-150000.3.124.1 * libpython3_6m1_0-3.6.15-150000.3.124.1 * python3-core-debugsource-3.6.15-150000.3.124.1 * python3-curses-3.6.15-150000.3.124.1 * python3-devel-3.6.15-150000.3.124.1 * python3-dbm-3.6.15-150000.3.124.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * python3-tk-3.6.15-150000.3.124.1 * python3-3.6.15-150000.3.124.1 * python3-base-3.6.15-150000.3.124.1 * python3-debugsource-3.6.15-150000.3.124.1 * python3-idle-3.6.15-150000.3.124.1 * libpython3_6m1_0-debuginfo-3.6.15-150000.3.124.1 * python3-dbm-debuginfo-3.6.15-150000.3.124.1 * python3-base-debuginfo-3.6.15-150000.3.124.1 * python3-devel-debuginfo-3.6.15-150000.3.124.1 * python3-debuginfo-3.6.15-150000.3.124.1 * python3-tk-debuginfo-3.6.15-150000.3.124.1 * python3-curses-debuginfo-3.6.15-150000.3.124.1 * python3-tools-3.6.15-150000.3.124.1 * libpython3_6m1_0-3.6.15-150000.3.124.1 * python3-core-debugsource-3.6.15-150000.3.124.1 * python3-curses-3.6.15-150000.3.124.1 * python3-devel-3.6.15-150000.3.124.1 * python3-dbm-3.6.15-150000.3.124.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * python3-testsuite-3.6.15-150000.3.124.1 * python3-tk-3.6.15-150000.3.124.1 * python3-3.6.15-150000.3.124.1 * python3-base-3.6.15-150000.3.124.1 * python3-debugsource-3.6.15-150000.3.124.1 * python3-idle-3.6.15-150000.3.124.1 * libpython3_6m1_0-debuginfo-3.6.15-150000.3.124.1 * python3-dbm-debuginfo-3.6.15-150000.3.124.1 * python3-base-debuginfo-3.6.15-150000.3.124.1 * python3-devel-debuginfo-3.6.15-150000.3.124.1 * python3-debuginfo-3.6.15-150000.3.124.1 * python3-tk-debuginfo-3.6.15-150000.3.124.1 * python3-curses-debuginfo-3.6.15-150000.3.124.1 * python3-tools-3.6.15-150000.3.124.1 * libpython3_6m1_0-3.6.15-150000.3.124.1 * python3-core-debugsource-3.6.15-150000.3.124.1 * python3-curses-3.6.15-150000.3.124.1 * python3-devel-3.6.15-150000.3.124.1 * python3-dbm-3.6.15-150000.3.124.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * python3-tk-3.6.15-150000.3.124.1 * python3-3.6.15-150000.3.124.1 * python3-base-3.6.15-150000.3.124.1 * python3-debugsource-3.6.15-150000.3.124.1 * python3-idle-3.6.15-150000.3.124.1 * libpython3_6m1_0-debuginfo-3.6.15-150000.3.124.1 * python3-dbm-debuginfo-3.6.15-150000.3.124.1 * python3-base-debuginfo-3.6.15-150000.3.124.1 * python3-devel-debuginfo-3.6.15-150000.3.124.1 * python3-debuginfo-3.6.15-150000.3.124.1 * python3-tk-debuginfo-3.6.15-150000.3.124.1 * python3-curses-debuginfo-3.6.15-150000.3.124.1 * python3-tools-3.6.15-150000.3.124.1 * libpython3_6m1_0-3.6.15-150000.3.124.1 * python3-core-debugsource-3.6.15-150000.3.124.1 * python3-curses-3.6.15-150000.3.124.1 * python3-devel-3.6.15-150000.3.124.1 * python3-dbm-3.6.15-150000.3.124.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * python3-tk-3.6.15-150000.3.124.1 * python3-3.6.15-150000.3.124.1 * python3-base-3.6.15-150000.3.124.1 * python3-debugsource-3.6.15-150000.3.124.1 * python3-idle-3.6.15-150000.3.124.1 * libpython3_6m1_0-debuginfo-3.6.15-150000.3.124.1 * python3-dbm-debuginfo-3.6.15-150000.3.124.1 * python3-base-debuginfo-3.6.15-150000.3.124.1 * python3-devel-debuginfo-3.6.15-150000.3.124.1 * python3-debuginfo-3.6.15-150000.3.124.1 * python3-tk-debuginfo-3.6.15-150000.3.124.1 * python3-curses-debuginfo-3.6.15-150000.3.124.1 * python3-tools-3.6.15-150000.3.124.1 * libpython3_6m1_0-3.6.15-150000.3.124.1 * python3-core-debugsource-3.6.15-150000.3.124.1 * python3-curses-3.6.15-150000.3.124.1 * python3-devel-3.6.15-150000.3.124.1 * python3-dbm-3.6.15-150000.3.124.1 * SUSE CaaS Platform 4.0 (x86_64) * python3-testsuite-3.6.15-150000.3.124.1 * python3-tk-3.6.15-150000.3.124.1 * python3-3.6.15-150000.3.124.1 * python3-base-3.6.15-150000.3.124.1 * python3-debugsource-3.6.15-150000.3.124.1 * python3-idle-3.6.15-150000.3.124.1 * libpython3_6m1_0-debuginfo-3.6.15-150000.3.124.1 * python3-dbm-debuginfo-3.6.15-150000.3.124.1 * python3-base-debuginfo-3.6.15-150000.3.124.1 * python3-devel-debuginfo-3.6.15-150000.3.124.1 * python3-debuginfo-3.6.15-150000.3.124.1 * python3-tk-debuginfo-3.6.15-150000.3.124.1 * python3-curses-debuginfo-3.6.15-150000.3.124.1 * python3-tools-3.6.15-150000.3.124.1 * libpython3_6m1_0-3.6.15-150000.3.124.1 * python3-core-debugsource-3.6.15-150000.3.124.1 * python3-curses-3.6.15-150000.3.124.1 * python3-devel-3.6.15-150000.3.124.1 * python3-dbm-3.6.15-150000.3.124.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * python3-3.6.15-150000.3.124.1 * python3-base-3.6.15-150000.3.124.1 * python3-debugsource-3.6.15-150000.3.124.1 * libpython3_6m1_0-debuginfo-3.6.15-150000.3.124.1 * python3-base-debuginfo-3.6.15-150000.3.124.1 * python3-debuginfo-3.6.15-150000.3.124.1 * libpython3_6m1_0-3.6.15-150000.3.124.1 * python3-core-debugsource-3.6.15-150000.3.124.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24329.html * https://bugzilla.suse.com/show_bug.cgi?id=1188607 * https://bugzilla.suse.com/show_bug.cgi?id=1208443 * https://bugzilla.suse.com/show_bug.cgi?id=1208471 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Mar 14 20:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 20:30:09 -0000 Subject: SUSE-SU-2023:0735-1: important: Security update for go1.20 Message-ID: <167882580982.20125.7901396752363013803@smelt2.suse.de> # Security update for go1.20 Announcement ID: SUSE-SU-2023:0735-1 Rating: important References: * #1206346 * #1208269 * #1208270 * #1208271 * #1208272 * #1209030 Cross-References: * CVE-2022-41722 * CVE-2022-41723 * CVE-2022-41724 * CVE-2022-41725 * CVE-2023-24532 CVSS scores: * CVE-2022-41722 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-41723 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41723 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41724 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41724 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41725 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24532 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves five vulnerabilities, contains one feature and has one fix can now be installed. ## Description: This update for go1.20 fixes the following issues: * Improvements to go1.x packaging spec: * On Tumbleweed bootstrap with current default gcc13 and gccgo118 * On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap using go1.x package (%bcond_without gccgo). This is no longer needed on current SLE-12:Update and removing will consolidate the build configurations used. * Change source URLs to go.dev as per Go upstream * On x86_64 export GOAMD64=v1 as per the current baseline. At this time forgo GOAMD64=v3 option for x86_64_v3 support. * On x86_64 %define go_amd64=v1 as current instruction baseline * In %check on x86_64 use value %go_amd64=v1 as GOAMD64=v1 to grep correct TSAN version is checked out from LLVM with new spelling for internal/amd64v1/race_linux.syso go1.20.2 (released 2023-03-07) includes a security fix to the crypto/elliptic package, as well as bug fixes to the compiler, the covdata command, the linker, the runtime, and the crypto/ecdh, crypto/rsa, crypto/x509, os, and syscall packages. (boo#1206346) * CVE-2023-24532: crypto/elliptic: Fixed that specific unreduced P-256 scalars produce incorrect results (boo#1209030) * cmd/covdata: short read on string table when merging coverage counters * runtime: some linkname signatures do not match * cmd/compile: inline static init cause compile time error * cmd/compile: internal compiler error: '(*Tree[go.shape.int]).RemoveParent.func1': value .dict (nil) incorrectly live at entry * crypto/ecdh: ECDH method doesn't check curve * cmd/link: relocation truncated to fit: R_ARM_CALL against `runtime.duffcopy' * crypto/internal/bigmod: flag amd64 assembly as noescape * runtime: endless traceback when panic in generics funtion * runtime: long latency of sweep assists * syscall.Faccessat and os.LookPath regression in Go 1.20 * os: cmd/go gets error "copy_file_range: function not implemented" * net: TestTCPSelfConnect failures due to unexpected connections * syscall: Environ uses an invalid unsafe.Pointer conversion on Windows * cmd/compile: ICE on method value involving imported anonymous interface * crypto/x509: Incorrect documentation for ParsePKCS8PrivateKey * crypto/x509: TestSystemVerify consistently failing go1.20.1 (released 2023-02-14) includes security fixes to the crypto/tls, mime/multipart, net/http, and path/filepath packages, as well as bug fixes to the compiler, the go command, the linker, the runtime, and the time package. (bsc#1206346) * CVE-2022-41722 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 * bsc#1208269 security: fix CVE-2022-41722 path/filepath: path traversal in filepath.Clean on Windows * bsc#1208270 security: fix CVE-2022-41723 net/http: avoid quadratic complexity in HPACK decoding * bsc#1208271 security: fix CVE-2022-41724 crypto/tls: large handshake records may cause panics * bsc#1208272 security: fix CVE-2022-41725 net/http, mime/multipart: denial of service from excessive resource consumption * time: update zoneinfo_abbrs on Windows * cmd/link: .go.buildinfo is gc'ed by --gc-sections * cmd/compile/internal/pgo: Detect sample value position instead of hard- coding * cmd/compile: constant overflows when assigned to package level var (Go 1.20 regression) * cmd/compile: internal compiler error: panic: interface conversion: ir.Node is _ir.CompLitExpr, not_ ir.Name * cmd/compile: internal compiler error: Type.Elem UNION * runtime: GOOS=ios fails Apple's app validation due to use of private API * cmd/go/internal/test: stale flagdefs.go not detected by tests * all: test failures with ETXTBSY * cmd/go/internal/modfetch: TestCodeRepo/gopkg.in_natefinch_lumberjack.v2/latest failing * go1.20 (released 2023-02-01) is a major release of Go. go1.20.x minor releases will be provided through February 2024. https://github.com/golang/go/wiki/Go-Release-Cycle go1.20 arrives six months after go1.19. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. ( bsc#1206346 jsc#PED-1962 ) * Go 1.20 includes four changes to the language * Language change: Go 1.17 added conversions from slice to an array pointer. Go 1.20 extends this to allow conversions from a slice to an array * Language change: The unsafe package defines three new functions SliceData, String, and StringData. Along with Go 1.17's Slice, these functions now provide the complete ability to construct and deconstruct slice and string values, without depending on their exact representation. * Language change: The specification now defines that struct values are compared one field at a time, considering fields in the order they appear in the struct type definition, and stopping at the first mismatch. The specification could previously have been read as if all fields needed to be compared beyond the first mismatch. Similarly, the specification now defines that array values are compared one element at a time, in increasing index order. In both cases, the difference affects whether certain comparisons must panic. Existing programs are unchanged: the new spec wording describes what the implementations have always done. * Language change: Comparable types (such as ordinary interfaces) may now satisfy comparable constraints, even if the type arguments are not strictly comparable (comparison may panic at runtime). This makes it possible to instantiate a type parameter constrained by comparable (e.g., a type parameter for a user-defined generic map key) with a non-strictly comparable type argument such as an interface type, or a composite type containing an interface type. * go command: The directory $GOROOT/pkg no longer stores pre-compiled package archives for the standard library: go install no longer writes them, the go build no longer checks for them, and the Go distribution no longer ships them. Instead, packages in the standard library are built as needed and cached in the build cache, just like packages outside GOROOT. This change reduces the size of the Go distribution and also avoids C toolchain skew for packages that use cgo. Refs jsc#PED-1962 * go command: The implementation of go test -json has been improved to make it more robust. Programs that run go test -json do not need any updates. Programs that invoke go tool test2json directly should now run the test binary with -v=test2json (for example, go test -v=test2json or ./pkg.test -test.v=test2json) instead of plain -v. * go command: A related change to go test -json is the addition of an event with Action set to start at the beginning of each test program's execution. When running multiple tests using the go command, these start events are guaranteed to be emitted in the same order as the packages named on the command line. * go command: The go command now defines architecture feature build tags, such as amd64.v2, to allow selecting a package implementation file based on the presence or absence of a particular architecture feature. See go help buildconstraint for details. * go command: The go subcommands now accept -C to change directory to before performing the command, which may be useful for scripts that need to execute commands in multiple different modules. * go command: The go build and go test commands no longer accept the -i flag, which has been deprecated since Go 1.16. * go command: The go generate command now accepts -skip to skip //go:generate directives matching . * go command: The go test command now accepts -skip to skip tests, subtests, or examples matching . * go command: When the main module is located within GOPATH/src, go install no longer installs libraries for non-main packages to GOPATH/pkg, and go list no longer reports a Target field for such packages. (In module mode, compiled packages are stored in the build cache only, but a bug had caused the GOPATH install targets to unexpectedly remain in effect.) * go command: The go build, go install, and other build-related commands now support a -pgo flag that enables profile-guided optimization, which is described in more detail in the Compiler section below. The -pgo flag specifies the file path of the profile. Specifying -pgo=auto causes the go command to search for a file named default.pgo in the main package's directory and use it if present. This mode currently requires a single main package to be specified on the command line, but we plan to lift this restriction in a future release. Specifying -pgo=off turns off profile- guided optimization. * go command: The go build, go install, and other build-related commands now support a -cover flag that builds the specified target with code coverage instrumentation. This is described in more detail in the Cover section below. * go version: The go version -m command now supports reading more types of Go binaries, most notably, Windows DLLs built with go build -buildmode=c-shared and Linux binaries without execute permission. * Cgo: The go command now disables cgo by default on systems without a C toolchain. More specifically, when the CGO_ENABLED environment variable is unset, the CC environment variable is unset, and the default C compiler (typically clang or gcc) is not found in the path, CGO_ENABLED defaults to 0. As always, you can override the default by setting CGO_ENABLED explicitly. The most important effect of the default change is that when Go is installed on a system without a C compiler, it will now use pure Go builds for packages in the standard library that use cgo, instead of using pre-distributed package archives (which have been removed, as noted above) or attempting to use cgo and failing. This makes Go work better in some minimal container environments as well as on macOS, where pre-distributed package archives have not been used for cgo-based packages since Go 1.16. The packages in the standard library that use cgo are net, os/user, and plugin. On macOS, the net and os/user packages have been rewritten not to use cgo: the same code is now used for cgo and non-cgo builds as well as cross-compiled builds. On Windows, the net and os/user packages have never used cgo. On other systems, builds with cgo disabled will use a pure Go version of these packages. On macOS, the race detector has been rewritten not to use cgo: race-detector-enabled programs can be built and run without Xcode. On Linux and other Unix systems, and on Windows, a host C toolchain is required to use the race detector. * go cover: Go 1.20 supports collecting code coverage profiles for programs (applications and integration tests), as opposed to just unit tests. To collect coverage data for a program, build it with go build's -cover flag, then run the resulting binary with the environment variable GOCOVERDIR set to an output directory for coverage profiles. See the 'coverage for integration tests' landing page for more on how to get started. For details on the design and implementation, see the proposal. * go vet: Improved detection of loop variable capture by nested functions. The vet tool now reports references to loop variables following a call to T.Parallel() within subtest function bodies. Such references may observe the value of the variable from a different iteration (typically causing test cases to be skipped) or an invalid state due to unsynchronized concurrent access. * go vet: The tool also detects reference mistakes in more places. Previously it would only consider the last statement of the loop body, but now it recursively inspects the last statements within if, switch, and select statements. * go vet: New diagnostic for incorrect time formats. The vet tool now reports use of the time format 2006-02-01 (yyyy-dd-mm) with Time.Format and time.Parse. This format does not appear in common date standards, but is frequently used by mistake when attempting to use the ISO 8601 date format (yyyy-mm-dd). * Runtime: Some of the garbage collector's internal data structures were reorganized to be both more space and CPU efficient. This change reduces memory overheads and improves overall CPU performance by up to 2%. * Runtime: The garbage collector behaves less erratically with respect to goroutine assists in some circumstances. * Runtime: Go 1.20 adds a new runtime/coverage package containing APIs for writing coverage profile data at runtime from long-running and/or server programs that do not terminate via os.Exit(). * Compiler: Go 1.20 adds preview support for profile-guided optimization (PGO). PGO enables the toolchain to perform application- and workload- specific optimizations based on run-time profile information. Currently, the compiler supports pprof CPU profiles, which can be collected through usual means, such as the runtime/pprof or net/http/pprof packages. To enable PGO, pass the path of a pprof profile file via the -pgo flag to go build, as mentioned above. Go 1.20 uses PGO to more aggressively inline functions at hot call sites. Benchmarks for a representative set of Go programs show enabling profile-guided inlining optimization improves performance about 3?4%. See the PGO user guide for detailed documentation. We plan to add more profile-guided optimizations in future releases. Note that profile-guided optimization is a preview, so please use it with appropriate caution. * Compiler: The Go 1.20 compiler upgraded its front-end to use a new way of handling the compiler's internal data, which fixes several generic-types issues and enables type declarations within generic functions and methods. * Compiler: The compiler now rejects anonymous interface cycles with a compiler error by default. These arise from tricky uses of embedded interfaces and have always had subtle correctness issues, yet we have no evidence that they're actually used in practice. Assuming no reports from users adversely affected by this change, we plan to update the language specification for Go 1.22 to formally disallow them so tools authors can stop supporting them too. * Compiler: Go 1.18 and 1.19 saw regressions in build speed, largely due to the addition of support for generics and follow-on work. Go 1.20 improves build speeds by up to 10%, bringing it back in line with Go 1.17. Relative to Go 1.19, generated code performance is also generally slightly improved. * Linker: On Linux, the linker now selects the dynamic interpreter for glibc or musl at link time. * Linker: On Windows, the Go linker now supports modern LLVM-based C toolchains. * Linker: Go 1.20 uses go: and type: prefixes for compiler-generated symbols rather than go. and type.. This avoids confusion for user packages whose name starts with go.. The debug/gosym package understands this new naming convention for binaries built with Go 1.20 and newer. * Bootstrap: When building a Go release from source and GOROOT_BOOTSTRAP is not set, previous versions of Go looked for a Go 1.4 or later bootstrap toolchain in the directory $HOME/go1.4 (%HOMEDRIVE%%HOMEPATH%\go1.4 on Windows). Go 1.18 and Go 1.19 looked first for $HOME/go1.17 or $HOME/sdk/go1.17 before falling back to $HOME/go1.4, in anticipation of requiring Go 1.17 for use when bootstrapping Go 1.20. Go 1.20 does require a Go 1.17 release for bootstrapping, but we realized that we should adopt the latest point release of the bootstrap toolchain, so it requires Go 1.17.13. Go 1.20 looks for $HOME/go1.17.13 or $HOME/sdk/go1.17.13 before falling back to $HOME/go1.4 (to support systems that hard-coded the path $HOME/go1.4 but have installed a newer Go toolchain there). In the future, we plan to move the bootstrap toolchain forward approximately once a year, and in particular we expect that Go 1.22 will require the final point release of Go 1.20 for bootstrap. * Library: Go 1.20 adds a new crypto/ecdh package to provide explicit support for Elliptic Curve Diffie-Hellman key exchanges over NIST curves and Curve25519. Programs should use crypto/ecdh instead of the lower-level functionality in crypto/elliptic for ECDH, and third-party modules for more advanced use cases. * Error handling: Go 1.20 expands support for error wrapping to permit an error to wrap multiple other errors. * Error handling: An error e can wrap more than one error by providing an Unwrap method that returns a []error. * Error handling: The errors.Is and errors.As functions have been updated to inspect multiply wrapped errors. * Error handling: The fmt.Errorf function now supports multiple occurrences of the %w format verb, which will cause it to return an error that wraps all of those error operands. * Error handling: The new function errors.Join returns an error wrapping a list of errors. * HTTP ResponseController: The new "net/http".ResponseController type provides access to extended per-request functionality not handled by the "net/http".ResponseWriter interface. The ResponseController type provides a clearer, more discoverable way to add per-handler controls. Two such controls also added in Go 1.20 are SetReadDeadline and SetWriteDeadline, which allow setting per-request read and write deadlines. * New ReverseProxy Rewrite hook: The httputil.ReverseProxy forwarding proxy includes a new Rewrite hook function, superseding the previous Director hook. * archive/tar: When the GODEBUG=tarinsecurepath=0 environment variable is set, Reader.Next method will now return the error ErrInsecurePath for an entry with a file name that is an absolute path, refers to a location outside the current directory, contains invalid characters, or (on Windows) is a reserved name such as NUL. A future version of Go may disable insecure paths by default. * archive/zip: When the GODEBUG=zipinsecurepath=0 environment variable is set, NewReader will now return the error ErrInsecurePath when opening an archive which contains any file name that is an absolute path, refers to a location outside the current directory, contains invalid characters, or (on Windows) is a reserved names such as NUL. A future version of Go may disable insecure paths by default. * archive/zip: Reading from a directory file that contains file data will now return an error. The zip specification does not permit directory files to contain file data, so this change only affects reading from invalid archives. * bytes: The new CutPrefix and CutSuffix functions are like TrimPrefix and TrimSuffix but also report whether the string was trimmed. * bytes: The new Clone function allocates a copy of a byte slice. * context: The new WithCancelCause function provides a way to cancel a context with a given error. That error can be retrieved by calling the new Cause function. * crypto/ecdsa: When using supported curves, all operations are now implemented in constant time. This led to an increase in CPU time between 5% and 30%, mostly affecting P-384 and P-521. * crypto/ecdsa: The new PrivateKey.ECDH method converts an ecdsa.PrivateKey to an ecdh.PrivateKey. * crypto/ed25519: The PrivateKey.Sign method and the VerifyWithOptions function now support signing pre-hashed messages with Ed25519ph, indicated by an Options.HashFunc that returns crypto.SHA512. They also now support Ed25519ctx and Ed25519ph with context, indicated by setting the new Options.Context field. * crypto/rsa: The new field OAEPOptions.MGFHash allows configuring the MGF1 hash separately for OAEP decryption. * crypto/rsa: crypto/rsa now uses a new, safer, constant-time backend. This causes a CPU runtime increase for decryption operations between approximately 15% (RSA-2048 on amd64) and 45% (RSA-4096 on arm64), and more on 32-bit architectures. Encryption operations are approximately 20x slower than before (but still 5-10x faster than decryption). Performance is expected to improve in future releases. Programs must not modify or manually generate the fields of PrecomputedValues. * crypto/subtle: The new function XORBytes XORs two byte slices together. * crypto/tls: Parsed certificates are now shared across all clients actively using that certificate. The memory savings can be significant in programs that make many concurrent connections to a server or collection of servers sharing any part of their certificate chains. * crypto/tls: For a handshake failure due to a certificate verification failure, the TLS client and server now return an error of the new type CertificateVerificationError, which includes the presented certificates. * crypto/x509: ParsePKCS8PrivateKey and MarshalPKCS8PrivateKey now support keys of type _crypto/ecdh.PrivateKey. ParsePKIXPublicKey and MarshalPKIXPublicKey now support keys of type_ crypto/ecdh.PublicKey. Parsing NIST curve keys still returns values of type _ecdsa.PublicKey and_ ecdsa.PrivateKey. Use their new ECDH methods to convert to the crypto/ecdh types. * crypto/x509: The new SetFallbackRoots function allows a program to define a set of fallback root certificates in case an operating system verifier or standard platform root bundle is unavailable at runtime. It will most commonly be used with a new package, golang.org/x/crypto/x509roots/fallback, which will provide an up to date root bundle. * debug/elf: Attempts to read from a SHT_NOBITS section using Section.Data or the reader returned by Section.Open now return an error. * debug/elf: Additional R_LARCH_* constants are defined for use with LoongArch systems. * debug/elf: Additional R_PPC64_* constants are defined for use with PPC64 ELFv2 relocations. * debug/elf: The constant value for R_PPC64_SECTOFF_LO_DS is corrected, from 61 to 62. * debug/gosym: Due to a change of Go's symbol naming conventions, tools that process Go binaries should use Go 1.20's debug/gosym package to transparently handle both old and new binaries. * debug/pe: Additional IMAGE_FILE_MACHINE_RISCV* constants are defined for use with RISC-V systems. * encoding/binary: The ReadVarint and ReadUvarint functions will now return io.ErrUnexpectedEOF after reading a partial value, rather than io.EOF. * encoding/xml: The new Encoder.Close method can be used to check for unclosed elements when finished encoding. * encoding/xml: The decoder now rejects element and attribute names with more than one colon, such as , as well as namespaces that resolve to an empty string, such as xmlns:a="". * encoding/xml: The decoder now rejects elements that use different namespace prefixes in the opening and closing tag, even if those prefixes both denote the same namespace. * errors: The new Join function returns an error wrapping a list of errors. * fmt: The Errorf function supports multiple occurrences of the %w format verb, returning an error that unwraps to the list of all arguments to %w. * fmt: The new FormatString function recovers the formatting directive corresponding to a State, which can be useful in Formatter. implementations. * go/ast: The new RangeStmt.Range field records the position of the range keyword in a range statement. * go/ast: The new File.FileStart and File.FileEnd fields record the position of the start and end of the entire source file. * go/token: The new FileSet.RemoveFile method removes a file from a FileSet. Long-running programs can use this to release memory associated with files they no longer need. * go/types: The new Satisfies function reports whether a type satisfies a constraint. This change aligns with the new language semantics that distinguish satisfying a constraint from implementing an interface. * io: The new OffsetWriter wraps an underlying WriterAt and provides Seek, Write, and WriteAt methods that adjust their effective file offset position by a fixed amount. * io/fs: The new error SkipAll terminates a WalkDir immediately but successfully. * math/big: The math/big package's wide scope and input-dependent timing make it ill-suited for implementing cryptography. The cryptography packages in the standard library no longer call non-trivial Int methods on attacker- controlled inputs. In the future, the determination of whether a bug in math/big is considered a security vulnerability will depend on its wider impact on the standard library. * math/rand: The math/rand package now automatically seeds the global random number generator (used by top-level functions like Float64 and Int) with a random value, and the top-level Seed function has been deprecated. Programs that need a reproducible sequence of random numbers should prefer to allocate their own random source, using rand.New(rand.NewSource(seed)). * math/rand: Programs that need the earlier consistent global seeding behavior can set GODEBUG=randautoseed=0 in their environment. * math/rand: The top-level Read function has been deprecated. In almost all cases, crypto/rand.Read is more appropriate. * mime: The ParseMediaType function now allows duplicate parameter names, so long as the values of the names are the same. * mime/multipart: Methods of the Reader type now wrap errors returned by the underlying io.Reader. * net: The LookupCNAME function now consistently returns the contents of a CNAME record when one exists. Previously on Unix systems and when using the pure Go resolver, LookupCNAME would return an error if a CNAME record referred to a name that with no A, AAAA, or CNAME record. This change modifies LookupCNAME to match the previous behavior on Windows, allowing LookupCNAME to succeed whenever a CNAME exists. * net: Interface.Flags now includes the new flag FlagRunning, indicating an operationally active interface. An interface which is administratively configured but not active (for example, because the network cable is not connected) will have FlagUp set but not FlagRunning. * net: The new Dialer.ControlContext field contains a callback function similar to the existing Dialer.Control hook, that additionally accepts the dial context as a parameter. Control is ignored when ControlContext is not nil. * net: The Go DNS resolver recognizes the trust-ad resolver option. When options trust-ad is set in resolv.conf, the Go resolver will set the AD bit in DNS queries. The resolver does not make use of the AD bit in responses. * net: DNS resolution will detect changes to /etc/nsswitch.conf and reload the file when it changes. Checks are made at most once every five seconds, matching the previous handling of /etc/hosts and /etc/resolv.conf. * net/http: The ResponseWriter.WriteHeader function now supports sending 1xx status codes. * net/http: The new Server.DisableGeneralOptionsHandler configuration setting allows disabling the default OPTIONS * handler. * net/http: The new Transport.OnProxyConnectResponse hook is called when a Transport receives an HTTP response from a proxy for a CONNECT request. * net/http: The HTTP server now accepts HEAD requests containing a body, rather than rejecting them as invalid. * net/http: HTTP/2 stream errors returned by net/http functions may be converted to a golang.org/x/net/http2.StreamError using errors.As. * net/http: Leading and trailing spaces are trimmed from cookie names, rather than being rejected as invalid. For example, a cookie setting of "name =value" is now accepted as setting the cookie "name". * net/netip: The new IPv6LinkLocalAllRouters and IPv6Loopback functions are the net/netip equivalents of net.IPv6loopback and net.IPv6linklocalallrouters. * os: On Windows, the name NUL is no longer treated as a special case in Mkdir and Stat. * os: On Windows, File.Stat now uses the file handle to retrieve attributes when the file is a directory. Previously it would use the path passed to Open, which may no longer be the file represented by the file handle if the file has been moved or replaced. This change modifies Open to open directories without the FILE_SHARE_DELETE access, which match the behavior of regular files. * os: On Windows, File.Seek now supports seeking to the beginning of a directory. * os/exec: The new Cmd fields Cancel and WaitDelay specify the behavior of the Cmd when its associated Context is canceled or its process exits with I/O pipes still held open by a child process. * path/filepath: The new error SkipAll terminates a Walk immediately but successfully. * path/filepath: The new IsLocal function reports whether a path is lexically local to a directory. For example, if IsLocal(p) is true, then Open(p) will refer to a file that is lexically within the subtree rooted at the current directory. * reflect: The new Value.Comparable and Value.Equal methods can be used to compare two Values for equality. Comparable reports whether Equal is a valid operation for a given Value receiver. * reflect: The new Value.Grow method extends a slice to guarantee space for another n elements. * reflect: The new Value.SetZero method sets a value to be the zero value for its type. * reflect: Go 1.18 introduced Value.SetIterKey and Value.SetIterValue methods. These are optimizations: v.SetIterKey(it) is meant to be equivalent to v.Set(it.Key()). The implementations incorrectly omitted a check for use of unexported fields that was present in the unoptimized forms. Go 1.20 corrects these methods to include the unexported field check. * regexp: Go 1.19.2 and Go 1.18.7 included a security fix to the regular expression parser, making it reject very large expressions that would consume too much memory. Because Go patch releases do not introduce new API, the parser returned syntax.ErrInternalError in this case. Go 1.20 adds a more specific error, syntax.ErrLarge, which the parser now returns instead. * runtime/cgo: Go 1.20 adds new Incomplete marker type. Code generated by cgo will use cgo.Incomplete to mark an incomplete C type. * runtime/metrics: Go 1.20 adds new supported metrics, including the current GOMAXPROCS setting (/sched/gomaxprocs:threads), the number of cgo calls executed (/cgo/go-to-c-calls:calls), total mutex block time (/sync/mutex/wait/total:seconds), and various measures of time spent in garbage collection. * runtime/metrics: Time-based histogram metrics are now less precise, but take up much less memory. * runtime/pprof: Mutex profile samples are now pre-scaled, fixing an issue where old mutex profile samples would be scaled incorrectly if the sampling rate changed during execution. * runtime/pprof: Profiles collected on Windows now include memory mapping information that fixes symbolization issues for position-independent binaries. * runtime/trace: The garbage collector's background sweeper now yields less frequently, resulting in many fewer extraneous events in execution traces. * strings: The new CutPrefix and CutSuffix functions are like TrimPrefix and TrimSuffix but also report whether the string was trimmed. * sync: The new Map methods Swap, CompareAndSwap, and CompareAndDelete allow existing map entries to be updated atomically. * syscall: On FreeBSD, compatibility shims needed for FreeBSD 11 and earlier have been removed. * syscall: On Linux, additional CLONE_* constants are defined for use with the SysProcAttr.Cloneflags field. * syscall: On Linux, the new SysProcAttr.CgroupFD and SysProcAttr.UseCgroupFD fields provide a way to place a child process into a specific cgroup. * testing: The new method B.Elapsed reports the current elapsed time of the benchmark, which may be useful for calculating rates to report with ReportMetric. * time: The new time layout constants DateTime, DateOnly, and TimeOnly provide names for three of the most common layout strings used in a survey of public Go source code. * time: The new Time.Compare method compares two times. * time: Parse now ignores sub-nanosecond precision in its input, instead of reporting those digits as an error. * time: The Time.MarshalJSON method is now more strict about adherence to RFC 3339. * unicode/utf16: The new AppendRune function appends the UTF-16 encoding of a given rune to a uint16 slice, analogous to utf8.AppendRune. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-735=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-735=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * go1.20-1.20.2-150000.1.5.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.20-doc-1.20.2-150000.1.5.1 * openSUSE Leap 15.4 (aarch64 x86_64) * go1.20-race-1.20.2-150000.1.5.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.20-1.20.2-150000.1.5.1 * go1.20-doc-1.20.2-150000.1.5.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.20-race-1.20.2-150000.1.5.1 ## References: * https://www.suse.com/security/cve/CVE-2022-41722.html * https://www.suse.com/security/cve/CVE-2022-41723.html * https://www.suse.com/security/cve/CVE-2022-41724.html * https://www.suse.com/security/cve/CVE-2022-41725.html * https://www.suse.com/security/cve/CVE-2023-24532.html * https://bugzilla.suse.com/show_bug.cgi?id=1206346 * https://bugzilla.suse.com/show_bug.cgi?id=1208269 * https://bugzilla.suse.com/show_bug.cgi?id=1208270 * https://bugzilla.suse.com/show_bug.cgi?id=1208271 * https://bugzilla.suse.com/show_bug.cgi?id=1208272 * https://bugzilla.suse.com/show_bug.cgi?id=1209030 * https://jira.suse.com/browse/PED-1962 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Mar 14 20:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 20:30:12 -0000 Subject: SUSE-RU-2023:0734-1: moderate: Recommended update for go1.18 Message-ID: <167882581205.20125.5126405976294130374@smelt2.suse.de> # Recommended update for go1.18 Announcement ID: SUSE-RU-2023:0734-1 Rating: moderate References: * #1193742 Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for go1.18 fixes the following issues: go1.18.10 (released 2023-01-10) includes fixes to cgo, the compiler, the linker, and the crypto/x509, net/http, and syscall packages. (bsc#1193742) * misc/cgo: backport needed for dlltool fix * crypto/x509: Verify on macOS does not return typed errors * cmd/compile: the loong64 intrinsic for CompareAndSwapUint32 function needs to sign extend its "old" argument. * syscall, internal/poll: accept4-to-accept fallback removal broke Go code on Synology DSM 6.2 ARM devices * os: TestLstat failure on Linux Aarch64 * reflect: sort.SliceStable sorts incorrectly on arm64 with less function created with reflect.MakeFunc and slice of sufficient length * cmd/go: remove test dependency on gopkg.in service * cmd/go: TestScript/version_buildvcs_git_gpg (if enabled) fails on linux longtest builders * cgo: malformed DWARF TagVariable entry * cmd/cgo: Wrong types in compiler errors with clang 14 * cmd/link/internal/ppc64: too-far trampoline is reused * net: reenable TestLookupDotsWithRemoteSource and TestLookupGoogleSRV with a different target * net/http: bad handling of HEAD requests with a body ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-734=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-734=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-734=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.18-1.18.10-150000.1.43.1 * go1.18-doc-1.18.10-150000.1.43.1 * openSUSE Leap 15.4 (aarch64 x86_64) * go1.18-race-1.18.10-150000.1.43.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.18-1.18.10-150000.1.43.1 * go1.18-doc-1.18.10-150000.1.43.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.18-race-1.18.10-150000.1.43.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * go1.18-1.18.10-150000.1.43.1 * go1.18-race-1.18.10-150000.1.43.1 * go1.18-doc-1.18.10-150000.1.43.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1193742 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Mar 14 20:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 20:30:17 -0000 Subject: SUSE-SU-2023:0733-1: important: Security update for go1.19 Message-ID: <167882581705.20125.2270929347715881243@smelt2.suse.de> # Security update for go1.19 Announcement ID: SUSE-SU-2023:0733-1 Rating: important References: * #1200441 * #1208269 * #1208270 * #1208271 * #1208272 * #1209030 Cross-References: * CVE-2022-41722 * CVE-2022-41723 * CVE-2022-41724 * CVE-2022-41725 * CVE-2023-24532 CVSS scores: * CVE-2022-41722 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-41723 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41723 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41724 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41724 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41725 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24532 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves five vulnerabilities and has one fix can now be installed. ## Description: This update for go1.19 fixes the following issues: * CVE-2022-41722: Fixed path traversal in filepath.Clean on Windows (bsc#1208269). * CVE-2022-41723: Fixed quadratic complexity in HPACK decoding (bsc#1208270). * CVE-2022-41724: Fixed panic with arge handshake records in crypto/tls (bsc#1208271). * CVE-2022-41725: Fixed denial of service from excessive resource consumption in net/http and mime/multipart (bsc#1208272). * CVE-2023-24532: Fixed incorrect P-256 ScalarMult and ScalarBaseMult results (bsc#1209030). Update to go1.19.7 * go#58441 runtime: some linkname signatures do not match * go#58502 cmd/link: relocation truncated to fit: R_ARM_CALL against `runtime.duffcopy' * go#58535 runtime: long latency of sweep assists * go#58716 net: TestTCPSelfConnect failures due to unexpected connections * go#58773 syscall: Environ uses an invalid unsafe.Pointer conversion on Windows * go#58810 crypto/x509: TestSystemVerify consistently failing Update to go1.19.6: * go#56154 net/http: bad handling of HEAD requests with a body * go#57635 crypto/x509: TestBoringAllowCert failures * go#57812 runtime: performance regression due to bad instruction used in morestack_noctxt for ppc64 in CL 425396 * go#58118 time: update zoneinfo_abbrs on Windows * go#58223 cmd/link: .go.buildinfo is gc'ed by --gc-sections * go#58449 cmd/go/internal/modfetch: TestCodeRepo/gopkg.in_natefinch_lumberjack.v2/latest failing Update to go1.19.5 (bsc#1200441): * go#57706 Misc/cgo: backport needed for dlltool fix * go#57556 crypto/x509: re-allow duplicate attributes in CSRs * go#57444 cmd/link: need to handle new-style LoongArch relocs * go#57427 crypto/x509: Verify on macOS does not return typed errors * go#57345 cmd/compile: the loong64 intrinsic for CompareAndSwapUint32 function needs to sign extend its "old" argument. * go#57339 syscall, internal/poll: accept4-to- accept fallback removal broke Go code on Synology DSM 6.2 ARM devices * go#57214 os: TestLstat failure on Linux Aarch64 * go#57212 reflect: sort.SliceStable sorts incorrectly on arm64 with less function created with reflect.MakeFunc and slice of sufficient length * go#57124 sync/atomic: allow linked lists of atomic.Pointer * go#57100 cmd/compile: non-retpoline-compatible errors * go#57058 cmd/go: remove test dependency on gopkg.in service * go#57055 cmd/go: TestScript/version_buildvcs_git_gpg (if enabled) fails on linux longtest builders * go#56983 runtime: failure in TestRaiseException on windows-amd64-2012 * go#56834 cmd/link/internal/ppc64: too-far trampoline is reused * go#56770 cmd/compile: walkConvInterface produces broken IR * go#56744 cmd/compile: internal compiler error: missing typecheck * go#56712 net: reenable TestLookupDotsWithRemoteSource and TestLookupGoogleSRV with a different target * go#56154 net/http: bad handling of HEAD requests with a body ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-733=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-733=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-733=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-733=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-733=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-733=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-733=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-733=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.19-1.19.7-150000.1.23.1 * go1.19-doc-1.19.7-150000.1.23.1 * openSUSE Leap 15.4 (aarch64 x86_64) * go1.19-race-1.19.7-150000.1.23.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.19-1.19.7-150000.1.23.1 * go1.19-doc-1.19.7-150000.1.23.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.19-race-1.19.7-150000.1.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * go1.19-1.19.7-150000.1.23.1 * go1.19-doc-1.19.7-150000.1.23.1 * go1.19-race-1.19.7-150000.1.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * go1.19-1.19.7-150000.1.23.1 * go1.19-doc-1.19.7-150000.1.23.1 * go1.19-race-1.19.7-150000.1.23.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * go1.19-1.19.7-150000.1.23.1 * go1.19-doc-1.19.7-150000.1.23.1 * go1.19-race-1.19.7-150000.1.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * go1.19-1.19.7-150000.1.23.1 * go1.19-doc-1.19.7-150000.1.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * go1.19-race-1.19.7-150000.1.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * go1.19-1.19.7-150000.1.23.1 * go1.19-doc-1.19.7-150000.1.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * go1.19-race-1.19.7-150000.1.23.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * go1.19-1.19.7-150000.1.23.1 * go1.19-doc-1.19.7-150000.1.23.1 * go1.19-race-1.19.7-150000.1.23.1 ## References: * https://www.suse.com/security/cve/CVE-2022-41722.html * https://www.suse.com/security/cve/CVE-2022-41723.html * https://www.suse.com/security/cve/CVE-2022-41724.html * https://www.suse.com/security/cve/CVE-2022-41725.html * https://www.suse.com/security/cve/CVE-2023-24532.html * https://bugzilla.suse.com/show_bug.cgi?id=1200441 * https://bugzilla.suse.com/show_bug.cgi?id=1208269 * https://bugzilla.suse.com/show_bug.cgi?id=1208270 * https://bugzilla.suse.com/show_bug.cgi?id=1208271 * https://bugzilla.suse.com/show_bug.cgi?id=1208272 * https://bugzilla.suse.com/show_bug.cgi?id=1209030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Mar 14 20:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 20:30:18 -0000 Subject: SUSE-RU-2023:0732-1: low: Recommended update for jsoup, jsr-305 Message-ID: <167882581859.20125.8396852058493122202@smelt2.suse.de> # Recommended update for jsoup, jsr-305 Announcement ID: SUSE-RU-2023:0732-1 Rating: low References: Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for jsoup, jsr-305 fixes the following issues: * Redistribute packages to fix dependency inconsistencies in some products. ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-732=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-732=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-732=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-732=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-732=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-732=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-732=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-732=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-732=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-732=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-732=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-732=1 ## Package List: * openSUSE Leap 15.4 (noarch) * jsr-305-3.0.2-150200.3.5.1 * jsr-305-javadoc-3.0.2-150200.3.5.1 * jsoup-1.15.3-150200.3.11.1 * jsoup-javadoc-1.15.3-150200.3.11.1 * Development Tools Module 15-SP4 (noarch) * jsr-305-3.0.2-150200.3.5.1 * jsoup-1.15.3-150200.3.11.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * jsr-305-3.0.2-150200.3.5.1 * jsoup-1.15.3-150200.3.11.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * jsr-305-3.0.2-150200.3.5.1 * jsoup-1.15.3-150200.3.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * jsr-305-3.0.2-150200.3.5.1 * jsoup-1.15.3-150200.3.11.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * jsr-305-3.0.2-150200.3.5.1 * jsoup-1.15.3-150200.3.11.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * jsr-305-3.0.2-150200.3.5.1 * jsoup-1.15.3-150200.3.11.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * jsr-305-3.0.2-150200.3.5.1 * jsoup-1.15.3-150200.3.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * jsr-305-3.0.2-150200.3.5.1 * jsoup-1.15.3-150200.3.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * jsr-305-3.0.2-150200.3.5.1 * jsoup-1.15.3-150200.3.11.1 * SUSE Enterprise Storage 7.1 (noarch) * jsr-305-3.0.2-150200.3.5.1 * jsoup-1.15.3-150200.3.11.1 * SUSE Enterprise Storage 7 (noarch) * jsr-305-3.0.2-150200.3.5.1 * jsoup-1.15.3-150200.3.11.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Mar 14 20:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 20:30:21 -0000 Subject: SUSE-SU-2023:0731-1: important: Security update for xorg-x11-server Message-ID: <167882582129.20125.4252098493787256685@smelt2.suse.de> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2023:0731-1 Rating: important References: * #1205874 Cross-References: * CVE-2022-46340 CVSS scores: * CVE-2022-46340 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2022-46340 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * Fixed a regression introduced with security update for CVE-2022-46340 (bsc#1205874). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-731=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-731=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-731=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-debuginfo-1.20.3-150400.38.19.1 * xorg-x11-server-source-1.20.3-150400.38.19.1 * xorg-x11-server-debugsource-1.20.3-150400.38.19.1 * xorg-x11-server-extra-1.20.3-150400.38.19.1 * xorg-x11-server-1.20.3-150400.38.19.1 * xorg-x11-server-sdk-1.20.3-150400.38.19.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.19.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-debuginfo-1.20.3-150400.38.19.1 * xorg-x11-server-debugsource-1.20.3-150400.38.19.1 * xorg-x11-server-extra-1.20.3-150400.38.19.1 * xorg-x11-server-1.20.3-150400.38.19.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.19.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-sdk-1.20.3-150400.38.19.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.19.1 * xorg-x11-server-debugsource-1.20.3-150400.38.19.1 ## References: * https://www.suse.com/security/cve/CVE-2022-46340.html * https://bugzilla.suse.com/show_bug.cgi?id=1205874 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Mar 14 20:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Mar 2023 20:30:24 -0000 Subject: SUSE-SU-2023:0730-1: important: Security update for jakarta-commons-fileupload Message-ID: <167882582484.20125.17292994138326447804@smelt2.suse.de> # Security update for jakarta-commons-fileupload Announcement ID: SUSE-SU-2023:0730-1 Rating: important References: * #1208513 * #986359 Cross-References: * CVE-2016-3092 * CVE-2023-24998 CVSS scores: * CVE-2016-3092 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24998 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24998 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves two vulnerabilities can now be installed. ## Description: This update for jakarta-commons-fileupload fixes the following issues: * CVE-2016-3092: Fixed a usage of vulnerable FileUpload package can result in denial of service (bsc#986359). * CVE-2023-24998: Fixed a FileUpload deny of service with excessive parts (bsc#1208513). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-730=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-730=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-730=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-730=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (noarch) * jakarta-commons-fileupload-1.1.1-150000.4.8.1 * jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * jakarta-commons-fileupload-1.1.1-150000.4.8.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * jakarta-commons-fileupload-1.1.1-150000.4.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * jakarta-commons-fileupload-1.1.1-150000.4.8.1 * SUSE CaaS Platform 4.0 (noarch) * jakarta-commons-fileupload-1.1.1-150000.4.8.1 ## References: * https://www.suse.com/security/cve/CVE-2016-3092.html * https://www.suse.com/security/cve/CVE-2023-24998.html * https://bugzilla.suse.com/show_bug.cgi?id=1208513 * https://bugzilla.suse.com/show_bug.cgi?id=986359 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 15 08:03:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 09:03:49 +0100 (CET) Subject: SUSE-CU-2023:660-1: Recommended update of bci/golang Message-ID: <20230315080349.016F7F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:660-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-19.48 Container Release : 19.48 Severity : moderate Type : recommended References : 1193742 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:734-1 Released: Tue Mar 14 18:07:33 2023 Summary: Recommended update for go1.18 Type: recommended Severity: moderate References: 1193742 This update for go1.18 fixes the following issues: go1.18.10 (released 2023-01-10) includes fixes to cgo, the compiler, the linker, and the crypto/x509, net/http, and syscall packages. (bsc#1193742) * misc/cgo: backport needed for dlltool fix * crypto/x509: Verify on macOS does not return typed errors * cmd/compile: the loong64 intrinsic for CompareAndSwapUint32 function needs to sign extend its 'old' argument. * syscall, internal/poll: accept4-to-accept fallback removal broke Go code on Synology DSM 6.2 ARM devices * os: TestLstat failure on Linux Aarch64 * reflect: sort.SliceStable sorts incorrectly on arm64 with less function created with reflect.MakeFunc and slice of sufficient length * cmd/go: remove test dependency on gopkg.in service * cmd/go: TestScript/version_buildvcs_git_gpg (if enabled) fails on linux longtest builders * cgo: malformed DWARF TagVariable entry * cmd/cgo: Wrong types in compiler errors with clang 14 * cmd/link/internal/ppc64: too-far trampoline is reused * net: reenable TestLookupDotsWithRemoteSource and TestLookupGoogleSRV with a different target * net/http: bad handling of HEAD requests with a body The following package changes have been done: - go1.18-1.18.10-150000.1.43.1 updated - container:sles15-image-15.0.0-27.14.39 updated From sle-updates at lists.suse.com Wed Mar 15 08:04:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 09:04:28 +0100 (CET) Subject: SUSE-CU-2023:659-1: Recommended update of bci/openjdk Message-ID: <20230315080428.01A2AF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:659-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-34.49 Container Release : 34.49 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated From sle-updates at lists.suse.com Wed Mar 15 08:04:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 09:04:44 +0100 (CET) Subject: SUSE-CU-2023:661-1: Recommended update of bci/openjdk-devel Message-ID: <20230315080444.E3912F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:661-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-13.64 , bci/openjdk-devel:latest Container Release : 13.64 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated - container:bci-openjdk-17-15.4.17-12.34 updated From sle-updates at lists.suse.com Wed Mar 15 08:04:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 09:04:45 +0100 (CET) Subject: SUSE-CU-2023:662-1: Recommended update of bci/openjdk-devel Message-ID: <20230315080445.F11B4F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:662-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-13.65 , bci/openjdk-devel:latest Container Release : 13.65 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:732-1 Released: Tue Mar 14 18:06:09 2023 Summary: Recommended update for jsoup, jsr-305 Type: recommended Severity: low References: This update for jsoup, jsr-305 fixes the following issues: - Redistribute packages to fix dependency inconsistencies in some products. The following package changes have been done: - jsoup-1.15.3-150200.3.11.1 updated From sle-updates at lists.suse.com Wed Mar 15 08:04:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 09:04:59 +0100 (CET) Subject: SUSE-CU-2023:663-1: Recommended update of bci/openjdk Message-ID: <20230315080459.91FD0F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:663-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.34 , bci/openjdk:latest Container Release : 12.34 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated From sle-updates at lists.suse.com Wed Mar 15 08:05:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 09:05:32 +0100 (CET) Subject: SUSE-CU-2023:664-1: Recommended update of bci/python Message-ID: <20230315080532.B22B9F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:664-1 Container Tags : bci/python:3 , bci/python:3-11.30 , bci/python:3.10 , bci/python:3.10-11.30 , bci/python:latest Container Release : 11.30 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated From sle-updates at lists.suse.com Wed Mar 15 08:06:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 09:06:12 +0100 (CET) Subject: SUSE-CU-2023:665-1: Recommended update of bci/python Message-ID: <20230315080612.11909F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:665-1 Container Tags : bci/python:3 , bci/python:3-34.33 , bci/python:3.6 , bci/python:3.6-34.33 Container Release : 34.33 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated From sle-updates at lists.suse.com Wed Mar 15 08:06:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 09:06:45 +0100 (CET) Subject: SUSE-CU-2023:666-1: Recommended update of bci/ruby Message-ID: <20230315080645.205B2F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:666-1 Container Tags : bci/ruby:2 , bci/ruby:2-33.29 , bci/ruby:2.5 , bci/ruby:2.5-33.29 , bci/ruby:latest Container Release : 33.29 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated From sle-updates at lists.suse.com Wed Mar 15 08:06:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 09:06:56 +0100 (CET) Subject: SUSE-CU-2023:667-1: Recommended update of bci/rust Message-ID: <20230315080656.410F4F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:667-1 Container Tags : bci/rust:1.65 , bci/rust:1.65-13.28 Container Release : 13.28 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated From sle-updates at lists.suse.com Wed Mar 15 08:07:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 09:07:03 +0100 (CET) Subject: SUSE-CU-2023:668-1: Recommended update of bci/rust Message-ID: <20230315080703.5939BF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:668-1 Container Tags : bci/rust:1.66 , bci/rust:1.66-3.14 Container Release : 3.14 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated From sle-updates at lists.suse.com Wed Mar 15 08:07:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 09:07:06 +0100 (CET) Subject: SUSE-CU-2023:669-1: Recommended update of bci/rust Message-ID: <20230315080706.8CB10F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:669-1 Container Tags : bci/rust:1.67 , bci/rust:1.67-2.9 , bci/rust:latest Container Release : 2.9 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated From sle-updates at lists.suse.com Wed Mar 15 08:07:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 09:07:32 +0100 (CET) Subject: SUSE-CU-2023:670-1: Recommended update of suse/sle15 Message-ID: <20230315080732.C01FDF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:670-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.39 , suse/sle15:15.4 , suse/sle15:15.4.27.14.39 Container Release : 27.14.39 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:713-1 Released: Mon Mar 13 10:25:04 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: This update for suse-build-key fixes the following issues: This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise 15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch to mid of 2023. (jsc#PED-2777) - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories). - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories). - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages. - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem: New RSA 4096 key for the SUSE registry registry.suse.com, installed as suse-container-key-2023.pem and suse-container-key-2023.asc - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem: New PTF container signing key for registry.suse.com/ptf/ space. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated - suse-build-key-12.0-150000.8.31.1 updated From sle-updates at lists.suse.com Wed Mar 15 08:07:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 09:07:41 +0100 (CET) Subject: SUSE-CU-2023:671-1: Recommended update of bci/bci-init Message-ID: <20230315080741.43833F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:671-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.3.55 Container Release : 3.55 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated - container:sles15-image-15.0.0-35.2.4 updated From sle-updates at lists.suse.com Wed Mar 15 08:07:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 09:07:47 +0100 (CET) Subject: SUSE-CU-2023:672-1: Recommended update of bci/bci-minimal Message-ID: <20230315080747.176A5F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:672-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.3.40 Container Release : 3.40 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated From sle-updates at lists.suse.com Wed Mar 15 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 08:30:05 -0000 Subject: SUSE-SU-2023:0738-1: important: Security update for nodejs18 Message-ID: <167886900551.24867.15132271934864078074@smelt2.suse.de> # Security update for nodejs18 Announcement ID: SUSE-SU-2023:0738-1 Rating: important References: * #1208413 * #1208481 * #1208483 * #1208485 * #1208487 Cross-References: * CVE-2023-23918 * CVE-2023-23919 * CVE-2023-23920 * CVE-2023-23936 * CVE-2023-24807 CVSS scores: * CVE-2023-23918 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-23918 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23919 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23919 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23920 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2023-23920 ( NVD ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N * CVE-2023-23936 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-23936 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-24807 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24807 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP4 An update that solves five vulnerabilities can now be installed. ## Description: This update for nodejs18 fixes the following issues: Update to NodeJS 18.14.2 LTS: * CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule (bsc#1208481). * CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library (bsc#1208483). * CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487). * CVE-2023-23936: Fixed protection against CRLF injection in host headers inside fetch API (bsc#1208485). * CVE-2023-24807: Fixed possible Regular Expression Denial of Service (ReDoS) via Headers.set() and Headers.append() methods (bsc#1208413). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-738=1 * Web and Scripting Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-738=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nodejs18-18.14.2-150400.9.6.2 * nodejs18-debuginfo-18.14.2-150400.9.6.2 * corepack18-18.14.2-150400.9.6.2 * nodejs18-devel-18.14.2-150400.9.6.2 * npm18-18.14.2-150400.9.6.2 * nodejs18-debugsource-18.14.2-150400.9.6.2 * openSUSE Leap 15.4 (noarch) * nodejs18-docs-18.14.2-150400.9.6.2 * Web and Scripting Module 15-SP4 (aarch64 ppc64le s390x x86_64) * nodejs18-18.14.2-150400.9.6.2 * nodejs18-debuginfo-18.14.2-150400.9.6.2 * nodejs18-devel-18.14.2-150400.9.6.2 * npm18-18.14.2-150400.9.6.2 * nodejs18-debugsource-18.14.2-150400.9.6.2 * Web and Scripting Module 15-SP4 (noarch) * nodejs18-docs-18.14.2-150400.9.6.2 ## References: * https://www.suse.com/security/cve/CVE-2023-23918.html * https://www.suse.com/security/cve/CVE-2023-23919.html * https://www.suse.com/security/cve/CVE-2023-23920.html * https://www.suse.com/security/cve/CVE-2023-23936.html * https://www.suse.com/security/cve/CVE-2023-24807.html * https://bugzilla.suse.com/show_bug.cgi?id=1208413 * https://bugzilla.suse.com/show_bug.cgi?id=1208481 * https://bugzilla.suse.com/show_bug.cgi?id=1208483 * https://bugzilla.suse.com/show_bug.cgi?id=1208485 * https://bugzilla.suse.com/show_bug.cgi?id=1208487 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 15 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 08:30:07 -0000 Subject: SUSE-SU-2023:0737-1: moderate: Security update for python-cryptography Message-ID: <167886900761.24867.2900839797795244428@smelt2.suse.de> # Security update for python-cryptography Announcement ID: SUSE-SU-2023:0737-1 Rating: moderate References: * #1208036 Cross-References: * CVE-2023-23931 CVSS scores: * CVE-2023-23931 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-23931 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for python-cryptography fixes the following issues: * CVE-2023-23931: Fixed a memory corruption inside Cipher.update_into via immutable objects (bsc#1208036). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-737=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-737=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-737=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * python2-cryptography-debuginfo-2.9.2-150100.7.12.1 * python3-cryptography-debuginfo-2.9.2-150100.7.12.1 * python2-cryptography-2.9.2-150100.7.12.1 * python-cryptography-debuginfo-2.9.2-150100.7.12.1 * python3-cryptography-2.9.2-150100.7.12.1 * python-cryptography-debugsource-2.9.2-150100.7.12.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * python2-cryptography-debuginfo-2.9.2-150100.7.12.1 * python3-cryptography-debuginfo-2.9.2-150100.7.12.1 * python2-cryptography-2.9.2-150100.7.12.1 * python-cryptography-debuginfo-2.9.2-150100.7.12.1 * python3-cryptography-2.9.2-150100.7.12.1 * python-cryptography-debugsource-2.9.2-150100.7.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * python2-cryptography-debuginfo-2.9.2-150100.7.12.1 * python3-cryptography-debuginfo-2.9.2-150100.7.12.1 * python2-cryptography-2.9.2-150100.7.12.1 * python-cryptography-debuginfo-2.9.2-150100.7.12.1 * python3-cryptography-2.9.2-150100.7.12.1 * python-cryptography-debugsource-2.9.2-150100.7.12.1 * SUSE CaaS Platform 4.0 (x86_64) * python2-cryptography-debuginfo-2.9.2-150100.7.12.1 * python3-cryptography-debuginfo-2.9.2-150100.7.12.1 * python2-cryptography-2.9.2-150100.7.12.1 * python-cryptography-debuginfo-2.9.2-150100.7.12.1 * python3-cryptography-2.9.2-150100.7.12.1 * python-cryptography-debugsource-2.9.2-150100.7.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23931.html * https://bugzilla.suse.com/show_bug.cgi?id=1208036 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 15 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 12:30:02 -0000 Subject: SUSE-SU-2023:0746-1: moderate: Security update for perl-Net-Server Message-ID: <167888340263.18224.9184730581793796506@smelt2.suse.de> # Security update for perl-Net-Server Announcement ID: SUSE-SU-2023:0746-1 Rating: moderate References: * #808830 Cross-References: * CVE-2013-1841 CVSS scores: Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for perl-Net-Server fixes the following issues: * CVE-2013-1841: Fixed insufficient hostname access checking (bsc#808830). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-746=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-746=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-746=1 ## Package List: * openSUSE Leap 15.4 (noarch) * perl-Net-Server-2.009-150000.3.3.1 * Basesystem Module 15-SP4 (noarch) * perl-Net-Server-2.009-150000.3.3.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * perl-Net-Server-2.009-150000.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2013-1841.html * https://bugzilla.suse.com/show_bug.cgi?id=808830 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 15 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 12:30:03 -0000 Subject: SUSE-RU-2023:0745-1: moderate: Recommended update for release-notes-sle_rt Message-ID: <167888340373.18224.6410884118093046969@smelt2.suse.de> # Recommended update for release-notes-sle_rt Announcement ID: SUSE-RU-2023:0745-1 Rating: moderate References: Affected Products: * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Real Time Module 15-SP4 An update that contains two features can now be installed. ## Description: This update for release-notes-sle_rt fixes the following issues: * Add the Limitations section for Live Patching * Enable Live Patching support for SUSE Linux Enterprise Real Time (jsc#PED-1706) * rt-tests has been updated to v2.4 (jsc#SLE-23995) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Real Time Module 15-SP4 zypper in -t patch SUSE-SLE-Module-RT-15-SP4-2023-745=1 * SUSE Linux Enterprise Real Time 15 SP4 zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2023-745=1 ## Package List: * SUSE Real Time Module 15-SP4 (noarch) * release-notes-sle_rt-15.4.20230214-150400.3.8.1 * SUSE Linux Enterprise Real Time 15 SP4 (noarch) * release-notes-sle_rt-15.4.20230214-150400.3.8.1 ## References: * https://jira.suse.com/browse/PED-1706 * https://jira.suse.com/browse/SLE-23995 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 15 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 12:30:06 -0000 Subject: SUSE-RU-2023:0743-1: moderate: Recommended update for gnutls Message-ID: <167888340609.18224.17810966798033219455@smelt2.suse.de> # Recommended update for gnutls Announcement ID: SUSE-RU-2023:0743-1 Rating: moderate References: * #1209001 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for gnutls fixes the following issues: FIPS: Establish PBKDF2 additional requirements [bsc#1209001] * Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N) * Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1) * Set the minimum iterations count to 1000 (SP 800-132 sec 5.2) * Set the minimum passlen of 20 characters (SP SP800-132 sec 5) * Add regression tests for the new PBKDF2 requirements. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-743=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-743=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * gnutls-3.7.3-150400.4.35.1 * gnutls-debuginfo-3.7.3-150400.4.35.1 * libgnutlsxx28-3.7.3-150400.4.35.1 * gnutls-debugsource-3.7.3-150400.4.35.1 * libgnutlsxx-devel-3.7.3-150400.4.35.1 * libgnutls30-debuginfo-3.7.3-150400.4.35.1 * libgnutls-devel-3.7.3-150400.4.35.1 * libgnutls30-3.7.3-150400.4.35.1 * libgnutls30-hmac-3.7.3-150400.4.35.1 * libgnutlsxx28-debuginfo-3.7.3-150400.4.35.1 * gnutls-guile-3.7.3-150400.4.35.1 * gnutls-guile-debuginfo-3.7.3-150400.4.35.1 * openSUSE Leap 15.4 (x86_64) * libgnutls-devel-32bit-3.7.3-150400.4.35.1 * libgnutls30-32bit-debuginfo-3.7.3-150400.4.35.1 * libgnutls30-32bit-3.7.3-150400.4.35.1 * libgnutls30-hmac-32bit-3.7.3-150400.4.35.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * gnutls-3.7.3-150400.4.35.1 * gnutls-debuginfo-3.7.3-150400.4.35.1 * libgnutlsxx28-3.7.3-150400.4.35.1 * libgnutlsxx-devel-3.7.3-150400.4.35.1 * libgnutls30-debuginfo-3.7.3-150400.4.35.1 * libgnutls-devel-3.7.3-150400.4.35.1 * libgnutls30-3.7.3-150400.4.35.1 * libgnutls30-hmac-3.7.3-150400.4.35.1 * libgnutlsxx28-debuginfo-3.7.3-150400.4.35.1 * gnutls-debugsource-3.7.3-150400.4.35.1 * Basesystem Module 15-SP4 (x86_64) * libgnutls30-32bit-debuginfo-3.7.3-150400.4.35.1 * libgnutls30-32bit-3.7.3-150400.4.35.1 * libgnutls30-hmac-32bit-3.7.3-150400.4.35.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209001 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 15 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 12:30:07 -0000 Subject: SUSE-RU-2023:0742-1: moderate: Recommended update for suse-migration-services Message-ID: <167888340790.18224.5584586446493416067@smelt2.suse.de> # Recommended update for suse-migration-services Announcement ID: SUSE-RU-2023:0742-1 Rating: moderate References: * #1206701 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for suse-migration-services fixes the following issues: * Bump to version 2.0.35 * Fix kernel check when there is no entry for 'multiversion ='. (bsc#1206701) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-742=1 ## Package List: * Public Cloud Module 12 (noarch) * suse-migration-sle15-activation-2.0.35-6.33.2 * suse-migration-pre-checks-2.0.35-6.12.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206701 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 15 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 12:30:08 -0000 Subject: SUSE-RU-2023:0741-1: low: Recommended update for SLE_HPC-LTSS-release Message-ID: <167888340882.18224.3920900750404359803@smelt2.suse.de> # Recommended update for SLE_HPC-LTSS-release Announcement ID: SUSE-RU-2023:0741-1 Rating: low References: Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 An update that contains one feature can now be installed. ## Description: This update for SLE_HPC-LTSS-release provides the following fix: * Adjust the EOL date for the product. ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-741=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * SLE_HPC-LTSS-release-15.3-150300.9.3.2 ## References: * https://jira.suse.com/browse/MSC-535 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 15 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 12:30:09 -0000 Subject: SUSE-RU-2023:0740-1: low: Recommended update for SLE_HPC-ESPOS-release Message-ID: <167888340978.18224.6412065731265376467@smelt2.suse.de> # Recommended update for SLE_HPC-ESPOS-release Announcement ID: SUSE-RU-2023:0740-1 Rating: low References: Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 An update that contains one feature can now be installed. ## Description: This update for SLE_HPC-ESPOS-release provides the following fix: * Adjust the EOL date for the product. ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-740=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * SLE_HPC-ESPOS-release-15.3-150300.9.3.2 ## References: * https://jira.suse.com/browse/MSC-536 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 15 12:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 12:30:10 -0000 Subject: SUSE-RU-2023:0739-1: low: Recommended update for SLE_RT-release Message-ID: <167888341077.18224.2535245122166927994@smelt2.suse.de> # Recommended update for SLE_RT-release Announcement ID: SUSE-RU-2023:0739-1 Rating: low References: Affected Products: * SUSE Linux Enterprise Real Time 15 SP3 An update that contains one feature can now be installed. ## Description: This update for SLE_RT-release provides the following fix: * Adjust the EOL date for the product. ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-739=1 ## Package List: * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * SLE_RT-release-15.3-150300.4.11.2 ## References: * https://jira.suse.com/browse/MSC-533 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 15 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 20:30:04 -0000 Subject: SUSE-SU-2023:0748-1: important: Security update for python310 Message-ID: <167891220435.15599.1038742600958976866@smelt2.suse.de> # Security update for python310 Announcement ID: SUSE-SU-2023:0748-1 Rating: important References: * #1208471 * #831629 Cross-References: * CVE-2015-20107 * CVE-2022-37454 * CVE-2022-42919 * CVE-2022-45061 * CVE-2023-24329 CVSS scores: * CVE-2015-20107 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L * CVE-2015-20107 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L * CVE-2022-37454 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-37454 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-42919 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-42919 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45061 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-45061 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24329 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L * CVE-2023-24329 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * Python 3 Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves five vulnerabilities can now be installed. ## Description: This update for python310 fixes the following issues: * CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). Update to 3.10.10: * Add provides for readline and sqlite3 to the main Python package. * Disable NIS for new products, it's deprecated and gets removed Update to 3.10.9: * python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server lo This is done by changing the http.server BaseHTTPRequestHandler .log_message method to replace control characters with a \xHH hex escape before printin * Avoid publishing list of active per-interpreter audit hooks via the gc module * The IDNA codec decoder used on DNS hostnames by socket or asyncio related name resolution functions no longer involves a quadratic algorithm. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name. * Update bundled libexpat to 2.5.0 * Port XKCP?s fix for the buffer overflows in SHA-3 (CVE-2022-37454). * On Linux the multiprocessing module returns to using filesystem backed unix domain sockets for communication with the forkserver process instead of the Linux abstract socket namespace. Only code that chooses to use the ?forkserver? start method is affected Abstract sockets have no permissions and could allow any user on the system in the same network namespace (often the whole system) to inject code into the multiprocessing forkserver process. This was a potential privilege escalation. Filesystem based socket permissions restrict this to the forkserver process user as was the default in Python 3.8 and earlier This prevents Linux CVE-2022-42919 * Fix a reference bug in _imp.create_builtin() after the creation of the first sub-interpreter for modules builtins and sys. Patch by Victor Stinner. * Fixed a bug that was causing a buffer overflow if the tokenizer copies a line missing the newline caracter from a file that is as long as the available tokenizer buffer. Patch by Pablo galindo * Update faulthandler to emit an error message with the proper unexpected signal number. Patch by Dong-hee Na. * Fix subscription of types.GenericAlias instances containing bare generic types: for example tuple[A, T][int], where A is a generic type, and T is a type variable. * Fix detection of MAC addresses for uuid on certain OSs. Patch by Chaim Sanders * Print exception class name instead of its string representation when raising errors from ctypes calls. * Allow pdb to locate source for frozen modules in the standard library. * Raise ValueError instead of SystemError when methods of uninitialized io.IncrementalNewlineDecoder objects are called. Patch by Oren Milman. * Fix a possible assertion failure in io.FileIO when the opener returns an invalid file descriptor. * Also escape s in the http.server BaseHTTPRequestHandler.log_message so that it is technically possible to parse the line and reconstruct what the original data was. Without this a xHH is ambiguious as to if it is a hex replacement we put in or the characters r?x? came through in the original request line. * asyncio.get_event_loop() now only emits a deprecation warning when a new event loop was created implicitly. It no longer emits a deprecation warning if the current event loop was set. * Fix bug when calling trace.CoverageResults with valid infile. * Fix a bug in handling class cleanups in unittest.TestCase. Now addClassCleanup() uses separate lists for different TestCase subclasses, and doClassCleanups() only cleans up the particular class. * Release the GIL when calling termios APIs to avoid blocking threads. * Fix ast.increment_lineno() to also cover ast.TypeIgnore when changing line numbers. * Fixed bug where inspect.signature() reported incorrect arguments for decorated methods. * Fix SystemError in ctypes when exception was not set during **initsubclass**. * Fix statistics.NormalDist pickle with 0 and 1 protocols. * Update the bundled copy of pip to version 22.3.1. * Apply bugfixes from importlib_metadata 4.11.4, namely: In PathDistribution._name_from_stem, avoid including parts of the extension in the result. In PathDistribution._normalized_name, ensure names loaded from the stem of the filename are also normalized, ensuring duplicate entry points by packages varying only by non-normalized name are hidden. * Clean up refleak on failed module initialisation in _zoneinfo * Clean up refleaks on failed module initialisation in in _pickle * Clean up refleak on failed module initialisation in _io. * Fix memory leak in math.dist() when both points don?t have the same dimension. Patch by Kumar Aditya. * Fix argument typechecks in _overlapped.WSAConnect() and _overlapped.Overlapped.WSASendTo() functions. * Fix internal error in the re module which in very rare circumstances prevented compilation of a regular expression containing a conditional expression without the ?else? branch. * Fix asyncio.StreamWriter.drain() to call protocol.connection_lost callback only once on Windows. * Add a mutex to unittest.mock.NonCallableMock to protect concurrent access to mock attributes. * Fix hang on Windows in subprocess.wait_closed() in asyncio with ProactorEventLoop. Patch by Kumar Aditya. * Fix infinite loop in unittest when a self-referencing chained exception is raised * tkinter.Text.count() raises now an exception for options starting with ?-? instead of silently ignoring them. * On uname_result, restored expectation that _fields and _asdict would include all six properties including processor. * Update the bundled copies of pip and setuptools to versions 22.3 and 65.5.0 respectively. * Fix bug in urllib.parse.urlparse() that causes certain port numbers containing whitespace, underscores, plus and minus signs, or non-ASCII digits to be incorrectly accepted. * Allow venv to pass along PYTHON* variables to ensurepip and pip when they do not impact path resolution * On macOS, fix a crash in syslog.syslog() in multi-threaded applications. On macOS, the libc syslog() function is not thread-safe, so syslog.syslog() no longer releases the GIL to call it. Patch by Victor Stinner. * Allow BUILTINS to be a valid field name for frozen dataclasses. * Make sure patch.dict() can be applied on async functions. * To avoid apparent memory leaks when asyncio.open_connection() raises, break reference cycles generated by local exception and future instances (which has exception instance as its member var). Patch by Dong Uk, Kang. * Prevent error when activating venv in nested fish instances. * Restrict use of sockets instead of pipes for stdin of subprocesses created by asyncio to AIX platform only. * shutil.copytree() now applies the ignore_dangling_symlinks argument recursively. * Fix IndexError in argparse.ArgumentParser when a store_true action is given an explicit argument. * Document that calling variadic functions with ctypes requires special care on macOS/arm64 (and possibly other platforms). * Skip test_normalization() of test_unicodedata if it fails to download NormalizationTest.txt file from pythontest.net. Patch by Victor Stinner. * Some C API tests were moved into the new Lib/test/test_capi/ directory. * Fix -Wimplicit-int, -Wstrict-prototypes, and -Wimplicit-function-declaration compiler warnings in configure checks. * Fix -Wimplicit-int compiler warning in configure check for PTHREAD_SCOPE_SYSTEM. * Specify the full path to the source location for make docclean (needed for cross-builds). * Fix NO_MISALIGNED_ACCESSES being not defined for the SHA3 extension when HAVE_ALIGNED_REQUIRED is set. Allowing builds on hardware that unaligned memory accesses are not allowed. * Fix handling of module docstrings in Tools/i18n/pygettext.py. * Add invalid-json.patch fixing invalid JSON in Doc/howto/logging-cookbook.rst (somehow similar to gh#python/cpython#102582). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-748=1 * Python 3 Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-748=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python310-curses-debuginfo-3.10.10-150400.4.22.1 * python310-testsuite-debuginfo-3.10.10-150400.4.22.1 * python310-tk-3.10.10-150400.4.22.1 * python310-debugsource-3.10.10-150400.4.22.1 * python310-base-debuginfo-3.10.10-150400.4.22.1 * python310-debuginfo-3.10.10-150400.4.22.1 * python310-doc-3.10.10-150400.4.22.1 * python310-testsuite-3.10.10-150400.4.22.1 * python310-tk-debuginfo-3.10.10-150400.4.22.1 * libpython3_10-1_0-debuginfo-3.10.10-150400.4.22.1 * python310-tools-3.10.10-150400.4.22.1 * python310-curses-3.10.10-150400.4.22.1 * python310-devel-3.10.10-150400.4.22.1 * python310-base-3.10.10-150400.4.22.1 * python310-idle-3.10.10-150400.4.22.1 * python310-3.10.10-150400.4.22.1 * libpython3_10-1_0-3.10.10-150400.4.22.1 * python310-dbm-debuginfo-3.10.10-150400.4.22.1 * python310-dbm-3.10.10-150400.4.22.1 * python310-core-debugsource-3.10.10-150400.4.22.1 * python310-doc-devhelp-3.10.10-150400.4.22.1 * openSUSE Leap 15.4 (x86_64) * python310-32bit-3.10.10-150400.4.22.1 * python310-base-32bit-debuginfo-3.10.10-150400.4.22.1 * python310-32bit-debuginfo-3.10.10-150400.4.22.1 * python310-base-32bit-3.10.10-150400.4.22.1 * libpython3_10-1_0-32bit-debuginfo-3.10.10-150400.4.22.1 * libpython3_10-1_0-32bit-3.10.10-150400.4.22.1 * Python 3 Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python310-curses-debuginfo-3.10.10-150400.4.22.1 * python310-dbm-3.10.10-150400.4.22.1 * python310-devel-3.10.10-150400.4.22.1 * python310-base-3.10.10-150400.4.22.1 * python310-idle-3.10.10-150400.4.22.1 * python310-tk-debuginfo-3.10.10-150400.4.22.1 * python310-3.10.10-150400.4.22.1 * python310-tk-3.10.10-150400.4.22.1 * libpython3_10-1_0-debuginfo-3.10.10-150400.4.22.1 * libpython3_10-1_0-3.10.10-150400.4.22.1 * python310-core-debugsource-3.10.10-150400.4.22.1 * python310-debugsource-3.10.10-150400.4.22.1 * python310-tools-3.10.10-150400.4.22.1 * python310-base-debuginfo-3.10.10-150400.4.22.1 * python310-curses-3.10.10-150400.4.22.1 * python310-dbm-debuginfo-3.10.10-150400.4.22.1 * python310-debuginfo-3.10.10-150400.4.22.1 ## References: * https://www.suse.com/security/cve/CVE-2015-20107.html * https://www.suse.com/security/cve/CVE-2022-37454.html * https://www.suse.com/security/cve/CVE-2022-42919.html * https://www.suse.com/security/cve/CVE-2022-45061.html * https://www.suse.com/security/cve/CVE-2023-24329.html * https://bugzilla.suse.com/show_bug.cgi?id=1208471 * https://bugzilla.suse.com/show_bug.cgi?id=831629 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Mar 15 20:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Mar 2023 20:30:23 -0000 Subject: SUSE-SU-2023:0747-1: important: Security update for the Linux Kernel Message-ID: <167891222348.15599.866682963680908355@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:0747-1 Rating: important References: * #1065729 * #1194535 * #1198438 * #1203200 * #1203331 * #1205711 * #1206103 * #1207051 * #1207201 * #1207845 * #1208179 * #1208541 * #1208542 * #1208570 * #1208700 * #1208837 * #1209008 * #1209188 Cross-References: * CVE-2021-4203 * CVE-2022-38096 * CVE-2022-4129 * CVE-2023-0597 * CVE-2023-1118 * CVE-2023-23559 * CVE-2023-26545 CVSS scores: * CVE-2021-4203 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2021-4203 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2022-38096 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38096 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-4129 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-4129 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0597 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26545 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26545 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Real Time 12 SP5 * SUSE Linux Enterprise Server 12 SP5 An update that solves seven vulnerabilities and has 11 fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. * CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535). * CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). * CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) * CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). * CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). * CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). The following non-security bugs were fixed: * block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541). * bonding: fix 802.3ad state sent to partner when unbinding slave (git-fixes). * cpu/hotplug: Fix "SMT disabled by BIOS" detection for KVM (git-fixes). * do not dump the threads that had been already exiting when zapped (git- fixes). * do not sign the vanilla kernel (bsc#1209008). * gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp() (git-fixes). * icmp: do not fail on fragment reassembly time exceeded (git-fixes). * ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). * ipmi: Move remove_work to dedicated workqueue (git-fixes). * ipmi: fix initialization when workqueue allocation fails (git-fixes). * ipmi: fix memleak when unload ipmi driver (git-fixes). * ipmi: fix use after free in _ipmi_destroy_user() (git-fixes). * ipmi: msghandler: Make symbol 'remove_work_wq' static (git-fixes). * kABI: cpu/hotplug: reexport cpu_smt_control (kabi). * kabi fix for - SUNRPC: Fix priority queue fairness (git-fixes). * kabi fix for: NFS: Pass error information to the pgio error cleanup routine (git-fixes). * kabi/severities: add l2tp local symbols * kbuild: clear LDFLAGS in the top Makefile (bsc#1203200). * kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. * kernel/sys.c: avoid copying possible padding bytes in copy_to_user (git- fixes). * makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200). * media: coda: Add check for dcoda_iram_alloc (git-fixes). * media: coda: Add check for kmalloc (git-fixes). * media: platform: ti: Add missing check for devm_regulator_get (git-fixes). * net/ethernet/freescale: rework quiesce/activate for ucc_geth (git-fixes). * net/mlx5e: Set of completion request bit should not clear other adjacent bits (git-fixes). * net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes). * net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes). * net: allwinner: Fix use correct return type for ndo_start_xmit() (git- fixes). * net: aquantia: fix RSS table and key sizes (git-fixes). * net: bcmgenet: suppress warnings on failed Rx SKB allocations (git-fixes). * net: bmac: Fix read of MAC address from ROM (git-fixes). * net: dsa: mv88e6xxx: Allow dsa and cpu ports in multiple vlans (git-fixes). * net: qed*: Reduce RX and TX default ring count when running inside kdump kernel (git-fixes). * net: stmmac: Fix sub-second increment (git-fixes). * net: systemport: suppress warnings on failed Rx SKB allocations (git-fixes). * net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes). * net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 (git-fixes). * net: usb: lan78xx: do not modify phy_device state concurrently (git-fixes). * net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). * net: usb: qmi_wwan: add Quectel RM520N (git-fixes). * net: usb: sr9700: Handle negative len (git-fixes). * netfilter: ipvs: Fix inappropriate output of procfs (git-fixes). * netfilter: xt_connlimit: do not store address in the conn nodes (git-fixes). * nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request (git- fixes). * nfs: Pass error information to the pgio error cleanup routine (git-fixes). * nfsd: fix handling of readdir in v4root vs. mount upcall timeout (git- fixes). * nfsd: fix race to check ls_layouts (git-fixes). * nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git- fixes). * ocfs2: Fix data corruption after failed write (bsc#1208542). * pNFS/filelayout: Fix coalescing test for single DS (git-fixes). * panic: unset panic_on_warn inside panic() (git-fixes). * powerpc/eeh: Fix use-after-release of EEH driver (bsc#1065729). * powerpc/fscr: Enable interrupts earlier before calling get_user() (bsc#1065729). * powerpc/powernv: Fix build error in opal-imc.c when NUMA=n (bsc#1065729). * powerpc/powernv: IMC fix out of bounds memory access at shutdown (bsc#1065729). * prlimit: do_prlimit needs to have a speculation check (git-fixes). * ptrace: make ptrace() fail if the tracee changed its pid unexpectedly (git- fixes). * scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). * scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570). * scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570). * scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570). * scsi: qla2xxx: Fix erroneous link down (bsc#1208570). * scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570). * scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570). * scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570). * scsi: qla2xxx: Fix printk() format string (bsc#1208570). * scsi: qla2xxx: Fix stalled login (bsc#1208570). * scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570). * scsi: qla2xxx: Relocate/rename vp map (bsc#1208570). * scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570). * scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570). * scsi: qla2xxx: Remove dead code (bsc#1208570). * scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570). * scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570). * scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570). * scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570). * scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570). * scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570). * scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570). * scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570). * scsi: qla2xxx: edif: Fix clang warning (bsc#1208570). * scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570). * scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570). * scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570). * signal handling: do not use BUG_ON() for debugging (git-fixes). * sunrpc: Fix priority queue fairness (git-fixes). * sunrpc: ensure the matching upcall is in-flight upon downcall (git-fixes). * sunrpc: make lockless test safe (bsc#1207201). * usb: dwc3: fix PHY disable sequence (git-fixes). * usb: dwc3: gadget: Fix event pending check (git-fixes). * usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). * usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes). * usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). * usb: serial: ch341: fix disabled rx timer on older devices (git-fixes). * usb: serial: console: move mutex_unlock() before usb_serial_put() (git- fixes). * vlan: Fix out of order vlan headers with reorder header off (git-fixes). * vlan: Fix vlan insertion for packets without ethernet header (git-fixes). * vxlan: Fix error path in __vxlan_dev_create() (git-fixes). * vxlan: changelink: Fix handling of default remotes (git-fixes). * x86/mce: Fix -Wmissing-prototypes warnings (git-fixes). * x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). * xfrm: Copy policy family in clone_policy (git-fixes). * xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init (git-fixes). * xfs: Fix bulkstat compat ioctls on x32 userspace (git-fixes). * xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git- fixes). * xfs: fix attr leaf header freemap.size underflow (git-fixes). * xfs: fix leaks on corruption errors in xfs_bmap.c (git-fixes). * xfs: fix mount failure crash on invalid iclog memory access (git-fixes). * xfs: fix partially uninitialized structure in xfs_reflink_remap_extent (git- fixes). * xfs: fix realtime bitmap/summary file truncation when growing rt volume (git-fixes). * xfs: fix use-after-free race in xfs_buf_rele (git-fixes). * xfs: initialize the shortform attr header padding entry (git-fixes). * xfs: make sure the rt allocator does not run off the end (git-fixes). * xfs: require both realtime inodes to mount (git-fixes). * xhci: Do not show warning for reinit on known broken suspend (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 12 SP5 zypper in -t patch SUSE-SLE-RT-12-SP5-2023-747=1 ## Package List: * SUSE Linux Enterprise Real Time 12 SP5 (x86_64) * kernel-rt_debug-devel-debuginfo-4.12.14-10.118.1 * ocfs2-kmp-rt-4.12.14-10.118.1 * kernel-rt_debug-debuginfo-4.12.14-10.118.1 * kernel-rt-base-debuginfo-4.12.14-10.118.1 * kernel-rt-debuginfo-4.12.14-10.118.1 * cluster-md-kmp-rt-debuginfo-4.12.14-10.118.1 * gfs2-kmp-rt-4.12.14-10.118.1 * cluster-md-kmp-rt-4.12.14-10.118.1 * kernel-rt-devel-4.12.14-10.118.1 * kernel-rt-base-4.12.14-10.118.1 * dlm-kmp-rt-4.12.14-10.118.1 * gfs2-kmp-rt-debuginfo-4.12.14-10.118.1 * kernel-syms-rt-4.12.14-10.118.1 * kernel-rt_debug-debugsource-4.12.14-10.118.1 * kernel-rt_debug-devel-4.12.14-10.118.1 * ocfs2-kmp-rt-debuginfo-4.12.14-10.118.1 * kernel-rt-debugsource-4.12.14-10.118.1 * kernel-rt-devel-debuginfo-4.12.14-10.118.1 * dlm-kmp-rt-debuginfo-4.12.14-10.118.1 * SUSE Linux Enterprise Real Time 12 SP5 (noarch) * kernel-devel-rt-4.12.14-10.118.1 * kernel-source-rt-4.12.14-10.118.1 * SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64) * kernel-rt-4.12.14-10.118.1 * kernel-rt_debug-4.12.14-10.118.1 ## References: * https://www.suse.com/security/cve/CVE-2021-4203.html * https://www.suse.com/security/cve/CVE-2022-38096.html * https://www.suse.com/security/cve/CVE-2022-4129.html * https://www.suse.com/security/cve/CVE-2023-0597.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://www.suse.com/security/cve/CVE-2023-23559.html * https://www.suse.com/security/cve/CVE-2023-26545.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1194535 * https://bugzilla.suse.com/show_bug.cgi?id=1198438 * https://bugzilla.suse.com/show_bug.cgi?id=1203200 * https://bugzilla.suse.com/show_bug.cgi?id=1203331 * https://bugzilla.suse.com/show_bug.cgi?id=1205711 * https://bugzilla.suse.com/show_bug.cgi?id=1206103 * https://bugzilla.suse.com/show_bug.cgi?id=1207051 * https://bugzilla.suse.com/show_bug.cgi?id=1207201 * https://bugzilla.suse.com/show_bug.cgi?id=1207845 * https://bugzilla.suse.com/show_bug.cgi?id=1208179 * https://bugzilla.suse.com/show_bug.cgi?id=1208541 * https://bugzilla.suse.com/show_bug.cgi?id=1208542 * https://bugzilla.suse.com/show_bug.cgi?id=1208570 * https://bugzilla.suse.com/show_bug.cgi?id=1208700 * https://bugzilla.suse.com/show_bug.cgi?id=1208837 * https://bugzilla.suse.com/show_bug.cgi?id=1209008 * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 08:03:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 09:03:33 +0100 (CET) Subject: SUSE-CU-2023:674-1: Security update of bci/golang Message-ID: <20230316080333.C87E6F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:674-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-20.33 , bci/golang:latest Container Release : 20.33 Severity : important Type : security References : 1200441 1208269 1208270 1208271 1208272 1209030 CVE-2022-41722 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 CVE-2023-24532 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:733-1 Released: Tue Mar 14 18:07:08 2023 Summary: Security update for go1.19 Type: security Severity: important References: 1200441,1208269,1208270,1208271,1208272,1209030,CVE-2022-41722,CVE-2022-41723,CVE-2022-41724,CVE-2022-41725,CVE-2023-24532 This update for go1.19 fixes the following issues: - CVE-2022-41722: Fixed path traversal in filepath.Clean on Windows (bsc#1208269). - CVE-2022-41723: Fixed quadratic complexity in HPACK decoding (bsc#1208270). - CVE-2022-41724: Fixed panic with arge handshake records in crypto/tls (bsc#1208271). - CVE-2022-41725: Fixed denial of service from excessive resource consumption in net/http and mime/multipart (bsc#1208272). - CVE-2023-24532: Fixed incorrect P-256 ScalarMult and ScalarBaseMult results (bsc#1209030). Update to go1.19.7 * go#58441 runtime: some linkname signatures do not match * go#58502 cmd/link: relocation truncated to fit: R_ARM_CALL against `runtime.duffcopy' * go#58535 runtime: long latency of sweep assists * go#58716 net: TestTCPSelfConnect failures due to unexpected connections * go#58773 syscall: Environ uses an invalid unsafe.Pointer conversion on Windows * go#58810 crypto/x509: TestSystemVerify consistently failing Update to go1.19.6: * go#56154 net/http: bad handling of HEAD requests with a body * go#57635 crypto/x509: TestBoringAllowCert failures * go#57812 runtime: performance regression due to bad instruction used in morestack_noctxt for ppc64 in CL 425396 * go#58118 time: update zoneinfo_abbrs on Windows * go#58223 cmd/link: .go.buildinfo is gc'ed by --gc-sections * go#58449 cmd/go/internal/modfetch: TestCodeRepo/gopkg.in_natefinch_lumberjack.v2/latest failing Update to go1.19.5 (bsc#1200441): * go#57706 Misc/cgo: backport needed for dlltool fix * go#57556 crypto/x509: re-allow duplicate attributes in CSRs * go#57444 cmd/link: need to handle new-style LoongArch relocs * go#57427 crypto/x509: Verify on macOS does not return typed errors * go#57345 cmd/compile: the loong64 intrinsic for CompareAndSwapUint32 function needs to sign extend its 'old' argument. * go#57339 syscall, internal/poll: accept4-to-accept fallback removal broke Go code on Synology DSM 6.2 ARM devices * go#57214 os: TestLstat failure on Linux Aarch64 * go#57212 reflect: sort.SliceStable sorts incorrectly on arm64 with less function created with reflect.MakeFunc and slice of sufficient length * go#57124 sync/atomic: allow linked lists of atomic.Pointer * go#57100 cmd/compile: non-retpoline-compatible errors * go#57058 cmd/go: remove test dependency on gopkg.in service * go#57055 cmd/go: TestScript/version_buildvcs_git_gpg (if enabled) fails on linux longtest builders * go#56983 runtime: failure in TestRaiseException on windows-amd64-2012 * go#56834 cmd/link/internal/ppc64: too-far trampoline is reused * go#56770 cmd/compile: walkConvInterface produces broken IR * go#56744 cmd/compile: internal compiler error: missing typecheck * go#56712 net: reenable TestLookupDotsWithRemoteSource and TestLookupGoogleSRV with a different target * go#56154 net/http: bad handling of HEAD requests with a body The following package changes have been done: - go1.19-1.19.7-150000.1.23.1 updated - container:sles15-image-15.0.0-27.14.39 updated From sle-updates at lists.suse.com Thu Mar 16 08:03:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 09:03:37 +0100 (CET) Subject: SUSE-CU-2023:675-1: Security update of suse/sles/15.5/cdi-apiserver Message-ID: <20230316080337.5B96CF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-apiserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:675-1 Container Tags : suse/sles/15.5/cdi-apiserver:1.55.0 , suse/sles/15.5/cdi-apiserver:1.55.0-150500.3.13 , suse/sles/15.5/cdi-apiserver:1.55.0.17.171 Container Release : 17.171 Severity : important Type : security References : 1029961 1120610 1120610 1130496 1130496 1177047 1180713 1181131 1181131 1184124 1186642 1198062 1198922 1200657 1200657 1202436 1202436 1202436 1203600 1207753 1207789 CVE-2018-20482 CVE-2018-20482 CVE-2019-9923 CVE-2019-9923 CVE-2021-20193 CVE-2021-20193 CVE-2022-1271 CVE-2022-48303 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-apiserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:926-1 Released: Wed Apr 10 16:33:12 2019 Summary: Security update for tar Type: security Severity: moderate References: 1120610,1130496,CVE-2018-20482,CVE-2019-9923 This update for tar fixes the following issues: Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3791-1 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:974-1 Released: Mon Mar 29 19:31:27 2021 Summary: Security update for tar Type: security Severity: low References: 1181131,CVE-2021-20193 This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1935-1 Released: Thu Jun 10 10:45:09 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1186642 This update for gzip fixes the following issue: - gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2193-1 Released: Mon Jun 28 18:38:43 2021 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1184124 This update for tar fixes the following issues: - Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1548-1 Released: Thu May 5 16:45:28 2022 Summary: Security update for tar Type: security Severity: moderate References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2735-1 Released: Wed Aug 10 04:31:41 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657 This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2844-1 Released: Thu Aug 18 14:41:25 2022 Summary: Recommended update for tar Type: recommended Severity: important References: 1202436 This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4312-1 Released: Fri Dec 2 11:16:47 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657,1203600 This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:179-1 Released: Thu Jan 26 21:54:30 2023 Summary: Recommended update for tar Type: recommended Severity: low References: 1202436 This update for tar fixes the following issue: - Fix hang when unpacking test tarball (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libsasl2-3-2.1.28-150500.1.1 updated - libgcrypt20-1.9.4-150500.10.11 updated - libgcrypt20-hmac-1.9.4-150500.10.11 updated - libjitterentropy3-3.4.0-150000.1.9.1 updated - libsystemd0-249.15-150400.8.22.1 updated - libopenssl1_1-1.1.1l-150500.13.2 updated - libopenssl1_1-hmac-1.1.1l-150500.13.2 updated - sles-release-15.5-150500.35.2 updated - tar-1.34-150000.3.31.1 added - gzip-1.10-150200.10.1 added - containerized-data-importer-api-1.55.0-150500.3.13 updated - container:sles15-image-15.0.0-34.4 updated From sle-updates at lists.suse.com Thu Mar 16 08:03:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 09:03:39 +0100 (CET) Subject: SUSE-CU-2023:676-1: Security update of suse/sles/15.5/cdi-cloner Message-ID: <20230316080339.823F4F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-cloner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:676-1 Container Tags : suse/sles/15.5/cdi-cloner:1.55.0 , suse/sles/15.5/cdi-cloner:1.55.0-150500.3.13 , suse/sles/15.5/cdi-cloner:1.55.0.17.169 Container Release : 17.169 Severity : important Type : security References : 1177047 1180713 1186642 1198062 1198922 1202436 1207753 1207789 CVE-2022-1271 CVE-2022-48303 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-cloner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3791-1 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1935-1 Released: Thu Jun 10 10:45:09 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1186642 This update for gzip fixes the following issue: - gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libsasl2-3-2.1.28-150500.1.1 updated - libgcrypt20-1.9.4-150500.10.11 updated - libgcrypt20-hmac-1.9.4-150500.10.11 updated - libjitterentropy3-3.4.0-150000.1.9.1 updated - libsystemd0-249.15-150400.8.22.1 updated - libopenssl1_1-1.1.1l-150500.13.2 updated - libopenssl1_1-hmac-1.1.1l-150500.13.2 updated - sles-release-15.5-150500.35.2 updated - tar-1.34-150000.3.31.1 updated - gzip-1.10-150200.10.1 added - containerized-data-importer-cloner-1.55.0-150500.3.13 updated - container:sles15-image-15.0.0-34.4 updated From sle-updates at lists.suse.com Thu Mar 16 08:03:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 09:03:41 +0100 (CET) Subject: SUSE-CU-2023:677-1: Security update of suse/sles/15.5/cdi-controller Message-ID: <20230316080341.A537CF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:677-1 Container Tags : suse/sles/15.5/cdi-controller:1.55.0 , suse/sles/15.5/cdi-controller:1.55.0-150500.3.13 , suse/sles/15.5/cdi-controller:1.55.0.17.170 Container Release : 17.170 Severity : important Type : security References : 1029961 1120610 1120610 1130496 1130496 1177047 1180713 1181131 1181131 1184124 1186642 1198062 1198922 1200657 1200657 1202436 1202436 1202436 1203600 1207753 1207789 CVE-2018-20482 CVE-2018-20482 CVE-2019-9923 CVE-2019-9923 CVE-2021-20193 CVE-2021-20193 CVE-2022-1271 CVE-2022-48303 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:926-1 Released: Wed Apr 10 16:33:12 2019 Summary: Security update for tar Type: security Severity: moderate References: 1120610,1130496,CVE-2018-20482,CVE-2019-9923 This update for tar fixes the following issues: Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3791-1 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:974-1 Released: Mon Mar 29 19:31:27 2021 Summary: Security update for tar Type: security Severity: low References: 1181131,CVE-2021-20193 This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1935-1 Released: Thu Jun 10 10:45:09 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1186642 This update for gzip fixes the following issue: - gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2193-1 Released: Mon Jun 28 18:38:43 2021 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1184124 This update for tar fixes the following issues: - Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1548-1 Released: Thu May 5 16:45:28 2022 Summary: Security update for tar Type: security Severity: moderate References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2735-1 Released: Wed Aug 10 04:31:41 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657 This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2844-1 Released: Thu Aug 18 14:41:25 2022 Summary: Recommended update for tar Type: recommended Severity: important References: 1202436 This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4312-1 Released: Fri Dec 2 11:16:47 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657,1203600 This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:179-1 Released: Thu Jan 26 21:54:30 2023 Summary: Recommended update for tar Type: recommended Severity: low References: 1202436 This update for tar fixes the following issue: - Fix hang when unpacking test tarball (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libsasl2-3-2.1.28-150500.1.1 updated - libgcrypt20-1.9.4-150500.10.11 updated - libgcrypt20-hmac-1.9.4-150500.10.11 updated - libjitterentropy3-3.4.0-150000.1.9.1 updated - libsystemd0-249.15-150400.8.22.1 updated - libopenssl1_1-1.1.1l-150500.13.2 updated - libopenssl1_1-hmac-1.1.1l-150500.13.2 updated - sles-release-15.5-150500.35.2 updated - tar-1.34-150000.3.31.1 added - gzip-1.10-150200.10.1 added - containerized-data-importer-controller-1.55.0-150500.3.13 updated - container:sles15-image-15.0.0-34.4 updated From sle-updates at lists.suse.com Thu Mar 16 08:03:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 09:03:43 +0100 (CET) Subject: SUSE-CU-2023:678-1: Security update of suse/sles/15.5/cdi-importer Message-ID: <20230316080343.C5C36F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-importer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:678-1 Container Tags : suse/sles/15.5/cdi-importer:1.55.0 , suse/sles/15.5/cdi-importer:1.55.0-150500.3.13 , suse/sles/15.5/cdi-importer:1.55.0.17.222 Container Release : 17.222 Severity : important Type : security References : 1177047 1180713 1186642 1198062 1198922 1202436 1205244 1207183 1207753 1207789 1208143 1208146 1208443 CVE-2022-1271 CVE-2022-45061 CVE-2022-48303 CVE-2023-0361 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-importer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3791-1 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1935-1 Released: Thu Jun 10 10:45:09 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1186642 This update for gzip fixes the following issue: - gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:475-1 Released: Wed Feb 22 10:49:14 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1207183,1208143,1208146,CVE-2023-0361 This update for gnutls fixes the following issues: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143). - FIPS: Make the jitterentropy calls thread-safe (bsc#1208146). - FIPS: GnuTLS DH/ECDH PCT public key regeneration (bsc#1207183). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:549-1 Released: Mon Feb 27 17:35:07 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1205244,1208443,CVE-2022-45061 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libudev1-249.15-150400.8.22.1 updated - libsasl2-3-2.1.28-150500.1.1 updated - libgcrypt20-1.9.4-150500.10.11 updated - libgcrypt20-hmac-1.9.4-150500.10.11 updated - libjitterentropy3-3.4.0-150000.1.9.1 updated - libsystemd0-249.15-150400.8.22.1 updated - libopenssl1_1-1.1.1l-150500.13.2 updated - libopenssl1_1-hmac-1.1.1l-150500.13.2 updated - sles-release-15.5-150500.35.2 updated - tar-1.34-150000.3.31.1 updated - gzip-1.10-150200.10.1 added - libnettle8-3.8.1-150500.2.17 updated - qemu-block-curl-7.1.0-150500.46.2 updated - systemd-presets-common-SUSE-15-150500.18.1 updated - libpython3_6m1_0-3.6.15-150300.10.40.1 updated - python3-base-3.6.15-150300.10.40.1 updated - libhogweed6-3.8.1-150500.2.17 updated - libgnutls30-3.7.3-150400.4.27.1 updated - libgnutls30-hmac-3.7.3-150400.4.27.1 updated - systemd-249.15-150400.8.22.1 updated - qemu-tools-7.1.0-150500.46.2 updated - containerized-data-importer-importer-1.55.0-150500.3.13 updated - container:sles15-image-15.0.0-34.4 updated From sle-updates at lists.suse.com Thu Mar 16 08:03:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 09:03:45 +0100 (CET) Subject: SUSE-CU-2023:679-1: Security update of suse/sles/15.5/cdi-operator Message-ID: <20230316080345.E32DEF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:679-1 Container Tags : suse/sles/15.5/cdi-operator:1.55.0 , suse/sles/15.5/cdi-operator:1.55.0-150500.3.13 , suse/sles/15.5/cdi-operator:1.55.0.17.170 Container Release : 17.170 Severity : important Type : security References : 1029961 1120610 1120610 1130496 1130496 1177047 1180713 1181131 1181131 1184124 1186642 1198062 1198922 1200657 1200657 1202436 1202436 1202436 1203600 1207753 1207789 CVE-2018-20482 CVE-2018-20482 CVE-2019-9923 CVE-2019-9923 CVE-2021-20193 CVE-2021-20193 CVE-2022-1271 CVE-2022-48303 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:926-1 Released: Wed Apr 10 16:33:12 2019 Summary: Security update for tar Type: security Severity: moderate References: 1120610,1130496,CVE-2018-20482,CVE-2019-9923 This update for tar fixes the following issues: Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3791-1 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:974-1 Released: Mon Mar 29 19:31:27 2021 Summary: Security update for tar Type: security Severity: low References: 1181131,CVE-2021-20193 This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1935-1 Released: Thu Jun 10 10:45:09 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1186642 This update for gzip fixes the following issue: - gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2193-1 Released: Mon Jun 28 18:38:43 2021 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1184124 This update for tar fixes the following issues: - Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1548-1 Released: Thu May 5 16:45:28 2022 Summary: Security update for tar Type: security Severity: moderate References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2735-1 Released: Wed Aug 10 04:31:41 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657 This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2844-1 Released: Thu Aug 18 14:41:25 2022 Summary: Recommended update for tar Type: recommended Severity: important References: 1202436 This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4312-1 Released: Fri Dec 2 11:16:47 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657,1203600 This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:179-1 Released: Thu Jan 26 21:54:30 2023 Summary: Recommended update for tar Type: recommended Severity: low References: 1202436 This update for tar fixes the following issue: - Fix hang when unpacking test tarball (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libsasl2-3-2.1.28-150500.1.1 updated - libgcrypt20-1.9.4-150500.10.11 updated - libgcrypt20-hmac-1.9.4-150500.10.11 updated - libjitterentropy3-3.4.0-150000.1.9.1 updated - libsystemd0-249.15-150400.8.22.1 updated - libopenssl1_1-1.1.1l-150500.13.2 updated - libopenssl1_1-hmac-1.1.1l-150500.13.2 updated - sles-release-15.5-150500.35.2 updated - tar-1.34-150000.3.31.1 added - gzip-1.10-150200.10.1 added - containerized-data-importer-operator-1.55.0-150500.3.13 updated - container:sles15-image-15.0.0-34.4 updated From sle-updates at lists.suse.com Thu Mar 16 08:03:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 09:03:48 +0100 (CET) Subject: SUSE-CU-2023:680-1: Security update of suse/sles/15.5/cdi-uploadproxy Message-ID: <20230316080348.17DE0F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-uploadproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:680-1 Container Tags : suse/sles/15.5/cdi-uploadproxy:1.55.0 , suse/sles/15.5/cdi-uploadproxy:1.55.0-150500.3.13 , suse/sles/15.5/cdi-uploadproxy:1.55.0.17.170 Container Release : 17.170 Severity : important Type : security References : 1029961 1120610 1120610 1130496 1130496 1177047 1180713 1181131 1181131 1184124 1186642 1198062 1198922 1200657 1200657 1202436 1202436 1202436 1203600 1207753 1207789 CVE-2018-20482 CVE-2018-20482 CVE-2019-9923 CVE-2019-9923 CVE-2021-20193 CVE-2021-20193 CVE-2022-1271 CVE-2022-48303 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-uploadproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:926-1 Released: Wed Apr 10 16:33:12 2019 Summary: Security update for tar Type: security Severity: moderate References: 1120610,1130496,CVE-2018-20482,CVE-2019-9923 This update for tar fixes the following issues: Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3791-1 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:974-1 Released: Mon Mar 29 19:31:27 2021 Summary: Security update for tar Type: security Severity: low References: 1181131,CVE-2021-20193 This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1935-1 Released: Thu Jun 10 10:45:09 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1186642 This update for gzip fixes the following issue: - gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2193-1 Released: Mon Jun 28 18:38:43 2021 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1184124 This update for tar fixes the following issues: - Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1548-1 Released: Thu May 5 16:45:28 2022 Summary: Security update for tar Type: security Severity: moderate References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2735-1 Released: Wed Aug 10 04:31:41 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657 This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2844-1 Released: Thu Aug 18 14:41:25 2022 Summary: Recommended update for tar Type: recommended Severity: important References: 1202436 This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4312-1 Released: Fri Dec 2 11:16:47 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657,1203600 This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:179-1 Released: Thu Jan 26 21:54:30 2023 Summary: Recommended update for tar Type: recommended Severity: low References: 1202436 This update for tar fixes the following issue: - Fix hang when unpacking test tarball (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libsasl2-3-2.1.28-150500.1.1 updated - libgcrypt20-1.9.4-150500.10.11 updated - libgcrypt20-hmac-1.9.4-150500.10.11 updated - libjitterentropy3-3.4.0-150000.1.9.1 updated - libsystemd0-249.15-150400.8.22.1 updated - libopenssl1_1-1.1.1l-150500.13.2 updated - libopenssl1_1-hmac-1.1.1l-150500.13.2 updated - sles-release-15.5-150500.35.2 updated - tar-1.34-150000.3.31.1 added - gzip-1.10-150200.10.1 added - containerized-data-importer-uploadproxy-1.55.0-150500.3.13 updated - container:sles15-image-15.0.0-34.4 updated From sle-updates at lists.suse.com Thu Mar 16 08:03:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 09:03:50 +0100 (CET) Subject: SUSE-CU-2023:681-1: Security update of suse/sles/15.5/cdi-uploadserver Message-ID: <20230316080350.519ACF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-uploadserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:681-1 Container Tags : suse/sles/15.5/cdi-uploadserver:1.55.0 , suse/sles/15.5/cdi-uploadserver:1.55.0-150500.3.13 , suse/sles/15.5/cdi-uploadserver:1.55.0.17.221 Container Release : 17.221 Severity : important Type : security References : 1177047 1180713 1186642 1198062 1198922 1202436 1205244 1207183 1207753 1207789 1208143 1208146 1208443 CVE-2022-1271 CVE-2022-45061 CVE-2022-48303 CVE-2023-0361 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-uploadserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3791-1 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1935-1 Released: Thu Jun 10 10:45:09 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1186642 This update for gzip fixes the following issue: - gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:475-1 Released: Wed Feb 22 10:49:14 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1207183,1208143,1208146,CVE-2023-0361 This update for gnutls fixes the following issues: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143). - FIPS: Make the jitterentropy calls thread-safe (bsc#1208146). - FIPS: GnuTLS DH/ECDH PCT public key regeneration (bsc#1207183). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:549-1 Released: Mon Feb 27 17:35:07 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1205244,1208443,CVE-2022-45061 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libudev1-249.15-150400.8.22.1 updated - libsasl2-3-2.1.28-150500.1.1 updated - libgcrypt20-1.9.4-150500.10.11 updated - libgcrypt20-hmac-1.9.4-150500.10.11 updated - libjitterentropy3-3.4.0-150000.1.9.1 updated - libsystemd0-249.15-150400.8.22.1 updated - libopenssl1_1-1.1.1l-150500.13.2 updated - libopenssl1_1-hmac-1.1.1l-150500.13.2 updated - sles-release-15.5-150500.35.2 updated - tar-1.34-150000.3.31.1 updated - gzip-1.10-150200.10.1 added - libnettle8-3.8.1-150500.2.17 updated - libpython3_6m1_0-3.6.15-150300.10.40.1 updated - python3-base-3.6.15-150300.10.40.1 updated - libhogweed6-3.8.1-150500.2.17 updated - libgnutls30-3.7.3-150400.4.27.1 updated - libgnutls30-hmac-3.7.3-150400.4.27.1 updated - qemu-tools-7.1.0-150500.46.2 updated - containerized-data-importer-uploadserver-1.55.0-150500.3.13 updated - container:sles15-image-15.0.0-34.4 updated From sle-updates at lists.suse.com Thu Mar 16 08:03:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 09:03:54 +0100 (CET) Subject: SUSE-CU-2023:682-1: Security update of suse/sles/15.5/virt-api Message-ID: <20230316080354.35468F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:682-1 Container Tags : suse/sles/15.5/virt-api:0.58.0 , suse/sles/15.5/virt-api:0.58.0-150500.4.15 , suse/sles/15.5/virt-api:0.58.0.17.199 Container Release : 17.199 Severity : important Type : security References : 1029961 1120610 1120610 1130496 1130496 1177047 1180713 1181131 1181131 1184124 1186642 1198062 1198922 1200657 1200657 1202436 1202436 1202436 1203600 1207753 1207789 CVE-2018-20482 CVE-2018-20482 CVE-2019-9923 CVE-2019-9923 CVE-2021-20193 CVE-2021-20193 CVE-2022-1271 CVE-2022-48303 ----------------------------------------------------------------- The container suse/sles/15.5/virt-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:926-1 Released: Wed Apr 10 16:33:12 2019 Summary: Security update for tar Type: security Severity: moderate References: 1120610,1130496,CVE-2018-20482,CVE-2019-9923 This update for tar fixes the following issues: Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3791-1 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:974-1 Released: Mon Mar 29 19:31:27 2021 Summary: Security update for tar Type: security Severity: low References: 1181131,CVE-2021-20193 This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1935-1 Released: Thu Jun 10 10:45:09 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1186642 This update for gzip fixes the following issue: - gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2193-1 Released: Mon Jun 28 18:38:43 2021 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1184124 This update for tar fixes the following issues: - Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1548-1 Released: Thu May 5 16:45:28 2022 Summary: Security update for tar Type: security Severity: moderate References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2735-1 Released: Wed Aug 10 04:31:41 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657 This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2844-1 Released: Thu Aug 18 14:41:25 2022 Summary: Recommended update for tar Type: recommended Severity: important References: 1202436 This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4312-1 Released: Fri Dec 2 11:16:47 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657,1203600 This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:179-1 Released: Thu Jan 26 21:54:30 2023 Summary: Recommended update for tar Type: recommended Severity: low References: 1202436 This update for tar fixes the following issue: - Fix hang when unpacking test tarball (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libsasl2-3-2.1.28-150500.1.1 updated - libgcrypt20-1.9.4-150500.10.11 updated - libgcrypt20-hmac-1.9.4-150500.10.11 updated - libjitterentropy3-3.4.0-150000.1.9.1 updated - libsystemd0-249.15-150400.8.22.1 updated - libopenssl1_1-1.1.1l-150500.13.2 updated - libopenssl1_1-hmac-1.1.1l-150500.13.2 updated - sles-release-15.5-150500.35.2 updated - tar-1.34-150000.3.31.1 added - gzip-1.10-150200.10.1 added - kubevirt-virt-api-0.58.0-150500.4.15 updated - container:sles15-image-15.0.0-34.4 updated From sle-updates at lists.suse.com Thu Mar 16 08:03:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 09:03:56 +0100 (CET) Subject: SUSE-CU-2023:683-1: Security update of suse/sles/15.5/virt-controller Message-ID: <20230316080356.62C9FF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:683-1 Container Tags : suse/sles/15.5/virt-controller:0.58.0 , suse/sles/15.5/virt-controller:0.58.0-150500.4.15 , suse/sles/15.5/virt-controller:0.58.0.17.199 Container Release : 17.199 Severity : important Type : security References : 1029961 1120610 1120610 1130496 1130496 1177047 1180713 1181131 1181131 1184124 1186642 1198062 1198922 1200657 1200657 1202436 1202436 1202436 1203600 1207753 1207789 CVE-2018-20482 CVE-2018-20482 CVE-2019-9923 CVE-2019-9923 CVE-2021-20193 CVE-2021-20193 CVE-2022-1271 CVE-2022-48303 ----------------------------------------------------------------- The container suse/sles/15.5/virt-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:926-1 Released: Wed Apr 10 16:33:12 2019 Summary: Security update for tar Type: security Severity: moderate References: 1120610,1130496,CVE-2018-20482,CVE-2019-9923 This update for tar fixes the following issues: Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3791-1 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:974-1 Released: Mon Mar 29 19:31:27 2021 Summary: Security update for tar Type: security Severity: low References: 1181131,CVE-2021-20193 This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1935-1 Released: Thu Jun 10 10:45:09 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1186642 This update for gzip fixes the following issue: - gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2193-1 Released: Mon Jun 28 18:38:43 2021 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1184124 This update for tar fixes the following issues: - Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1548-1 Released: Thu May 5 16:45:28 2022 Summary: Security update for tar Type: security Severity: moderate References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2735-1 Released: Wed Aug 10 04:31:41 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657 This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2844-1 Released: Thu Aug 18 14:41:25 2022 Summary: Recommended update for tar Type: recommended Severity: important References: 1202436 This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4312-1 Released: Fri Dec 2 11:16:47 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657,1203600 This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:179-1 Released: Thu Jan 26 21:54:30 2023 Summary: Recommended update for tar Type: recommended Severity: low References: 1202436 This update for tar fixes the following issue: - Fix hang when unpacking test tarball (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libsasl2-3-2.1.28-150500.1.1 updated - libgcrypt20-1.9.4-150500.10.11 updated - libgcrypt20-hmac-1.9.4-150500.10.11 updated - libjitterentropy3-3.4.0-150000.1.9.1 updated - libsystemd0-249.15-150400.8.22.1 updated - libopenssl1_1-1.1.1l-150500.13.2 updated - libopenssl1_1-hmac-1.1.1l-150500.13.2 updated - sles-release-15.5-150500.35.2 updated - tar-1.34-150000.3.31.1 added - gzip-1.10-150200.10.1 added - kubevirt-virt-controller-0.58.0-150500.4.15 updated - container:sles15-image-15.0.0-34.4 updated From sle-updates at lists.suse.com Thu Mar 16 08:03:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 09:03:58 +0100 (CET) Subject: SUSE-CU-2023:684-1: Security update of suse/sles/15.5/virt-exportproxy Message-ID: <20230316080358.7D98AF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-exportproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:684-1 Container Tags : suse/sles/15.5/virt-exportproxy:0.58.0 , suse/sles/15.5/virt-exportproxy:0.58.0-150500.4.15 , suse/sles/15.5/virt-exportproxy:0.58.0.1.197 Container Release : 1.197 Severity : important Type : security References : 1029961 1120610 1120610 1130496 1130496 1177047 1180713 1181131 1181131 1184124 1186642 1198062 1198922 1200657 1200657 1202436 1202436 1202436 1203600 1207753 1207789 CVE-2018-20482 CVE-2018-20482 CVE-2019-9923 CVE-2019-9923 CVE-2021-20193 CVE-2021-20193 CVE-2022-1271 CVE-2022-48303 ----------------------------------------------------------------- The container suse/sles/15.5/virt-exportproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:926-1 Released: Wed Apr 10 16:33:12 2019 Summary: Security update for tar Type: security Severity: moderate References: 1120610,1130496,CVE-2018-20482,CVE-2019-9923 This update for tar fixes the following issues: Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3791-1 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:974-1 Released: Mon Mar 29 19:31:27 2021 Summary: Security update for tar Type: security Severity: low References: 1181131,CVE-2021-20193 This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1935-1 Released: Thu Jun 10 10:45:09 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1186642 This update for gzip fixes the following issue: - gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2193-1 Released: Mon Jun 28 18:38:43 2021 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1184124 This update for tar fixes the following issues: - Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1548-1 Released: Thu May 5 16:45:28 2022 Summary: Security update for tar Type: security Severity: moderate References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2735-1 Released: Wed Aug 10 04:31:41 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657 This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2844-1 Released: Thu Aug 18 14:41:25 2022 Summary: Recommended update for tar Type: recommended Severity: important References: 1202436 This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4312-1 Released: Fri Dec 2 11:16:47 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657,1203600 This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:179-1 Released: Thu Jan 26 21:54:30 2023 Summary: Recommended update for tar Type: recommended Severity: low References: 1202436 This update for tar fixes the following issue: - Fix hang when unpacking test tarball (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libsasl2-3-2.1.28-150500.1.1 updated - libgcrypt20-1.9.4-150500.10.11 updated - libgcrypt20-hmac-1.9.4-150500.10.11 updated - libjitterentropy3-3.4.0-150000.1.9.1 updated - libsystemd0-249.15-150400.8.22.1 updated - libopenssl1_1-1.1.1l-150500.13.2 updated - libopenssl1_1-hmac-1.1.1l-150500.13.2 updated - sles-release-15.5-150500.35.2 updated - tar-1.34-150000.3.31.1 added - gzip-1.10-150200.10.1 added - kubevirt-virt-exportproxy-0.58.0-150500.4.15 updated - container:sles15-image-15.0.0-34.4 updated From sle-updates at lists.suse.com Thu Mar 16 08:04:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 09:04:00 +0100 (CET) Subject: SUSE-CU-2023:685-1: Security update of suse/sles/15.5/virt-exportserver Message-ID: <20230316080400.B1817F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-exportserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:685-1 Container Tags : suse/sles/15.5/virt-exportserver:0.58.0 , suse/sles/15.5/virt-exportserver:0.58.0-150500.4.15 , suse/sles/15.5/virt-exportserver:0.58.0.1.197 Container Release : 1.197 Severity : important Type : security References : 1177047 1180713 1186642 1198062 1198922 1202436 1207753 1207789 CVE-2022-1271 CVE-2022-48303 ----------------------------------------------------------------- The container suse/sles/15.5/virt-exportserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3791-1 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1935-1 Released: Thu Jun 10 10:45:09 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1186642 This update for gzip fixes the following issue: - gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libsasl2-3-2.1.28-150500.1.1 updated - libgcrypt20-1.9.4-150500.10.11 updated - libgcrypt20-hmac-1.9.4-150500.10.11 updated - libjitterentropy3-3.4.0-150000.1.9.1 updated - libsystemd0-249.15-150400.8.22.1 updated - libopenssl1_1-1.1.1l-150500.13.2 updated - libopenssl1_1-hmac-1.1.1l-150500.13.2 updated - sles-release-15.5-150500.35.2 updated - tar-1.34-150000.3.31.1 updated - gzip-1.10-150200.10.1 added - kubevirt-virt-exportserver-0.58.0-150500.4.15 updated - container:sles15-image-15.0.0-34.4 updated From sle-updates at lists.suse.com Thu Mar 16 08:04:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 09:04:03 +0100 (CET) Subject: SUSE-CU-2023:686-1: Security update of suse/sles/15.5/virt-handler Message-ID: <20230316080403.1D917F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:686-1 Container Tags : suse/sles/15.5/virt-handler:0.58.0 , suse/sles/15.5/virt-handler:0.58.0-150500.4.15 , suse/sles/15.5/virt-handler:0.58.0.18.251 Container Release : 18.251 Severity : important Type : security References : 1177047 1180713 1186642 1198062 1198922 1202436 1205244 1207183 1207753 1207789 1208143 1208146 1208443 CVE-2022-1271 CVE-2022-45061 CVE-2022-48303 CVE-2023-0361 ----------------------------------------------------------------- The container suse/sles/15.5/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3791-1 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1935-1 Released: Thu Jun 10 10:45:09 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1186642 This update for gzip fixes the following issue: - gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:475-1 Released: Wed Feb 22 10:49:14 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1207183,1208143,1208146,CVE-2023-0361 This update for gnutls fixes the following issues: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143). - FIPS: Make the jitterentropy calls thread-safe (bsc#1208146). - FIPS: GnuTLS DH/ECDH PCT public key regeneration (bsc#1207183). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:549-1 Released: Mon Feb 27 17:35:07 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1205244,1208443,CVE-2022-45061 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libudev1-249.15-150400.8.22.1 updated - libsasl2-3-2.1.28-150500.1.1 updated - libgcrypt20-1.9.4-150500.10.11 updated - libgcrypt20-hmac-1.9.4-150500.10.11 updated - libjitterentropy3-3.4.0-150000.1.9.1 updated - libsystemd0-249.15-150400.8.22.1 updated - libopenssl1_1-1.1.1l-150500.13.2 updated - libopenssl1_1-hmac-1.1.1l-150500.13.2 updated - sles-release-15.5-150500.35.2 updated - tar-1.34-150000.3.31.1 updated - gzip-1.10-150200.10.1 added - kubevirt-container-disk-0.58.0-150500.4.15 updated - kubevirt-virt-handler-0.58.0-150500.4.15 updated - libnettle8-3.8.1-150500.2.17 updated - systemd-presets-common-SUSE-15-150500.18.1 updated - libpython3_6m1_0-3.6.15-150300.10.40.1 updated - python3-base-3.6.15-150300.10.40.1 updated - libhogweed6-3.8.1-150500.2.17 updated - libgnutls30-3.7.3-150400.4.27.1 updated - libgnutls30-hmac-3.7.3-150400.4.27.1 updated - systemd-249.15-150400.8.22.1 updated - qemu-tools-7.1.0-150500.46.2 updated - container:sles15-image-15.0.0-34.4 updated From sle-updates at lists.suse.com Thu Mar 16 08:04:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 09:04:05 +0100 (CET) Subject: SUSE-CU-2023:687-1: Security update of suse/sles/15.5/virt-launcher Message-ID: <20230316080405.84333F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:687-1 Container Tags : suse/sles/15.5/virt-launcher:0.58.0 , suse/sles/15.5/virt-launcher:0.58.0-150500.4.15 , suse/sles/15.5/virt-launcher:0.58.0.20.94 Container Release : 20.94 Severity : moderate Type : security References : 1202436 1205244 1207183 1207753 1207789 1208143 1208146 1208443 CVE-2022-45061 CVE-2022-48303 CVE-2023-0361 ----------------------------------------------------------------- The container suse/sles/15.5/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:475-1 Released: Wed Feb 22 10:49:14 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1207183,1208143,1208146,CVE-2023-0361 This update for gnutls fixes the following issues: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143). - FIPS: Make the jitterentropy calls thread-safe (bsc#1208146). - FIPS: GnuTLS DH/ECDH PCT public key regeneration (bsc#1207183). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:549-1 Released: Mon Feb 27 17:35:07 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1205244,1208443,CVE-2022-45061 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libudev1-249.15-150400.8.22.1 updated - libsasl2-3-2.1.28-150500.1.1 updated - libgcrypt20-1.9.4-150500.10.11 updated - libgcrypt20-hmac-1.9.4-150500.10.11 updated - libjitterentropy3-3.4.0-150000.1.9.1 updated - libsystemd0-249.15-150400.8.22.1 updated - libopenssl1_1-1.1.1l-150500.13.2 updated - libopenssl1_1-hmac-1.1.1l-150500.13.2 updated - sles-release-15.5-150500.35.2 updated - tar-1.34-150000.3.31.1 updated - kubevirt-container-disk-0.58.0-150500.4.15 updated - libnettle8-3.8.1-150500.2.17 updated - qemu-accel-tcg-x86-7.1.0-150500.46.2 updated - qemu-ipxe-1.0.0+-150500.46.2 updated - qemu-seabios-1.16.0_0_gd239552-150500.46.2 updated - qemu-sgabios-8-150500.46.2 updated - qemu-vgabios-1.16.0_0_gd239552-150500.46.2 updated - systemd-presets-common-SUSE-15-150500.18.1 updated - libpython3_6m1_0-3.6.15-150300.10.40.1 updated - python3-base-3.6.15-150300.10.40.1 updated - python3-3.6.15-150300.10.40.1 updated - cyrus-sasl-2.1.28-150500.1.1 updated - libndctl6-75-150500.2.1 updated - libhogweed6-3.8.1-150500.2.17 updated - qemu-hw-usb-redirect-7.1.0-150500.46.2 updated - cyrus-sasl-digestmd5-2.1.28-150500.1.1 updated - libgnutls30-3.7.3-150400.4.27.1 updated - libgnutls30-hmac-3.7.3-150400.4.27.1 updated - xen-libs-4.17.0_04-150500.1.5 updated - systemd-249.15-150400.8.22.1 updated - gnutls-3.7.3-150400.4.27.1 updated - qemu-tools-7.1.0-150500.46.2 updated - udev-249.15-150400.8.22.1 updated - systemd-container-249.15-150400.8.22.1 updated - libvirt-libs-9.0.0-150500.3.1 updated - libvirt-client-9.0.0-150500.3.1 updated - kubevirt-virt-launcher-0.58.0-150500.4.15 updated - qemu-x86-7.1.0-150500.46.2 updated - qemu-7.1.0-150500.46.2 updated - libvirt-daemon-9.0.0-150500.3.1 updated - libvirt-daemon-driver-qemu-9.0.0-150500.3.1 updated - container:sles15-image-15.0.0-34.4 updated From sle-updates at lists.suse.com Thu Mar 16 08:04:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 09:04:08 +0100 (CET) Subject: SUSE-CU-2023:688-1: Security update of suse/sles/15.5/libguestfs-tools Message-ID: <20230316080408.0B493F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:688-1 Container Tags : suse/sles/15.5/libguestfs-tools:0.58.0 , suse/sles/15.5/libguestfs-tools:0.58.0-150500.4.15 , suse/sles/15.5/libguestfs-tools:0.58.0.17.187 Container Release : 17.187 Severity : important Type : security References : 1202436 1205244 1207183 1207753 1207789 1208143 1208146 1208443 1208574 CVE-2021-30560 CVE-2022-45061 CVE-2022-48303 CVE-2023-0361 ----------------------------------------------------------------- The container suse/sles/15.5/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:475-1 Released: Wed Feb 22 10:49:14 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1207183,1208143,1208146,CVE-2023-0361 This update for gnutls fixes the following issues: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143). - FIPS: Make the jitterentropy calls thread-safe (bsc#1208146). - FIPS: GnuTLS DH/ECDH PCT public key regeneration (bsc#1207183). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:549-1 Released: Mon Feb 27 17:35:07 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1205244,1208443,CVE-2022-45061 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:557-1 Released: Tue Feb 28 09:29:15 2023 Summary: Security update for libxslt Type: security Severity: important References: 1208574,CVE-2021-30560 This update for libxslt fixes the following issues: - CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libudev1-249.15-150400.8.22.1 updated - libsasl2-3-2.1.28-150500.1.1 updated - libgcrypt20-1.9.4-150500.10.11 updated - libgcrypt20-hmac-1.9.4-150500.10.11 updated - libjitterentropy3-3.4.0-150000.1.9.1 updated - libsystemd0-249.15-150400.8.22.1 updated - libopenssl1_1-1.1.1l-150500.13.2 updated - libopenssl1_1-hmac-1.1.1l-150500.13.2 updated - sles-release-15.5-150500.35.2 updated - tar-1.34-150000.3.31.1 updated - btrfsprogs-udev-rules-5.14-150500.8.17 updated - libnettle8-3.8.1-150500.2.17 updated - libxslt1-1.1.34-150400.3.3.1 updated - mdadm-4.2-150500.2.3 updated - qemu-accel-tcg-x86-7.1.0-150500.46.2 updated - qemu-ipxe-1.0.0+-150500.46.2 updated - qemu-seabios-1.16.0_0_gd239552-150500.46.2 updated - qemu-sgabios-8-150500.46.2 updated - qemu-vgabios-1.16.0_0_gd239552-150500.46.2 updated - systemd-presets-common-SUSE-15-150500.18.1 updated - python3-base-3.6.15-150300.10.40.1 updated - libpython3_6m1_0-3.6.15-150300.10.40.1 updated - cyrus-sasl-2.1.28-150500.1.1 updated - libndctl6-75-150500.2.1 updated - libhogweed6-3.8.1-150500.2.17 updated - btrfsprogs-5.14-150500.8.17 updated - cyrus-sasl-digestmd5-2.1.28-150500.1.1 updated - libgnutls30-3.7.3-150400.4.27.1 updated - libgnutls30-hmac-3.7.3-150400.4.27.1 updated - xen-libs-4.17.0_04-150500.1.5 updated - systemd-249.15-150400.8.22.1 updated - qemu-tools-7.1.0-150500.46.2 updated - systemd-sysvinit-249.15-150400.8.22.1 updated - libvirt-libs-9.0.0-150500.3.1 updated - dracut-mkinitrd-deprecated-055+suse.345.g8b8708cb-150500.1.9 updated - udev-249.15-150400.8.22.1 updated - dracut-055+suse.345.g8b8708cb-150500.1.9 updated - kernel-kvmsmall-5.14.21-150500.44.2 updated - dracut-fips-055+suse.345.g8b8708cb-150500.1.9 updated - qemu-x86-7.1.0-150500.46.2 updated - qemu-7.1.0-150500.46.2 updated - libguestfs0-1.48.4-150500.1.5 updated - libguestfs-1.48.4-150500.1.5 updated - libguestfs-devel-1.48.4-150500.1.5 updated - container:sles15-image-15.0.0-34.4 updated From sle-updates at lists.suse.com Thu Mar 16 08:04:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 09:04:10 +0100 (CET) Subject: SUSE-CU-2023:689-1: Security update of suse/sles/15.5/virt-operator Message-ID: <20230316080410.530F6F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:689-1 Container Tags : suse/sles/15.5/virt-operator:0.58.0 , suse/sles/15.5/virt-operator:0.58.0-150500.4.15 , suse/sles/15.5/virt-operator:0.58.0.17.199 Container Release : 17.199 Severity : important Type : security References : 1029961 1120610 1120610 1130496 1130496 1177047 1180713 1181131 1181131 1184124 1186642 1198062 1198922 1200657 1200657 1202436 1202436 1202436 1203600 1207753 1207789 CVE-2018-20482 CVE-2018-20482 CVE-2019-9923 CVE-2019-9923 CVE-2021-20193 CVE-2021-20193 CVE-2022-1271 CVE-2022-48303 ----------------------------------------------------------------- The container suse/sles/15.5/virt-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:926-1 Released: Wed Apr 10 16:33:12 2019 Summary: Security update for tar Type: security Severity: moderate References: 1120610,1130496,CVE-2018-20482,CVE-2019-9923 This update for tar fixes the following issues: Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3791-1 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:974-1 Released: Mon Mar 29 19:31:27 2021 Summary: Security update for tar Type: security Severity: low References: 1181131,CVE-2021-20193 This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1935-1 Released: Thu Jun 10 10:45:09 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1186642 This update for gzip fixes the following issue: - gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2193-1 Released: Mon Jun 28 18:38:43 2021 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1184124 This update for tar fixes the following issues: - Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1548-1 Released: Thu May 5 16:45:28 2022 Summary: Security update for tar Type: security Severity: moderate References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2735-1 Released: Wed Aug 10 04:31:41 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657 This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2844-1 Released: Thu Aug 18 14:41:25 2022 Summary: Recommended update for tar Type: recommended Severity: important References: 1202436 This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4312-1 Released: Fri Dec 2 11:16:47 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657,1203600 This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:179-1 Released: Thu Jan 26 21:54:30 2023 Summary: Recommended update for tar Type: recommended Severity: low References: 1202436 This update for tar fixes the following issue: - Fix hang when unpacking test tarball (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) The following package changes have been done: - libsasl2-3-2.1.28-150500.1.1 updated - libgcrypt20-1.9.4-150500.10.11 updated - libgcrypt20-hmac-1.9.4-150500.10.11 updated - libjitterentropy3-3.4.0-150000.1.9.1 updated - libsystemd0-249.15-150400.8.22.1 updated - libopenssl1_1-1.1.1l-150500.13.2 updated - libopenssl1_1-hmac-1.1.1l-150500.13.2 updated - sles-release-15.5-150500.35.2 updated - tar-1.34-150000.3.31.1 added - gzip-1.10-150200.10.1 added - kubevirt-virt-operator-0.58.0-150500.4.15 updated - container:sles15-image-15.0.0-34.4 updated From sle-updates at lists.suse.com Thu Mar 16 08:30:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 08:30:36 -0000 Subject: SUSE-SU-2023:0749-1: important: Security update for the Linux Kernel Message-ID: <167895543612.24647.17745901994426156712@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:0749-1 Rating: important References: * #1177529 * #1193629 * #1197534 * #1198438 * #1200054 * #1202633 * #1203331 * #1204363 * #1204993 * #1205544 * #1205846 * #1206103 * #1206232 * #1206935 * #1207051 * #1207270 * #1207560 * #1207845 * #1207846 * #1208212 * #1208420 * #1208449 * #1208534 * #1208541 * #1208542 * #1208570 * #1208607 * #1208628 * #1208700 * #1208741 * #1208759 * #1208776 * #1208784 * #1208787 * #1208816 * #1208837 * #1208843 Cross-References: * CVE-2022-3523 * CVE-2022-38096 * CVE-2023-0461 * CVE-2023-0597 * CVE-2023-1118 * CVE-2023-22995 * CVE-2023-22998 * CVE-2023-23000 * CVE-2023-23004 * CVE-2023-23559 * CVE-2023-25012 * CVE-2023-26545 CVSS scores: * CVE-2022-3523 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-3523 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38096 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38096 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0597 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-22995 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22995 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-22998 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-22998 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23000 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-23000 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23004 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2023-23004 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25012 ( SUSE ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25012 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-26545 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26545 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Real Time Module 15-SP4 An update that solves 12 vulnerabilities and has 25 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. * CVE-2022-3523: Fixed use after free related to device private page handling (bsc#1204363). * CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). * CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). * CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). * CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). * CVE-2023-22998: Fixed misinterpretation of the irtio_gpu_object_shmem_init() return value (bsc#1208776). * CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). * CVE-2023-23004: Fixed misinterpretation of the get_sg_table return value in arm/malidp_planes.c (bsc#1208843). * CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). * CVE-2023-25012: Fixed a use-After-Free in bigben_set_led() in hid (bsc#1207560). * CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). The following non-security bugs were fixed: * [xen] fix "direction" argument of iov_iter_kvec() (git-fixes). * acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes). * acpi: battery: Fix missing NUL-termination with large strings (git-fixes). * acpica: Drop port I/O validation for some regions (git-fixes). * acpica: nsrepair: handle cases without a return value correctly (git-fixes). * alsa: hda/ca0132: minor fix for allocation size (git-fixes). * alsa: hda/conexant: add a new hda codec SN6180 (git-fixes). * alsa: hda/realtek - fixed wrong gpio assigned (git-fixes). * alsa: hda: Do not unset preset when cleaning up codec (git-fixes). * alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes). * alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes). * applicom: Fix PCI device refcount leak in applicom_init() (git-fixes). * arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git- fixes). * arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes). * arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes). * arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git- fixes). * arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes). * arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes). * arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git- fixes). * arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git- fixes). * arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes). * arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes). * arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes). * arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git- fixes). * arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes). * arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes). * arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes). * arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes). * arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git- fixes). * arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes). * arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git- fixes). * arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git- fixes). * arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes). * arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes). * arm: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes). * arm: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes). * arm: bcm2835_defconfig: Enable the framebuffer (git-fixes). * arm: dts: am5748: keep usb4_tm disabled (git-fixes) * arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes). * arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes). * arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes). * arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes). * arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes). * arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes). * arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes). * arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git- fixes). * arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes) * arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes). * arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes) * arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes). * arm: dts: rockchip: add power-domains property to dp node on rk3288 (git- fixes). * arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes). * arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes) * arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes) * arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes). * arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes). * arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes) * arm: omap: remove debug-leds driver (git-fixes) * arm: remove some dead code (git-fixes) * arm: renumber bits related to _TIF_WORK_MASK (git-fixes) * arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes). * arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes) * arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes). * ascpi / x86: Add support for LPS0 callback handler (git-fixes). * asoc: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git- fixes). * asoc: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes). * asoc: adau7118: do not disable regulators on device unbind (git-fixes). * asoc: cs42l56: fix DT probe (git-fixes). * asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes). * asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes). * asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes). * asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes). * asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes). * asoc: rsnd: fixup #endif position (git-fixes). * asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes). * asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git- fixes). * asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git- fixes). * asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes). * auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git- fixes). * avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529). * backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes). * block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541). * bluetooth: L2CAP: Fix potential user-after-free (git-fixes). * bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes). * cifs: Check the lease context if we actually got a lease (bsc#1193629). * cifs: Convert struct fealist away from 1-element array (bsc#1193629). * cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes). * cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes). * cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629). * cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629). * cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes). * cifs: Fix warning and UAF when destroy the MR list (git-fixes). * cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629). * cifs: Replace remaining 1-element arrays (bsc#1193629). * cifs: Replace zero-length arrays with flexible-array members (bsc#1193629). * cifs: Use kstrtobool() instead of strtobool() (bsc#1193629). * cifs: do not try to use rdma offload on encrypted connections (bsc#1193629). * cifs: fix mount on old smb servers (boo#1206935). * cifs: get rid of dns resolve worker (bsc#1193629). * cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629). * cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git- fixes). * cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629). * cifs: match even the scope id for ipv6 addresses (bsc#1193629). * cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629). * cifs: prevent data race in smb2_reconnect() (bsc#1193629). * cifs: print last update time for interface list (bsc#1193629). * cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629). * cifs: return a single-use cfid if we did not get a lease (bsc#1193629). * cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629). * cifs: split out smb3_use_rdma_offload() helper (bsc#1193629). * cifs: update ip_addr for ses only for primary chan setup (bsc#1193629). * cifs: use tcon allocation functions even for dummy tcon (git-fixes). * cifs: use the least loaded channel for sending requests (bsc#1193629). * clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes). * clk: imx: avoid memory leak (git-fixes). * clk: mxl: Add option to override gate clks (git-fixes). * clk: mxl: Fix a clk entry by adding relevant flags (git-fixes). * clk: mxl: Remove redundant spinlocks (git-fixes). * clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git- fixes). * clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes). * clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes). * clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git- fixes). * clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes). * clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes). * clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes). * comedi: use menuconfig for main Comedi menu (git-fixes). * crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git- fixes). * crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes). * crypto: crypto4xx - Call dma_unmap_page when done (git-fixes). * crypto: essiv - Handle EBUSY correctly (git-fixes). * crypto: qat - fix out-of-bounds read (git-fixes). * crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes). * crypto: seqiv - Handle EBUSY correctly (git-fixes). * crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes). * crypto: xts - Handle EBUSY correctly (git-fixes). * dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes). * dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes). * dmaengine: dw-edma: Drop chancnt initialization (git-fixes). * dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes). * dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git- fixes). * dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes). * dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes). * dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git- fixes). * docs: ftrace: fix a issue with duplicated subtitle number (git-fixes). * docs: gdbmacros: print newest record (git-fixes). * documentation: simplify and clarify DCO contribution example language (git- fixes). * driver core: fix potential null-ptr-deref in device_add() (git-fixes). * driver core: fix resource leak in device_add() (git-fixes). * driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git- fixes). * drivers: base: transport_class: fix possible memory leak (git-fixes). * drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes). * drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes). * drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git- fixes). * drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes). * drm/bridge: lt8912b: Add hot plug detection (git-fixes). * drm/bridge: lt9611: fix HPD reenablement (git-fixes). * drm/bridge: lt9611: fix clock calculation (git-fixes). * drm/bridge: lt9611: fix polarity programming (git-fixes). * drm/bridge: lt9611: fix programming of video modes (git-fixes). * drm/bridge: lt9611: fix sleep mode setup (git-fixes). * drm/bridge: lt9611: pass a pointer to the of node (git-fixes). * drm/bridge: megachips: Fix error handling in i2c_register_driver() (git- fixes). * drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes). * drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes). * drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes). * drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes). * drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git- fixes). * drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). * drm/mediatek: Clean dangling pointer on bind error path (git-fixes). * drm/mediatek: Drop unbalanced obj unref (git-fixes). * drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes). * drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git- fixes). * drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes). * drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes). * drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes). * drm/msm/dpu: Add check for cstate (git-fixes). * drm/msm/dpu: Add check for pstates (git-fixes). * drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes). * drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes). * drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes). * drm/msm/gem: Add check for kmalloc (git-fixes). * drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes). * drm/msm/mdp5: Add check for kzalloc (git-fixes). * drm/msm: clean event_thread->worker in case of an error (git-fixes). * drm/msm: use strscpy instead of strncpy (git-fixes). * drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git- fixes). * drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes). * drm/vc4: hdmi: Correct interlaced timings again (git-fixes). * drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes). * drm/vc4: hvs: Set AXI panic modes (git-fixes). * drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes). * drm/vkms: Fix memory leak in vkms_init() (git-fixes). * drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes). * drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git- fixes). * drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes). * drm: tidss: Fix pixel format definition (git-fixes). * dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes). * dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes). * dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes). * dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git- fixes). * dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git- fixes). * dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes). * dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes). * eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes). * firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes). * firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git- fixes). * firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes). * fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759). * gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes). * gpio: vf610: connect GPIO label to dev name (git-fixes). * gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes). * gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes). * hid: asus: use spinlock to protect concurrent accesses (git-fixes). * hid: asus: use spinlock to safely schedule workers (git-fixes). * hid: bigben: use spinlock to protect concurrent accesses (git-fixes). * hid: bigben: use spinlock to safely schedule workers (git-fixes). * hid: bigben_probe(): validate report count (git-fixes). * hid: bigben_worker() remove unneeded check on report_field (git-fixes). * hid: core: Fix deadloop in hid_apply_multiplier (git-fixes). * hid: elecom: add support for TrackBall 056E:011C (git-fixes). * hv: fix comment typo in vmbus_channel/low_latency (git-fixes). * hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes). * hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes). * hwmon: (ftsteutates) Fix scaling of measurements (git-fixes). * hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes). * hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes). * i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes). * iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes). * input: ads7846 - always set last command to PWRDOWN (git-fixes). * input: ads7846 - do not check penirq immediately for 7845 (git-fixes). * input: ads7846 - do not report pressure for ads7845 (git-fixes). * input: iqs269a - configure device with a single block write (git-fixes). * input: iqs269a - drop unused device node references (git-fixes). * input: iqs269a - increase interrupt handler return delay (git-fixes). * input: iqs626a - drop unused device node references (git-fixes). * iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes). * irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes) * kabi fix for: nfs: Further optimisations for 'ls -l' (git-fixes). * kabi fix for: nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). * kabi fix for: nfsv3: handle out-of-order write replies (bsc#1205544). * kabi fix for: nfsv4.1 query for fs_location attr on a new file system (Never, kabi). * kmap_local: do not assume kmap PTEs are linear arrays in memory (git-fixes) Update config/armv7hl/default too. * leds: led-class: Add missing put_device() to led_put() (git-fixes). * leds: led-core: Fix refcount leak in of_led_get() (git-fixes). * lib/mpi: Fix buffer overrun when SG is too long (git-fixes). * lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git- fixes). * locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270). * locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270). * locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270). * locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270). * locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270). * locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270). * locking/rwsem: Make handoff bit handling more consistent (bsc#1207270). * locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270). * locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270). * locking: Add missing __sched attributes (bsc#1207270). * media: coda: Add check for dcoda_iram_alloc (git-fixes). * media: coda: Add check for kmalloc (git-fixes). * media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes). * media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes). * media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes). * media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes). * media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes). * media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes). * media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes). * media: platform: ti: Add missing check for devm_regulator_get (git-fixes). * media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes). * media: saa7134: Use video_unregister_device for radio_dev (git-fixes). * media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes). * media: usb: siano: Fix use after free bugs caused by do_submit_urb (git- fixes). * media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes). * media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git- fixes). * media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes). * mfd: cs5535: Do not build on UML (git-fixes). * mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git- fixes). * misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes). * misc: enclosure: Fix doc for enclosure_find() (git-fixes). * mmc: jz4740: Work around bug on JZ4760(B) (git-fixes). * mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes). * mmc: sdio: fix possible resource leaks in some error paths (git-fixes). * move upstreamed i915 and media fixes into sorted section * mtd: dataflash: remove duplicate SPI ID table (git-fixes). * mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes). * mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes). * mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes). * mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes). * mtd: spi-nor: core: fix implicit declaration warning (git-fixes). * mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes). * mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes). * net/rose: Fix to not accept on connected socket (git-fixes). * net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git- fixes). * nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes). * nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes). * nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes). * nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git- fixes). * nfs: Further optimisations for 'ls -l' (git-fixes). * nfs: nfs4clinet: check the return value of kstrdup() (git-fixes). * nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes). * nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes). * nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes). * nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git- fixes). * nfsv3: handle out-of-order write replies (bsc#1205544). * nfsv4 expose nfs_parse_server_name function (git-fixes). * nfsv4 handle port presence in fs_location server string (git-fixes). * nfsv4 only print the label when its queried (git-fixes). * nfsv4 remove zero number of fs_locations entries error check (git-fixes). * nfsv4 store server support for fs_location attribute (git-fixes). * nfsv4.1 query for fs_location attr on a new file system (git-fixes). * nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes). * nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes). * nfsv4: Protect the state recovery thread against direct reclaim (git-fixes). * nvme-auth: check chap ctrl_key once constructed (bsc#1202633). * nvme-auth: clear sensitive info right after authentication completes (bsc#1202633). * nvme-auth: convert dhchap_auth_list to an array (bsc#1202633). * nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633). * nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633). * nvme-auth: do not override ctrl keys before validation (bsc#1202633). * nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633). * nvme-auth: do not use NVMe status codes (bsc#1202633). * nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633). * nvme-auth: fix smatch warning complaints (bsc#1202633). * nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633). * nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633). * nvme-auth: mark nvme_auth_wq static (bsc#1202633). * nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633). * nvme-auth: remove redundant auth_work flush (bsc#1202633). * nvme-auth: remove redundant buffer deallocations (bsc#1202633). * nvme-auth: remove redundant deallocations (bsc#1202633). * nvme-auth: remove redundant if statement (bsc#1202633). * nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633). * nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633). * nvme-auth: rename authentication work elements (bsc#1202633). * nvme-auth: use workqueue dedicated to authentication (bsc#1202633). * nvme-fabrics: show well known discovery name (bsc#1200054). * ocfs2: Fix data corruption after failed write (bsc#1208542). * pci/ioc: Enlarge virtfn sysfs name buffer (git-fixes). * pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes). * pci: Fix dropping valid root bus resources with .end = zero (git-fixes). * pci: hotplug: Allow marking devices as disconnected during bind/unbind (git- fixes). * pci: hv: update comment in x86 specific hv_arch_irq_unmask (git-fixes). * pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes). * phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes). * pinctrl: mediatek: Initialize variable *buf to zero (git-fixes). * pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git- fixes). * pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git- fixes). * pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes). * platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420). * platform/x86: amd-pmc: Correct usage of SMU version (git-fixes). * platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes). * platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git- fixes). * platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes). * platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git- fixes). * powercap: fix possible name leak in powercap_register_zone() (git-fixes). * powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612). * printf: fix errname.c list (git-fixes). * qede: avoid uninitialized entries in coal_entry array (bsc#1205846). * qede: fix interrupt coalescing configuration (bsc#1205846). * refresh patches.suse/ice-clear-stale-Tx-queue-settings-before- configuring.patch. Fix bug introduced by broken backport (bsc#1208628). * remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes). * remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes). * revert "char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol" (git-fixes). * revert "crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete" (git-fixes). * revert "hid: logitech-hidpp: add a module parameter to keep firmware gestures" (git-fixes). * revert "usb: dwc3: qcom: Keep power domain on to retain controller status" (git-fixes). * rtc: allow rtc_read_alarm without read_alarm callback (git-fixes). * rtc: pm8xxx: fix set-alarm race (git-fixes). * rtc: sun6i: Always export the internal oscillator (git-fixes). * s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes). * scsi: lpfc: Copyright updates for 14.2.0.10 patches (bsc#1208607). * scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607). * scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607). * scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607). * scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607). * scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607). * scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534). * scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607). * scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607). * scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607). * scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607). * scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607). * scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). * scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570). * scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570). * scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570). * scsi: qla2xxx: Fix erroneous link down (bsc#1208570). * scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570). * scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570). * scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570). * scsi: qla2xxx: Fix printk() format string (bsc#1208570). * scsi: qla2xxx: Fix stalled login (bsc#1208570). * scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570). * scsi: qla2xxx: Relocate/rename vp map (bsc#1208570). * scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570). * scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570). * scsi: qla2xxx: Remove dead code (bsc#1208570). * scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570). * scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570). * scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570). * scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570). * scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570). * scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570). * scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570). * scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570). * scsi: qla2xxx: edif: Fix clang warning (bsc#1208570). * scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570). * scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570). * scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570). * sefltests: netdevsim: wait for devlink instance after netns removal (git- fixes). * selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git- fixes). * selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103). * selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103). * selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232). * selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232). * selftests/powerpc: Move perror closer to its use (bsc#1206232). * serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes). * serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes). * smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629). * soundwire: cadence: Do not overflow the command FIFOs (git-fixes). * spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes). * spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git- fixes). * spi: tegra210-quad: Fix validate combined sequence (git-fixes). * staging: mt7621-dts: change palmbus address to lower case (git-fixes). * struct uvc_device move flush_status new member to end (git-fixes). * sunrpc allow for unspecified transport time in rpc_clnt_add_xprt (git- fixes). * sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git- fixes). * sunrpc: Fix socket waits for write buffer space (git-fixes). * thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes). * thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes). * thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes). * thermal/drivers/tsens: fix slope values for msm8939 (git-fixes). * thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes). * thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git- fixes). * thermal: intel: powerclamp: Fix cur_state for multi package system (git- fixes). * thermal: intel: quark_dts: fix error pointer dereference (git-fixes). * tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git- fixes). * tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes). * tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git- fixes). * tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git- fixes). * update internal module version number for cifs.ko (bsc#1193629). * usb: core: Do not hold device lock while reading the "descriptors" sysfs file (git-fixes). * usb: dwc3: core: Host wake up support from system suspend (git-fixes). * usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes). * usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes). * usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes). * usb: dwc3: qcom: Keep power domain on to retain controller status (git- fixes). * usb: dwc3: qcom: clean up icc init (git-fixes). * usb: dwc3: qcom: clean up suspend callbacks (git-fixes). * usb: dwc3: qcom: fix gadget-only builds (git-fixes). * usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes). * usb: dwc3: qcom: fix wakeup implementation (git-fixes). * usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes). * usb: dwc3: qcom: suppress unused-variable warning (git-fixes). * usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git- fixes). * usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes). * usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes). * usb: max-3421: Fix setting of I/O pins (git-fixes). * usb: musb: Add and use inline function musb_otg_state_string (git-fixes). * usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes). * usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes). * usb: musb: remove schedule work called after flush (git-fixes). * usb: serial: option: add support for VW/Skoda "Carstick LTE" (git-fixes). * vc_screen: do not clobber return value in vcs_read (git-fixes). * vc_screen: modify vcs_size() handling in vcs_read() (git-fixes). * vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes). * vfs: filename_create(): fix incorrect intent (bsc#1197534). * virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449). * virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449). * virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449). * virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449). * virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449). * virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449). * vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes). * vmxnet3: move rss code block under eop descriptor (bsc#1208212). * watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes). * watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes). * watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git- fixes). * watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes). * wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes). * wifi: ath11k: allow system suspend to survive ath11k (git-fixes). * wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes). * wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes). * wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git- fixes). * wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes). * wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes). * wifi: cfg80211: Fix use after free for wext (git-fixes). * wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes). * wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git- fixes). * wifi: iwl3945: Add missing check for create_singlethread_workqueue (git- fixes). * wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git- fixes). * wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes). * wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git- fixes). * wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes). * wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes). * wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git- fixes). * wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes). * wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes). * wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes). * wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git- fixes). * wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes). * wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: rtw89: Add missing check for alloc_workqueue (git-fixes). * wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes). * wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git- fixes). * x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes). * x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes). * x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes). * xen-netfront: Fix NULL sring after live migration (git-fixes). * xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes). * xen/arm: Fix race in RB-tree based P2M accounting (git-fixes) * xen/netback: do some code cleanup (git-fixes). * xen/netback: fix build warning (git-fixes). * xen/netfront: destroy queues before real_num_tx_queues is zeroed (git- fixes). * xen/platform-pci: add missing free_irq() in error path (git-fixes). * xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git- fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-749=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-749=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-749=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-749=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-749=1 * SUSE Real Time Module 15-SP4 zypper in -t patch SUSE-SLE-Module-RT-15-SP4-2023-749=1 ## Package List: * openSUSE Leap Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.14.2 * openSUSE Leap Micro 5.3 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.14.2 * kernel-rt-debugsource-5.14.21-150400.15.14.2 * openSUSE Leap 15.4 (x86_64) * ocfs2-kmp-rt-5.14.21-150400.15.14.2 * kernel-rt-devel-5.14.21-150400.15.14.2 * gfs2-kmp-rt-5.14.21-150400.15.14.2 * kernel-rt-debuginfo-5.14.21-150400.15.14.2 * kernel-rt-devel-debuginfo-5.14.21-150400.15.14.2 * kernel-rt_debug-debugsource-5.14.21-150400.15.14.2 * kernel-rt_debug-devel-5.14.21-150400.15.14.2 * kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.14.2 * kernel-rt-debugsource-5.14.21-150400.15.14.2 * dlm-kmp-rt-5.14.21-150400.15.14.2 * cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.14.2 * kernel-syms-rt-5.14.21-150400.15.14.1 * kernel-rt_debug-debuginfo-5.14.21-150400.15.14.2 * cluster-md-kmp-rt-5.14.21-150400.15.14.2 * ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.14.2 * dlm-kmp-rt-debuginfo-5.14.21-150400.15.14.2 * gfs2-kmp-rt-debuginfo-5.14.21-150400.15.14.2 * openSUSE Leap 15.4 (noarch) * kernel-devel-rt-5.14.21-150400.15.14.2 * kernel-source-rt-5.14.21-150400.15.14.2 * openSUSE Leap 15.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.14.2 * kernel-rt_debug-5.14.21-150400.15.14.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.14.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.14.2 * kernel-rt-debugsource-5.14.21-150400.15.14.2 * SUSE Linux Enterprise Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.14.2 * SUSE Linux Enterprise Micro 5.3 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.14.2 * kernel-rt-debugsource-5.14.21-150400.15.14.2 * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-5_14_21-150400_15_14-rt-debuginfo-1-150400.1.3.1 * kernel-livepatch-SLE15-SP4-RT_Update_4-debugsource-1-150400.1.3.1 * kernel-livepatch-5_14_21-150400_15_14-rt-1-150400.1.3.1 * SUSE Real Time Module 15-SP4 (x86_64) * ocfs2-kmp-rt-5.14.21-150400.15.14.2 * kernel-rt-devel-5.14.21-150400.15.14.2 * gfs2-kmp-rt-5.14.21-150400.15.14.2 * kernel-rt-debuginfo-5.14.21-150400.15.14.2 * kernel-rt-devel-debuginfo-5.14.21-150400.15.14.2 * kernel-rt_debug-debugsource-5.14.21-150400.15.14.2 * kernel-rt_debug-devel-5.14.21-150400.15.14.2 * kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.14.2 * kernel-rt-debugsource-5.14.21-150400.15.14.2 * dlm-kmp-rt-5.14.21-150400.15.14.2 * cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.14.2 * kernel-syms-rt-5.14.21-150400.15.14.1 * kernel-rt_debug-debuginfo-5.14.21-150400.15.14.2 * cluster-md-kmp-rt-5.14.21-150400.15.14.2 * ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.14.2 * dlm-kmp-rt-debuginfo-5.14.21-150400.15.14.2 * gfs2-kmp-rt-debuginfo-5.14.21-150400.15.14.2 * SUSE Real Time Module 15-SP4 (noarch) * kernel-devel-rt-5.14.21-150400.15.14.2 * kernel-source-rt-5.14.21-150400.15.14.2 * SUSE Real Time Module 15-SP4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.14.2 * kernel-rt_debug-5.14.21-150400.15.14.2 ## References: * https://www.suse.com/security/cve/CVE-2022-3523.html * https://www.suse.com/security/cve/CVE-2022-38096.html * https://www.suse.com/security/cve/CVE-2023-0461.html * https://www.suse.com/security/cve/CVE-2023-0597.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://www.suse.com/security/cve/CVE-2023-22995.html * https://www.suse.com/security/cve/CVE-2023-22998.html * https://www.suse.com/security/cve/CVE-2023-23000.html * https://www.suse.com/security/cve/CVE-2023-23004.html * https://www.suse.com/security/cve/CVE-2023-23559.html * https://www.suse.com/security/cve/CVE-2023-25012.html * https://www.suse.com/security/cve/CVE-2023-26545.html * https://bugzilla.suse.com/show_bug.cgi?id=1177529 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1197534 * https://bugzilla.suse.com/show_bug.cgi?id=1198438 * https://bugzilla.suse.com/show_bug.cgi?id=1200054 * https://bugzilla.suse.com/show_bug.cgi?id=1202633 * https://bugzilla.suse.com/show_bug.cgi?id=1203331 * https://bugzilla.suse.com/show_bug.cgi?id=1204363 * https://bugzilla.suse.com/show_bug.cgi?id=1204993 * https://bugzilla.suse.com/show_bug.cgi?id=1205544 * https://bugzilla.suse.com/show_bug.cgi?id=1205846 * https://bugzilla.suse.com/show_bug.cgi?id=1206103 * https://bugzilla.suse.com/show_bug.cgi?id=1206232 * https://bugzilla.suse.com/show_bug.cgi?id=1206935 * https://bugzilla.suse.com/show_bug.cgi?id=1207051 * https://bugzilla.suse.com/show_bug.cgi?id=1207270 * https://bugzilla.suse.com/show_bug.cgi?id=1207560 * https://bugzilla.suse.com/show_bug.cgi?id=1207845 * https://bugzilla.suse.com/show_bug.cgi?id=1207846 * https://bugzilla.suse.com/show_bug.cgi?id=1208212 * https://bugzilla.suse.com/show_bug.cgi?id=1208420 * https://bugzilla.suse.com/show_bug.cgi?id=1208449 * https://bugzilla.suse.com/show_bug.cgi?id=1208534 * https://bugzilla.suse.com/show_bug.cgi?id=1208541 * https://bugzilla.suse.com/show_bug.cgi?id=1208542 * https://bugzilla.suse.com/show_bug.cgi?id=1208570 * https://bugzilla.suse.com/show_bug.cgi?id=1208607 * https://bugzilla.suse.com/show_bug.cgi?id=1208628 * https://bugzilla.suse.com/show_bug.cgi?id=1208700 * https://bugzilla.suse.com/show_bug.cgi?id=1208741 * https://bugzilla.suse.com/show_bug.cgi?id=1208759 * https://bugzilla.suse.com/show_bug.cgi?id=1208776 * https://bugzilla.suse.com/show_bug.cgi?id=1208784 * https://bugzilla.suse.com/show_bug.cgi?id=1208787 * https://bugzilla.suse.com/show_bug.cgi?id=1208816 * https://bugzilla.suse.com/show_bug.cgi?id=1208837 * https://bugzilla.suse.com/show_bug.cgi?id=1208843 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 08:30:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 08:30:40 -0000 Subject: SUSE-SU-2023:0752-1: moderate: Security update for java-11-openjdk Message-ID: <167895544047.24647.4181749145390831874@smelt2.suse.de> # Security update for java-11-openjdk Announcement ID: SUSE-SU-2023:0752-1 Rating: moderate References: * #1206549 * #1207246 * #1207248 Cross-References: * CVE-2023-21835 * CVE-2023-21843 CVSS scores: * CVE-2023-21835 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-21835 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-21843 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21843 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for java-11-openjdk fixes the following issues: * CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). * CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246). Bugfixes: * Remove broken accessibility sub-package (bsc#1206549). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-752=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-752=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-752=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-752=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-752=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-752=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-752=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-752=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-752=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-752=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-752=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-752=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-752=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-752=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-752=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-752=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-752=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-752=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-752=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-src-11.0.18.0-150000.3.93.1 * java-11-openjdk-demo-11.0.18.0-150000.3.93.1 * java-11-openjdk-headless-11.0.18.0-150000.3.93.1 * java-11-openjdk-jmods-11.0.18.0-150000.3.93.1 * java-11-openjdk-devel-11.0.18.0-150000.3.93.1 * java-11-openjdk-11.0.18.0-150000.3.93.1 * openSUSE Leap 15.4 (noarch) * java-11-openjdk-javadoc-11.0.18.0-150000.3.93.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-demo-11.0.18.0-150000.3.93.1 * java-11-openjdk-headless-11.0.18.0-150000.3.93.1 * java-11-openjdk-devel-11.0.18.0-150000.3.93.1 * java-11-openjdk-11.0.18.0-150000.3.93.1 * SUSE Package Hub 15 15-SP4 (noarch) * java-11-openjdk-javadoc-11.0.18.0-150000.3.93.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * java-11-openjdk-demo-11.0.18.0-150000.3.93.1 * java-11-openjdk-headless-11.0.18.0-150000.3.93.1 * java-11-openjdk-devel-11.0.18.0-150000.3.93.1 * java-11-openjdk-11.0.18.0-150000.3.93.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * java-11-openjdk-demo-11.0.18.0-150000.3.93.1 * java-11-openjdk-headless-11.0.18.0-150000.3.93.1 * java-11-openjdk-devel-11.0.18.0-150000.3.93.1 * java-11-openjdk-11.0.18.0-150000.3.93.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * java-11-openjdk-demo-11.0.18.0-150000.3.93.1 * java-11-openjdk-headless-11.0.18.0-150000.3.93.1 * java-11-openjdk-devel-11.0.18.0-150000.3.93.1 * java-11-openjdk-11.0.18.0-150000.3.93.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * java-11-openjdk-demo-11.0.18.0-150000.3.93.1 * java-11-openjdk-headless-11.0.18.0-150000.3.93.1 * java-11-openjdk-devel-11.0.18.0-150000.3.93.1 * java-11-openjdk-11.0.18.0-150000.3.93.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * java-11-openjdk-demo-11.0.18.0-150000.3.93.1 * java-11-openjdk-headless-11.0.18.0-150000.3.93.1 * java-11-openjdk-devel-11.0.18.0-150000.3.93.1 * java-11-openjdk-11.0.18.0-150000.3.93.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-demo-11.0.18.0-150000.3.93.1 * java-11-openjdk-headless-11.0.18.0-150000.3.93.1 * java-11-openjdk-devel-11.0.18.0-150000.3.93.1 * java-11-openjdk-11.0.18.0-150000.3.93.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-demo-11.0.18.0-150000.3.93.1 * java-11-openjdk-headless-11.0.18.0-150000.3.93.1 * java-11-openjdk-devel-11.0.18.0-150000.3.93.1 * java-11-openjdk-11.0.18.0-150000.3.93.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-demo-11.0.18.0-150000.3.93.1 * java-11-openjdk-headless-11.0.18.0-150000.3.93.1 * java-11-openjdk-devel-11.0.18.0-150000.3.93.1 * java-11-openjdk-11.0.18.0-150000.3.93.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * java-11-openjdk-demo-11.0.18.0-150000.3.93.1 * java-11-openjdk-headless-11.0.18.0-150000.3.93.1 * java-11-openjdk-devel-11.0.18.0-150000.3.93.1 * java-11-openjdk-11.0.18.0-150000.3.93.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-11-openjdk-demo-11.0.18.0-150000.3.93.1 * java-11-openjdk-headless-11.0.18.0-150000.3.93.1 * java-11-openjdk-devel-11.0.18.0-150000.3.93.1 * java-11-openjdk-11.0.18.0-150000.3.93.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-11-openjdk-demo-11.0.18.0-150000.3.93.1 * java-11-openjdk-headless-11.0.18.0-150000.3.93.1 * java-11-openjdk-devel-11.0.18.0-150000.3.93.1 * java-11-openjdk-11.0.18.0-150000.3.93.1 * SUSE Manager Proxy 4.2 (x86_64) * java-11-openjdk-demo-11.0.18.0-150000.3.93.1 * java-11-openjdk-headless-11.0.18.0-150000.3.93.1 * java-11-openjdk-devel-11.0.18.0-150000.3.93.1 * java-11-openjdk-11.0.18.0-150000.3.93.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * java-11-openjdk-demo-11.0.18.0-150000.3.93.1 * java-11-openjdk-headless-11.0.18.0-150000.3.93.1 * java-11-openjdk-devel-11.0.18.0-150000.3.93.1 * java-11-openjdk-11.0.18.0-150000.3.93.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * java-11-openjdk-demo-11.0.18.0-150000.3.93.1 * java-11-openjdk-headless-11.0.18.0-150000.3.93.1 * java-11-openjdk-devel-11.0.18.0-150000.3.93.1 * java-11-openjdk-11.0.18.0-150000.3.93.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * java-11-openjdk-demo-11.0.18.0-150000.3.93.1 * java-11-openjdk-headless-11.0.18.0-150000.3.93.1 * java-11-openjdk-devel-11.0.18.0-150000.3.93.1 * java-11-openjdk-11.0.18.0-150000.3.93.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * java-11-openjdk-demo-11.0.18.0-150000.3.93.1 * java-11-openjdk-headless-11.0.18.0-150000.3.93.1 * java-11-openjdk-devel-11.0.18.0-150000.3.93.1 * java-11-openjdk-11.0.18.0-150000.3.93.1 * SUSE CaaS Platform 4.0 (x86_64) * java-11-openjdk-demo-11.0.18.0-150000.3.93.1 * java-11-openjdk-headless-11.0.18.0-150000.3.93.1 * java-11-openjdk-devel-11.0.18.0-150000.3.93.1 * java-11-openjdk-11.0.18.0-150000.3.93.1 ## References: * https://www.suse.com/security/cve/CVE-2023-21835.html * https://www.suse.com/security/cve/CVE-2023-21843.html * https://bugzilla.suse.com/show_bug.cgi?id=1206549 * https://bugzilla.suse.com/show_bug.cgi?id=1207246 * https://bugzilla.suse.com/show_bug.cgi?id=1207248 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 08:30:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 08:30:43 -0000 Subject: SUSE-RU-2023:0751-1: moderate: Recommended update for YaST Message-ID: <167895544336.24647.11517356418201388328@smelt2.suse.de> # Recommended update for YaST Announcement ID: SUSE-RU-2023:0751-1 Rating: moderate References: * #1201816 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for YaST fixes the following issues: yast2-packager: * Do not fail when the installation URL contains a space (bsc#1201816) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-751=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-751=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-751=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * yast2-packager-3.3.5-3.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * yast2-packager-3.3.5-3.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * yast2-packager-3.3.5-3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1201816 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 08:30:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 08:30:46 -0000 Subject: SUSE-RU-2023:0750-1: critical: Recommended update for irqbalance Message-ID: <167895544657.24647.11489342692982440244@smelt2.suse.de> # Recommended update for irqbalance Announcement ID: SUSE-RU-2023:0750-1 Rating: critical References: * #1206668 * #1208717 Affected Products: * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has two recommended fixes can now be installed. ## Description: This update for irqbalance fixes the following issues: * Fix memory access violation that was not properly applied by the previous maintenance update (bsc#1208717, bsc#1206668) ## Patch Instructions: To install this SUSE Critical update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-750=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-750=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-750=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-750=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-750=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-750=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-750=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-750=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-750=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-750=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-750=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-750=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-750=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-750=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-750=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-750=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * irqbalance-debugsource-1.4.0-150200.12.14.1 * irqbalance-1.4.0-150200.12.14.1 * irqbalance-debuginfo-1.4.0-150200.12.14.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * irqbalance-debugsource-1.4.0-150200.12.14.1 * irqbalance-1.4.0-150200.12.14.1 * irqbalance-debuginfo-1.4.0-150200.12.14.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * irqbalance-debugsource-1.4.0-150200.12.14.1 * irqbalance-1.4.0-150200.12.14.1 * irqbalance-debuginfo-1.4.0-150200.12.14.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * irqbalance-debugsource-1.4.0-150200.12.14.1 * irqbalance-1.4.0-150200.12.14.1 * irqbalance-debuginfo-1.4.0-150200.12.14.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le x86_64) * irqbalance-debugsource-1.4.0-150200.12.14.1 * irqbalance-1.4.0-150200.12.14.1 * irqbalance-debuginfo-1.4.0-150200.12.14.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le x86_64) * irqbalance-debugsource-1.4.0-150200.12.14.1 * irqbalance-1.4.0-150200.12.14.1 * irqbalance-debuginfo-1.4.0-150200.12.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * irqbalance-debugsource-1.4.0-150200.12.14.1 * irqbalance-1.4.0-150200.12.14.1 * irqbalance-debuginfo-1.4.0-150200.12.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * irqbalance-debugsource-1.4.0-150200.12.14.1 * irqbalance-1.4.0-150200.12.14.1 * irqbalance-debuginfo-1.4.0-150200.12.14.1 * SUSE Manager Proxy 4.2 (x86_64) * irqbalance-debugsource-1.4.0-150200.12.14.1 * irqbalance-1.4.0-150200.12.14.1 * irqbalance-debuginfo-1.4.0-150200.12.14.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * irqbalance-debugsource-1.4.0-150200.12.14.1 * irqbalance-1.4.0-150200.12.14.1 * irqbalance-debuginfo-1.4.0-150200.12.14.1 * SUSE Manager Server 4.2 (ppc64le x86_64) * irqbalance-debugsource-1.4.0-150200.12.14.1 * irqbalance-1.4.0-150200.12.14.1 * irqbalance-debuginfo-1.4.0-150200.12.14.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * irqbalance-debugsource-1.4.0-150200.12.14.1 * irqbalance-1.4.0-150200.12.14.1 * irqbalance-debuginfo-1.4.0-150200.12.14.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * irqbalance-debugsource-1.4.0-150200.12.14.1 * irqbalance-1.4.0-150200.12.14.1 * irqbalance-debuginfo-1.4.0-150200.12.14.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 x86_64) * irqbalance-debugsource-1.4.0-150200.12.14.1 * irqbalance-1.4.0-150200.12.14.1 * irqbalance-debuginfo-1.4.0-150200.12.14.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * irqbalance-debugsource-1.4.0-150200.12.14.1 * irqbalance-1.4.0-150200.12.14.1 * irqbalance-debuginfo-1.4.0-150200.12.14.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * irqbalance-debugsource-1.4.0-150200.12.14.1 * irqbalance-1.4.0-150200.12.14.1 * irqbalance-debuginfo-1.4.0-150200.12.14.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206668 * https://bugzilla.suse.com/show_bug.cgi?id=1208717 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 12:30:02 -0000 Subject: SUSE-RU-2023:0765-1: moderate: Recommended update for gnu-compilers-hpc Message-ID: <167896980274.31764.8548250166307320070@smelt2.suse.de> # Recommended update for gnu-compilers-hpc Announcement ID: SUSE-RU-2023:0765-1 Rating: moderate References: * #1191381 Affected Products: * HPC Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update for gnu-compilers-hpc fixes the following issues: * Fix compatibility for SLE-12 * Add support for gcc12 (jsc#PED-2834). * Fix _multibuild with correct list of gcc version. * Update packaging macros (bsc#1191381) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-765=1 * HPC Module 15-SP4 zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2023-765=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-765=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-765=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-765=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-765=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-765=1 ## Package List: * openSUSE Leap 15.4 (noarch) * gnu10-compilers-hpc-devel-1.4-150100.3.19.2 * gnu11-compilers-hpc-1.4-150100.3.19.2 * gnu9-compilers-hpc-macros-devel-1.4-150100.3.19.2 * gnu-compilers-hpc-devel-1.4-150100.3.19.2 * gnu11-compilers-hpc-macros-devel-1.4-150100.3.19.2 * gnu10-compilers-hpc-1.4-150100.3.19.2 * gnu10-compilers-hpc-macros-devel-1.4-150100.3.19.2 * gnu-compilers-hpc-1.4-150100.3.19.2 * gnu9-compilers-hpc-devel-1.4-150100.3.19.2 * gnu9-compilers-hpc-1.4-150100.3.19.2 * gnu-compilers-hpc-macros-devel-1.4-150100.3.19.2 * gnu11-compilers-hpc-devel-1.4-150100.3.19.2 * HPC Module 15-SP4 (noarch) * gnu11-compilers-hpc-1.4-150100.3.19.2 * gnu-compilers-hpc-devel-1.4-150100.3.19.2 * gnu11-compilers-hpc-macros-devel-1.4-150100.3.19.2 * gnu-compilers-hpc-1.4-150100.3.19.2 * gnu-compilers-hpc-macros-devel-1.4-150100.3.19.2 * gnu11-compilers-hpc-devel-1.4-150100.3.19.2 * SUSE Package Hub 15 15-SP4 (noarch) * gnu10-compilers-hpc-devel-1.4-150100.3.19.2 * gnu-compilers-hpc-devel-1.4-150100.3.19.2 * gnu10-compilers-hpc-1.4-150100.3.19.2 * gnu10-compilers-hpc-macros-devel-1.4-150100.3.19.2 * gnu-compilers-hpc-1.4-150100.3.19.2 * gnu-compilers-hpc-macros-devel-1.4-150100.3.19.2 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * gnu9-compilers-hpc-macros-devel-1.4-150100.3.19.2 * gnu-compilers-hpc-devel-1.4-150100.3.19.2 * gnu-compilers-hpc-1.4-150100.3.19.2 * gnu9-compilers-hpc-devel-1.4-150100.3.19.2 * gnu9-compilers-hpc-1.4-150100.3.19.2 * gnu-compilers-hpc-macros-devel-1.4-150100.3.19.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * gnu10-compilers-hpc-devel-1.4-150100.3.19.2 * gnu11-compilers-hpc-1.4-150100.3.19.2 * gnu9-compilers-hpc-macros-devel-1.4-150100.3.19.2 * gnu-compilers-hpc-devel-1.4-150100.3.19.2 * gnu11-compilers-hpc-macros-devel-1.4-150100.3.19.2 * gnu10-compilers-hpc-1.4-150100.3.19.2 * gnu10-compilers-hpc-macros-devel-1.4-150100.3.19.2 * gnu-compilers-hpc-1.4-150100.3.19.2 * gnu9-compilers-hpc-devel-1.4-150100.3.19.2 * gnu9-compilers-hpc-1.4-150100.3.19.2 * gnu-compilers-hpc-macros-devel-1.4-150100.3.19.2 * gnu11-compilers-hpc-devel-1.4-150100.3.19.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * gnu10-compilers-hpc-devel-1.4-150100.3.19.2 * gnu11-compilers-hpc-1.4-150100.3.19.2 * gnu-compilers-hpc-devel-1.4-150100.3.19.2 * gnu11-compilers-hpc-macros-devel-1.4-150100.3.19.2 * gnu10-compilers-hpc-1.4-150100.3.19.2 * gnu10-compilers-hpc-macros-devel-1.4-150100.3.19.2 * gnu-compilers-hpc-1.4-150100.3.19.2 * gnu-compilers-hpc-macros-devel-1.4-150100.3.19.2 * gnu11-compilers-hpc-devel-1.4-150100.3.19.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * gnu10-compilers-hpc-devel-1.4-150100.3.19.2 * gnu11-compilers-hpc-1.4-150100.3.19.2 * gnu-compilers-hpc-devel-1.4-150100.3.19.2 * gnu11-compilers-hpc-macros-devel-1.4-150100.3.19.2 * gnu10-compilers-hpc-1.4-150100.3.19.2 * gnu10-compilers-hpc-macros-devel-1.4-150100.3.19.2 * gnu-compilers-hpc-1.4-150100.3.19.2 * gnu-compilers-hpc-macros-devel-1.4-150100.3.19.2 * gnu11-compilers-hpc-devel-1.4-150100.3.19.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1191381 * https://jira.suse.com/browse/PED-2834 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 12:30:06 -0000 Subject: SUSE-SU-2023:0764-1: important: Security update for apache2 Message-ID: <167896980603.31764.4723962626362621311@smelt2.suse.de> # Security update for apache2 Announcement ID: SUSE-SU-2023:0764-1 Rating: important References: * #1207327 * #1208708 * #1209047 * #1209049 Cross-References: * CVE-2023-25690 * CVE-2023-27522 CVSS scores: * CVE-2023-25690 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-25690 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-27522 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-27522 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves two vulnerabilities and has two fixes can now be installed. ## Description: This update for apache2 fixes the following issues: * CVE-2023-27522: Fixed HTTP response splitting in mod_proxy_uwsgi (bsc#1209049). * CVE-2023-25690: Fixed HTTP request splitting with mod_rewrite and mod_proxy (bsc#1209047). The following non-security bugs were fixed: * Fixed passing health check does not recover worker from its error state (bsc#1209047) * Fixed mod_proxy handling of very long urls (bsc#1207327). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-764=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-764=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-764=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-764=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * apache2-debugsource-2.4.51-35.25.1 * apache2-devel-2.4.51-35.25.1 * apache2-debuginfo-2.4.51-35.25.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * apache2-worker-debuginfo-2.4.51-35.25.1 * apache2-utils-debuginfo-2.4.51-35.25.1 * apache2-debugsource-2.4.51-35.25.1 * apache2-worker-2.4.51-35.25.1 * apache2-utils-2.4.51-35.25.1 * apache2-debuginfo-2.4.51-35.25.1 * apache2-prefork-debuginfo-2.4.51-35.25.1 * apache2-prefork-2.4.51-35.25.1 * apache2-example-pages-2.4.51-35.25.1 * apache2-2.4.51-35.25.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * apache2-doc-2.4.51-35.25.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * apache2-worker-debuginfo-2.4.51-35.25.1 * apache2-utils-debuginfo-2.4.51-35.25.1 * apache2-debugsource-2.4.51-35.25.1 * apache2-worker-2.4.51-35.25.1 * apache2-utils-2.4.51-35.25.1 * apache2-debuginfo-2.4.51-35.25.1 * apache2-prefork-debuginfo-2.4.51-35.25.1 * apache2-prefork-2.4.51-35.25.1 * apache2-example-pages-2.4.51-35.25.1 * apache2-2.4.51-35.25.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * apache2-doc-2.4.51-35.25.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * apache2-worker-debuginfo-2.4.51-35.25.1 * apache2-utils-debuginfo-2.4.51-35.25.1 * apache2-debugsource-2.4.51-35.25.1 * apache2-worker-2.4.51-35.25.1 * apache2-utils-2.4.51-35.25.1 * apache2-debuginfo-2.4.51-35.25.1 * apache2-prefork-debuginfo-2.4.51-35.25.1 * apache2-prefork-2.4.51-35.25.1 * apache2-example-pages-2.4.51-35.25.1 * apache2-2.4.51-35.25.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * apache2-doc-2.4.51-35.25.1 ## References: * https://www.suse.com/security/cve/CVE-2023-25690.html * https://www.suse.com/security/cve/CVE-2023-27522.html * https://bugzilla.suse.com/show_bug.cgi?id=1207327 * https://bugzilla.suse.com/show_bug.cgi?id=1208708 * https://bugzilla.suse.com/show_bug.cgi?id=1209047 * https://bugzilla.suse.com/show_bug.cgi?id=1209049 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 12:30:08 -0000 Subject: SUSE-SU-2023:0763-1: important: Security update for MozillaFirefox Message-ID: <167896980822.31764.10257458563434782157@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:0763-1 Rating: important References: * #1209173 Cross-References: * CVE-2023-25748 * CVE-2023-25749 * CVE-2023-25750 * CVE-2023-25751 * CVE-2023-25752 * CVE-2023-28159 * CVE-2023-28160 * CVE-2023-28161 * CVE-2023-28162 * CVE-2023-28163 * CVE-2023-28164 * CVE-2023-28176 * CVE-2023-28177 CVSS scores: Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves 13 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Update to version 102.9.0 ESR (bsc#1209173): * CVE-2023-28159: Fullscreen Notification could have been hidden by download popups on Android * CVE-2023-25748: Fullscreen Notification could have been hidden by window prompts on Android * CVE-2023-25749: Firefox for Android may have opened third-party apps without a prompt * CVE-2023-25750: Potential ServiceWorker cache leak during private browsing mode * CVE-2023-25751: Incorrect code generation during JIT compilation * CVE-2023-28160: Redirect to Web Extension files may have leaked local path * CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation * CVE-2023-28161: One-time permissions granted to a local file were extended to other local files loaded in the same tab * CVE-2023-28162: Invalid downcast in Worklets * CVE-2023-25752: Potential out-of-bounds when accessing throttled streams * CVE-2023-28163: Windows Save As dialog resolved environment variables * CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 * CVE-2023-28177: Memory safety bugs fixed in Firefox 111 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-763=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-763=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-763=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-763=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-763=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-763=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-763=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-763=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-763=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-763=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * MozillaFirefox-debuginfo-102.9.0-112.153.1 * MozillaFirefox-debugsource-102.9.0-112.153.1 * MozillaFirefox-102.9.0-112.153.1 * MozillaFirefox-devel-102.9.0-112.153.1 * MozillaFirefox-translations-common-102.9.0-112.153.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * MozillaFirefox-debuginfo-102.9.0-112.153.1 * MozillaFirefox-debugsource-102.9.0-112.153.1 * MozillaFirefox-102.9.0-112.153.1 * MozillaFirefox-devel-102.9.0-112.153.1 * MozillaFirefox-translations-common-102.9.0-112.153.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * MozillaFirefox-debuginfo-102.9.0-112.153.1 * MozillaFirefox-debugsource-102.9.0-112.153.1 * MozillaFirefox-102.9.0-112.153.1 * MozillaFirefox-devel-102.9.0-112.153.1 * MozillaFirefox-translations-common-102.9.0-112.153.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-102.9.0-112.153.1 * MozillaFirefox-debugsource-102.9.0-112.153.1 * MozillaFirefox-devel-102.9.0-112.153.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * MozillaFirefox-debuginfo-102.9.0-112.153.1 * MozillaFirefox-debugsource-102.9.0-112.153.1 * MozillaFirefox-102.9.0-112.153.1 * MozillaFirefox-devel-102.9.0-112.153.1 * MozillaFirefox-translations-common-102.9.0-112.153.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * MozillaFirefox-debuginfo-102.9.0-112.153.1 * MozillaFirefox-debugsource-102.9.0-112.153.1 * MozillaFirefox-102.9.0-112.153.1 * MozillaFirefox-devel-102.9.0-112.153.1 * MozillaFirefox-translations-common-102.9.0-112.153.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-102.9.0-112.153.1 * MozillaFirefox-debugsource-102.9.0-112.153.1 * MozillaFirefox-102.9.0-112.153.1 * MozillaFirefox-devel-102.9.0-112.153.1 * MozillaFirefox-translations-common-102.9.0-112.153.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * MozillaFirefox-debuginfo-102.9.0-112.153.1 * MozillaFirefox-debugsource-102.9.0-112.153.1 * MozillaFirefox-102.9.0-112.153.1 * MozillaFirefox-devel-102.9.0-112.153.1 * MozillaFirefox-translations-common-102.9.0-112.153.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-102.9.0-112.153.1 * MozillaFirefox-debugsource-102.9.0-112.153.1 * MozillaFirefox-102.9.0-112.153.1 * MozillaFirefox-devel-102.9.0-112.153.1 * MozillaFirefox-translations-common-102.9.0-112.153.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * MozillaFirefox-debuginfo-102.9.0-112.153.1 * MozillaFirefox-debugsource-102.9.0-112.153.1 * MozillaFirefox-102.9.0-112.153.1 * MozillaFirefox-devel-102.9.0-112.153.1 * MozillaFirefox-translations-common-102.9.0-112.153.1 ## References: * https://www.suse.com/security/cve/CVE-2023-25748.html * https://www.suse.com/security/cve/CVE-2023-25749.html * https://www.suse.com/security/cve/CVE-2023-25750.html * https://www.suse.com/security/cve/CVE-2023-25751.html * https://www.suse.com/security/cve/CVE-2023-25752.html * https://www.suse.com/security/cve/CVE-2023-28159.html * https://www.suse.com/security/cve/CVE-2023-28160.html * https://www.suse.com/security/cve/CVE-2023-28161.html * https://www.suse.com/security/cve/CVE-2023-28162.html * https://www.suse.com/security/cve/CVE-2023-28163.html * https://www.suse.com/security/cve/CVE-2023-28164.html * https://www.suse.com/security/cve/CVE-2023-28176.html * https://www.suse.com/security/cve/CVE-2023-28177.html * https://bugzilla.suse.com/show_bug.cgi?id=1209173 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 12:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 12:30:22 -0000 Subject: SUSE-SU-2023:0762-1: important: Security update for the Linux Kernel Message-ID: <167896982232.31764.1636315954043263125@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:0762-1 Rating: important References: * #1065729 * #1198438 * #1203331 * #1205711 * #1206103 * #1207051 * #1207845 * #1208179 * #1208542 * #1208700 * #1208837 * #1209008 * #1209188 Cross-References: * CVE-2022-38096 * CVE-2022-4129 * CVE-2023-0597 * CVE-2023-1118 * CVE-2023-23559 * CVE-2023-26545 CVSS scores: * CVE-2022-38096 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38096 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-4129 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-4129 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0597 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26545 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26545 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves six vulnerabilities and has seven fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). * CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) * CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). * CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). * CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). The following non-security bugs were fixed: * bonding: fix 802.3ad state sent to partner when unbinding slave (git-fixes). * do not sign the vanilla kernel (bsc#1209008). * icmp: do not fail on fragment reassembly time exceeded (git-fixes). * ipmi: fix initialization when workqueue allocation fails (git-fixes). * ipmi: msghandler: Make symbol 'remove_work_wq' static (git-fixes). * kabi fix for - SUNRPC: Fix priority queue fairness (git-fixes). * kabi fix for: NFS: Pass error information to the pgio error cleanup routine (git-fixes). * kabi/severities: add l2tp local symbols * kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. * media: coda: Add check for dcoda_iram_alloc (git-fixes). * media: coda: Add check for kmalloc (git-fixes). * media: platform: ti: Add missing check for devm_regulator_get (git-fixes). * net: aquantia: fix RSS table and key sizes (git-fixes). * netfilter: ipvs: Fix inappropriate output of procfs (git-fixes). * netfilter: xt_connlimit: do not store address in the conn nodes (git-fixes). * nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request (git- fixes). * nfs: Pass error information to the pgio error cleanup routine (git-fixes). * nfsd: fix handling of readdir in v4root vs. mount upcall timeout (git- fixes). * nfsd: fix race to check ls_layouts (git-fixes). * nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git- fixes). * ocfs2: Fix data corruption after failed write (bsc#1208542). * pNFS/filelayout: Fix coalescing test for single DS (git-fixes). * powerpc/eeh: Fix use-after-release of EEH driver (bsc#1065729). * powerpc/fscr: Enable interrupts earlier before calling get_user() (bsc#1065729). * powerpc/powernv: Fix build error in opal-imc.c when NUMA=n (bsc#1065729). * powerpc/powernv: IMC fix out of bounds memory access at shutdown (bsc#1065729). * scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). * sunrpc: Fix priority queue fairness (git-fixes). * sunrpc: ensure the matching upcall is in-flight upon downcall (git-fixes). * vlan: Fix out of order vlan headers with reorder header off (git-fixes). * vlan: Fix vlan insertion for packets without ethernet header (git-fixes). * vxlan: Fix error path in __vxlan_dev_create() (git-fixes). * vxlan: changelink: Fix handling of default remotes (git-fixes). * xfrm: Copy policy family in clone_policy (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-762=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-762=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-762=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.127.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kernel-azure-base-debuginfo-4.12.14-16.127.1 * kernel-azure-debugsource-4.12.14-16.127.1 * kernel-azure-devel-4.12.14-16.127.1 * kernel-azure-debuginfo-4.12.14-16.127.1 * kernel-azure-base-4.12.14-16.127.1 * kernel-syms-azure-4.12.14-16.127.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-devel-azure-4.12.14-16.127.1 * kernel-source-azure-4.12.14-16.127.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.127.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * kernel-azure-base-debuginfo-4.12.14-16.127.1 * kernel-azure-debugsource-4.12.14-16.127.1 * kernel-azure-devel-4.12.14-16.127.1 * kernel-azure-debuginfo-4.12.14-16.127.1 * kernel-azure-base-4.12.14-16.127.1 * kernel-syms-azure-4.12.14-16.127.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-devel-azure-4.12.14-16.127.1 * kernel-source-azure-4.12.14-16.127.1 * SUSE Linux Enterprise Server 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.127.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * kernel-azure-base-debuginfo-4.12.14-16.127.1 * kernel-azure-debugsource-4.12.14-16.127.1 * kernel-azure-devel-4.12.14-16.127.1 * kernel-azure-debuginfo-4.12.14-16.127.1 * kernel-azure-base-4.12.14-16.127.1 * kernel-syms-azure-4.12.14-16.127.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-devel-azure-4.12.14-16.127.1 * kernel-source-azure-4.12.14-16.127.1 ## References: * https://www.suse.com/security/cve/CVE-2022-38096.html * https://www.suse.com/security/cve/CVE-2022-4129.html * https://www.suse.com/security/cve/CVE-2023-0597.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://www.suse.com/security/cve/CVE-2023-23559.html * https://www.suse.com/security/cve/CVE-2023-26545.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1198438 * https://bugzilla.suse.com/show_bug.cgi?id=1203331 * https://bugzilla.suse.com/show_bug.cgi?id=1205711 * https://bugzilla.suse.com/show_bug.cgi?id=1206103 * https://bugzilla.suse.com/show_bug.cgi?id=1207051 * https://bugzilla.suse.com/show_bug.cgi?id=1207845 * https://bugzilla.suse.com/show_bug.cgi?id=1208179 * https://bugzilla.suse.com/show_bug.cgi?id=1208542 * https://bugzilla.suse.com/show_bug.cgi?id=1208700 * https://bugzilla.suse.com/show_bug.cgi?id=1208837 * https://bugzilla.suse.com/show_bug.cgi?id=1209008 * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 12:30:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 12:30:37 -0000 Subject: SUSE-SU-2023:0761-1: important: Security update for qemu Message-ID: <167896983783.31764.3191598954422360854@smelt2.suse.de> # Security update for qemu Announcement ID: SUSE-SU-2023:0761-1 Rating: important References: * #1172033 * #1172382 * #1175144 * #1180207 * #1182282 * #1185000 * #1193880 * #1197653 * #1198035 * #1198038 * #1198712 * #1201367 * #1205808 Cross-References: * CVE-2020-13253 * CVE-2020-13754 * CVE-2020-14394 * CVE-2020-17380 * CVE-2020-25085 * CVE-2021-3409 * CVE-2021-3507 * CVE-2021-3929 * CVE-2021-4206 * CVE-2022-0216 * CVE-2022-1050 * CVE-2022-26354 * CVE-2022-35414 * CVE-2022-4144 CVSS scores: * CVE-2020-13253 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2020-13253 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-13754 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L * CVE-2020-13754 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2020-14394 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L * CVE-2020-14394 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L * CVE-2020-17380 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L * CVE-2020-17380 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L * CVE-2020-25085 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L * CVE-2020-25085 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L * CVE-2021-3409 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L * CVE-2021-3409 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L * CVE-2021-3507 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2021-3507 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2021-3929 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2021-3929 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2021-4206 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2021-4206 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2022-0216 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2022-0216 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-1050 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2022-1050 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2022-26354 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L * CVE-2022-26354 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L * CVE-2022-35414 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2022-35414 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2022-4144 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2022-4144 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 14 vulnerabilities can now be installed. ## Description: This update for qemu fixes the following issues: * bsc#1172033 (CVE-2020-13253) * bsc#1180207 (CVE-2020-14394) * bsc#1172382 (CVE-2020-13754) * bsc#1198038 (CVE-2022-0216) * bsc#1193880 (CVE-2021-3929) * bsc#1197653 (CVE-2022-1050) * bsc#1205808 (CVE-2022-4144), bsc#1198712 (CVE-2022-26354) * bsc#1175144 (CVE-2020-17380, CVE-2020-25085, CVE-2021-3409), bsc#1185000 (CVE-2021-3507), bsc#1201367, CVE-2022-35414 * About bsc#1175144, see also bsc#1182282 (CVE-2021-3409) * bsc#1198035, CVE-2021-4206 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-761=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-761=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-761=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * qemu-audio-sdl-3.1.1.1-66.1 * qemu-block-ssh-debuginfo-3.1.1.1-66.1 * qemu-audio-oss-3.1.1.1-66.1 * qemu-audio-oss-debuginfo-3.1.1.1-66.1 * qemu-block-rbd-debuginfo-3.1.1.1-66.1 * qemu-block-ssh-3.1.1.1-66.1 * qemu-block-iscsi-3.1.1.1-66.1 * qemu-audio-alsa-debuginfo-3.1.1.1-66.1 * qemu-debugsource-3.1.1.1-66.1 * qemu-audio-sdl-debuginfo-3.1.1.1-66.1 * qemu-guest-agent-3.1.1.1-66.1 * qemu-block-curl-3.1.1.1-66.1 * qemu-audio-pa-debuginfo-3.1.1.1-66.1 * qemu-ui-sdl-debuginfo-3.1.1.1-66.1 * qemu-ui-gtk-debuginfo-3.1.1.1-66.1 * qemu-block-curl-debuginfo-3.1.1.1-66.1 * qemu-block-rbd-3.1.1.1-66.1 * qemu-guest-agent-debuginfo-3.1.1.1-66.1 * qemu-3.1.1.1-66.1 * qemu-ui-curses-3.1.1.1-66.1 * qemu-audio-pa-3.1.1.1-66.1 * qemu-ui-sdl-3.1.1.1-66.1 * qemu-ui-curses-debuginfo-3.1.1.1-66.1 * qemu-ui-gtk-3.1.1.1-66.1 * qemu-lang-3.1.1.1-66.1 * qemu-audio-alsa-3.1.1.1-66.1 * qemu-tools-3.1.1.1-66.1 * qemu-block-iscsi-debuginfo-3.1.1.1-66.1 * qemu-tools-debuginfo-3.1.1.1-66.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64) * qemu-arm-debuginfo-3.1.1.1-66.1 * qemu-arm-3.1.1.1-66.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * qemu-sgabios-8-66.1 * qemu-seabios-1.12.0_0_ga698c89-66.1 * qemu-vgabios-1.12.0_0_ga698c89-66.1 * qemu-ipxe-1.0.0+-66.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * qemu-kvm-3.1.1.1-66.1 * qemu-x86-3.1.1.1-66.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * qemu-audio-sdl-3.1.1.1-66.1 * qemu-block-ssh-debuginfo-3.1.1.1-66.1 * qemu-audio-oss-3.1.1.1-66.1 * qemu-audio-oss-debuginfo-3.1.1.1-66.1 * qemu-block-ssh-3.1.1.1-66.1 * qemu-block-iscsi-3.1.1.1-66.1 * qemu-audio-alsa-debuginfo-3.1.1.1-66.1 * qemu-debugsource-3.1.1.1-66.1 * qemu-audio-sdl-debuginfo-3.1.1.1-66.1 * qemu-guest-agent-3.1.1.1-66.1 * qemu-block-curl-3.1.1.1-66.1 * qemu-audio-pa-debuginfo-3.1.1.1-66.1 * qemu-ui-sdl-debuginfo-3.1.1.1-66.1 * qemu-ui-gtk-debuginfo-3.1.1.1-66.1 * qemu-block-curl-debuginfo-3.1.1.1-66.1 * qemu-guest-agent-debuginfo-3.1.1.1-66.1 * qemu-3.1.1.1-66.1 * qemu-ui-curses-3.1.1.1-66.1 * qemu-audio-pa-3.1.1.1-66.1 * qemu-ui-sdl-3.1.1.1-66.1 * qemu-ui-curses-debuginfo-3.1.1.1-66.1 * qemu-ui-gtk-3.1.1.1-66.1 * qemu-lang-3.1.1.1-66.1 * qemu-audio-alsa-3.1.1.1-66.1 * qemu-tools-3.1.1.1-66.1 * qemu-block-iscsi-debuginfo-3.1.1.1-66.1 * qemu-tools-debuginfo-3.1.1.1-66.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64) * qemu-arm-debuginfo-3.1.1.1-66.1 * qemu-arm-3.1.1.1-66.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 x86_64) * qemu-block-rbd-3.1.1.1-66.1 * qemu-block-rbd-debuginfo-3.1.1.1-66.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * qemu-sgabios-8-66.1 * qemu-seabios-1.12.0_0_ga698c89-66.1 * qemu-vgabios-1.12.0_0_ga698c89-66.1 * qemu-ipxe-1.0.0+-66.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le) * qemu-ppc-3.1.1.1-66.1 * qemu-ppc-debuginfo-3.1.1.1-66.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * qemu-kvm-3.1.1.1-66.1 * SUSE Linux Enterprise Server 12 SP5 (s390x) * qemu-s390-debuginfo-3.1.1.1-66.1 * qemu-s390-3.1.1.1-66.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * qemu-x86-3.1.1.1-66.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * qemu-audio-sdl-3.1.1.1-66.1 * qemu-block-ssh-debuginfo-3.1.1.1-66.1 * qemu-audio-oss-3.1.1.1-66.1 * qemu-audio-oss-debuginfo-3.1.1.1-66.1 * qemu-block-ssh-3.1.1.1-66.1 * qemu-block-iscsi-3.1.1.1-66.1 * qemu-audio-alsa-debuginfo-3.1.1.1-66.1 * qemu-debugsource-3.1.1.1-66.1 * qemu-audio-sdl-debuginfo-3.1.1.1-66.1 * qemu-guest-agent-3.1.1.1-66.1 * qemu-block-curl-3.1.1.1-66.1 * qemu-audio-pa-debuginfo-3.1.1.1-66.1 * qemu-ui-sdl-debuginfo-3.1.1.1-66.1 * qemu-ui-gtk-debuginfo-3.1.1.1-66.1 * qemu-block-curl-debuginfo-3.1.1.1-66.1 * qemu-guest-agent-debuginfo-3.1.1.1-66.1 * qemu-3.1.1.1-66.1 * qemu-ui-curses-3.1.1.1-66.1 * qemu-audio-pa-3.1.1.1-66.1 * qemu-ui-sdl-3.1.1.1-66.1 * qemu-ui-curses-debuginfo-3.1.1.1-66.1 * qemu-ui-gtk-3.1.1.1-66.1 * qemu-lang-3.1.1.1-66.1 * qemu-audio-alsa-3.1.1.1-66.1 * qemu-tools-3.1.1.1-66.1 * qemu-block-iscsi-debuginfo-3.1.1.1-66.1 * qemu-tools-debuginfo-3.1.1.1-66.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * qemu-sgabios-8-66.1 * qemu-seabios-1.12.0_0_ga698c89-66.1 * qemu-vgabios-1.12.0_0_ga698c89-66.1 * qemu-ipxe-1.0.0+-66.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le) * qemu-ppc-3.1.1.1-66.1 * qemu-ppc-debuginfo-3.1.1.1-66.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * qemu-block-rbd-3.1.1.1-66.1 * qemu-kvm-3.1.1.1-66.1 * qemu-x86-3.1.1.1-66.1 * qemu-block-rbd-debuginfo-3.1.1.1-66.1 ## References: * https://www.suse.com/security/cve/CVE-2020-13253.html * https://www.suse.com/security/cve/CVE-2020-13754.html * https://www.suse.com/security/cve/CVE-2020-14394.html * https://www.suse.com/security/cve/CVE-2020-17380.html * https://www.suse.com/security/cve/CVE-2020-25085.html * https://www.suse.com/security/cve/CVE-2021-3409.html * https://www.suse.com/security/cve/CVE-2021-3507.html * https://www.suse.com/security/cve/CVE-2021-3929.html * https://www.suse.com/security/cve/CVE-2021-4206.html * https://www.suse.com/security/cve/CVE-2022-0216.html * https://www.suse.com/security/cve/CVE-2022-1050.html * https://www.suse.com/security/cve/CVE-2022-26354.html * https://www.suse.com/security/cve/CVE-2022-35414.html * https://www.suse.com/security/cve/CVE-2022-4144.html * https://bugzilla.suse.com/show_bug.cgi?id=1172033 * https://bugzilla.suse.com/show_bug.cgi?id=1172382 * https://bugzilla.suse.com/show_bug.cgi?id=1175144 * https://bugzilla.suse.com/show_bug.cgi?id=1180207 * https://bugzilla.suse.com/show_bug.cgi?id=1182282 * https://bugzilla.suse.com/show_bug.cgi?id=1185000 * https://bugzilla.suse.com/show_bug.cgi?id=1193880 * https://bugzilla.suse.com/show_bug.cgi?id=1197653 * https://bugzilla.suse.com/show_bug.cgi?id=1198035 * https://bugzilla.suse.com/show_bug.cgi?id=1198038 * https://bugzilla.suse.com/show_bug.cgi?id=1198712 * https://bugzilla.suse.com/show_bug.cgi?id=1201367 * https://bugzilla.suse.com/show_bug.cgi?id=1205808 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 12:30:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 12:30:41 -0000 Subject: SUSE-SU-2023:0760-1: important: Security update for vim Message-ID: <167896984162.31764.7463244941179570718@smelt2.suse.de> # Security update for vim Announcement ID: SUSE-SU-2023:0760-1 Rating: important References: * #1207780 * #1208828 * #1208957 * #1208959 Cross-References: * CVE-2023-0512 * CVE-2023-1127 * CVE-2023-1170 * CVE-2023-1175 CVSS scores: * CVE-2023-0512 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-0512 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-1127 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-1127 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-1127 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-1170 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-1170 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2023-1170 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-1175 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-1175 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2023-1175 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves four vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * CVE-2023-0512: Fixed a divide By Zero (bsc#1207780). * CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957). * CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959). * CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Updated to version 9.0 with patch level 1386. * https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-760=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-760=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-760=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-760=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-760=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-760=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-760=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-760=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-760=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * gvim-9.0.1386-17.15.4 * gvim-debuginfo-9.0.1386-17.15.4 * vim-debugsource-9.0.1386-17.15.4 * vim-debuginfo-9.0.1386-17.15.4 * vim-9.0.1386-17.15.4 * SUSE OpenStack Cloud 9 (noarch) * vim-data-common-9.0.1386-17.15.4 * vim-data-9.0.1386-17.15.4 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * gvim-9.0.1386-17.15.4 * gvim-debuginfo-9.0.1386-17.15.4 * vim-debugsource-9.0.1386-17.15.4 * vim-debuginfo-9.0.1386-17.15.4 * vim-9.0.1386-17.15.4 * SUSE OpenStack Cloud Crowbar 9 (noarch) * vim-data-common-9.0.1386-17.15.4 * vim-data-9.0.1386-17.15.4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * gvim-9.0.1386-17.15.4 * gvim-debuginfo-9.0.1386-17.15.4 * vim-debugsource-9.0.1386-17.15.4 * vim-debuginfo-9.0.1386-17.15.4 * vim-9.0.1386-17.15.4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * vim-data-common-9.0.1386-17.15.4 * vim-data-9.0.1386-17.15.4 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * gvim-9.0.1386-17.15.4 * gvim-debuginfo-9.0.1386-17.15.4 * vim-debugsource-9.0.1386-17.15.4 * vim-debuginfo-9.0.1386-17.15.4 * vim-9.0.1386-17.15.4 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * vim-data-common-9.0.1386-17.15.4 * vim-data-9.0.1386-17.15.4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * gvim-9.0.1386-17.15.4 * gvim-debuginfo-9.0.1386-17.15.4 * vim-debugsource-9.0.1386-17.15.4 * vim-debuginfo-9.0.1386-17.15.4 * vim-9.0.1386-17.15.4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * vim-data-common-9.0.1386-17.15.4 * vim-data-9.0.1386-17.15.4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * gvim-9.0.1386-17.15.4 * gvim-debuginfo-9.0.1386-17.15.4 * vim-debugsource-9.0.1386-17.15.4 * vim-debuginfo-9.0.1386-17.15.4 * vim-9.0.1386-17.15.4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * vim-data-common-9.0.1386-17.15.4 * vim-data-9.0.1386-17.15.4 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * gvim-9.0.1386-17.15.4 * gvim-debuginfo-9.0.1386-17.15.4 * vim-debugsource-9.0.1386-17.15.4 * vim-debuginfo-9.0.1386-17.15.4 * vim-9.0.1386-17.15.4 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * vim-data-common-9.0.1386-17.15.4 * vim-data-9.0.1386-17.15.4 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * gvim-9.0.1386-17.15.4 * gvim-debuginfo-9.0.1386-17.15.4 * vim-debugsource-9.0.1386-17.15.4 * vim-debuginfo-9.0.1386-17.15.4 * vim-9.0.1386-17.15.4 * SUSE Linux Enterprise Server 12 SP5 (noarch) * vim-data-common-9.0.1386-17.15.4 * vim-data-9.0.1386-17.15.4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * gvim-9.0.1386-17.15.4 * gvim-debuginfo-9.0.1386-17.15.4 * vim-debugsource-9.0.1386-17.15.4 * vim-debuginfo-9.0.1386-17.15.4 * vim-9.0.1386-17.15.4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * vim-data-common-9.0.1386-17.15.4 * vim-data-9.0.1386-17.15.4 ## References: * https://www.suse.com/security/cve/CVE-2023-0512.html * https://www.suse.com/security/cve/CVE-2023-1127.html * https://www.suse.com/security/cve/CVE-2023-1170.html * https://www.suse.com/security/cve/CVE-2023-1175.html * https://bugzilla.suse.com/show_bug.cgi?id=1207780 * https://bugzilla.suse.com/show_bug.cgi?id=1208828 * https://bugzilla.suse.com/show_bug.cgi?id=1208957 * https://bugzilla.suse.com/show_bug.cgi?id=1208959 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 12:30:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 12:30:43 -0000 Subject: SUSE-SU-2023:0759-1: moderate: Security update for perl-Net-Server Message-ID: <167896984386.31764.5572200174140481012@smelt2.suse.de> # Security update for perl-Net-Server Announcement ID: SUSE-SU-2023:0759-1 Rating: moderate References: * #808830 Cross-References: * CVE-2013-1841 CVSS scores: Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for perl-Net-Server fixes the following issues: * CVE-2013-1841: Fixed insufficient hostname access checking (bsc#808830). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-759=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-759=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-759=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * perl-Net-Server-2.007-5.3.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * perl-Net-Server-2.007-5.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * perl-Net-Server-2.007-5.3.1 ## References: * https://www.suse.com/security/cve/CVE-2013-1841.html * https://bugzilla.suse.com/show_bug.cgi?id=808830 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 12:30:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 12:30:47 -0000 Subject: SUSE-SU-2023:0758-1: important: Security update for jakarta-commons-fileupload Message-ID: <167896984722.31764.125576880416458499@smelt2.suse.de> # Security update for jakarta-commons-fileupload Announcement ID: SUSE-SU-2023:0758-1 Rating: important References: * #1208513 * #986359 Cross-References: * CVE-2016-3092 * CVE-2023-24998 CVSS scores: * CVE-2016-3092 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24998 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24998 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves two vulnerabilities can now be installed. ## Description: This update for jakarta-commons-fileupload fixes the following issues: * CVE-2016-3092: Fixed a usage of vulnerable FileUpload package can result in denial of service (bsc#986359). * CVE-2023-24998: Fixed a FileUpload deny of service with excessive parts (bsc#1208513). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-758=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-758=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-758=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-758=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-758=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-758=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-758=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-758=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-758=1 ## Package List: * SUSE OpenStack Cloud 9 (noarch) * jakarta-commons-fileupload-javadoc-1.1.1-122.8.1 * jakarta-commons-fileupload-1.1.1-122.8.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * jakarta-commons-fileupload-javadoc-1.1.1-122.8.1 * jakarta-commons-fileupload-1.1.1-122.8.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * jakarta-commons-fileupload-javadoc-1.1.1-122.8.1 * jakarta-commons-fileupload-1.1.1-122.8.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * jakarta-commons-fileupload-javadoc-1.1.1-122.8.1 * jakarta-commons-fileupload-1.1.1-122.8.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * jakarta-commons-fileupload-javadoc-1.1.1-122.8.1 * jakarta-commons-fileupload-1.1.1-122.8.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * jakarta-commons-fileupload-javadoc-1.1.1-122.8.1 * jakarta-commons-fileupload-1.1.1-122.8.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * jakarta-commons-fileupload-javadoc-1.1.1-122.8.1 * jakarta-commons-fileupload-1.1.1-122.8.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * jakarta-commons-fileupload-javadoc-1.1.1-122.8.1 * jakarta-commons-fileupload-1.1.1-122.8.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * jakarta-commons-fileupload-javadoc-1.1.1-122.8.1 * jakarta-commons-fileupload-1.1.1-122.8.1 ## References: * https://www.suse.com/security/cve/CVE-2016-3092.html * https://www.suse.com/security/cve/CVE-2023-24998.html * https://bugzilla.suse.com/show_bug.cgi?id=1208513 * https://bugzilla.suse.com/show_bug.cgi?id=986359 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 12:30:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 12:30:49 -0000 Subject: SUSE-RU-2023:0757-1: low: Recommended update for tar Message-ID: <167896984949.31764.6307801969680279826@smelt2.suse.de> # Recommended update for tar Announcement ID: SUSE-RU-2023:0757-1 Rating: low References: * #1202436 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for tar fixes the following issues: * Fix hang when unpacking test tarball (bsc#1202436) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-757=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-757=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-757=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * tar-debuginfo-1.27.1-15.21.1 * tar-debugsource-1.27.1-15.21.1 * tar-1.27.1-15.21.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * tar-lang-1.27.1-15.21.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * tar-debuginfo-1.27.1-15.21.1 * tar-debugsource-1.27.1-15.21.1 * tar-1.27.1-15.21.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * tar-lang-1.27.1-15.21.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * tar-debuginfo-1.27.1-15.21.1 * tar-debugsource-1.27.1-15.21.1 * tar-1.27.1-15.21.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * tar-lang-1.27.1-15.21.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1202436 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 12:30:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 12:30:51 -0000 Subject: SUSE-RU-2023:0756-1: moderate: Recommended update for libappindicator Message-ID: <167896985118.31764.17678436716157187067@smelt2.suse.de> # Recommended update for libappindicator Announcement ID: SUSE-RU-2023:0756-1 Rating: moderate References: * #1207112 Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that has one recommended fix can now be installed. ## Description: This update for libappindicator fixes the following issues: * Provide compatibility symbol required by Slack RPM package (bsc#1207112) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-756=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-756=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-756=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-756=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-756=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-756=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-756=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-756=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-756=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-756=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libappindicator3-1-debuginfo-12.10.1+bzr20170215-150200.3.3.1 * typelib-1_0-AppIndicator3-0_1-12.10.1+bzr20170215-150200.3.3.1 * libappindicator3-debugsource-12.10.1+bzr20170215-150200.3.3.1 * libappindicator3-1-12.10.1+bzr20170215-150200.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libappindicator-debuginfo-12.10.1+bzr20170215-150200.3.3.1 * libappindicator1-debuginfo-12.10.1+bzr20170215-150200.3.3.1 * libappindicator3-debugsource-12.10.1+bzr20170215-150200.3.3.1 * libappindicator3-devel-12.10.1+bzr20170215-150200.3.3.1 * libappindicator-devel-12.10.1+bzr20170215-150200.3.3.1 * libappindicator1-12.10.1+bzr20170215-150200.3.3.1 * typelib-1_0-AppIndicator-0_1-12.10.1+bzr20170215-150200.3.3.1 * typelib-1_0-AppIndicator3-0_1-12.10.1+bzr20170215-150200.3.3.1 * libappindicator3-1-12.10.1+bzr20170215-150200.3.3.1 * libappindicator3-1-debuginfo-12.10.1+bzr20170215-150200.3.3.1 * libappindicator-debugsource-12.10.1+bzr20170215-150200.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libappindicator3-1-debuginfo-12.10.1+bzr20170215-150200.3.3.1 * typelib-1_0-AppIndicator3-0_1-12.10.1+bzr20170215-150200.3.3.1 * libappindicator3-debugsource-12.10.1+bzr20170215-150200.3.3.1 * libappindicator3-1-12.10.1+bzr20170215-150200.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libappindicator3-1-debuginfo-12.10.1+bzr20170215-150200.3.3.1 * typelib-1_0-AppIndicator3-0_1-12.10.1+bzr20170215-150200.3.3.1 * libappindicator3-debugsource-12.10.1+bzr20170215-150200.3.3.1 * libappindicator3-1-12.10.1+bzr20170215-150200.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libappindicator3-1-debuginfo-12.10.1+bzr20170215-150200.3.3.1 * typelib-1_0-AppIndicator3-0_1-12.10.1+bzr20170215-150200.3.3.1 * libappindicator3-debugsource-12.10.1+bzr20170215-150200.3.3.1 * libappindicator3-1-12.10.1+bzr20170215-150200.3.3.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libappindicator3-debugsource-12.10.1+bzr20170215-150200.3.3.1 * libappindicator3-devel-12.10.1+bzr20170215-150200.3.3.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * libappindicator-debuginfo-12.10.1+bzr20170215-150200.3.3.1 * libappindicator1-debuginfo-12.10.1+bzr20170215-150200.3.3.1 * libappindicator-debugsource-12.10.1+bzr20170215-150200.3.3.1 * libappindicator1-12.10.1+bzr20170215-150200.3.3.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libappindicator3-debugsource-12.10.1+bzr20170215-150200.3.3.1 * libappindicator3-devel-12.10.1+bzr20170215-150200.3.3.1 * typelib-1_0-AppIndicator3-0_1-12.10.1+bzr20170215-150200.3.3.1 * libappindicator3-1-12.10.1+bzr20170215-150200.3.3.1 * libappindicator3-1-debuginfo-12.10.1+bzr20170215-150200.3.3.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libappindicator3-1-debuginfo-12.10.1+bzr20170215-150200.3.3.1 * typelib-1_0-AppIndicator3-0_1-12.10.1+bzr20170215-150200.3.3.1 * libappindicator3-debugsource-12.10.1+bzr20170215-150200.3.3.1 * libappindicator3-1-12.10.1+bzr20170215-150200.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libappindicator3-1-debuginfo-12.10.1+bzr20170215-150200.3.3.1 * typelib-1_0-AppIndicator3-0_1-12.10.1+bzr20170215-150200.3.3.1 * libappindicator3-debugsource-12.10.1+bzr20170215-150200.3.3.1 * libappindicator3-1-12.10.1+bzr20170215-150200.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207112 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 12:30:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 12:30:53 -0000 Subject: SUSE-RU-2023:0755-1: moderate: Recommended update for xf86-input-libinput Message-ID: <167896985310.31764.2301366425193399161@smelt2.suse.de> # Recommended update for xf86-input-libinput Announcement ID: SUSE-RU-2023:0755-1 Rating: moderate References: * #1208486 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for xf86-input-libinput fixes the following issues: * Make sure the device is valid when setting the tap button map (bsc#1208486) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-755=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-755=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * xf86-input-libinput-0.28.1-150400.15.3.1 * xf86-input-libinput-debugsource-0.28.1-150400.15.3.1 * xf86-input-libinput-debuginfo-0.28.1-150400.15.3.1 * xf86-input-libinput-devel-0.28.1-150400.15.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * xf86-input-libinput-0.28.1-150400.15.3.1 * xf86-input-libinput-debugsource-0.28.1-150400.15.3.1 * xf86-input-libinput-debuginfo-0.28.1-150400.15.3.1 * xf86-input-libinput-devel-0.28.1-150400.15.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208486 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 12:30:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 12:30:55 -0000 Subject: SUSE-RU-2023:0754-1: moderate: Recommended update for pam_saslauthd Message-ID: <167896985500.31764.13277426962594930026@smelt2.suse.de> # Recommended update for pam_saslauthd Announcement ID: SUSE-RU-2023:0754-1 Rating: moderate References: * #1206563 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for pam_saslauthd fixes the following issues: * Improve pam_saslauthd default configuration for openldap migration (bsc#1206563) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-754=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-754=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * pam_saslauthd-debugsource-0.1.0~3-150400.9.9.1 * pam_saslauthd-0.1.0~3-150400.9.9.1 * pam_saslauthd-debuginfo-0.1.0~3-150400.9.9.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * pam_saslauthd-debugsource-0.1.0~3-150400.9.9.1 * pam_saslauthd-0.1.0~3-150400.9.9.1 * pam_saslauthd-debuginfo-0.1.0~3-150400.9.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206563 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 12:30:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 12:30:55 -0000 Subject: SUSE-RU-2023:0753-1: important: Feature update for cpuid Message-ID: <167896985593.31764.13446486803953819546@smelt2.suse.de> # Feature update for cpuid Announcement ID: SUSE-RU-2023:0753-1 Rating: important References: Affected Products: * Basesystem Module 15-SP4 * HPC Module 15-SP3 * HPC Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains three features can now be installed. ## Description: This update for cpuid fixes the following issues: * Inclued cpuid in SUSE Linux Enterprise 15 Service Pack 4 Basesystem Module on x86_64 architecture (jsc#PED-3044) * Version update from 20201006 to 20221201 (jsc#PED-2804, jsc#PED-3028): * Multiple detection and decodings updated * Many updated and added identified CPU models and variants * Updated hypervisor support * For the detailed list of changes please consult the packaged Changelog ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-753=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-753=1 * HPC Module 15-SP3 zypper in -t patch SUSE-SLE-Module-HPC-15-SP3-2023-753=1 * HPC Module 15-SP4 zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2023-753=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-753=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-753=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * cpuid-20221201-150300.3.4.1 * cpuid-debugsource-20221201-150300.3.4.1 * cpuid-debuginfo-20221201-150300.3.4.1 * Basesystem Module 15-SP4 (x86_64) * cpuid-20221201-150300.3.4.1 * cpuid-debugsource-20221201-150300.3.4.1 * cpuid-debuginfo-20221201-150300.3.4.1 * HPC Module 15-SP3 (x86_64) * cpuid-20221201-150300.3.4.1 * cpuid-debugsource-20221201-150300.3.4.1 * cpuid-debuginfo-20221201-150300.3.4.1 * HPC Module 15-SP4 (x86_64) * cpuid-20221201-150300.3.4.1 * cpuid-debugsource-20221201-150300.3.4.1 * cpuid-debuginfo-20221201-150300.3.4.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * cpuid-20221201-150300.3.4.1 * cpuid-debugsource-20221201-150300.3.4.1 * cpuid-debuginfo-20221201-150300.3.4.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * cpuid-20221201-150300.3.4.1 * cpuid-debugsource-20221201-150300.3.4.1 * cpuid-debuginfo-20221201-150300.3.4.1 ## References: * https://jira.suse.com/browse/PED-2804 * https://jira.suse.com/browse/PED-3028 * https://jira.suse.com/browse/PED-3044 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 16:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 16:30:12 -0000 Subject: SUSE-SU-2023:0770-1: important: Security update for the Linux Kernel Message-ID: <167898421249.21758.10254884636523409666@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:0770-1 Rating: important References: * #1065729 * #1198438 * #1203331 * #1205711 * #1206103 * #1207051 * #1207845 * #1208542 * #1208700 * #1208837 * #1209188 Cross-References: * CVE-2022-38096 * CVE-2022-4129 * CVE-2023-0597 * CVE-2023-1118 * CVE-2023-23559 * CVE-2023-26545 CVSS scores: * CVE-2022-38096 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38096 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-4129 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-4129 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0597 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26545 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26545 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves six vulnerabilities and has five fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). * CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) * CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). * CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). * CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). The following non-security bugs were fixed: * bonding: fix 802.3ad state sent to partner when unbinding slave (git-fixes). * icmp: do not fail on fragment reassembly time exceeded (git-fixes). * ipmi: fix initialization when workqueue allocation fails (git-fixes). * ipmi: msghandler: Make symbol 'remove_work_wq' static (git-fixes). * kabi fix for - SUNRPC: Fix priority queue fairness (git-fixes). * kabi fix for: NFS: Pass error information to the pgio error cleanup routine (git-fixes). * kabi/severities: add l2tp local symbols * net: aquantia: fix RSS table and key sizes (git-fixes). * netfilter: ipvs: Fix inappropriate output of procfs (git-fixes). * netfilter: xt_connlimit: do not store address in the conn nodes (git-fixes). * nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request (git- fixes). * nfs: Pass error information to the pgio error cleanup routine (git-fixes). * nfsd: fix handling of readdir in v4root vs. mount upcall timeout (git- fixes). * nfsd: fix race to check ls_layouts (git-fixes). * nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git- fixes). * ocfs2: Fix data corruption after failed write (bsc#1208542). * pNFS/filelayout: Fix coalescing test for single DS (git-fixes). * powerpc/eeh: Fix use-after-release of EEH driver (bsc#1065729). * powerpc/fscr: Enable interrupts earlier before calling get_user() (bsc#1065729). * powerpc/powernv: Fix build error in opal-imc.c when NUMA=n (bsc#1065729). * powerpc/powernv: IMC fix out of bounds memory access at shutdown (bsc#1065729). * scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). * sunrpc: Fix priority queue fairness (git-fixes). * sunrpc: ensure the matching upcall is in-flight upon downcall (git-fixes). * vlan: Fix out of order vlan headers with reorder header off (git-fixes). * vlan: Fix vlan insertion for packets without ethernet header (git-fixes). * vxlan: Fix error path in __vxlan_dev_create() (git-fixes). * vxlan: changelink: Fix handling of default remotes (git-fixes). * xfrm: Copy policy family in clone_policy (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-770=1 SUSE-SLE- HA-12-SP5-2023-770=1 * SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-770=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-770=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-770=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-770=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-770=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-770=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * kernel-default-debuginfo-4.12.14-122.153.1 * cluster-md-kmp-default-4.12.14-122.153.1 * dlm-kmp-default-debuginfo-4.12.14-122.153.1 * kernel-default-devel-4.12.14-122.153.1 * kernel-syms-4.12.14-122.153.1 * gfs2-kmp-default-debuginfo-4.12.14-122.153.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.153.1 * kernel-default-debugsource-4.12.14-122.153.1 * gfs2-kmp-default-4.12.14-122.153.1 * kernel-default-base-debuginfo-4.12.14-122.153.1 * ocfs2-kmp-default-4.12.14-122.153.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.153.1 * kernel-default-base-4.12.14-122.153.1 * dlm-kmp-default-4.12.14-122.153.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64) * kernel-default-4.12.14-122.153.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-devel-4.12.14-122.153.1 * kernel-macros-4.12.14-122.153.1 * kernel-source-4.12.14-122.153.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.153.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64) * kernel-default-debuginfo-4.12.14-122.153.1 * cluster-md-kmp-default-4.12.14-122.153.1 * dlm-kmp-default-debuginfo-4.12.14-122.153.1 * gfs2-kmp-default-debuginfo-4.12.14-122.153.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.153.1 * kernel-default-debugsource-4.12.14-122.153.1 * gfs2-kmp-default-4.12.14-122.153.1 * ocfs2-kmp-default-4.12.14-122.153.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.153.1 * dlm-kmp-default-4.12.14-122.153.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (nosrc) * kernel-default-4.12.14-122.153.1 * SUSE Linux Enterprise Live Patching 12-SP5 (nosrc) * kernel-default-4.12.14-122.153.1 * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kernel-default-debuginfo-4.12.14-122.153.1 * kernel-default-kgraft-devel-4.12.14-122.153.1 * kernel-default-kgraft-4.12.14-122.153.1 * kernel-default-debugsource-4.12.14-122.153.1 * kgraft-patch-4_12_14-122_153-default-1-8.3.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch nosrc) * kernel-docs-4.12.14-122.153.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-4.12.14-122.153.1 * kernel-obs-build-4.12.14-122.153.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 nosrc x86_64) * kernel-default-4.12.14-122.153.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * kernel-default-debuginfo-4.12.14-122.153.1 * kernel-default-devel-4.12.14-122.153.1 * kernel-syms-4.12.14-122.153.1 * kernel-default-debugsource-4.12.14-122.153.1 * kernel-default-base-4.12.14-122.153.1 * kernel-default-base-debuginfo-4.12.14-122.153.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-devel-4.12.14-122.153.1 * kernel-macros-4.12.14-122.153.1 * kernel-source-4.12.14-122.153.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.153.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-122.153.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-4.12.14-122.153.1 * kernel-default-devel-4.12.14-122.153.1 * kernel-syms-4.12.14-122.153.1 * kernel-default-debugsource-4.12.14-122.153.1 * kernel-default-base-4.12.14-122.153.1 * kernel-default-base-debuginfo-4.12.14-122.153.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-devel-4.12.14-122.153.1 * kernel-macros-4.12.14-122.153.1 * kernel-source-4.12.14-122.153.1 * SUSE Linux Enterprise Server 12 SP5 (s390x) * kernel-default-man-4.12.14-122.153.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.153.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (nosrc) * kernel-default-4.12.14-122.153.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * kernel-default-debugsource-4.12.14-122.153.1 * kernel-default-debuginfo-4.12.14-122.153.1 * kernel-default-extra-4.12.14-122.153.1 * kernel-default-extra-debuginfo-4.12.14-122.153.1 ## References: * https://www.suse.com/security/cve/CVE-2022-38096.html * https://www.suse.com/security/cve/CVE-2022-4129.html * https://www.suse.com/security/cve/CVE-2023-0597.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://www.suse.com/security/cve/CVE-2023-23559.html * https://www.suse.com/security/cve/CVE-2023-26545.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1198438 * https://bugzilla.suse.com/show_bug.cgi?id=1203331 * https://bugzilla.suse.com/show_bug.cgi?id=1205711 * https://bugzilla.suse.com/show_bug.cgi?id=1206103 * https://bugzilla.suse.com/show_bug.cgi?id=1207051 * https://bugzilla.suse.com/show_bug.cgi?id=1207845 * https://bugzilla.suse.com/show_bug.cgi?id=1208542 * https://bugzilla.suse.com/show_bug.cgi?id=1208700 * https://bugzilla.suse.com/show_bug.cgi?id=1208837 * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 16:30:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 16:30:32 -0000 Subject: SUSE-SU-2023:0768-1: important: Security update for the Linux Kernel Message-ID: <167898423295.21758.17742176717678102170@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:0768-1 Rating: important References: * #1186449 * #1194535 * #1201420 * #1203331 * #1203332 * #1204356 * #1204662 * #1205711 * #1207051 * #1207773 * #1207795 * #1207845 * #1207875 * #1208700 * #1208837 * #1209188 Cross-References: * CVE-2021-4203 * CVE-2022-2991 * CVE-2022-36280 * CVE-2022-38096 * CVE-2022-4129 * CVE-2023-0045 * CVE-2023-0590 * CVE-2023-0597 * CVE-2023-1118 * CVE-2023-23559 * CVE-2023-26545 CVSS scores: * CVE-2021-4203 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2021-4203 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2022-2991 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2022-2991 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-36280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36280 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H * CVE-2022-38096 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38096 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-4129 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-4129 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0045 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0597 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26545 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26545 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that solves 11 vulnerabilities and has five fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. * CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535). * CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420). * CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). * CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). * CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) * CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-0597: Fixed a lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). * CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). * CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). The following non-security bugs were fixed: * kabi/severities: add l2tp local symbols * module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). * net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-768=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-768=1 * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-768=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-768=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-768=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-768=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (nosrc) * kernel-debug-4.12.14-150100.197.137.2 * kernel-default-4.12.14-150100.197.137.2 * kernel-kvmsmall-4.12.14-150100.197.137.2 * kernel-zfcpdump-4.12.14-150100.197.137.2 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-base-4.12.14-150100.197.137.2 * kernel-debug-base-debuginfo-4.12.14-150100.197.137.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kernel-default-base-debuginfo-4.12.14-150100.197.137.2 * kernel-vanilla-debuginfo-4.12.14-150100.197.137.2 * kernel-vanilla-devel-debuginfo-4.12.14-150100.197.137.2 * kernel-vanilla-debugsource-4.12.14-150100.197.137.2 * kernel-vanilla-base-debuginfo-4.12.14-150100.197.137.2 * kernel-vanilla-base-4.12.14-150100.197.137.2 * kernel-vanilla-livepatch-devel-4.12.14-150100.197.137.2 * kernel-vanilla-devel-4.12.14-150100.197.137.2 * openSUSE Leap 15.4 (x86_64) * kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.137.2 * kernel-kvmsmall-base-4.12.14-150100.197.137.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-vanilla-4.12.14-150100.197.137.2 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-man-4.12.14-150100.197.137.2 * kernel-default-man-4.12.14-150100.197.137.2 * SUSE Linux Enterprise Live Patching 15-SP1 (nosrc) * kernel-default-4.12.14-150100.197.137.2 * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-default-debuginfo-4.12.14-150100.197.137.2 * kernel-default-debugsource-4.12.14-150100.197.137.2 * kernel-default-livepatch-devel-4.12.14-150100.197.137.2 * kernel-livepatch-4_12_14-150100_197_137-default-1-150100.3.3.2 * kernel-default-livepatch-4.12.14-150100.197.137.2 * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-4.12.14-150100.197.137.2 * dlm-kmp-default-debuginfo-4.12.14-150100.197.137.2 * gfs2-kmp-default-debuginfo-4.12.14-150100.197.137.2 * gfs2-kmp-default-4.12.14-150100.197.137.2 * kernel-default-debuginfo-4.12.14-150100.197.137.2 * ocfs2-kmp-default-debuginfo-4.12.14-150100.197.137.2 * ocfs2-kmp-default-4.12.14-150100.197.137.2 * kernel-default-debugsource-4.12.14-150100.197.137.2 * dlm-kmp-default-4.12.14-150100.197.137.2 * cluster-md-kmp-default-debuginfo-4.12.14-150100.197.137.2 * SUSE Linux Enterprise High Availability Extension 15 SP1 (nosrc) * kernel-default-4.12.14-150100.197.137.2 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 nosrc x86_64) * kernel-default-4.12.14-150100.197.137.2 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * kernel-default-base-debuginfo-4.12.14-150100.197.137.2 * kernel-default-debuginfo-4.12.14-150100.197.137.2 * kernel-syms-4.12.14-150100.197.137.2 * kernel-obs-build-4.12.14-150100.197.137.2 * kernel-default-devel-debuginfo-4.12.14-150100.197.137.2 * kernel-obs-build-debugsource-4.12.14-150100.197.137.2 * kernel-default-debugsource-4.12.14-150100.197.137.2 * kernel-default-base-4.12.14-150100.197.137.2 * kernel-default-devel-4.12.14-150100.197.137.2 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * kernel-macros-4.12.14-150100.197.137.2 * kernel-devel-4.12.14-150100.197.137.2 * kernel-source-4.12.14-150100.197.137.2 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.137.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-150100.197.137.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * kernel-default-base-debuginfo-4.12.14-150100.197.137.2 * kernel-default-debuginfo-4.12.14-150100.197.137.2 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.137.2 * kernel-syms-4.12.14-150100.197.137.2 * kernel-obs-build-4.12.14-150100.197.137.2 * kernel-default-devel-debuginfo-4.12.14-150100.197.137.2 * kernel-obs-build-debugsource-4.12.14-150100.197.137.2 * kernel-default-debugsource-4.12.14-150100.197.137.2 * kernel-default-base-4.12.14-150100.197.137.2 * kernel-default-devel-4.12.14-150100.197.137.2 * reiserfs-kmp-default-4.12.14-150100.197.137.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * kernel-macros-4.12.14-150100.197.137.2 * kernel-devel-4.12.14-150100.197.137.2 * kernel-source-4.12.14-150100.197.137.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.137.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x) * kernel-default-man-4.12.14-150100.197.137.2 * kernel-zfcpdump-debugsource-4.12.14-150100.197.137.2 * kernel-zfcpdump-debuginfo-4.12.14-150100.197.137.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc) * kernel-zfcpdump-4.12.14-150100.197.137.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le x86_64) * kernel-default-4.12.14-150100.197.137.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * kernel-default-base-debuginfo-4.12.14-150100.197.137.2 * kernel-default-debuginfo-4.12.14-150100.197.137.2 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.137.2 * kernel-syms-4.12.14-150100.197.137.2 * kernel-obs-build-4.12.14-150100.197.137.2 * kernel-default-devel-debuginfo-4.12.14-150100.197.137.2 * kernel-obs-build-debugsource-4.12.14-150100.197.137.2 * kernel-default-debugsource-4.12.14-150100.197.137.2 * kernel-default-base-4.12.14-150100.197.137.2 * kernel-default-devel-4.12.14-150100.197.137.2 * reiserfs-kmp-default-4.12.14-150100.197.137.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * kernel-macros-4.12.14-150100.197.137.2 * kernel-devel-4.12.14-150100.197.137.2 * kernel-source-4.12.14-150100.197.137.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.137.2 * SUSE CaaS Platform 4.0 (nosrc x86_64) * kernel-default-4.12.14-150100.197.137.2 * SUSE CaaS Platform 4.0 (x86_64) * kernel-default-base-debuginfo-4.12.14-150100.197.137.2 * kernel-default-debuginfo-4.12.14-150100.197.137.2 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.137.2 * kernel-syms-4.12.14-150100.197.137.2 * kernel-obs-build-4.12.14-150100.197.137.2 * kernel-default-devel-debuginfo-4.12.14-150100.197.137.2 * kernel-obs-build-debugsource-4.12.14-150100.197.137.2 * kernel-default-debugsource-4.12.14-150100.197.137.2 * kernel-default-base-4.12.14-150100.197.137.2 * kernel-default-devel-4.12.14-150100.197.137.2 * reiserfs-kmp-default-4.12.14-150100.197.137.2 * SUSE CaaS Platform 4.0 (noarch) * kernel-macros-4.12.14-150100.197.137.2 * kernel-devel-4.12.14-150100.197.137.2 * kernel-source-4.12.14-150100.197.137.2 * SUSE CaaS Platform 4.0 (noarch nosrc) * kernel-docs-4.12.14-150100.197.137.2 ## References: * https://www.suse.com/security/cve/CVE-2021-4203.html * https://www.suse.com/security/cve/CVE-2022-2991.html * https://www.suse.com/security/cve/CVE-2022-36280.html * https://www.suse.com/security/cve/CVE-2022-38096.html * https://www.suse.com/security/cve/CVE-2022-4129.html * https://www.suse.com/security/cve/CVE-2023-0045.html * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-0597.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://www.suse.com/security/cve/CVE-2023-23559.html * https://www.suse.com/security/cve/CVE-2023-26545.html * https://bugzilla.suse.com/show_bug.cgi?id=1186449 * https://bugzilla.suse.com/show_bug.cgi?id=1194535 * https://bugzilla.suse.com/show_bug.cgi?id=1201420 * https://bugzilla.suse.com/show_bug.cgi?id=1203331 * https://bugzilla.suse.com/show_bug.cgi?id=1203332 * https://bugzilla.suse.com/show_bug.cgi?id=1204356 * https://bugzilla.suse.com/show_bug.cgi?id=1204662 * https://bugzilla.suse.com/show_bug.cgi?id=1205711 * https://bugzilla.suse.com/show_bug.cgi?id=1207051 * https://bugzilla.suse.com/show_bug.cgi?id=1207773 * https://bugzilla.suse.com/show_bug.cgi?id=1207795 * https://bugzilla.suse.com/show_bug.cgi?id=1207845 * https://bugzilla.suse.com/show_bug.cgi?id=1207875 * https://bugzilla.suse.com/show_bug.cgi?id=1208700 * https://bugzilla.suse.com/show_bug.cgi?id=1208837 * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 20:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 20:30:21 -0000 Subject: SUSE-SU-2023:0778-1: important: Security update for the Linux Kernel Message-ID: <167899862158.25923.168630058622274387@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:0778-1 Rating: important References: * #1186449 * #1203331 * #1203332 * #1204356 * #1204662 * #1207051 * #1207773 * #1207795 * #1207845 * #1207875 * #1207878 * #1208023 * #1208153 * #1208212 * #1208700 * #1208741 * #1208813 * #1208816 * #1208837 * #1208845 * #1208971 Cross-References: * CVE-2022-36280 * CVE-2022-38096 * CVE-2023-0045 * CVE-2023-0590 * CVE-2023-0597 * CVE-2023-1118 * CVE-2023-22995 * CVE-2023-23000 * CVE-2023-23006 * CVE-2023-23559 * CVE-2023-26545 CVSS scores: * CVE-2022-36280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36280 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H * CVE-2022-38096 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38096 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0045 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0597 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-22995 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22995 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23000 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-23000 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23006 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H * CVE-2023-23006 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26545 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26545 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Manager Proxy 4.1 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Server 4.1 An update that solves 11 vulnerabilities and has 10 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. * CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). * CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). * CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). * CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). * CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). * CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#120884). * CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). * CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). The following non-security bugs were fixed: * cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1208971). * genirq: Provide new interfaces for affinity hints (bsc#1208153). * mm/slub: fix panic in slab_alloc_node() (bsc#1208023). * module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). * net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). * net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). * net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). * nfsd: fix use-after-free due to delegation race (bsc#1208813). * rdma/core: Fix ib block iterator counter overflow (bsc#1207878). * vmxnet3: move rss code block under eop descriptor (bsc#1208212). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-778=1 * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-778=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-778=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-778=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-778=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-778=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (nosrc) * kernel-default-5.3.18-150200.24.145.1 * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-default-debugsource-5.3.18-150200.24.145.1 * kernel-livepatch-SLE15-SP2_Update_34-debugsource-1-150200.5.3.1 * kernel-default-debuginfo-5.3.18-150200.24.145.1 * kernel-default-livepatch-devel-5.3.18-150200.24.145.1 * kernel-default-livepatch-5.3.18-150200.24.145.1 * kernel-livepatch-5_3_18-150200_24_145-default-debuginfo-1-150200.5.3.1 * kernel-livepatch-5_3_18-150200_24_145-default-1-150200.5.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.3.18-150200.24.145.1 * ocfs2-kmp-default-5.3.18-150200.24.145.1 * dlm-kmp-default-5.3.18-150200.24.145.1 * ocfs2-kmp-default-debuginfo-5.3.18-150200.24.145.1 * gfs2-kmp-default-5.3.18-150200.24.145.1 * gfs2-kmp-default-debuginfo-5.3.18-150200.24.145.1 * dlm-kmp-default-debuginfo-5.3.18-150200.24.145.1 * cluster-md-kmp-default-debuginfo-5.3.18-150200.24.145.1 * kernel-default-debuginfo-5.3.18-150200.24.145.1 * cluster-md-kmp-default-5.3.18-150200.24.145.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc) * kernel-default-5.3.18-150200.24.145.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150200.24.145.1 * kernel-preempt-5.3.18-150200.24.145.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kernel-preempt-devel-5.3.18-150200.24.145.1 * kernel-default-debugsource-5.3.18-150200.24.145.1 * kernel-obs-build-debugsource-5.3.18-150200.24.145.1 * kernel-preempt-debugsource-5.3.18-150200.24.145.1 * kernel-obs-build-5.3.18-150200.24.145.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.145.1 * kernel-default-devel-5.3.18-150200.24.145.1 * kernel-syms-5.3.18-150200.24.145.1 * kernel-preempt-debuginfo-5.3.18-150200.24.145.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.145.1 * kernel-default-debuginfo-5.3.18-150200.24.145.1 * kernel-default-base-5.3.18-150200.24.145.1.150200.9.69.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * kernel-source-5.3.18-150200.24.145.1 * kernel-devel-5.3.18-150200.24.145.1 * kernel-macros-5.3.18-150200.24.145.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.145.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150200.24.145.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.3.18-150200.24.145.1 * reiserfs-kmp-default-5.3.18-150200.24.145.1 * kernel-obs-build-debugsource-5.3.18-150200.24.145.1 * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.145.1 * kernel-obs-build-5.3.18-150200.24.145.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.145.1 * kernel-default-devel-5.3.18-150200.24.145.1 * kernel-syms-5.3.18-150200.24.145.1 * kernel-default-debuginfo-5.3.18-150200.24.145.1 * kernel-default-base-5.3.18-150200.24.145.1.150200.9.69.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * kernel-source-5.3.18-150200.24.145.1 * kernel-devel-5.3.18-150200.24.145.1 * kernel-macros-5.3.18-150200.24.145.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.145.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150200.24.145.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kernel-preempt-debugsource-5.3.18-150200.24.145.1 * kernel-preempt-debuginfo-5.3.18-150200.24.145.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.145.1 * kernel-preempt-devel-5.3.18-150200.24.145.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150200.24.145.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * kernel-default-debugsource-5.3.18-150200.24.145.1 * reiserfs-kmp-default-5.3.18-150200.24.145.1 * kernel-obs-build-debugsource-5.3.18-150200.24.145.1 * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.145.1 * kernel-obs-build-5.3.18-150200.24.145.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.145.1 * kernel-default-devel-5.3.18-150200.24.145.1 * kernel-syms-5.3.18-150200.24.145.1 * kernel-default-debuginfo-5.3.18-150200.24.145.1 * kernel-default-base-5.3.18-150200.24.145.1.150200.9.69.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * kernel-source-5.3.18-150200.24.145.1 * kernel-devel-5.3.18-150200.24.145.1 * kernel-macros-5.3.18-150200.24.145.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.145.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64) * kernel-preempt-5.3.18-150200.24.145.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * kernel-preempt-debugsource-5.3.18-150200.24.145.1 * kernel-preempt-debuginfo-5.3.18-150200.24.145.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.145.1 * kernel-preempt-devel-5.3.18-150200.24.145.1 * SUSE Enterprise Storage 7 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150200.24.145.1 * kernel-preempt-5.3.18-150200.24.145.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * kernel-preempt-devel-5.3.18-150200.24.145.1 * kernel-default-debugsource-5.3.18-150200.24.145.1 * reiserfs-kmp-default-5.3.18-150200.24.145.1 * kernel-obs-build-debugsource-5.3.18-150200.24.145.1 * kernel-preempt-debugsource-5.3.18-150200.24.145.1 * kernel-obs-build-5.3.18-150200.24.145.1 * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.145.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.145.1 * kernel-default-devel-5.3.18-150200.24.145.1 * kernel-syms-5.3.18-150200.24.145.1 * kernel-preempt-debuginfo-5.3.18-150200.24.145.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.145.1 * kernel-default-debuginfo-5.3.18-150200.24.145.1 * kernel-default-base-5.3.18-150200.24.145.1.150200.9.69.1 * SUSE Enterprise Storage 7 (noarch) * kernel-source-5.3.18-150200.24.145.1 * kernel-devel-5.3.18-150200.24.145.1 * kernel-macros-5.3.18-150200.24.145.1 * SUSE Enterprise Storage 7 (noarch nosrc) * kernel-docs-5.3.18-150200.24.145.1 ## References: * https://www.suse.com/security/cve/CVE-2022-36280.html * https://www.suse.com/security/cve/CVE-2022-38096.html * https://www.suse.com/security/cve/CVE-2023-0045.html * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-0597.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://www.suse.com/security/cve/CVE-2023-22995.html * https://www.suse.com/security/cve/CVE-2023-23000.html * https://www.suse.com/security/cve/CVE-2023-23006.html * https://www.suse.com/security/cve/CVE-2023-23559.html * https://www.suse.com/security/cve/CVE-2023-26545.html * https://bugzilla.suse.com/show_bug.cgi?id=1186449 * https://bugzilla.suse.com/show_bug.cgi?id=1203331 * https://bugzilla.suse.com/show_bug.cgi?id=1203332 * https://bugzilla.suse.com/show_bug.cgi?id=1204356 * https://bugzilla.suse.com/show_bug.cgi?id=1204662 * https://bugzilla.suse.com/show_bug.cgi?id=1207051 * https://bugzilla.suse.com/show_bug.cgi?id=1207773 * https://bugzilla.suse.com/show_bug.cgi?id=1207795 * https://bugzilla.suse.com/show_bug.cgi?id=1207845 * https://bugzilla.suse.com/show_bug.cgi?id=1207875 * https://bugzilla.suse.com/show_bug.cgi?id=1207878 * https://bugzilla.suse.com/show_bug.cgi?id=1208023 * https://bugzilla.suse.com/show_bug.cgi?id=1208153 * https://bugzilla.suse.com/show_bug.cgi?id=1208212 * https://bugzilla.suse.com/show_bug.cgi?id=1208700 * https://bugzilla.suse.com/show_bug.cgi?id=1208741 * https://bugzilla.suse.com/show_bug.cgi?id=1208813 * https://bugzilla.suse.com/show_bug.cgi?id=1208816 * https://bugzilla.suse.com/show_bug.cgi?id=1208837 * https://bugzilla.suse.com/show_bug.cgi?id=1208845 * https://bugzilla.suse.com/show_bug.cgi?id=1208971 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 20:30:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 20:30:29 -0000 Subject: SUSE-RU-2023:0788-1: important: Recommended update for libsolv, libzypp, zypper Message-ID: <167899862917.25923.3031651613406807287@smelt2.suse.de> # Recommended update for libsolv, libzypp, zypper Announcement ID: SUSE-RU-2023:0788-1 Rating: important References: * #1178233 * #1203248 * #1203249 * #1203715 * #1204548 * #1204956 * #1205570 * #1205636 * #1206949 Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has nine recommended fixes can now be installed. ## Description: This update for libsolv, libzypp, zypper fixes the following issues: libsolv: * Do not autouninstall SUSE PTF packages * Ensure 'duplinvolvedmap_all' is reset when a solver is reused * Fix "keep installed" jobs not disabling "best update" rules * New '-P' and '-W' options for `testsolv` * New introspection interface for weak dependencies similar to ruleinfos * Ensure special case file dependencies are written correctly in the testcase writer * Support better info about alternatives * Support decision reason queries * Support merging of related decisions * Support stringification of multiple solvables * Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: * Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) * Avoid redirecting 'history.logfile=/dev/null' into the target * Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) * Enhance yaml-cpp detection * Improve download of optional files * MultiCurl: Make sure to reset the progress function when falling back. * Properly reset range requests (bsc#1204548) * Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF zypper install -- -PTF or a dedicated zypper removeptf PTF should be used. This will update the installed PTF packages to theit latest version. * Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. * Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. * ProgressData: enforce reporting the INIT||END state (bsc#1206949) * ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: * Allow to (re)add a service with the same URL (bsc#1203715) * Bump dependency requirement to libzypp-devel 17.31.7 or greater * Explain outdatedness of repositories * patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) * Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. * Update man page and explain '.no_auto_prune' (bsc#1204956) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-788=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-788=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-788=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-788=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-788=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-788=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libsolv-debuginfo-0.7.23-150400.3.3.1 * libsolv-tools-debuginfo-0.7.23-150400.3.3.1 * libzypp-debuginfo-17.31.8-150400.3.14.1 * zypper-debuginfo-1.14.59-150400.3.12.2 * libzypp-17.31.8-150400.3.14.1 * libsolv-tools-0.7.23-150400.3.3.1 * libzypp-debugsource-17.31.8-150400.3.14.1 * libsolv-debugsource-0.7.23-150400.3.3.1 * zypper-1.14.59-150400.3.12.2 * zypper-debugsource-1.14.59-150400.3.12.2 * openSUSE Leap Micro 5.3 (noarch) * zypper-needs-restarting-1.14.59-150400.3.12.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * perl-solv-debuginfo-0.7.23-150400.3.3.1 * libsolv-demo-debuginfo-0.7.23-150400.3.3.1 * python3-solv-0.7.23-150400.3.3.1 * ruby-solv-debuginfo-0.7.23-150400.3.3.1 * libsolv-tools-0.7.23-150400.3.3.1 * python-solv-debuginfo-0.7.23-150400.3.3.1 * zypper-1.14.59-150400.3.12.2 * libsolv-devel-0.7.23-150400.3.3.1 * libzypp-devel-17.31.8-150400.3.14.1 * python3-solv-debuginfo-0.7.23-150400.3.3.1 * perl-solv-0.7.23-150400.3.3.1 * ruby-solv-0.7.23-150400.3.3.1 * libzypp-devel-doc-17.31.8-150400.3.14.1 * zypper-debuginfo-1.14.59-150400.3.12.2 * libsolv-debuginfo-0.7.23-150400.3.3.1 * libzypp-debuginfo-17.31.8-150400.3.14.1 * python-solv-0.7.23-150400.3.3.1 * zypper-debugsource-1.14.59-150400.3.12.2 * libsolv-demo-0.7.23-150400.3.3.1 * libsolv-tools-debuginfo-0.7.23-150400.3.3.1 * libzypp-17.31.8-150400.3.14.1 * libzypp-debugsource-17.31.8-150400.3.14.1 * libsolv-debugsource-0.7.23-150400.3.3.1 * libsolv-devel-debuginfo-0.7.23-150400.3.3.1 * openSUSE Leap 15.4 (noarch) * zypper-aptitude-1.14.59-150400.3.12.2 * zypper-log-1.14.59-150400.3.12.2 * zypper-needs-restarting-1.14.59-150400.3.12.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libsolv-debuginfo-0.7.23-150400.3.3.1 * libsolv-tools-debuginfo-0.7.23-150400.3.3.1 * libzypp-debuginfo-17.31.8-150400.3.14.1 * zypper-debuginfo-1.14.59-150400.3.12.2 * libzypp-17.31.8-150400.3.14.1 * libsolv-tools-0.7.23-150400.3.3.1 * libzypp-debugsource-17.31.8-150400.3.14.1 * libsolv-debugsource-0.7.23-150400.3.3.1 * zypper-1.14.59-150400.3.12.2 * zypper-debugsource-1.14.59-150400.3.12.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * zypper-needs-restarting-1.14.59-150400.3.12.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libsolv-debuginfo-0.7.23-150400.3.3.1 * libsolv-tools-debuginfo-0.7.23-150400.3.3.1 * libzypp-debuginfo-17.31.8-150400.3.14.1 * zypper-debuginfo-1.14.59-150400.3.12.2 * libzypp-17.31.8-150400.3.14.1 * libsolv-tools-0.7.23-150400.3.3.1 * libzypp-debugsource-17.31.8-150400.3.14.1 * libsolv-debugsource-0.7.23-150400.3.3.1 * zypper-1.14.59-150400.3.12.2 * zypper-debugsource-1.14.59-150400.3.12.2 * SUSE Linux Enterprise Micro 5.3 (noarch) * zypper-needs-restarting-1.14.59-150400.3.12.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libsolv-devel-0.7.23-150400.3.3.1 * libsolv-debuginfo-0.7.23-150400.3.3.1 * libzypp-devel-17.31.8-150400.3.14.1 * python3-solv-debuginfo-0.7.23-150400.3.3.1 * ruby-solv-0.7.23-150400.3.3.1 * libsolv-tools-debuginfo-0.7.23-150400.3.3.1 * python3-solv-0.7.23-150400.3.3.1 * libzypp-debuginfo-17.31.8-150400.3.14.1 * ruby-solv-debuginfo-0.7.23-150400.3.3.1 * zypper-debuginfo-1.14.59-150400.3.12.2 * libzypp-17.31.8-150400.3.14.1 * libsolv-tools-0.7.23-150400.3.3.1 * libzypp-debugsource-17.31.8-150400.3.14.1 * libsolv-debugsource-0.7.23-150400.3.3.1 * zypper-1.14.59-150400.3.12.2 * zypper-debugsource-1.14.59-150400.3.12.2 * libsolv-devel-debuginfo-0.7.23-150400.3.3.1 * Basesystem Module 15-SP4 (noarch) * zypper-log-1.14.59-150400.3.12.2 * zypper-needs-restarting-1.14.59-150400.3.12.2 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * perl-solv-debuginfo-0.7.23-150400.3.3.1 * libsolv-debuginfo-0.7.23-150400.3.3.1 * perl-solv-0.7.23-150400.3.3.1 * libsolv-debugsource-0.7.23-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1178233 * https://bugzilla.suse.com/show_bug.cgi?id=1203248 * https://bugzilla.suse.com/show_bug.cgi?id=1203249 * https://bugzilla.suse.com/show_bug.cgi?id=1203715 * https://bugzilla.suse.com/show_bug.cgi?id=1204548 * https://bugzilla.suse.com/show_bug.cgi?id=1204956 * https://bugzilla.suse.com/show_bug.cgi?id=1205570 * https://bugzilla.suse.com/show_bug.cgi?id=1205636 * https://bugzilla.suse.com/show_bug.cgi?id=1206949 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 20:30:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 20:30:37 -0000 Subject: SUSE-RU-2023:0787-1: important: Recommended update for libsolv, libzypp, zypper Message-ID: <167899863749.25923.6545973268621558583@smelt2.suse.de> # Recommended update for libsolv, libzypp, zypper Announcement ID: SUSE-RU-2023:0787-1 Rating: important References: * #1178233 * #1203248 * #1203249 * #1203715 * #1204548 * #1204956 * #1205570 * #1205636 * #1206949 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that has nine recommended fixes can now be installed. ## Description: This update for libsolv, libzypp, zypper fixes the following issues: libsolv: * Do not autouninstall SUSE PTF packages * Ensure 'duplinvolvedmap_all' is reset when a solver is reused * Fix "keep installed" jobs not disabling "best update" rules * New '-P' and '-W' options for `testsolv` * New introspection interface for weak dependencies similar to ruleinfos * Ensure special case file dependencies are written correctly in the testcase writer * Support better info about alternatives * Support decision reason queries * Support merging of related decisions * Support stringification of multiple solvables * Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: * Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) * Avoid redirecting 'history.logfile=/dev/null' into the target * Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) * Enhance yaml-cpp detection * Improve download of optional files * MultiCurl: Make sure to reset the progress function when falling back. * Properly reset range requests (bsc#1204548) * Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF zypper install -- -PTF or a dedicated zypper removeptf PTF should be used. This will update the installed PTF packages to theit latest version. * Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. * Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. * ProgressData: enforce reporting the INIT||END state (bsc#1206949) * ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: * Allow to (re)add a service with the same URL (bsc#1203715) * Bump dependency requirement to libzypp-devel 17.31.7 or greater * Explain outdatedness of repositories * patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) * Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. * Update man page and explain '.no_auto_prune' (bsc#1204956) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2023-787=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-787=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-787=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-787=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise Server 15 SP1 (aarch64 ppc64le s390x x86_64) * libsolv-tools-0.7.23-150100.4.9.1 * libzypp-17.31.8-150100.3.92.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libzypp-debuginfo-17.31.8-150100.3.92.1 * python3-solv-0.7.23-150100.4.9.1 * python3-solv-debuginfo-0.7.23-150100.4.9.1 * zypper-1.14.59-150100.3.67.2 * perl-solv-0.7.23-150100.4.9.1 * zypper-debugsource-1.14.59-150100.3.67.2 * libzypp-devel-17.31.8-150100.3.92.1 * libsolv-debugsource-0.7.23-150100.4.9.1 * ruby-solv-debuginfo-0.7.23-150100.4.9.1 * libsolv-devel-debuginfo-0.7.23-150100.4.9.1 * libzypp-debugsource-17.31.8-150100.3.92.1 * libsolv-tools-0.7.23-150100.4.9.1 * ruby-solv-0.7.23-150100.4.9.1 * libsolv-debuginfo-0.7.23-150100.4.9.1 * libsolv-devel-0.7.23-150100.4.9.1 * libsolv-tools-debuginfo-0.7.23-150100.4.9.1 * libzypp-17.31.8-150100.3.92.1 * zypper-debuginfo-1.14.59-150100.3.67.2 * perl-solv-debuginfo-0.7.23-150100.4.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * zypper-log-1.14.59-150100.3.67.2 * zypper-needs-restarting-1.14.59-150100.3.67.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libzypp-debuginfo-17.31.8-150100.3.92.1 * python3-solv-0.7.23-150100.4.9.1 * python3-solv-debuginfo-0.7.23-150100.4.9.1 * zypper-1.14.59-150100.3.67.2 * perl-solv-0.7.23-150100.4.9.1 * zypper-debugsource-1.14.59-150100.3.67.2 * libzypp-devel-17.31.8-150100.3.92.1 * libsolv-debugsource-0.7.23-150100.4.9.1 * ruby-solv-debuginfo-0.7.23-150100.4.9.1 * libsolv-devel-debuginfo-0.7.23-150100.4.9.1 * libzypp-debugsource-17.31.8-150100.3.92.1 * libsolv-tools-0.7.23-150100.4.9.1 * ruby-solv-0.7.23-150100.4.9.1 * libsolv-debuginfo-0.7.23-150100.4.9.1 * libsolv-devel-0.7.23-150100.4.9.1 * libsolv-tools-debuginfo-0.7.23-150100.4.9.1 * libzypp-17.31.8-150100.3.92.1 * zypper-debuginfo-1.14.59-150100.3.67.2 * perl-solv-debuginfo-0.7.23-150100.4.9.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * zypper-log-1.14.59-150100.3.67.2 * zypper-needs-restarting-1.14.59-150100.3.67.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libzypp-debuginfo-17.31.8-150100.3.92.1 * python3-solv-0.7.23-150100.4.9.1 * python3-solv-debuginfo-0.7.23-150100.4.9.1 * zypper-1.14.59-150100.3.67.2 * perl-solv-0.7.23-150100.4.9.1 * zypper-debugsource-1.14.59-150100.3.67.2 * libzypp-devel-17.31.8-150100.3.92.1 * libsolv-debugsource-0.7.23-150100.4.9.1 * ruby-solv-debuginfo-0.7.23-150100.4.9.1 * libsolv-devel-debuginfo-0.7.23-150100.4.9.1 * libzypp-debugsource-17.31.8-150100.3.92.1 * libsolv-tools-0.7.23-150100.4.9.1 * ruby-solv-0.7.23-150100.4.9.1 * libsolv-debuginfo-0.7.23-150100.4.9.1 * libsolv-devel-0.7.23-150100.4.9.1 * libsolv-tools-debuginfo-0.7.23-150100.4.9.1 * libzypp-17.31.8-150100.3.92.1 * zypper-debuginfo-1.14.59-150100.3.67.2 * perl-solv-debuginfo-0.7.23-150100.4.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * zypper-log-1.14.59-150100.3.67.2 * zypper-needs-restarting-1.14.59-150100.3.67.2 * SUSE CaaS Platform 4.0 (x86_64) * libzypp-debuginfo-17.31.8-150100.3.92.1 * python3-solv-0.7.23-150100.4.9.1 * python3-solv-debuginfo-0.7.23-150100.4.9.1 * zypper-1.14.59-150100.3.67.2 * perl-solv-0.7.23-150100.4.9.1 * zypper-debugsource-1.14.59-150100.3.67.2 * libzypp-devel-17.31.8-150100.3.92.1 * libsolv-debugsource-0.7.23-150100.4.9.1 * ruby-solv-debuginfo-0.7.23-150100.4.9.1 * libsolv-devel-debuginfo-0.7.23-150100.4.9.1 * libzypp-debugsource-17.31.8-150100.3.92.1 * libsolv-tools-0.7.23-150100.4.9.1 * ruby-solv-0.7.23-150100.4.9.1 * libsolv-debuginfo-0.7.23-150100.4.9.1 * libsolv-devel-0.7.23-150100.4.9.1 * libsolv-tools-debuginfo-0.7.23-150100.4.9.1 * libzypp-17.31.8-150100.3.92.1 * zypper-debuginfo-1.14.59-150100.3.67.2 * perl-solv-debuginfo-0.7.23-150100.4.9.1 * SUSE CaaS Platform 4.0 (noarch) * zypper-log-1.14.59-150100.3.67.2 * zypper-needs-restarting-1.14.59-150100.3.67.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1178233 * https://bugzilla.suse.com/show_bug.cgi?id=1203248 * https://bugzilla.suse.com/show_bug.cgi?id=1203249 * https://bugzilla.suse.com/show_bug.cgi?id=1203715 * https://bugzilla.suse.com/show_bug.cgi?id=1204548 * https://bugzilla.suse.com/show_bug.cgi?id=1204956 * https://bugzilla.suse.com/show_bug.cgi?id=1205570 * https://bugzilla.suse.com/show_bug.cgi?id=1205636 * https://bugzilla.suse.com/show_bug.cgi?id=1206949 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 20:30:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 20:30:45 -0000 Subject: SUSE-RU-2023:0786-1: important: Recommended update for libsolv, libzypp, zypper Message-ID: <167899864501.25923.515016176052869645@smelt2.suse.de> # Recommended update for libsolv, libzypp, zypper Announcement ID: SUSE-RU-2023:0786-1 Rating: important References: * #1178233 * #1203248 * #1203249 * #1203715 * #1204548 * #1204956 * #1205570 * #1205636 * #1206949 Affected Products: * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has nine recommended fixes can now be installed. ## Description: This update for libsolv, libzypp, zypper fixes the following issues: libsolv: * Do not autouninstall SUSE PTF packages * Ensure 'duplinvolvedmap_all' is reset when a solver is reused * Fix "keep installed" jobs not disabling "best update" rules * New '-P' and '-W' options for `testsolv` * New introspection interface for weak dependencies similar to ruleinfos * Ensure special case file dependencies are written correctly in the testcase writer * Support better info about alternatives * Support decision reason queries * Support merging of related decisions * Support stringification of multiple solvables * Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: * Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) * Avoid redirecting 'history.logfile=/dev/null' into the target * Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) * Enhance yaml-cpp detection * Improve download of optional files * MultiCurl: Make sure to reset the progress function when falling back. * Properly reset range requests (bsc#1204548) * Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF zypper install -- -PTF or a dedicated zypper removeptf PTF should be used. This will update the installed PTF packages to theit latest version. * Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. * Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. * ProgressData: enforce reporting the INIT||END state (bsc#1206949) * ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: * Allow to (re)add a service with the same URL (bsc#1203715) * Bump dependency requirement to libzypp-devel 17.31.7 or greater * Explain outdatedness of repositories * patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) * Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. * Update man page and explain '.no_auto_prune' (bsc#1204956) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP2 zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2023-786=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-786=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-786=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-786=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-786=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-786=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-786=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-786=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-786=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-786=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-786=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-786=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-786=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-786=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-786=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-786=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-786=1 ## Package List: * SUSE Linux Enterprise Server 15 SP2 (aarch64 ppc64le s390x x86_64) * libsolv-tools-0.7.23-150200.15.1 * libzypp-17.31.8-150200.50.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libsolv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-0.7.23-150200.15.1 * perl-solv-0.7.23-150200.15.1 * libsolv-tools-0.7.23-150200.15.1 * zypper-debuginfo-1.14.59-150200.42.2 * libzypp-debugsource-17.31.8-150200.50.1 * python3-solv-0.7.23-150200.15.1 * perl-solv-debuginfo-0.7.23-150200.15.1 * python3-solv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-debuginfo-0.7.23-150200.15.1 * libzypp-debuginfo-17.31.8-150200.50.1 * libsolv-tools-debuginfo-0.7.23-150200.15.1 * libsolv-debugsource-0.7.23-150200.15.1 * libzypp-17.31.8-150200.50.1 * libzypp-devel-17.31.8-150200.50.1 * zypper-debugsource-1.14.59-150200.42.2 * ruby-solv-0.7.23-150200.15.1 * ruby-solv-debuginfo-0.7.23-150200.15.1 * zypper-1.14.59-150200.42.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * zypper-log-1.14.59-150200.42.2 * zypper-needs-restarting-1.14.59-150200.42.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libsolv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-0.7.23-150200.15.1 * perl-solv-0.7.23-150200.15.1 * libsolv-tools-0.7.23-150200.15.1 * zypper-debuginfo-1.14.59-150200.42.2 * libzypp-debugsource-17.31.8-150200.50.1 * python3-solv-0.7.23-150200.15.1 * perl-solv-debuginfo-0.7.23-150200.15.1 * python3-solv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-debuginfo-0.7.23-150200.15.1 * libzypp-debuginfo-17.31.8-150200.50.1 * libsolv-tools-debuginfo-0.7.23-150200.15.1 * libsolv-debugsource-0.7.23-150200.15.1 * libzypp-17.31.8-150200.50.1 * libzypp-devel-17.31.8-150200.50.1 * zypper-debugsource-1.14.59-150200.42.2 * ruby-solv-0.7.23-150200.15.1 * ruby-solv-debuginfo-0.7.23-150200.15.1 * zypper-1.14.59-150200.42.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * zypper-log-1.14.59-150200.42.2 * zypper-needs-restarting-1.14.59-150200.42.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libsolv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-0.7.23-150200.15.1 * perl-solv-0.7.23-150200.15.1 * libsolv-tools-0.7.23-150200.15.1 * zypper-debuginfo-1.14.59-150200.42.2 * libzypp-debugsource-17.31.8-150200.50.1 * python3-solv-0.7.23-150200.15.1 * perl-solv-debuginfo-0.7.23-150200.15.1 * python3-solv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-debuginfo-0.7.23-150200.15.1 * libzypp-debuginfo-17.31.8-150200.50.1 * libsolv-tools-debuginfo-0.7.23-150200.15.1 * libsolv-debugsource-0.7.23-150200.15.1 * libzypp-17.31.8-150200.50.1 * libzypp-devel-17.31.8-150200.50.1 * zypper-debugsource-1.14.59-150200.42.2 * ruby-solv-0.7.23-150200.15.1 * ruby-solv-debuginfo-0.7.23-150200.15.1 * zypper-1.14.59-150200.42.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * zypper-log-1.14.59-150200.42.2 * zypper-needs-restarting-1.14.59-150200.42.2 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libsolv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-0.7.23-150200.15.1 * perl-solv-0.7.23-150200.15.1 * libsolv-tools-0.7.23-150200.15.1 * zypper-debuginfo-1.14.59-150200.42.2 * libzypp-debugsource-17.31.8-150200.50.1 * python3-solv-0.7.23-150200.15.1 * perl-solv-debuginfo-0.7.23-150200.15.1 * python3-solv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-debuginfo-0.7.23-150200.15.1 * libzypp-debuginfo-17.31.8-150200.50.1 * libsolv-tools-debuginfo-0.7.23-150200.15.1 * libsolv-debugsource-0.7.23-150200.15.1 * libzypp-17.31.8-150200.50.1 * libzypp-devel-17.31.8-150200.50.1 * zypper-debugsource-1.14.59-150200.42.2 * ruby-solv-0.7.23-150200.15.1 * ruby-solv-debuginfo-0.7.23-150200.15.1 * zypper-1.14.59-150200.42.2 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * zypper-log-1.14.59-150200.42.2 * zypper-needs-restarting-1.14.59-150200.42.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libsolv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-0.7.23-150200.15.1 * perl-solv-0.7.23-150200.15.1 * libsolv-tools-0.7.23-150200.15.1 * zypper-debuginfo-1.14.59-150200.42.2 * libzypp-debugsource-17.31.8-150200.50.1 * python3-solv-0.7.23-150200.15.1 * perl-solv-debuginfo-0.7.23-150200.15.1 * python3-solv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-debuginfo-0.7.23-150200.15.1 * libzypp-debuginfo-17.31.8-150200.50.1 * libsolv-tools-debuginfo-0.7.23-150200.15.1 * libsolv-debugsource-0.7.23-150200.15.1 * libzypp-17.31.8-150200.50.1 * libzypp-devel-17.31.8-150200.50.1 * zypper-debugsource-1.14.59-150200.42.2 * ruby-solv-0.7.23-150200.15.1 * ruby-solv-debuginfo-0.7.23-150200.15.1 * zypper-1.14.59-150200.42.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * zypper-log-1.14.59-150200.42.2 * zypper-needs-restarting-1.14.59-150200.42.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libsolv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-0.7.23-150200.15.1 * perl-solv-0.7.23-150200.15.1 * libsolv-tools-0.7.23-150200.15.1 * zypper-debuginfo-1.14.59-150200.42.2 * libzypp-debugsource-17.31.8-150200.50.1 * python3-solv-0.7.23-150200.15.1 * perl-solv-debuginfo-0.7.23-150200.15.1 * python3-solv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-debuginfo-0.7.23-150200.15.1 * libzypp-debuginfo-17.31.8-150200.50.1 * libsolv-tools-debuginfo-0.7.23-150200.15.1 * libsolv-debugsource-0.7.23-150200.15.1 * libzypp-17.31.8-150200.50.1 * libzypp-devel-17.31.8-150200.50.1 * zypper-debugsource-1.14.59-150200.42.2 * ruby-solv-0.7.23-150200.15.1 * ruby-solv-debuginfo-0.7.23-150200.15.1 * zypper-1.14.59-150200.42.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * zypper-log-1.14.59-150200.42.2 * zypper-needs-restarting-1.14.59-150200.42.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libsolv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-0.7.23-150200.15.1 * perl-solv-0.7.23-150200.15.1 * libsolv-tools-0.7.23-150200.15.1 * zypper-debuginfo-1.14.59-150200.42.2 * libzypp-debugsource-17.31.8-150200.50.1 * python3-solv-0.7.23-150200.15.1 * perl-solv-debuginfo-0.7.23-150200.15.1 * python3-solv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-debuginfo-0.7.23-150200.15.1 * libzypp-debuginfo-17.31.8-150200.50.1 * libsolv-tools-debuginfo-0.7.23-150200.15.1 * libsolv-debugsource-0.7.23-150200.15.1 * libzypp-17.31.8-150200.50.1 * libzypp-devel-17.31.8-150200.50.1 * zypper-debugsource-1.14.59-150200.42.2 * ruby-solv-0.7.23-150200.15.1 * ruby-solv-debuginfo-0.7.23-150200.15.1 * zypper-1.14.59-150200.42.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * zypper-log-1.14.59-150200.42.2 * zypper-needs-restarting-1.14.59-150200.42.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libsolv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-0.7.23-150200.15.1 * perl-solv-0.7.23-150200.15.1 * libsolv-tools-0.7.23-150200.15.1 * zypper-debuginfo-1.14.59-150200.42.2 * libzypp-debugsource-17.31.8-150200.50.1 * python3-solv-0.7.23-150200.15.1 * perl-solv-debuginfo-0.7.23-150200.15.1 * python3-solv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-debuginfo-0.7.23-150200.15.1 * libzypp-debuginfo-17.31.8-150200.50.1 * libsolv-tools-debuginfo-0.7.23-150200.15.1 * libsolv-debugsource-0.7.23-150200.15.1 * libzypp-17.31.8-150200.50.1 * libzypp-devel-17.31.8-150200.50.1 * zypper-debugsource-1.14.59-150200.42.2 * ruby-solv-0.7.23-150200.15.1 * ruby-solv-debuginfo-0.7.23-150200.15.1 * zypper-1.14.59-150200.42.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * zypper-log-1.14.59-150200.42.2 * zypper-needs-restarting-1.14.59-150200.42.2 * SUSE Manager Proxy 4.2 (x86_64) * libsolv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-0.7.23-150200.15.1 * zypper-debuginfo-1.14.59-150200.42.2 * libsolv-tools-0.7.23-150200.15.1 * libzypp-debugsource-17.31.8-150200.50.1 * python3-solv-0.7.23-150200.15.1 * python3-solv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-debuginfo-0.7.23-150200.15.1 * libzypp-debuginfo-17.31.8-150200.50.1 * libsolv-tools-debuginfo-0.7.23-150200.15.1 * libsolv-debugsource-0.7.23-150200.15.1 * libzypp-17.31.8-150200.50.1 * libzypp-devel-17.31.8-150200.50.1 * zypper-debugsource-1.14.59-150200.42.2 * ruby-solv-0.7.23-150200.15.1 * ruby-solv-debuginfo-0.7.23-150200.15.1 * zypper-1.14.59-150200.42.2 * SUSE Manager Proxy 4.2 (noarch) * zypper-log-1.14.59-150200.42.2 * zypper-needs-restarting-1.14.59-150200.42.2 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libsolv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-0.7.23-150200.15.1 * zypper-debuginfo-1.14.59-150200.42.2 * libsolv-tools-0.7.23-150200.15.1 * libzypp-debugsource-17.31.8-150200.50.1 * python3-solv-0.7.23-150200.15.1 * python3-solv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-debuginfo-0.7.23-150200.15.1 * libzypp-debuginfo-17.31.8-150200.50.1 * libsolv-tools-debuginfo-0.7.23-150200.15.1 * libsolv-debugsource-0.7.23-150200.15.1 * libzypp-17.31.8-150200.50.1 * libzypp-devel-17.31.8-150200.50.1 * zypper-debugsource-1.14.59-150200.42.2 * ruby-solv-0.7.23-150200.15.1 * ruby-solv-debuginfo-0.7.23-150200.15.1 * zypper-1.14.59-150200.42.2 * SUSE Manager Retail Branch Server 4.2 (noarch) * zypper-log-1.14.59-150200.42.2 * zypper-needs-restarting-1.14.59-150200.42.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libsolv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-0.7.23-150200.15.1 * zypper-debuginfo-1.14.59-150200.42.2 * libsolv-tools-0.7.23-150200.15.1 * libzypp-debugsource-17.31.8-150200.50.1 * python3-solv-0.7.23-150200.15.1 * python3-solv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-debuginfo-0.7.23-150200.15.1 * libzypp-debuginfo-17.31.8-150200.50.1 * libsolv-tools-debuginfo-0.7.23-150200.15.1 * libsolv-debugsource-0.7.23-150200.15.1 * libzypp-17.31.8-150200.50.1 * libzypp-devel-17.31.8-150200.50.1 * zypper-debugsource-1.14.59-150200.42.2 * ruby-solv-0.7.23-150200.15.1 * ruby-solv-debuginfo-0.7.23-150200.15.1 * zypper-1.14.59-150200.42.2 * SUSE Manager Server 4.2 (noarch) * zypper-log-1.14.59-150200.42.2 * zypper-needs-restarting-1.14.59-150200.42.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libsolv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-0.7.23-150200.15.1 * perl-solv-0.7.23-150200.15.1 * libsolv-tools-0.7.23-150200.15.1 * zypper-debuginfo-1.14.59-150200.42.2 * libzypp-debugsource-17.31.8-150200.50.1 * python3-solv-0.7.23-150200.15.1 * perl-solv-debuginfo-0.7.23-150200.15.1 * python3-solv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-debuginfo-0.7.23-150200.15.1 * libzypp-debuginfo-17.31.8-150200.50.1 * libsolv-tools-debuginfo-0.7.23-150200.15.1 * libsolv-debugsource-0.7.23-150200.15.1 * libzypp-17.31.8-150200.50.1 * libzypp-devel-17.31.8-150200.50.1 * zypper-debugsource-1.14.59-150200.42.2 * ruby-solv-0.7.23-150200.15.1 * ruby-solv-debuginfo-0.7.23-150200.15.1 * zypper-1.14.59-150200.42.2 * SUSE Enterprise Storage 7.1 (noarch) * zypper-log-1.14.59-150200.42.2 * zypper-needs-restarting-1.14.59-150200.42.2 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libsolv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-0.7.23-150200.15.1 * perl-solv-0.7.23-150200.15.1 * libsolv-tools-0.7.23-150200.15.1 * zypper-debuginfo-1.14.59-150200.42.2 * libzypp-debugsource-17.31.8-150200.50.1 * python3-solv-0.7.23-150200.15.1 * perl-solv-debuginfo-0.7.23-150200.15.1 * python3-solv-debuginfo-0.7.23-150200.15.1 * libsolv-devel-debuginfo-0.7.23-150200.15.1 * libzypp-debuginfo-17.31.8-150200.50.1 * libsolv-tools-debuginfo-0.7.23-150200.15.1 * libsolv-debugsource-0.7.23-150200.15.1 * libzypp-17.31.8-150200.50.1 * libzypp-devel-17.31.8-150200.50.1 * zypper-debugsource-1.14.59-150200.42.2 * ruby-solv-0.7.23-150200.15.1 * ruby-solv-debuginfo-0.7.23-150200.15.1 * zypper-1.14.59-150200.42.2 * SUSE Enterprise Storage 7 (noarch) * zypper-log-1.14.59-150200.42.2 * zypper-needs-restarting-1.14.59-150200.42.2 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libsolv-debuginfo-0.7.23-150200.15.1 * zypper-debuginfo-1.14.59-150200.42.2 * libsolv-tools-0.7.23-150200.15.1 * libzypp-debugsource-17.31.8-150200.50.1 * libzypp-debuginfo-17.31.8-150200.50.1 * libsolv-tools-debuginfo-0.7.23-150200.15.1 * libsolv-debugsource-0.7.23-150200.15.1 * libzypp-17.31.8-150200.50.1 * zypper-debugsource-1.14.59-150200.42.2 * zypper-1.14.59-150200.42.2 * SUSE Linux Enterprise Micro 5.1 (noarch) * zypper-needs-restarting-1.14.59-150200.42.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libsolv-debuginfo-0.7.23-150200.15.1 * zypper-debuginfo-1.14.59-150200.42.2 * libsolv-tools-0.7.23-150200.15.1 * libzypp-debugsource-17.31.8-150200.50.1 * libzypp-debuginfo-17.31.8-150200.50.1 * libsolv-tools-debuginfo-0.7.23-150200.15.1 * libsolv-debugsource-0.7.23-150200.15.1 * libzypp-17.31.8-150200.50.1 * zypper-debugsource-1.14.59-150200.42.2 * zypper-1.14.59-150200.42.2 * SUSE Linux Enterprise Micro 5.2 (noarch) * zypper-needs-restarting-1.14.59-150200.42.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libsolv-debuginfo-0.7.23-150200.15.1 * zypper-debuginfo-1.14.59-150200.42.2 * libsolv-tools-0.7.23-150200.15.1 * libzypp-debugsource-17.31.8-150200.50.1 * libzypp-debuginfo-17.31.8-150200.50.1 * libsolv-tools-debuginfo-0.7.23-150200.15.1 * libsolv-debugsource-0.7.23-150200.15.1 * libzypp-17.31.8-150200.50.1 * zypper-debugsource-1.14.59-150200.42.2 * zypper-1.14.59-150200.42.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * zypper-needs-restarting-1.14.59-150200.42.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1178233 * https://bugzilla.suse.com/show_bug.cgi?id=1203248 * https://bugzilla.suse.com/show_bug.cgi?id=1203249 * https://bugzilla.suse.com/show_bug.cgi?id=1203715 * https://bugzilla.suse.com/show_bug.cgi?id=1204548 * https://bugzilla.suse.com/show_bug.cgi?id=1204956 * https://bugzilla.suse.com/show_bug.cgi?id=1205570 * https://bugzilla.suse.com/show_bug.cgi?id=1205636 * https://bugzilla.suse.com/show_bug.cgi?id=1206949 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 20:30:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 20:30:48 -0000 Subject: SUSE-RU-2023:0785-1: moderate: Recommended update for grub2 Message-ID: <167899864855.25923.11377153574271816306@smelt2.suse.de> # Recommended update for grub2 Announcement ID: SUSE-RU-2023:0785-1 Rating: moderate References: * #1205200 * #1205554 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature and has two recommended fixes can now be installed. ## Description: This update for grub2 fixes the following issues: * Remove zfs modules (bsc#1205554) * Make grub.cfg invariant to efi and legacy platforms (bsc#1205200) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-785=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-785=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-785=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-785=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-785=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-785=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-785=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * grub2-debuginfo-2.06-150400.11.23.2 * grub2-debugsource-2.06-150400.11.23.2 * grub2-2.06-150400.11.23.2 * openSUSE Leap Micro 5.3 (noarch) * grub2-arm64-efi-2.06-150400.11.23.2 * grub2-i386-pc-2.06-150400.11.23.2 * grub2-x86_64-efi-2.06-150400.11.23.2 * grub2-snapper-plugin-2.06-150400.11.23.2 * grub2-x86_64-xen-2.06-150400.11.23.2 * openSUSE Leap 15.4 (noarch) * grub2-powerpc-ieee1275-extras-2.06-150400.11.23.2 * grub2-arm64-efi-2.06-150400.11.23.2 * grub2-powerpc-ieee1275-debug-2.06-150400.11.23.2 * grub2-i386-efi-extras-2.06-150400.11.23.2 * grub2-i386-pc-2.06-150400.11.23.2 * grub2-arm64-efi-debug-2.06-150400.11.23.2 * grub2-x86_64-efi-debug-2.06-150400.11.23.2 * grub2-s390x-emu-extras-2.06-150400.11.23.2 * grub2-powerpc-ieee1275-2.06-150400.11.23.2 * grub2-x86_64-efi-2.06-150400.11.23.2 * grub2-x86_64-xen-extras-2.06-150400.11.23.2 * grub2-i386-pc-extras-2.06-150400.11.23.2 * grub2-snapper-plugin-2.06-150400.11.23.2 * grub2-systemd-sleep-plugin-2.06-150400.11.23.2 * grub2-x86_64-efi-extras-2.06-150400.11.23.2 * grub2-i386-pc-debug-2.06-150400.11.23.2 * grub2-x86_64-xen-2.06-150400.11.23.2 * grub2-i386-xen-extras-2.06-150400.11.23.2 * grub2-arm64-efi-extras-2.06-150400.11.23.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * grub2-debuginfo-2.06-150400.11.23.2 * grub2-branding-upstream-2.06-150400.11.23.2 * grub2-2.06-150400.11.23.2 * openSUSE Leap 15.4 (aarch64 s390x x86_64) * grub2-debugsource-2.06-150400.11.23.2 * openSUSE Leap 15.4 (s390x) * grub2-s390x-emu-debug-2.06-150400.11.23.2 * grub2-s390x-emu-2.06-150400.11.23.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * grub2-debuginfo-2.06-150400.11.23.2 * grub2-debugsource-2.06-150400.11.23.2 * grub2-2.06-150400.11.23.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * grub2-arm64-efi-2.06-150400.11.23.2 * grub2-i386-pc-2.06-150400.11.23.2 * grub2-x86_64-efi-2.06-150400.11.23.2 * grub2-snapper-plugin-2.06-150400.11.23.2 * grub2-x86_64-xen-2.06-150400.11.23.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (s390x) * grub2-s390x-emu-2.06-150400.11.23.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * grub2-debuginfo-2.06-150400.11.23.2 * grub2-debugsource-2.06-150400.11.23.2 * grub2-2.06-150400.11.23.2 * SUSE Linux Enterprise Micro 5.3 (noarch) * grub2-arm64-efi-2.06-150400.11.23.2 * grub2-i386-pc-2.06-150400.11.23.2 * grub2-x86_64-efi-2.06-150400.11.23.2 * grub2-snapper-plugin-2.06-150400.11.23.2 * grub2-x86_64-xen-2.06-150400.11.23.2 * SUSE Linux Enterprise Micro 5.3 (s390x) * grub2-s390x-emu-2.06-150400.11.23.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * grub2-debuginfo-2.06-150400.11.23.2 * grub2-2.06-150400.11.23.2 * Basesystem Module 15-SP4 (noarch) * grub2-arm64-efi-2.06-150400.11.23.2 * grub2-i386-pc-2.06-150400.11.23.2 * grub2-powerpc-ieee1275-2.06-150400.11.23.2 * grub2-x86_64-efi-2.06-150400.11.23.2 * grub2-snapper-plugin-2.06-150400.11.23.2 * grub2-systemd-sleep-plugin-2.06-150400.11.23.2 * Basesystem Module 15-SP4 (aarch64 s390x x86_64) * grub2-debugsource-2.06-150400.11.23.2 * Basesystem Module 15-SP4 (s390x) * grub2-s390x-emu-2.06-150400.11.23.2 * Server Applications Module 15-SP4 (noarch) * grub2-x86_64-xen-2.06-150400.11.23.2 * SUSE Manager Proxy 4.3 Module 4.3 (noarch) * grub2-arm64-efi-2.06-150400.11.23.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1205200 * https://bugzilla.suse.com/show_bug.cgi?id=1205554 * https://jira.suse.com/browse/PED-2951 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 20:30:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 20:30:52 -0000 Subject: SUSE-RU-2023:0784-1: moderate: Recommended update for grub2 Message-ID: <167899865208.25923.2715472091081914200@smelt2.suse.de> # Recommended update for grub2 Announcement ID: SUSE-RU-2023:0784-1 Rating: moderate References: * #1205200 * #1205554 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.2 Module 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that contains one feature and has two recommended fixes can now be installed. ## Description: This update for grub2 fixes the following issues: * Remove zfs modules (bsc#1205554) * Make grub.cfg invariant to efi and legacy platforms (bsc#1205200) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-784=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-784=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-784=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-784=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-784=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-784=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-784=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-784=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-784=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-784=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-784=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-784=1 ## Package List: * SUSE Manager Proxy 4.2 Module 4.2 (noarch) * grub2-arm64-efi-2.04-150300.22.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * grub2-debuginfo-2.04-150300.22.30.1 * grub2-2.04-150300.22.30.1 * grub2-debugsource-2.04-150300.22.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * grub2-x86_64-efi-2.04-150300.22.30.1 * grub2-snapper-plugin-2.04-150300.22.30.1 * grub2-x86_64-xen-2.04-150300.22.30.1 * grub2-i386-pc-2.04-150300.22.30.1 * grub2-arm64-efi-2.04-150300.22.30.1 * grub2-powerpc-ieee1275-2.04-150300.22.30.1 * grub2-systemd-sleep-plugin-2.04-150300.22.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * grub2-debuginfo-2.04-150300.22.30.1 * grub2-2.04-150300.22.30.1 * grub2-debugsource-2.04-150300.22.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * grub2-x86_64-efi-2.04-150300.22.30.1 * grub2-snapper-plugin-2.04-150300.22.30.1 * grub2-x86_64-xen-2.04-150300.22.30.1 * grub2-i386-pc-2.04-150300.22.30.1 * grub2-arm64-efi-2.04-150300.22.30.1 * grub2-powerpc-ieee1275-2.04-150300.22.30.1 * grub2-systemd-sleep-plugin-2.04-150300.22.30.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * grub2-debuginfo-2.04-150300.22.30.1 * grub2-2.04-150300.22.30.1 * grub2-debugsource-2.04-150300.22.30.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * grub2-x86_64-efi-2.04-150300.22.30.1 * grub2-snapper-plugin-2.04-150300.22.30.1 * grub2-x86_64-xen-2.04-150300.22.30.1 * grub2-i386-pc-2.04-150300.22.30.1 * grub2-arm64-efi-2.04-150300.22.30.1 * grub2-powerpc-ieee1275-2.04-150300.22.30.1 * grub2-systemd-sleep-plugin-2.04-150300.22.30.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * grub2-debuginfo-2.04-150300.22.30.1 * grub2-2.04-150300.22.30.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * grub2-x86_64-efi-2.04-150300.22.30.1 * grub2-snapper-plugin-2.04-150300.22.30.1 * grub2-x86_64-xen-2.04-150300.22.30.1 * grub2-i386-pc-2.04-150300.22.30.1 * grub2-arm64-efi-2.04-150300.22.30.1 * grub2-powerpc-ieee1275-2.04-150300.22.30.1 * grub2-systemd-sleep-plugin-2.04-150300.22.30.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 s390x x86_64) * grub2-debugsource-2.04-150300.22.30.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * grub2-s390x-emu-2.04-150300.22.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * grub2-debuginfo-2.04-150300.22.30.1 * grub2-2.04-150300.22.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * grub2-x86_64-efi-2.04-150300.22.30.1 * grub2-snapper-plugin-2.04-150300.22.30.1 * grub2-x86_64-xen-2.04-150300.22.30.1 * grub2-i386-pc-2.04-150300.22.30.1 * grub2-arm64-efi-2.04-150300.22.30.1 * grub2-powerpc-ieee1275-2.04-150300.22.30.1 * grub2-systemd-sleep-plugin-2.04-150300.22.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * grub2-debugsource-2.04-150300.22.30.1 * SUSE Manager Proxy 4.2 (x86_64) * grub2-debuginfo-2.04-150300.22.30.1 * grub2-2.04-150300.22.30.1 * grub2-debugsource-2.04-150300.22.30.1 * SUSE Manager Proxy 4.2 (noarch) * grub2-x86_64-efi-2.04-150300.22.30.1 * grub2-snapper-plugin-2.04-150300.22.30.1 * grub2-x86_64-xen-2.04-150300.22.30.1 * grub2-i386-pc-2.04-150300.22.30.1 * grub2-arm64-efi-2.04-150300.22.30.1 * grub2-powerpc-ieee1275-2.04-150300.22.30.1 * grub2-systemd-sleep-plugin-2.04-150300.22.30.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * grub2-debuginfo-2.04-150300.22.30.1 * grub2-2.04-150300.22.30.1 * grub2-debugsource-2.04-150300.22.30.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * grub2-x86_64-efi-2.04-150300.22.30.1 * grub2-snapper-plugin-2.04-150300.22.30.1 * grub2-x86_64-xen-2.04-150300.22.30.1 * grub2-i386-pc-2.04-150300.22.30.1 * grub2-arm64-efi-2.04-150300.22.30.1 * grub2-powerpc-ieee1275-2.04-150300.22.30.1 * grub2-systemd-sleep-plugin-2.04-150300.22.30.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * grub2-debuginfo-2.04-150300.22.30.1 * grub2-2.04-150300.22.30.1 * SUSE Manager Server 4.2 (noarch) * grub2-x86_64-efi-2.04-150300.22.30.1 * grub2-snapper-plugin-2.04-150300.22.30.1 * grub2-x86_64-xen-2.04-150300.22.30.1 * grub2-i386-pc-2.04-150300.22.30.1 * grub2-arm64-efi-2.04-150300.22.30.1 * grub2-powerpc-ieee1275-2.04-150300.22.30.1 * grub2-systemd-sleep-plugin-2.04-150300.22.30.1 * SUSE Manager Server 4.2 (s390x x86_64) * grub2-debugsource-2.04-150300.22.30.1 * SUSE Manager Server 4.2 (s390x) * grub2-s390x-emu-2.04-150300.22.30.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * grub2-debuginfo-2.04-150300.22.30.1 * grub2-2.04-150300.22.30.1 * grub2-debugsource-2.04-150300.22.30.1 * SUSE Enterprise Storage 7.1 (noarch) * grub2-x86_64-efi-2.04-150300.22.30.1 * grub2-snapper-plugin-2.04-150300.22.30.1 * grub2-x86_64-xen-2.04-150300.22.30.1 * grub2-i386-pc-2.04-150300.22.30.1 * grub2-arm64-efi-2.04-150300.22.30.1 * grub2-powerpc-ieee1275-2.04-150300.22.30.1 * grub2-systemd-sleep-plugin-2.04-150300.22.30.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * grub2-debuginfo-2.04-150300.22.30.1 * grub2-2.04-150300.22.30.1 * grub2-debugsource-2.04-150300.22.30.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * grub2-x86_64-efi-2.04-150300.22.30.1 * grub2-snapper-plugin-2.04-150300.22.30.1 * grub2-x86_64-xen-2.04-150300.22.30.1 * grub2-i386-pc-2.04-150300.22.30.1 * grub2-arm64-efi-2.04-150300.22.30.1 * SUSE Linux Enterprise Micro 5.2 (s390x) * grub2-s390x-emu-2.04-150300.22.30.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * grub2-debuginfo-2.04-150300.22.30.1 * grub2-2.04-150300.22.30.1 * grub2-debugsource-2.04-150300.22.30.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * grub2-x86_64-efi-2.04-150300.22.30.1 * grub2-snapper-plugin-2.04-150300.22.30.1 * grub2-x86_64-xen-2.04-150300.22.30.1 * grub2-i386-pc-2.04-150300.22.30.1 * grub2-arm64-efi-2.04-150300.22.30.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (s390x) * grub2-s390x-emu-2.04-150300.22.30.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1205200 * https://bugzilla.suse.com/show_bug.cgi?id=1205554 * https://jira.suse.com/browse/PED-2951 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 20:30:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 20:30:54 -0000 Subject: SUSE-RU-2023:0783-1: moderate: Recommended update for openssl-1_1 Message-ID: <167899865433.25923.5260324555025632663@smelt2.suse.de> # Recommended update for openssl-1_1 Announcement ID: SUSE-RU-2023:0783-1 Rating: moderate References: * #1208998 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-783=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-783=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-783=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-783=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-783=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * openssl-1_1-1.1.1l-150400.7.28.1 * libopenssl1_1-1.1.1l-150400.7.28.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.28.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.28.1 * libopenssl-1_1-devel-1.1.1l-150400.7.28.1 * openssl-1_1-debugsource-1.1.1l-150400.7.28.1 * libopenssl1_1-hmac-1.1.1l-150400.7.28.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * openssl-1_1-1.1.1l-150400.7.28.1 * libopenssl1_1-1.1.1l-150400.7.28.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.28.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.28.1 * libopenssl-1_1-devel-1.1.1l-150400.7.28.1 * openssl-1_1-debugsource-1.1.1l-150400.7.28.1 * libopenssl1_1-hmac-1.1.1l-150400.7.28.1 * openSUSE Leap 15.4 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.28.1 * libopenssl1_1-32bit-1.1.1l-150400.7.28.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.28.1 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.28.1 * openSUSE Leap 15.4 (noarch) * openssl-1_1-doc-1.1.1l-150400.7.28.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * openssl-1_1-1.1.1l-150400.7.28.1 * libopenssl1_1-1.1.1l-150400.7.28.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.28.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.28.1 * libopenssl-1_1-devel-1.1.1l-150400.7.28.1 * openssl-1_1-debugsource-1.1.1l-150400.7.28.1 * libopenssl1_1-hmac-1.1.1l-150400.7.28.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * openssl-1_1-1.1.1l-150400.7.28.1 * libopenssl1_1-1.1.1l-150400.7.28.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.28.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.28.1 * libopenssl-1_1-devel-1.1.1l-150400.7.28.1 * openssl-1_1-debugsource-1.1.1l-150400.7.28.1 * libopenssl1_1-hmac-1.1.1l-150400.7.28.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openssl-1_1-1.1.1l-150400.7.28.1 * libopenssl1_1-1.1.1l-150400.7.28.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.28.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.28.1 * libopenssl-1_1-devel-1.1.1l-150400.7.28.1 * openssl-1_1-debugsource-1.1.1l-150400.7.28.1 * libopenssl1_1-hmac-1.1.1l-150400.7.28.1 * Basesystem Module 15-SP4 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.28.1 * libopenssl1_1-32bit-1.1.1l-150400.7.28.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.28.1 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.28.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208998 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 20:30:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 20:30:59 -0000 Subject: SUSE-RU-2023:0782-1: moderate: Recommended update for libgcrypt Message-ID: <167899865912.25923.14001105552325132733@smelt2.suse.de> # Recommended update for libgcrypt Announcement ID: SUSE-RU-2023:0782-1 Rating: moderate References: * #1208924 * #1208925 * #1208926 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has three recommended fixes can now be installed. ## Description: This update for libgcrypt fixes the following issues: * FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] * FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] * FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-782=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-782=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-782=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-782=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-782=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libgcrypt-debugsource-1.9.4-150400.6.8.1 * libgcrypt20-debuginfo-1.9.4-150400.6.8.1 * libgcrypt20-hmac-1.9.4-150400.6.8.1 * libgcrypt20-1.9.4-150400.6.8.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libgcrypt20-debuginfo-1.9.4-150400.6.8.1 * libgcrypt-cavs-1.9.4-150400.6.8.1 * libgcrypt-cavs-debuginfo-1.9.4-150400.6.8.1 * libgcrypt20-hmac-1.9.4-150400.6.8.1 * libgcrypt20-1.9.4-150400.6.8.1 * libgcrypt-debugsource-1.9.4-150400.6.8.1 * libgcrypt-devel-1.9.4-150400.6.8.1 * libgcrypt-devel-debuginfo-1.9.4-150400.6.8.1 * openSUSE Leap 15.4 (x86_64) * libgcrypt20-32bit-debuginfo-1.9.4-150400.6.8.1 * libgcrypt20-32bit-1.9.4-150400.6.8.1 * libgcrypt20-hmac-32bit-1.9.4-150400.6.8.1 * libgcrypt-devel-32bit-1.9.4-150400.6.8.1 * libgcrypt-devel-32bit-debuginfo-1.9.4-150400.6.8.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libgcrypt-debugsource-1.9.4-150400.6.8.1 * libgcrypt20-debuginfo-1.9.4-150400.6.8.1 * libgcrypt20-hmac-1.9.4-150400.6.8.1 * libgcrypt20-1.9.4-150400.6.8.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libgcrypt-debugsource-1.9.4-150400.6.8.1 * libgcrypt20-debuginfo-1.9.4-150400.6.8.1 * libgcrypt20-hmac-1.9.4-150400.6.8.1 * libgcrypt20-1.9.4-150400.6.8.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libgcrypt20-debuginfo-1.9.4-150400.6.8.1 * libgcrypt20-hmac-1.9.4-150400.6.8.1 * libgcrypt20-1.9.4-150400.6.8.1 * libgcrypt-debugsource-1.9.4-150400.6.8.1 * libgcrypt-devel-1.9.4-150400.6.8.1 * libgcrypt-devel-debuginfo-1.9.4-150400.6.8.1 * Basesystem Module 15-SP4 (x86_64) * libgcrypt20-32bit-debuginfo-1.9.4-150400.6.8.1 * libgcrypt20-32bit-1.9.4-150400.6.8.1 * libgcrypt20-hmac-32bit-1.9.4-150400.6.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208924 * https://bugzilla.suse.com/show_bug.cgi?id=1208925 * https://bugzilla.suse.com/show_bug.cgi?id=1208926 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 20:31:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 20:31:02 -0000 Subject: SUSE-SU-2023:0781-1: important: Security update for vim Message-ID: <167899866275.25923.5167956434641757069@smelt2.suse.de> # Security update for vim Announcement ID: SUSE-SU-2023:0781-1 Rating: important References: * #1207780 * #1208828 * #1208957 * #1208959 Cross-References: * CVE-2023-0512 * CVE-2023-1127 * CVE-2023-1170 * CVE-2023-1175 CVSS scores: * CVE-2023-0512 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-0512 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-1127 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-1127 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-1127 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-1170 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-1170 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2023-1170 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-1175 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-1175 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2023-1175 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves four vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * CVE-2023-0512: Fixed a divide By Zero (bsc#1207780). * CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957). * CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959). * CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Updated to version 9.0 with patch level 1386. * https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-781=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-781=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-781=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-781=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-781=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-781=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-781=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-781=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-781=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-781=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-781=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-781=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-781=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-781=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-781=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-781=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-781=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-781=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-781=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-781=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-781=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-781=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-781=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-781=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-781=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * vim-small-debuginfo-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-small-9.0.1386-150000.5.37.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * vim-small-debuginfo-9.0.1386-150000.5.37.1 * vim-small-9.0.1386-150000.5.37.1 * gvim-debuginfo-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-9.0.1386-150000.5.37.1 * gvim-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * openSUSE Leap 15.4 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * vim-data-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-small-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-small-9.0.1386-150000.5.37.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * vim-small-debuginfo-9.0.1386-150000.5.37.1 * vim-small-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * Basesystem Module 15-SP4 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * vim-data-9.0.1386-150000.5.37.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.0.1386-150000.5.37.1 * gvim-9.0.1386-150000.5.37.1 * gvim-debuginfo-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * gvim-debuginfo-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-9.0.1386-150000.5.37.1 * gvim-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * vim-data-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * gvim-debuginfo-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-9.0.1386-150000.5.37.1 * gvim-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * vim-data-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * vim-small-debuginfo-9.0.1386-150000.5.37.1 * vim-small-9.0.1386-150000.5.37.1 * gvim-debuginfo-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-9.0.1386-150000.5.37.1 * gvim-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * vim-data-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * vim-small-debuginfo-9.0.1386-150000.5.37.1 * vim-small-9.0.1386-150000.5.37.1 * gvim-debuginfo-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-9.0.1386-150000.5.37.1 * gvim-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * vim-data-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * vim-small-debuginfo-9.0.1386-150000.5.37.1 * vim-small-9.0.1386-150000.5.37.1 * gvim-debuginfo-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-9.0.1386-150000.5.37.1 * gvim-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * vim-data-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * gvim-debuginfo-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-9.0.1386-150000.5.37.1 * gvim-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * vim-data-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * gvim-debuginfo-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-9.0.1386-150000.5.37.1 * gvim-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * vim-data-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * vim-small-debuginfo-9.0.1386-150000.5.37.1 * vim-small-9.0.1386-150000.5.37.1 * gvim-debuginfo-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-9.0.1386-150000.5.37.1 * gvim-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * vim-data-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * gvim-debuginfo-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-9.0.1386-150000.5.37.1 * gvim-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * vim-data-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * gvim-debuginfo-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-9.0.1386-150000.5.37.1 * gvim-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * vim-data-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * vim-small-debuginfo-9.0.1386-150000.5.37.1 * vim-small-9.0.1386-150000.5.37.1 * gvim-debuginfo-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-9.0.1386-150000.5.37.1 * gvim-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * vim-data-9.0.1386-150000.5.37.1 * SUSE Manager Proxy 4.2 (x86_64) * vim-small-debuginfo-9.0.1386-150000.5.37.1 * vim-small-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * SUSE Manager Proxy 4.2 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * vim-data-9.0.1386-150000.5.37.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * vim-small-debuginfo-9.0.1386-150000.5.37.1 * vim-small-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * vim-data-9.0.1386-150000.5.37.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * vim-small-debuginfo-9.0.1386-150000.5.37.1 * vim-small-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * SUSE Manager Server 4.2 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * vim-data-9.0.1386-150000.5.37.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * vim-small-debuginfo-9.0.1386-150000.5.37.1 * vim-small-9.0.1386-150000.5.37.1 * gvim-debuginfo-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-9.0.1386-150000.5.37.1 * gvim-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * SUSE Enterprise Storage 7.1 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * vim-data-9.0.1386-150000.5.37.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * gvim-debuginfo-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-9.0.1386-150000.5.37.1 * gvim-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * SUSE Enterprise Storage 7 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * vim-data-9.0.1386-150000.5.37.1 * SUSE CaaS Platform 4.0 (x86_64) * gvim-debuginfo-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-9.0.1386-150000.5.37.1 * gvim-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * SUSE CaaS Platform 4.0 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * vim-data-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-small-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-small-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.1386-150000.5.37.1 * vim-debugsource-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * vim-small-9.0.1386-150000.5.37.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0512.html * https://www.suse.com/security/cve/CVE-2023-1127.html * https://www.suse.com/security/cve/CVE-2023-1170.html * https://www.suse.com/security/cve/CVE-2023-1175.html * https://bugzilla.suse.com/show_bug.cgi?id=1207780 * https://bugzilla.suse.com/show_bug.cgi?id=1208828 * https://bugzilla.suse.com/show_bug.cgi?id=1208957 * https://bugzilla.suse.com/show_bug.cgi?id=1208959 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 20:31:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 20:31:32 -0000 Subject: SUSE-SU-2023:0780-1: important: Security update for the Linux Kernel Message-ID: <167899869264.25923.4777727473851770571@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:0780-1 Rating: important References: * #1186449 * #1195175 * #1198438 * #1203331 * #1203332 * #1204356 * #1204662 * #1206103 * #1206351 * #1207051 * #1207575 * #1207773 * #1207795 * #1207845 * #1207875 * #1208023 * #1208153 * #1208212 * #1208700 * #1208741 * #1208776 * #1208816 * #1208837 * #1208845 * #1208971 Cross-References: * CVE-2022-36280 * CVE-2022-38096 * CVE-2023-0045 * CVE-2023-0590 * CVE-2023-0597 * CVE-2023-1118 * CVE-2023-22995 * CVE-2023-22998 * CVE-2023-23000 * CVE-2023-23006 * CVE-2023-23559 * CVE-2023-26545 CVSS scores: * CVE-2022-36280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36280 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H * CVE-2022-38096 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38096 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0045 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0597 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-22995 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22995 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-22998 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-22998 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23000 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-23000 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23006 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H * CVE-2023-23006 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26545 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26545 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves 12 vulnerabilities and has 13 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). * CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). * CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). * CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). * CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776). * CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). * CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845). * CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). * CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). The following non-security bugs were fixed: * cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1208971). * genirq: Provide new interfaces for affinity hints (bsc#1208153). * mm/slub: fix panic in slab_alloc_node() (bsc#1208023). * module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). * net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). * net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). * net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). * refresh patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd (bsc#1206351). The former kABI fix only move the newly added member to scsi_host_template to the end of the struct. But that is usually allocated statically, even by 3rd party modules relying on kABI. Before we use the member we need to signalize that it is to be expected. As we only expect it to be allocated by in-tree modules that we can control, we can use a space in the bitfield to signalize that. * s390/kexec: fix ipl report address for kdump (bsc#1207575). * scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). * update suse/net-mlx5-Allocate-individual-capability (bsc#1195175). * update suse/net-mlx5-Dynamically-resize-flow-counters-query-buff (bsc#1195175). * update suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len (bsc#1195175). * update suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size (bsc#1195175). * update suse/net-mlx5-Reorganize-current-and-maximal-capabilities (bsc#1195175). * update suse/net-mlx5-Use-order-0-allocations-for-EQs (bsc#1195175). Fixed bugzilla reference. * vmxnet3: move rss code block under eop descriptor (bsc#1208212). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-780=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-780=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-780=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-780=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-780=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-780=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-780=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-780=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-780=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-780=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-780=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-780=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-780=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-780=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-780=1 ## Package List: * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.3.18-150300.59.115.1 * openSUSE Leap 15.4 (aarch64) * dtb-zte-5.3.18-150300.59.115.1 * dtb-al-5.3.18-150300.59.115.1 * SUSE Linux Enterprise Live Patching 15-SP3 (nosrc) * kernel-default-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-default-livepatch-devel-5.3.18-150300.59.115.2 * kernel-default-debuginfo-5.3.18-150300.59.115.2 * kernel-default-debugsource-5.3.18-150300.59.115.2 * kernel-default-livepatch-5.3.18-150300.59.115.2 * kernel-livepatch-5_3_18-150300_59_115-default-1-150300.7.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * gfs2-kmp-default-debuginfo-5.3.18-150300.59.115.2 * kernel-default-debuginfo-5.3.18-150300.59.115.2 * dlm-kmp-default-5.3.18-150300.59.115.2 * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.115.2 * ocfs2-kmp-default-5.3.18-150300.59.115.2 * cluster-md-kmp-default-5.3.18-150300.59.115.2 * kernel-default-debugsource-5.3.18-150300.59.115.2 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.115.2 * dlm-kmp-default-debuginfo-5.3.18-150300.59.115.2 * gfs2-kmp-default-5.3.18-150300.59.115.2 * SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc) * kernel-default-5.3.18-150300.59.115.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.115.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64) * kernel-64kb-debuginfo-5.3.18-150300.59.115.2 * kernel-64kb-debugsource-5.3.18-150300.59.115.2 * kernel-64kb-devel-5.3.18-150300.59.115.2 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.115.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150300.59.115.2 * kernel-preempt-5.3.18-150300.59.115.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * kernel-obs-build-5.3.18-150300.59.115.2 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.115.2 * kernel-syms-5.3.18-150300.59.115.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.115.2 * kernel-default-debuginfo-5.3.18-150300.59.115.2 * kernel-preempt-debuginfo-5.3.18-150300.59.115.2 * kernel-default-devel-5.3.18-150300.59.115.2 * kernel-obs-build-debugsource-5.3.18-150300.59.115.2 * kernel-default-debugsource-5.3.18-150300.59.115.2 * reiserfs-kmp-default-5.3.18-150300.59.115.2 * kernel-preempt-devel-5.3.18-150300.59.115.2 * kernel-default-base-5.3.18-150300.59.115.2.150300.18.66.1 * kernel-preempt-debugsource-5.3.18-150300.59.115.2 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.115.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * kernel-source-5.3.18-150300.59.115.2 * kernel-devel-5.3.18-150300.59.115.2 * kernel-macros-5.3.18-150300.59.115.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.115.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.115.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * kernel-64kb-debuginfo-5.3.18-150300.59.115.2 * kernel-64kb-debugsource-5.3.18-150300.59.115.2 * kernel-64kb-devel-5.3.18-150300.59.115.2 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.115.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150300.59.115.2 * kernel-preempt-5.3.18-150300.59.115.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * kernel-obs-build-5.3.18-150300.59.115.2 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.115.2 * kernel-syms-5.3.18-150300.59.115.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.115.2 * kernel-default-debuginfo-5.3.18-150300.59.115.2 * kernel-preempt-debuginfo-5.3.18-150300.59.115.2 * kernel-default-devel-5.3.18-150300.59.115.2 * kernel-obs-build-debugsource-5.3.18-150300.59.115.2 * kernel-default-debugsource-5.3.18-150300.59.115.2 * reiserfs-kmp-default-5.3.18-150300.59.115.2 * kernel-preempt-devel-5.3.18-150300.59.115.2 * kernel-default-base-5.3.18-150300.59.115.2.150300.18.66.1 * kernel-preempt-debugsource-5.3.18-150300.59.115.2 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.115.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * kernel-source-5.3.18-150300.59.115.2 * kernel-devel-5.3.18-150300.59.115.2 * kernel-macros-5.3.18-150300.59.115.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Real Time 15 SP3 (nosrc x86_64) * kernel-default-5.3.18-150300.59.115.2 * kernel-preempt-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * kernel-obs-build-5.3.18-150300.59.115.2 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.115.2 * kernel-syms-5.3.18-150300.59.115.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.115.2 * kernel-default-debuginfo-5.3.18-150300.59.115.2 * kernel-preempt-debuginfo-5.3.18-150300.59.115.2 * kernel-default-devel-5.3.18-150300.59.115.2 * kernel-obs-build-debugsource-5.3.18-150300.59.115.2 * kernel-default-debugsource-5.3.18-150300.59.115.2 * kernel-preempt-devel-5.3.18-150300.59.115.2 * kernel-default-base-5.3.18-150300.59.115.2.150300.18.66.1 * kernel-preempt-debugsource-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * kernel-source-5.3.18-150300.59.115.2 * kernel-devel-5.3.18-150300.59.115.2 * kernel-macros-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Real Time 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64) * kernel-64kb-debuginfo-5.3.18-150300.59.115.2 * kernel-64kb-debugsource-5.3.18-150300.59.115.2 * kernel-64kb-devel-5.3.18-150300.59.115.2 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-5.3.18-150300.59.115.2 * kernel-syms-5.3.18-150300.59.115.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.115.2 * kernel-default-debuginfo-5.3.18-150300.59.115.2 * kernel-default-devel-5.3.18-150300.59.115.2 * kernel-obs-build-debugsource-5.3.18-150300.59.115.2 * kernel-default-debugsource-5.3.18-150300.59.115.2 * reiserfs-kmp-default-5.3.18-150300.59.115.2 * kernel-default-base-5.3.18-150300.59.115.2.150300.18.66.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * kernel-source-5.3.18-150300.59.115.2 * kernel-devel-5.3.18-150300.59.115.2 * kernel-macros-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * kernel-preempt-debuginfo-5.3.18-150300.59.115.2 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.115.2 * kernel-preempt-devel-5.3.18-150300.59.115.2 * kernel-preempt-debugsource-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * kernel-zfcpdump-debuginfo-5.3.18-150300.59.115.2 * kernel-zfcpdump-debugsource-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * kernel-obs-build-5.3.18-150300.59.115.2 * kernel-syms-5.3.18-150300.59.115.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.115.2 * kernel-default-debuginfo-5.3.18-150300.59.115.2 * kernel-default-devel-5.3.18-150300.59.115.2 * kernel-obs-build-debugsource-5.3.18-150300.59.115.2 * kernel-default-debugsource-5.3.18-150300.59.115.2 * reiserfs-kmp-default-5.3.18-150300.59.115.2 * kernel-default-base-5.3.18-150300.59.115.2.150300.18.66.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * kernel-source-5.3.18-150300.59.115.2 * kernel-devel-5.3.18-150300.59.115.2 * kernel-macros-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * kernel-preempt-debuginfo-5.3.18-150300.59.115.2 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.115.2 * kernel-preempt-devel-5.3.18-150300.59.115.2 * kernel-preempt-debugsource-5.3.18-150300.59.115.2 * SUSE Manager Proxy 4.2 (nosrc x86_64) * kernel-default-5.3.18-150300.59.115.2 * kernel-preempt-5.3.18-150300.59.115.2 * SUSE Manager Proxy 4.2 (x86_64) * kernel-default-devel-debuginfo-5.3.18-150300.59.115.2 * kernel-default-debuginfo-5.3.18-150300.59.115.2 * kernel-preempt-debuginfo-5.3.18-150300.59.115.2 * kernel-default-devel-5.3.18-150300.59.115.2 * kernel-default-debugsource-5.3.18-150300.59.115.2 * kernel-default-base-5.3.18-150300.59.115.2.150300.18.66.1 * kernel-preempt-debugsource-5.3.18-150300.59.115.2 * SUSE Manager Proxy 4.2 (noarch) * kernel-devel-5.3.18-150300.59.115.2 * kernel-macros-5.3.18-150300.59.115.2 * SUSE Manager Retail Branch Server 4.2 (nosrc x86_64) * kernel-default-5.3.18-150300.59.115.2 * kernel-preempt-5.3.18-150300.59.115.2 * SUSE Manager Retail Branch Server 4.2 (x86_64) * kernel-default-devel-debuginfo-5.3.18-150300.59.115.2 * kernel-default-debuginfo-5.3.18-150300.59.115.2 * kernel-preempt-debuginfo-5.3.18-150300.59.115.2 * kernel-default-devel-5.3.18-150300.59.115.2 * kernel-default-debugsource-5.3.18-150300.59.115.2 * kernel-default-base-5.3.18-150300.59.115.2.150300.18.66.1 * kernel-preempt-debugsource-5.3.18-150300.59.115.2 * SUSE Manager Retail Branch Server 4.2 (noarch) * kernel-devel-5.3.18-150300.59.115.2 * kernel-macros-5.3.18-150300.59.115.2 * SUSE Manager Server 4.2 (nosrc ppc64le s390x x86_64) * kernel-default-5.3.18-150300.59.115.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * kernel-default-devel-debuginfo-5.3.18-150300.59.115.2 * kernel-default-debuginfo-5.3.18-150300.59.115.2 * kernel-default-devel-5.3.18-150300.59.115.2 * kernel-default-debugsource-5.3.18-150300.59.115.2 * kernel-default-base-5.3.18-150300.59.115.2.150300.18.66.1 * SUSE Manager Server 4.2 (noarch) * kernel-devel-5.3.18-150300.59.115.2 * kernel-macros-5.3.18-150300.59.115.2 * SUSE Manager Server 4.2 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.115.2 * SUSE Manager Server 4.2 (s390x) * kernel-zfcpdump-debuginfo-5.3.18-150300.59.115.2 * kernel-zfcpdump-debugsource-5.3.18-150300.59.115.2 * SUSE Manager Server 4.2 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.115.2 * SUSE Manager Server 4.2 (x86_64) * kernel-preempt-debuginfo-5.3.18-150300.59.115.2 * kernel-preempt-debugsource-5.3.18-150300.59.115.2 * SUSE Enterprise Storage 7.1 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.115.2 * SUSE Enterprise Storage 7.1 (aarch64) * kernel-64kb-debuginfo-5.3.18-150300.59.115.2 * kernel-64kb-debugsource-5.3.18-150300.59.115.2 * kernel-64kb-devel-5.3.18-150300.59.115.2 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.115.2 * SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150300.59.115.2 * kernel-preempt-5.3.18-150300.59.115.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * kernel-obs-build-5.3.18-150300.59.115.2 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.115.2 * kernel-syms-5.3.18-150300.59.115.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.115.2 * kernel-default-debuginfo-5.3.18-150300.59.115.2 * kernel-preempt-debuginfo-5.3.18-150300.59.115.2 * kernel-default-devel-5.3.18-150300.59.115.2 * kernel-obs-build-debugsource-5.3.18-150300.59.115.2 * kernel-default-debugsource-5.3.18-150300.59.115.2 * reiserfs-kmp-default-5.3.18-150300.59.115.2 * kernel-preempt-devel-5.3.18-150300.59.115.2 * kernel-default-base-5.3.18-150300.59.115.2.150300.18.66.1 * kernel-preempt-debugsource-5.3.18-150300.59.115.2 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.115.2 * SUSE Enterprise Storage 7.1 (noarch) * kernel-source-5.3.18-150300.59.115.2 * kernel-devel-5.3.18-150300.59.115.2 * kernel-macros-5.3.18-150300.59.115.2 * SUSE Enterprise Storage 7.1 (noarch nosrc) * kernel-docs-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * kernel-default-base-5.3.18-150300.59.115.2.150300.18.66.1 * kernel-default-debugsource-5.3.18-150300.59.115.2 * kernel-default-debuginfo-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * kernel-default-base-5.3.18-150300.59.115.2.150300.18.66.1 * kernel-default-debugsource-5.3.18-150300.59.115.2 * kernel-default-debuginfo-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.115.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * kernel-default-base-5.3.18-150300.59.115.2.150300.18.66.1 * kernel-default-debugsource-5.3.18-150300.59.115.2 * kernel-default-debuginfo-5.3.18-150300.59.115.2 ## References: * https://www.suse.com/security/cve/CVE-2022-36280.html * https://www.suse.com/security/cve/CVE-2022-38096.html * https://www.suse.com/security/cve/CVE-2023-0045.html * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-0597.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://www.suse.com/security/cve/CVE-2023-22995.html * https://www.suse.com/security/cve/CVE-2023-22998.html * https://www.suse.com/security/cve/CVE-2023-23000.html * https://www.suse.com/security/cve/CVE-2023-23006.html * https://www.suse.com/security/cve/CVE-2023-23559.html * https://www.suse.com/security/cve/CVE-2023-26545.html * https://bugzilla.suse.com/show_bug.cgi?id=1186449 * https://bugzilla.suse.com/show_bug.cgi?id=1195175 * https://bugzilla.suse.com/show_bug.cgi?id=1198438 * https://bugzilla.suse.com/show_bug.cgi?id=1203331 * https://bugzilla.suse.com/show_bug.cgi?id=1203332 * https://bugzilla.suse.com/show_bug.cgi?id=1204356 * https://bugzilla.suse.com/show_bug.cgi?id=1204662 * https://bugzilla.suse.com/show_bug.cgi?id=1206103 * https://bugzilla.suse.com/show_bug.cgi?id=1206351 * https://bugzilla.suse.com/show_bug.cgi?id=1207051 * https://bugzilla.suse.com/show_bug.cgi?id=1207575 * https://bugzilla.suse.com/show_bug.cgi?id=1207773 * https://bugzilla.suse.com/show_bug.cgi?id=1207795 * https://bugzilla.suse.com/show_bug.cgi?id=1207845 * https://bugzilla.suse.com/show_bug.cgi?id=1207875 * https://bugzilla.suse.com/show_bug.cgi?id=1208023 * https://bugzilla.suse.com/show_bug.cgi?id=1208153 * https://bugzilla.suse.com/show_bug.cgi?id=1208212 * https://bugzilla.suse.com/show_bug.cgi?id=1208700 * https://bugzilla.suse.com/show_bug.cgi?id=1208741 * https://bugzilla.suse.com/show_bug.cgi?id=1208776 * https://bugzilla.suse.com/show_bug.cgi?id=1208816 * https://bugzilla.suse.com/show_bug.cgi?id=1208837 * https://bugzilla.suse.com/show_bug.cgi?id=1208845 * https://bugzilla.suse.com/show_bug.cgi?id=1208971 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 20:32:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 20:32:12 -0000 Subject: SUSE-SU-2023:0779-1: important: Security update for the Linux Kernel Message-ID: <167899873264.25923.1181226710166035314@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:0779-1 Rating: important References: * #1186449 * #1203331 * #1203332 * #1203693 * #1204502 * #1204760 * #1205149 * #1206351 * #1206677 * #1206784 * #1207034 * #1207051 * #1207134 * #1207186 * #1207237 * #1207497 * #1207508 * #1207560 * #1207773 * #1207795 * #1207845 * #1207875 * #1207878 * #1208212 * #1208599 * #1208700 * #1208741 * #1208776 * #1208816 * #1208837 * #1208845 * #1208971 * #1209008 Cross-References: * CVE-2022-3606 * CVE-2022-36280 * CVE-2022-38096 * CVE-2022-47929 * CVE-2023-0045 * CVE-2023-0179 * CVE-2023-0266 * CVE-2023-0590 * CVE-2023-0597 * CVE-2023-1076 * CVE-2023-1095 * CVE-2023-1118 * CVE-2023-1195 * CVE-2023-22995 * CVE-2023-22998 * CVE-2023-23000 * CVE-2023-23004 * CVE-2023-23006 * CVE-2023-23559 * CVE-2023-25012 * CVE-2023-26545 CVSS scores: * CVE-2022-3606 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3606 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36280 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H * CVE-2022-38096 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38096 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-47929 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2022-47929 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0045 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0179 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0266 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0266 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0597 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1076 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1095 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1095 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1195 ( SUSE ): 2.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22995 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22995 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-22998 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-22998 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23000 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-23000 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23004 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2023-23004 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23006 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H * CVE-2023-23006 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25012 ( SUSE ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25012 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-26545 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26545 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Real Time Module 15-SP3 An update that solves 21 vulnerabilities and has 12 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-3606: Fixed a null pointer dereference inside the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF (bsc#1204502). * CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). * CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). * CVE-2022-47929: Fixed a NULL pointer dereference bug in the traffic control subsystem (bsc#1207237). * CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). * CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). * CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134). * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). * CVE-2023-1076: Fixed incorrect initialization of socket ui in tap_open() (bsc#1208599). * CVE-2023-1095: Fixed fix null deref due to zeroed list head in nf_tables (bsc#1208777). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). * CVE-2023-1195: Fixed a use-after-free caused by invalid pointer `hostname` in cifs (bsc#1208971). * CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). * CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776). * CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). * CVE-2023-23004: Fixed NULL vs IS_ERR() checking in malidp (bsc#1208843). * CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845). * CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). * CVE-2023-25012: Fixed a use-after-eree in bigben_set_led() in hid (bsc#1207560). * CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). The following non-security bugs were fixed: * add support for enabling livepatching related packages on -RT (jsc#PED-1706) * add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149) * bcache: fix set_at_max_writeback_rate() for multiple attached devices (git- fixes). * blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). * blktrace: ensure our debugfs dir exists (git-fixes). * ceph: avoid putting the realm twice when decoding snaps fails (bsc#1207198). * ceph: do not update snapshot context when there is no new snapshot (bsc#1207218). * config.conf: Drop armv7l, Leap 15.3 is EOL. * constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit. * delete config/armv7hl/default. * delete config/armv7hl/lpae. * dm btree: add a defensive bounds check to insert_at() (git-fixes). * dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). * dm cache: Fix UAF in destroy() (git-fixes). * dm cache: set needs_check flag after aborting metadata (git-fixes). * dm clone: Fix UAF in clone_dtr() (git-fixes). * dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). * dm integrity: fix flush with external metadata device (git-fixes). * dm integrity: flush the journal on suspend (git-fixes). * dm integrity: select CRYPTO_SKCIPHER (git-fixes). * dm ioctl: fix misbehavior if list_versions races with module loading (git- fixes). * dm ioctl: prevent potential spectre v1 gadget (git-fixes). * dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). * dm space maps: do not reset space map allocation cursor when committing (git-fixes). * dm table: Remove BUG_ON(in_interrupt()) (git-fixes). * dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). * dm thin: Fix UAF in run_timer_softirq() (git-fixes). * dm thin: Use last transaction's pmd->root when commit failed (git-fixes). * dm thin: resume even if in FAIL mode (git-fixes). * dm verity: fix require_signatures module_param permissions (git-fixes). * dm verity: skip verity work if I/O error when system is shutting down (git- fixes). * do not sign the vanilla kernel (bsc#1209008). * drivers:md:fix a potential use-after-free bug (git-fixes). * ext4: Fixup pages without buffers (bsc#1205495). * genirq: Provide new interfaces for affinity hints (bsc#1208153). * hid: betop: check shape of output reports (git-fixes, bsc#1207186). * hid: check empty report_list in bigben_probe() (git-fixes, bsc#1206784). * hid: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784). * kabi/severities: add mlx5 internal symbols * kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. * kvm: vmx: fix crash cleanup when KVM wasn't used (bsc#1207508). * loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes). * loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). * md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). * md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). * md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). * md: protect md_unregister_thread from reentrancy (git-fixes). * mm/memcg: optimize memory.numa_stat like memory.stat (bsc#1206663). * mm/slub: fix panic in slab_alloc_node() (bsc#1208023). * mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). * module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). * nbd: Fix hung on disconnect request if socket is closed before (git-fixes). * nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). * nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). * nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). * nbd: fix io hung while disconnecting device (git-fixes). * nbd: fix max value for 'first_minor' (git-fixes). * nbd: fix race between nbd_alloc_config() and module removal (git-fixes). * nbd: make the config put is called before the notifying the waiter (git- fixes). * nbd: restore default timeout when setting it to zero (git-fixes). * net/mlx5: Allocate individual capability (bsc#119175). * net/mlx5: Dynamically resize flow counters query buffer (bsc#119175). * net/mlx5: Fix flow counters SF bulk query len (bsc#119175). * net/mlx5: Reduce flow counters bulk query buffer size for SFs (bsc#119175). * net/mlx5: Reorganize current and maximal capabilities to be per-type (bsc#119175). * net/mlx5: Use order-0 allocations for EQs (bsc#119175). * net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). * net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). * net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). * null_blk: fix ida error handling in null_add_dev() (git-fixes). * rbd: work around -Wuninitialized warning (git-fixes). * rdma/core: Fix ib block iterator counter overflow (bsc#1207878). * refresh patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd (bsc#1206351). * revert "constraints: increase disk space for all architectures" (bsc#1203693). * rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_* Dummy gcc pretends to support -mrecord-mcount option but actual gcc on ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in check failure. As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT in the exception list, replace them with a general pattern. And add OBJTOOL as well. * rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE This new form was added in commit b8c86872d1dc (riscv: fix detection of toolchain Zicbom support). * rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128. * rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user at localhost:/tmp> perl "$HOME/group- source-files.pl" -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html * rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs This makes in-tree KMPs more consistent with externally built KMPs and silences several rpmlint warnings. * rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage * s390/kexec: fix ipl report address for kdump (bsc#1207575). * scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). * scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (git- fixes). * scsi: NCR5380: Add disconnect_mask module parameter (git-fixes). * scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" (git-fixes). * scsi: advansys: Fix kernel pointer leak (git-fixes). * scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). * scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes). * scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (git-fixes). * scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE (git- fixes). * scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). * scsi: bnx2fc: Return failure if io_req is already in ABTS processing (git- fixes). * scsi: core: Avoid printing an error if target_alloc() returns -ENXIO (git- fixes). * scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes). * scsi: core: Do not start concurrent async scan on same host (git-fixes). * scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). * scsi: core: Fix capacity set to zero after offlinining device (git-fixes). * scsi: core: Fix hang of freezing queue between blocking and running device (git-fixes). * scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() (git-fixes). * scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). * scsi: core: free sgtables in case command setup fails (git-fixes). * scsi: core: sysfs: Fix hang when device state is set via sysfs (git-fixes). * scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (git-fixes). * scsi: cxlflash: Fix error return code in cxlflash_probe() (git-fixes). * scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). * scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git- fixes). * scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes). * scsi: fnic: fix use after free (git-fixes). * scsi: hisi_sas: Check sas_port before using it (git-fixes). * scsi: hisi_sas: Delete the debugfs folder of hisi_sas when the probe fails (git-fixes). * scsi: hisi_sas: Do not reset phy timer to wait for stray phy up (git-fixes). * scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq (git- fixes). * scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw() (git-fixes). * scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec() (git- fixes). * scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). * scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes). * scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). * scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). * scsi: ipr: Fix WARNING in ipr_init() (git-fixes). * scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). * scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes). * scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (git-fixes). * scsi: iscsi: Do not destroy session if there are outstanding connections (git-fixes). * scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes). * scsi: iscsi: Do not send data to unbound connection (git-fixes). * scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj (git-fixes). * scsi: iscsi: Fix shost->max_id use (git-fixes). * scsi: iscsi: Report unbind session event when the target has been removed (git-fixes). * scsi: iscsi: Unblock session then wake up error handler (git-fixes). * scsi: libfc: Fix a format specifier (git-fixes). * scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). * scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). * scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes). * scsi: libsas: Add LUN number check in .slave_alloc callback (git-fixes). * scsi: megaraid: Fix error check return value of register_chrdev() (git- fixes). * scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() (git- fixes). * scsi: megaraid_sas: Early detection of VD deletion through RaidMap update (git-fixes). * scsi: megaraid_sas: Fix double kfree() (git-fixes). * scsi: megaraid_sas: Fix resource leak in case of probe failure (git-fixes). * scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs (git- fixes). * scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git- fixes). * scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). * scsi: mpt3sas: Block PCI config access from userspace during reset (git- fixes). * scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). * scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (git-fixes). * scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes). * scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). * scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). * scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes). * scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). * scsi: myrs: Fix crash in error case (git-fixes). * scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). * scsi: pm: Balance pm_only counter of request queue during system resume (git-fixes). * scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). * scsi: qedf: Add check to synchronize abort and flush (git-fixes). * scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). * scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). * scsi: qedf: Return SUCCESS if stale rport is encountered (git-fixes). * scsi: qedi: Fix failed disconnect handling (git-fixes). * scsi: qedi: Fix list_del corruption while removing active I/O (git-fixes). * scsi: qedi: Fix null ref during abort handling (git-fixes). * scsi: qedi: Protect active command list to avoid list corruption (git- fixes). * scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). * scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). * scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). * scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git- fixes). * scsi: scsi_debug: num_tgts must be >= 0 (git-fixes). * scsi: scsi_dh_alua: Check for negative result value (git-fixes). * scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() (git-fixes). * scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes). * scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes). * scsi: scsi_transport_spi: Fix function pointer check (git-fixes). * scsi: scsi_transport_spi: Set RQF_PM for domain validation commands (git- fixes). * scsi: sd: Free scsi_disk device via put_device() (git-fixes). * scsi: sd: Suppress spurious errors when WRITE SAME is being disabled (git- fixes). * scsi: ses: Fix unsigned comparison with less than zero (git-fixes). * scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes). * scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). * scsi: sr: Do not use GFP_DMA (git-fixes). * scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes). * scsi: sr: Return appropriate error code when disk is ejected (git-fixes). * scsi: sr: Return correct event when media event code is 3 (git-fixes). * scsi: st: Fix a use after free in st_open() (git-fixes). * scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() (git-fixes). * scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes). * scsi: ufs: Clean up completed request without interrupt notification (git- fixes). * scsi: ufs: Fix a race condition in the tracing code (git-fixes). * scsi: ufs: Fix error handing during hibern8 enter (git-fixes). * scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes). * scsi: ufs: Fix interrupt error message for shared interrupts (git-fixes). * scsi: ufs: Fix irq return code (git-fixes). * scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes). * scsi: ufs: Fix tm request when non-fatal error happens (git-fixes). * scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() (git- fixes). * scsi: ufs: Fix up auto hibern8 enablement (git-fixes). * scsi: ufs: Fix wrong print message in dev_err() (git-fixes). * scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes). * scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (git-fixes). * scsi: ufs: Make ufshcd_add_command_trace() easier to read (git-fixes). * scsi: ufs: delete redundant function ufshcd_def_desc_sizes() (git-fixes). * scsi: ufs: fix potential bug which ends in system hang (git-fixes). * scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() (git-fixes). * scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" (git- fixes). * scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). * scsi: vmw_pvscsi: Set correct residual data length (git-fixes). * scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes). * sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). * sctp: sysctl: make extra pointers netns aware (bsc#1204760). * update patches.suse/net-mlx5-Allocate-individual-capability (bsc#1195175). * update patches.suse/net-mlx5-Dynamically-resize-flow-counters-query-buff (bsc#1195175). * update patches.suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len (bsc#1195175). * update patches.suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size (bsc#1195175). * update patches.suse/net-mlx5-Reorganize-current-and-maximal-capabilities (bsc#1195175). * update patches.suse/net-mlx5-Use-order-0-allocations-for-EQs (bsc#1195175). Fixed bugzilla reference. * vmxnet3: move rss code block under eop descriptor (bsc#1208212). * watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). * watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Real Time Module 15-SP3 zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2023-779=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-779=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-779=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-779=1 ## Package List: * SUSE Real Time Module 15-SP3 (x86_64) * ocfs2-kmp-rt-5.3.18-150300.121.1 * kernel-rt-devel-debuginfo-5.3.18-150300.121.1 * kernel-rt-devel-5.3.18-150300.121.1 * kernel-syms-rt-5.3.18-150300.121.1 * cluster-md-kmp-rt-debuginfo-5.3.18-150300.121.1 * gfs2-kmp-rt-5.3.18-150300.121.1 * kernel-rt-debugsource-5.3.18-150300.121.1 * kernel-rt_debug-debugsource-5.3.18-150300.121.1 * dlm-kmp-rt-debuginfo-5.3.18-150300.121.1 * kernel-rt-debuginfo-5.3.18-150300.121.1 * kernel-rt_debug-debuginfo-5.3.18-150300.121.1 * kernel-rt_debug-devel-5.3.18-150300.121.1 * ocfs2-kmp-rt-debuginfo-5.3.18-150300.121.1 * kernel-rt_debug-devel-debuginfo-5.3.18-150300.121.1 * gfs2-kmp-rt-debuginfo-5.3.18-150300.121.1 * cluster-md-kmp-rt-5.3.18-150300.121.1 * dlm-kmp-rt-5.3.18-150300.121.1 * SUSE Real Time Module 15-SP3 (noarch) * kernel-devel-rt-5.3.18-150300.121.1 * kernel-source-rt-5.3.18-150300.121.1 * SUSE Real Time Module 15-SP3 (nosrc x86_64) * kernel-rt-5.3.18-150300.121.1 * SUSE Real Time Module 15-SP3 (nosrc) * kernel-rt_debug-5.3.18-150300.121.1 * SUSE Linux Enterprise Micro 5.1 (nosrc x86_64) * kernel-rt-5.3.18-150300.121.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.121.1 * kernel-rt-debugsource-5.3.18-150300.121.1 * SUSE Linux Enterprise Micro 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.121.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.121.1 * kernel-rt-debugsource-5.3.18-150300.121.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.121.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.121.1 * kernel-rt-debugsource-5.3.18-150300.121.1 ## References: * https://www.suse.com/security/cve/CVE-2022-3606.html * https://www.suse.com/security/cve/CVE-2022-36280.html * https://www.suse.com/security/cve/CVE-2022-38096.html * https://www.suse.com/security/cve/CVE-2022-47929.html * https://www.suse.com/security/cve/CVE-2023-0045.html * https://www.suse.com/security/cve/CVE-2023-0179.html * https://www.suse.com/security/cve/CVE-2023-0266.html * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-0597.html * https://www.suse.com/security/cve/CVE-2023-1076.html * https://www.suse.com/security/cve/CVE-2023-1095.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://www.suse.com/security/cve/CVE-2023-1195.html * https://www.suse.com/security/cve/CVE-2023-22995.html * https://www.suse.com/security/cve/CVE-2023-22998.html * https://www.suse.com/security/cve/CVE-2023-23000.html * https://www.suse.com/security/cve/CVE-2023-23004.html * https://www.suse.com/security/cve/CVE-2023-23006.html * https://www.suse.com/security/cve/CVE-2023-23559.html * https://www.suse.com/security/cve/CVE-2023-25012.html * https://www.suse.com/security/cve/CVE-2023-26545.html * https://bugzilla.suse.com/show_bug.cgi?id=1186449 * https://bugzilla.suse.com/show_bug.cgi?id=1203331 * https://bugzilla.suse.com/show_bug.cgi?id=1203332 * https://bugzilla.suse.com/show_bug.cgi?id=1203693 * https://bugzilla.suse.com/show_bug.cgi?id=1204502 * https://bugzilla.suse.com/show_bug.cgi?id=1204760 * https://bugzilla.suse.com/show_bug.cgi?id=1205149 * https://bugzilla.suse.com/show_bug.cgi?id=1206351 * https://bugzilla.suse.com/show_bug.cgi?id=1206677 * https://bugzilla.suse.com/show_bug.cgi?id=1206784 * https://bugzilla.suse.com/show_bug.cgi?id=1207034 * https://bugzilla.suse.com/show_bug.cgi?id=1207051 * https://bugzilla.suse.com/show_bug.cgi?id=1207134 * https://bugzilla.suse.com/show_bug.cgi?id=1207186 * https://bugzilla.suse.com/show_bug.cgi?id=1207237 * https://bugzilla.suse.com/show_bug.cgi?id=1207497 * https://bugzilla.suse.com/show_bug.cgi?id=1207508 * https://bugzilla.suse.com/show_bug.cgi?id=1207560 * https://bugzilla.suse.com/show_bug.cgi?id=1207773 * https://bugzilla.suse.com/show_bug.cgi?id=1207795 * https://bugzilla.suse.com/show_bug.cgi?id=1207845 * https://bugzilla.suse.com/show_bug.cgi?id=1207875 * https://bugzilla.suse.com/show_bug.cgi?id=1207878 * https://bugzilla.suse.com/show_bug.cgi?id=1208212 * https://bugzilla.suse.com/show_bug.cgi?id=1208599 * https://bugzilla.suse.com/show_bug.cgi?id=1208700 * https://bugzilla.suse.com/show_bug.cgi?id=1208741 * https://bugzilla.suse.com/show_bug.cgi?id=1208776 * https://bugzilla.suse.com/show_bug.cgi?id=1208816 * https://bugzilla.suse.com/show_bug.cgi?id=1208837 * https://bugzilla.suse.com/show_bug.cgi?id=1208845 * https://bugzilla.suse.com/show_bug.cgi?id=1208971 * https://bugzilla.suse.com/show_bug.cgi?id=1209008 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 20:32:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 20:32:15 -0000 Subject: SUSE-SU-2023:0777-1: moderate: Security update for hdf5 Message-ID: <167899873536.25923.11478451724541726316@smelt2.suse.de> # Security update for hdf5 Announcement ID: SUSE-SU-2023:0777-1 Rating: moderate References: * #1207973 Cross-References: * CVE-2021-37501 CVSS scores: * CVE-2021-37501 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2021-37501 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * HPC Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for hdf5 fixes the following issues: * CVE-2021-37501: Fixed overflow in calculation of data buffer due to bogus input file (bsc#1207973). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPC Module 15-SP4 zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2023-777=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-777=1 ## Package List: * HPC Module 15-SP4 (noarch) * hdf5-gnu-openmpi4-hpc-1.10.8-150400.3.6.1 * hdf5-gnu-openmpi3-hpc-devel-1.10.8-150400.3.6.1 * hdf5-gnu-mpich-hpc-devel-1.10.8-150400.3.6.1 * hdf5-hpc-examples-1.10.8-150400.3.6.1 * hdf5-gnu-mvapich2-hpc-devel-1.10.8-150400.3.6.1 * hdf5-gnu-openmpi3-hpc-1.10.8-150400.3.6.1 * hdf5-gnu-hpc-1.10.8-150400.3.6.1 * hdf5-gnu-mpich-hpc-1.10.8-150400.3.6.1 * hdf5-gnu-mvapich2-hpc-1.10.8-150400.3.6.1 * hdf5-gnu-hpc-devel-1.10.8-150400.3.6.1 * hdf5-gnu-openmpi4-hpc-devel-1.10.8-150400.3.6.1 * HPC Module 15-SP4 (aarch64 x86_64) * libhdf5_fortran_1_10_8-gnu-openmpi4-hpc-1.10.8-150400.3.6.1 * libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-openmpi4-hpc-module-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150400.3.6.1 * libhdf5_cpp-gnu-hpc-1.10.8-150400.3.6.1 * libhdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-openmpi4-hpc-devel-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-openmpi3-hpc-module-1.10.8-150400.3.6.1 * libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150400.3.6.1 * libhdf5_fortran-gnu-openmpi4-hpc-1.10.8-150400.3.6.1 * libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150400.3.6.1 * hdf5_1_10_8-hpc-examples-1.10.8-150400.3.6.1 * libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150400.3.6.1 * libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150400.3.6.1 * libhdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150400.3.6.1 * libhdf5_hl-gnu-openmpi4-hpc-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150400.3.6.1 * libhdf5_hl_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150400.3.6.1 * libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150400.3.6.1 * libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150400.3.6.1 * libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150400.3.6.1 * libhdf5_cpp_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150400.3.6.1 * libhdf5_cpp-gnu-openmpi4-hpc-1.10.8-150400.3.6.1 * libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_cpp_1_10_8-gnu-openmpi4-hpc-1.10.8-150400.3.6.1 * libhdf5_fortran-gnu-openmpi3-hpc-1.10.8-150400.3.6.1 * libhdf5_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150400.3.6.1 * libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150400.3.6.1 * libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_fortran-gnu-mpich-hpc-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-openmpi3-hpc-debugsource-1.10.8-150400.3.6.1 * libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150400.3.6.1 * libhdf5-gnu-openmpi4-hpc-1.10.8-150400.3.6.1 * libhdf5hl_fortran_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_hl_fortran-gnu-hpc-1.10.8-150400.3.6.1 * libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-hpc-devel-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150400.3.6.1 * libhdf5_hl_1_10_8-gnu-openmpi4-hpc-1.10.8-150400.3.6.1 * libhdf5_cpp-gnu-mpich-hpc-1.10.8-150400.3.6.1 * libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150400.3.6.1 * libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150400.3.6.1 * libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150400.3.6.1 * libhdf5_fortran-gnu-hpc-1.10.8-150400.3.6.1 * libhdf5_hl-gnu-openmpi3-hpc-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-openmpi4-hpc-debugsource-1.10.8-150400.3.6.1 * libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-openmpi4-hpc-devel-static-1.10.8-150400.3.6.1 * libhdf5-gnu-mvapich2-hpc-1.10.8-150400.3.6.1 * libhdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150400.3.6.1 * libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150400.3.6.1 * libhdf5-gnu-hpc-1.10.8-150400.3.6.1 * libhdf5_hl_fortran-gnu-openmpi3-hpc-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-hpc-module-1.10.8-150400.3.6.1 * libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150400.3.6.1 * libhdf5_hl_cpp-gnu-openmpi4-hpc-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-hpc-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_fortran_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150400.3.6.1 * libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150400.3.6.1 * libhdf5_hl_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_cpp-gnu-openmpi3-hpc-1.10.8-150400.3.6.1 * libhdf5hl_fortran_1_10_8-gnu-openmpi4-hpc-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150400.3.6.1 * libhdf5-gnu-openmpi3-hpc-1.10.8-150400.3.6.1 * libhdf5_hl-gnu-mpich-hpc-1.10.8-150400.3.6.1 * libhdf5_1_10_8-gnu-hpc-1.10.8-150400.3.6.1 * libhdf5_hl_fortran-gnu-openmpi4-hpc-1.10.8-150400.3.6.1 * libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150400.3.6.1 * libhdf5_hl_cpp_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5-gnu-mpich-hpc-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150400.3.6.1 * libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_hl-gnu-hpc-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-openmpi3-hpc-devel-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150400.3.6.1 * libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150400.3.6.1 * libhdf5_hl_cpp-gnu-openmpi3-hpc-1.10.8-150400.3.6.1 * libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150400.3.6.1 * libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150400.3.6.1 * libhdf5_hl_1_10_8-gnu-openmpi3-hpc-1.10.8-150400.3.6.1 * libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150400.3.6.1 * libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150400.3.6.1 * libhdf5_hl_cpp_1_10_8-gnu-openmpi4-hpc-1.10.8-150400.3.6.1 * libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-openmpi3-hpc-devel-static-1.10.8-150400.3.6.1 * libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150400.3.6.1 * libhdf5_hl_cpp-gnu-hpc-1.10.8-150400.3.6.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * libhdf5_hl100-1.10.8-150400.3.6.1 * hdf5-debugsource-1.10.8-150400.3.6.1 * libhdf5-103-1.10.8-150400.3.6.1 * libhdf5_hl100-debuginfo-1.10.8-150400.3.6.1 * hdf5-debuginfo-1.10.8-150400.3.6.1 * libhdf5-103-debuginfo-1.10.8-150400.3.6.1 * SUSE Package Hub 15 15-SP4 (noarch) * hdf5-gnu-openmpi4-hpc-1.10.8-150400.3.6.1 * hdf5-gnu-openmpi3-hpc-devel-1.10.8-150400.3.6.1 * hdf5-gnu-mpich-hpc-devel-1.10.8-150400.3.6.1 * hdf5-hpc-examples-1.10.8-150400.3.6.1 * hdf5-gnu-mvapich2-hpc-devel-1.10.8-150400.3.6.1 * hdf5-gnu-openmpi3-hpc-1.10.8-150400.3.6.1 * hdf5-gnu-hpc-1.10.8-150400.3.6.1 * hdf5-gnu-mpich-hpc-1.10.8-150400.3.6.1 * hdf5-gnu-mvapich2-hpc-1.10.8-150400.3.6.1 * hdf5-gnu-hpc-devel-1.10.8-150400.3.6.1 * hdf5-gnu-openmpi4-hpc-devel-1.10.8-150400.3.6.1 * SUSE Package Hub 15 15-SP4 (ppc64le s390x) * hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150400.3.6.1 * libhdf5-gnu-openmpi3-hpc-1.10.8-150400.3.6.1 * libhdf5_cpp-gnu-openmpi4-hpc-1.10.8-150400.3.6.1 * libhdf5-gnu-hpc-1.10.8-150400.3.6.1 * libhdf5_hl_fortran-gnu-openmpi3-hpc-1.10.8-150400.3.6.1 * libhdf5_hl-gnu-mpich-hpc-1.10.8-150400.3.6.1 * libhdf5_fortran-gnu-openmpi3-hpc-1.10.8-150400.3.6.1 * libhdf5_hl_fortran-gnu-openmpi4-hpc-1.10.8-150400.3.6.1 * libhdf5_cpp-gnu-hpc-1.10.8-150400.3.6.1 * libhdf5_hl_cpp-gnu-openmpi4-hpc-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_fortran-gnu-openmpi4-hpc-1.10.8-150400.3.6.1 * libhdf5-gnu-mpich-hpc-1.10.8-150400.3.6.1 * libhdf5_fortran-gnu-mpich-hpc-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150400.3.6.1 * libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150400.3.6.1 * libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-openmpi3-hpc-debugsource-1.10.8-150400.3.6.1 * libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150400.3.6.1 * libhdf5_hl-gnu-hpc-1.10.8-150400.3.6.1 * libhdf5-gnu-openmpi4-hpc-1.10.8-150400.3.6.1 * libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150400.3.6.1 * libhdf5_hl-gnu-openmpi4-hpc-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150400.3.6.1 * libhdf5_hl_fortran-gnu-hpc-1.10.8-150400.3.6.1 * libhdf5_hl_cpp-gnu-openmpi3-hpc-1.10.8-150400.3.6.1 * libhdf5_cpp-gnu-mpich-hpc-1.10.8-150400.3.6.1 * libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150400.3.6.1 * libhdf5_cpp-gnu-openmpi3-hpc-1.10.8-150400.3.6.1 * libhdf5_fortran-gnu-hpc-1.10.8-150400.3.6.1 * libhdf5_hl-gnu-openmpi3-hpc-1.10.8-150400.3.6.1 * libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150400.3.6.1 * hdf5_1_10_8-gnu-openmpi4-hpc-debugsource-1.10.8-150400.3.6.1 * libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150400.3.6.1 * libhdf5_hl_cpp-gnu-hpc-1.10.8-150400.3.6.1 * libhdf5-gnu-mvapich2-hpc-1.10.8-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-37501.html * https://bugzilla.suse.com/show_bug.cgi?id=1207973 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Mar 16 20:32:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Mar 2023 20:32:17 -0000 Subject: SUSE-RU-2023:0776-1: moderate: Recommended update for gcc12 Message-ID: <167899873796.25923.5522222829060942555@smelt2.suse.de> # Recommended update for gcc12 Announcement ID: SUSE-RU-2023:0776-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * Legacy Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that contains one feature can now be installed. ## Description: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: * install "gcc12" or "gcc12-c++" or one of the other "gcc12-COMPILER" frontend packages. * override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-776=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-776=1 * SUSE Linux Enterprise Server 15 SP1 zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2023-776=1 * SUSE Linux Enterprise Server 15 SP2 zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2023-776=1 * SUSE Linux Enterprise Server 15 SP3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2023-776=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-776=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-776=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-776=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-776=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-776=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-776=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-776=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-776=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-776=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-776=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-776=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-776=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-776=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-776=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-776=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-776=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-776=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-776=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-776=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-776=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-776=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-776=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-776=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-776=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-776=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-776=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-776=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-776=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-776=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-776=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-776=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-776=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libgcc_s1-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * gcc12-objc-12.2.1+git416-150000.1.7.1 * libatomic1-12.2.1+git416-150000.1.7.1 * gcc12-c++-12.2.1+git416-150000.1.7.1 * libgomp1-debuginfo-12.2.1+git416-150000.1.7.1 * liblsan0-12.2.1+git416-150000.1.7.1 * gcc12-ada-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-locale-12.2.1+git416-150000.1.7.1 * libubsan1-12.2.1+git416-150000.1.7.1 * libada12-12.2.1+git416-150000.1.7.1 * libada12-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-12.2.1+git416-150000.1.7.1 * libgo21-12.2.1+git416-150000.1.7.1 * libgfortran5-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-12.2.1+git416-150000.1.7.1 * cpp12-12.2.1+git416-150000.1.7.1 * libtsan2-12.2.1+git416-150000.1.7.1 * cpp12-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libgo21-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-12.2.1+git416-150000.1.7.1 * libubsan1-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * gcc12-obj-c++-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-12.2.1+git416-150000.1.7.1 * gcc12-fortran-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-c++-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-ada-12.2.1+git416-150000.1.7.1 * libgcc_s1-12.2.1+git416-150000.1.7.1 * liblsan0-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-objc-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-PIE-12.2.1+git416-150000.1.7.1 * libasan8-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-12.2.1+git416-150000.1.7.1 * gcc12-obj-c++-12.2.1+git416-150000.1.7.1 * libatomic1-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-locale-12.2.1+git416-150000.1.7.1 * libtsan2-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-12.2.1+git416-150000.1.7.1 * gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libobjc4-12.2.1+git416-150000.1.7.1 * gcc12-go-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-testresults-12.2.1+git416-150000.1.7.1 * libobjc4-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-go-12.2.1+git416-150000.1.7.1 * openSUSE Leap 15.4 (x86_64) * gcc12-32bit-12.2.1+git416-150000.1.7.1 * libada12-32bit-12.2.1+git416-150000.1.7.1 * libada12-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgo21-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.7.1 * libgo21-32bit-12.2.1+git416-150000.1.7.1 * gcc12-obj-c++-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-32bit-12.2.1+git416-150000.1.7.1 * gcc12-d-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debugsource-12.2.1+git416-150000.1.7.1 * gcc12-go-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-12.2.1+git416-150000.1.7.1 * libgdruntime3-32bit-12.2.1+git416-150000.1.7.1 * gcc12-c++-32bit-12.2.1+git416-150000.1.7.1 * libgdruntime3-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libgphobos3-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-newlib12-devel-12.2.1+git416-150000.1.7.1 * libgphobos3-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-objc-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-ada-32bit-12.2.1+git416-150000.1.7.1 * openSUSE Leap 15.4 (aarch64 s390x x86_64) * libgdruntime3-12.2.1+git416-150000.1.7.1 * libgphobos3-12.2.1+git416-150000.1.7.1 * libgphobos3-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-d-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-d-12.2.1+git416-150000.1.7.1 * libgdruntime3-debuginfo-12.2.1+git416-150000.1.7.1 * openSUSE Leap 15.4 (noarch) * gcc12-info-12.2.1+git416-150000.1.7.1 * openSUSE Leap 15.4 (s390x x86_64) * libubsan1-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * openSUSE Leap 15.4 (ppc64le x86_64) * libquadmath0-debuginfo-12.2.1+git416-150000.1.7.1 * libquadmath0-12.2.1+git416-150000.1.7.1 * openSUSE Leap 15.4 (aarch64) * libhwasan0-debuginfo-12.2.1+git416-150000.1.7.1 * libhwasan0-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP1 (aarch64 ppc64le s390x x86_64) * libstdc++6-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP2 (aarch64 ppc64le s390x x86_64) * libstdc++6-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP3 (aarch64 ppc64le s390x x86_64) * libstdc++6-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * libstdc++6-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * libstdc++6-12.2.1+git416-150000.1.7.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libstdc++6-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libstdc++6-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * libstdc++6-12.2.1+git416-150000.1.7.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libstdc++6-12.2.1+git416-150000.1.7.1 * SUSE Manager Proxy 4.3 (x86_64) * libstdc++6-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libgcc_s1-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libgcc_s1-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libatomic1-12.2.1+git416-150000.1.7.1 * libgomp1-debuginfo-12.2.1+git416-150000.1.7.1 * liblsan0-12.2.1+git416-150000.1.7.1 * libstdc++6-locale-12.2.1+git416-150000.1.7.1 * libubsan1-12.2.1+git416-150000.1.7.1 * libgfortran5-12.2.1+git416-150000.1.7.1 * libgfortran5-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-12.2.1+git416-150000.1.7.1 * libtsan2-12.2.1+git416-150000.1.7.1 * gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-12.2.1+git416-150000.1.7.1 * libgcc_s1-12.2.1+git416-150000.1.7.1 * liblsan0-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-12.2.1+git416-150000.1.7.1 * libatomic1-debuginfo-12.2.1+git416-150000.1.7.1 * libtsan2-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libobjc4-12.2.1+git416-150000.1.7.1 * libobjc4-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * Basesystem Module 15-SP4 (aarch64) * libhwasan0-debuginfo-12.2.1+git416-150000.1.7.1 * libhwasan0-12.2.1+git416-150000.1.7.1 * Basesystem Module 15-SP4 (ppc64le x86_64) * libquadmath0-debuginfo-12.2.1+git416-150000.1.7.1 * libquadmath0-12.2.1+git416-150000.1.7.1 * Basesystem Module 15-SP4 (x86_64) * libstdc++6-pp-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * gcc12-fortran-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-c++-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-c++-12.2.1+git416-150000.1.7.1 * gcc12-locale-12.2.1+git416-150000.1.7.1 * cpp12-12.2.1+git416-150000.1.7.1 * gcc12-PIE-12.2.1+git416-150000.1.7.1 * gcc12-fortran-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-12.2.1+git416-150000.1.7.1 * cpp12-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debugsource-12.2.1+git416-150000.1.7.1 * gcc12-12.2.1+git416-150000.1.7.1 * Development Tools Module 15-SP4 (noarch) * gcc12-info-12.2.1+git416-150000.1.7.1 * Development Tools Module 15-SP4 (x86_64) * cross-nvptx-newlib12-devel-12.2.1+git416-150000.1.7.1 * gcc12-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-12.2.1+git416-150000.1.7.1 * gcc12-testresults-12.2.1+git416-150000.1.7.1 * gcc12-c++-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.7.1 * gcc12-fortran-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debugsource-12.2.1+git416-150000.1.7.1 * Legacy Module 15-SP4 (s390x) * libubsan1-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * gcc12-objc-12.2.1+git416-150000.1.7.1 * gcc12-obj-c++-12.2.1+git416-150000.1.7.1 * libada12-debuginfo-12.2.1+git416-150000.1.7.1 * libgo21-12.2.1+git416-150000.1.7.1 * gcc12-ada-12.2.1+git416-150000.1.7.1 * gcc12-ada-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-objc-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debugsource-12.2.1+git416-150000.1.7.1 * gcc12-obj-c++-debuginfo-12.2.1+git416-150000.1.7.1 * libgo21-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-go-debuginfo-12.2.1+git416-150000.1.7.1 * libada12-12.2.1+git416-150000.1.7.1 * gcc12-go-12.2.1+git416-150000.1.7.1 * SUSE Package Hub 15 15-SP4 (aarch64 s390x x86_64) * libgdruntime3-12.2.1+git416-150000.1.7.1 * libgphobos3-12.2.1+git416-150000.1.7.1 * libgphobos3-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-d-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-d-12.2.1+git416-150000.1.7.1 * libgdruntime3-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Package Hub 15 15-SP4 (x86_64) * libgphobos3-32bit-12.2.1+git416-150000.1.7.1 * libgdruntime3-32bit-12.2.1+git416-150000.1.7.1 * gcc12-go-32bit-12.2.1+git416-150000.1.7.1 * libada12-32bit-12.2.1+git416-150000.1.7.1 * libada12-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgphobos3-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-objc-32bit-12.2.1+git416-150000.1.7.1 * libgo21-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgo21-32bit-12.2.1+git416-150000.1.7.1 * gcc12-obj-c++-32bit-12.2.1+git416-150000.1.7.1 * libgdruntime3-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-d-32bit-12.2.1+git416-150000.1.7.1 * gcc12-ada-32bit-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libatomic1-12.2.1+git416-150000.1.7.1 * gcc12-c++-12.2.1+git416-150000.1.7.1 * libgomp1-debuginfo-12.2.1+git416-150000.1.7.1 * liblsan0-12.2.1+git416-150000.1.7.1 * libstdc++6-locale-12.2.1+git416-150000.1.7.1 * libubsan1-12.2.1+git416-150000.1.7.1 * libgfortran5-12.2.1+git416-150000.1.7.1 * libgfortran5-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-12.2.1+git416-150000.1.7.1 * cpp12-12.2.1+git416-150000.1.7.1 * libtsan2-12.2.1+git416-150000.1.7.1 * cpp12-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-12.2.1+git416-150000.1.7.1 * gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-12.2.1+git416-150000.1.7.1 * gcc12-fortran-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-c++-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-12.2.1+git416-150000.1.7.1 * liblsan0-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-PIE-12.2.1+git416-150000.1.7.1 * libasan8-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-12.2.1+git416-150000.1.7.1 * libatomic1-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-locale-12.2.1+git416-150000.1.7.1 * libtsan2-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-12.2.1+git416-150000.1.7.1 * gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libobjc4-12.2.1+git416-150000.1.7.1 * gcc12-testresults-12.2.1+git416-150000.1.7.1 * libobjc4-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * gcc12-info-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64) * libhwasan0-debuginfo-12.2.1+git416-150000.1.7.1 * libhwasan0-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * gcc12-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libquadmath0-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-12.2.1+git416-150000.1.7.1 * gcc12-c++-32bit-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-newlib12-devel-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libatomic1-12.2.1+git416-150000.1.7.1 * gcc12-c++-12.2.1+git416-150000.1.7.1 * libgomp1-debuginfo-12.2.1+git416-150000.1.7.1 * liblsan0-12.2.1+git416-150000.1.7.1 * libstdc++6-locale-12.2.1+git416-150000.1.7.1 * libubsan1-12.2.1+git416-150000.1.7.1 * libgfortran5-12.2.1+git416-150000.1.7.1 * libgfortran5-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-12.2.1+git416-150000.1.7.1 * cpp12-12.2.1+git416-150000.1.7.1 * libtsan2-12.2.1+git416-150000.1.7.1 * cpp12-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-12.2.1+git416-150000.1.7.1 * gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-12.2.1+git416-150000.1.7.1 * gcc12-fortran-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-c++-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-12.2.1+git416-150000.1.7.1 * liblsan0-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-PIE-12.2.1+git416-150000.1.7.1 * libasan8-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-12.2.1+git416-150000.1.7.1 * libatomic1-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-locale-12.2.1+git416-150000.1.7.1 * libtsan2-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-12.2.1+git416-150000.1.7.1 * gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libobjc4-12.2.1+git416-150000.1.7.1 * libobjc4-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * gcc12-info-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64) * libhwasan0-debuginfo-12.2.1+git416-150000.1.7.1 * libhwasan0-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * gcc12-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libquadmath0-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-12.2.1+git416-150000.1.7.1 * gcc12-c++-32bit-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-newlib12-devel-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libatomic1-12.2.1+git416-150000.1.7.1 * gcc12-c++-12.2.1+git416-150000.1.7.1 * libgomp1-debuginfo-12.2.1+git416-150000.1.7.1 * liblsan0-12.2.1+git416-150000.1.7.1 * libstdc++6-locale-12.2.1+git416-150000.1.7.1 * libubsan1-12.2.1+git416-150000.1.7.1 * libgfortran5-12.2.1+git416-150000.1.7.1 * libgfortran5-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-12.2.1+git416-150000.1.7.1 * cpp12-12.2.1+git416-150000.1.7.1 * libtsan2-12.2.1+git416-150000.1.7.1 * cpp12-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-12.2.1+git416-150000.1.7.1 * gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-12.2.1+git416-150000.1.7.1 * gcc12-fortran-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-c++-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-12.2.1+git416-150000.1.7.1 * liblsan0-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-PIE-12.2.1+git416-150000.1.7.1 * libasan8-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-12.2.1+git416-150000.1.7.1 * libatomic1-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-locale-12.2.1+git416-150000.1.7.1 * libtsan2-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-12.2.1+git416-150000.1.7.1 * gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libobjc4-12.2.1+git416-150000.1.7.1 * libobjc4-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * gcc12-info-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64) * libhwasan0-debuginfo-12.2.1+git416-150000.1.7.1 * libhwasan0-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * gcc12-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libquadmath0-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-12.2.1+git416-150000.1.7.1 * gcc12-c++-32bit-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-newlib12-devel-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libatomic1-12.2.1+git416-150000.1.7.1 * gcc12-c++-12.2.1+git416-150000.1.7.1 * libgomp1-debuginfo-12.2.1+git416-150000.1.7.1 * liblsan0-12.2.1+git416-150000.1.7.1 * libstdc++6-locale-12.2.1+git416-150000.1.7.1 * libubsan1-12.2.1+git416-150000.1.7.1 * libgfortran5-12.2.1+git416-150000.1.7.1 * libgfortran5-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-12.2.1+git416-150000.1.7.1 * cpp12-12.2.1+git416-150000.1.7.1 * libtsan2-12.2.1+git416-150000.1.7.1 * cpp12-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-12.2.1+git416-150000.1.7.1 * gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-12.2.1+git416-150000.1.7.1 * gcc12-fortran-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-c++-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-12.2.1+git416-150000.1.7.1 * liblsan0-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-PIE-12.2.1+git416-150000.1.7.1 * libasan8-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-12.2.1+git416-150000.1.7.1 * libatomic1-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-locale-12.2.1+git416-150000.1.7.1 * libtsan2-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-12.2.1+git416-150000.1.7.1 * gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libobjc4-12.2.1+git416-150000.1.7.1 * libobjc4-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * gcc12-info-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * libhwasan0-debuginfo-12.2.1+git416-150000.1.7.1 * libhwasan0-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * gcc12-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libquadmath0-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-12.2.1+git416-150000.1.7.1 * gcc12-c++-32bit-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-newlib12-devel-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * gcc12-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-12.2.1+git416-150000.1.7.1 * gcc12-c++-12.2.1+git416-150000.1.7.1 * libgomp1-debuginfo-12.2.1+git416-150000.1.7.1 * liblsan0-12.2.1+git416-150000.1.7.1 * libstdc++6-locale-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-32bit-12.2.1+git416-150000.1.7.1 * libubsan1-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-12.2.1+git416-150000.1.7.1 * libgfortran5-12.2.1+git416-150000.1.7.1 * libgfortran5-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-12.2.1+git416-150000.1.7.1 * libitm1-32bit-12.2.1+git416-150000.1.7.1 * cpp12-12.2.1+git416-150000.1.7.1 * libtsan2-12.2.1+git416-150000.1.7.1 * cpp12-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-12.2.1+git416-150000.1.7.1 * libquadmath0-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-12.2.1+git416-150000.1.7.1 * libubsan1-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-12.2.1+git416-150000.1.7.1 * libitm1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-12.2.1+git416-150000.1.7.1 * gcc12-fortran-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-c++-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-12.2.1+git416-150000.1.7.1 * liblsan0-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-12.2.1+git416-150000.1.7.1 * libobjc4-12.2.1+git416-150000.1.7.1 * gcc12-PIE-12.2.1+git416-150000.1.7.1 * gcc12-c++-32bit-12.2.1+git416-150000.1.7.1 * libasan8-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-newlib12-devel-12.2.1+git416-150000.1.7.1 * libatomic1-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-12.2.1+git416-150000.1.7.1 * gcc12-locale-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libquadmath0-debuginfo-12.2.1+git416-150000.1.7.1 * libtsan2-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-12.2.1+git416-150000.1.7.1 * gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * gcc12-info-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libatomic1-12.2.1+git416-150000.1.7.1 * gcc12-c++-12.2.1+git416-150000.1.7.1 * libgomp1-debuginfo-12.2.1+git416-150000.1.7.1 * liblsan0-12.2.1+git416-150000.1.7.1 * libstdc++6-locale-12.2.1+git416-150000.1.7.1 * libubsan1-12.2.1+git416-150000.1.7.1 * libgfortran5-12.2.1+git416-150000.1.7.1 * libgfortran5-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-12.2.1+git416-150000.1.7.1 * cpp12-12.2.1+git416-150000.1.7.1 * libtsan2-12.2.1+git416-150000.1.7.1 * cpp12-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-12.2.1+git416-150000.1.7.1 * gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-12.2.1+git416-150000.1.7.1 * gcc12-fortran-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-c++-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-12.2.1+git416-150000.1.7.1 * liblsan0-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-PIE-12.2.1+git416-150000.1.7.1 * libasan8-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-12.2.1+git416-150000.1.7.1 * libatomic1-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-locale-12.2.1+git416-150000.1.7.1 * libtsan2-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-12.2.1+git416-150000.1.7.1 * gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libobjc4-12.2.1+git416-150000.1.7.1 * libobjc4-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * gcc12-info-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64) * libhwasan0-debuginfo-12.2.1+git416-150000.1.7.1 * libhwasan0-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (ppc64le x86_64) * libquadmath0-debuginfo-12.2.1+git416-150000.1.7.1 * libquadmath0-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * gcc12-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-12.2.1+git416-150000.1.7.1 * gcc12-c++-32bit-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-newlib12-devel-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libatomic1-12.2.1+git416-150000.1.7.1 * gcc12-c++-12.2.1+git416-150000.1.7.1 * libgomp1-debuginfo-12.2.1+git416-150000.1.7.1 * liblsan0-12.2.1+git416-150000.1.7.1 * libstdc++6-locale-12.2.1+git416-150000.1.7.1 * libubsan1-12.2.1+git416-150000.1.7.1 * libgfortran5-12.2.1+git416-150000.1.7.1 * libgfortran5-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-12.2.1+git416-150000.1.7.1 * cpp12-12.2.1+git416-150000.1.7.1 * libtsan2-12.2.1+git416-150000.1.7.1 * cpp12-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-12.2.1+git416-150000.1.7.1 * gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-12.2.1+git416-150000.1.7.1 * gcc12-fortran-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-c++-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-12.2.1+git416-150000.1.7.1 * liblsan0-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-PIE-12.2.1+git416-150000.1.7.1 * libasan8-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-12.2.1+git416-150000.1.7.1 * libatomic1-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-locale-12.2.1+git416-150000.1.7.1 * libtsan2-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-12.2.1+git416-150000.1.7.1 * gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libobjc4-12.2.1+git416-150000.1.7.1 * libobjc4-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * gcc12-info-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64) * libhwasan0-debuginfo-12.2.1+git416-150000.1.7.1 * libhwasan0-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (ppc64le x86_64) * libquadmath0-debuginfo-12.2.1+git416-150000.1.7.1 * libquadmath0-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * gcc12-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-12.2.1+git416-150000.1.7.1 * gcc12-c++-32bit-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-newlib12-devel-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libatomic1-12.2.1+git416-150000.1.7.1 * gcc12-c++-12.2.1+git416-150000.1.7.1 * libgomp1-debuginfo-12.2.1+git416-150000.1.7.1 * liblsan0-12.2.1+git416-150000.1.7.1 * libstdc++6-locale-12.2.1+git416-150000.1.7.1 * libubsan1-12.2.1+git416-150000.1.7.1 * libgfortran5-12.2.1+git416-150000.1.7.1 * libgfortran5-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-12.2.1+git416-150000.1.7.1 * cpp12-12.2.1+git416-150000.1.7.1 * libtsan2-12.2.1+git416-150000.1.7.1 * cpp12-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-12.2.1+git416-150000.1.7.1 * gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-12.2.1+git416-150000.1.7.1 * gcc12-fortran-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-c++-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-12.2.1+git416-150000.1.7.1 * liblsan0-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-PIE-12.2.1+git416-150000.1.7.1 * libasan8-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-12.2.1+git416-150000.1.7.1 * libatomic1-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-locale-12.2.1+git416-150000.1.7.1 * libtsan2-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-12.2.1+git416-150000.1.7.1 * gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libobjc4-12.2.1+git416-150000.1.7.1 * libobjc4-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * gcc12-info-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64) * libhwasan0-debuginfo-12.2.1+git416-150000.1.7.1 * libhwasan0-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le x86_64) * libquadmath0-debuginfo-12.2.1+git416-150000.1.7.1 * libquadmath0-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x x86_64) * libubsan1-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libstdc++6-pp-32bit-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-newlib12-devel-12.2.1+git416-150000.1.7.1 * gcc12-32bit-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.7.1 * gcc12-c++-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debugsource-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libatomic1-12.2.1+git416-150000.1.7.1 * gcc12-c++-12.2.1+git416-150000.1.7.1 * libgomp1-debuginfo-12.2.1+git416-150000.1.7.1 * liblsan0-12.2.1+git416-150000.1.7.1 * libstdc++6-locale-12.2.1+git416-150000.1.7.1 * libubsan1-12.2.1+git416-150000.1.7.1 * libgfortran5-12.2.1+git416-150000.1.7.1 * libgfortran5-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-12.2.1+git416-150000.1.7.1 * cpp12-12.2.1+git416-150000.1.7.1 * libtsan2-12.2.1+git416-150000.1.7.1 * cpp12-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-12.2.1+git416-150000.1.7.1 * libquadmath0-12.2.1+git416-150000.1.7.1 * gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-12.2.1+git416-150000.1.7.1 * gcc12-fortran-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-c++-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-12.2.1+git416-150000.1.7.1 * liblsan0-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-PIE-12.2.1+git416-150000.1.7.1 * libasan8-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-12.2.1+git416-150000.1.7.1 * libatomic1-debuginfo-12.2.1+git416-150000.1.7.1 * libquadmath0-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-locale-12.2.1+git416-150000.1.7.1 * libtsan2-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-12.2.1+git416-150000.1.7.1 * gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libobjc4-12.2.1+git416-150000.1.7.1 * libobjc4-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * gcc12-info-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * gcc12-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-12.2.1+git416-150000.1.7.1 * gcc12-c++-32bit-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-newlib12-devel-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libatomic1-12.2.1+git416-150000.1.7.1 * gcc12-c++-12.2.1+git416-150000.1.7.1 * libgomp1-debuginfo-12.2.1+git416-150000.1.7.1 * liblsan0-12.2.1+git416-150000.1.7.1 * libstdc++6-locale-12.2.1+git416-150000.1.7.1 * libubsan1-12.2.1+git416-150000.1.7.1 * libgfortran5-12.2.1+git416-150000.1.7.1 * libgfortran5-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-12.2.1+git416-150000.1.7.1 * cpp12-12.2.1+git416-150000.1.7.1 * libtsan2-12.2.1+git416-150000.1.7.1 * cpp12-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-12.2.1+git416-150000.1.7.1 * libquadmath0-12.2.1+git416-150000.1.7.1 * gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-12.2.1+git416-150000.1.7.1 * gcc12-fortran-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-c++-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-12.2.1+git416-150000.1.7.1 * liblsan0-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-PIE-12.2.1+git416-150000.1.7.1 * libasan8-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-12.2.1+git416-150000.1.7.1 * libatomic1-debuginfo-12.2.1+git416-150000.1.7.1 * libquadmath0-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-locale-12.2.1+git416-150000.1.7.1 * libtsan2-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-12.2.1+git416-150000.1.7.1 * gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libobjc4-12.2.1+git416-150000.1.7.1 * libobjc4-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * gcc12-info-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * gcc12-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-12.2.1+git416-150000.1.7.1 * gcc12-c++-32bit-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-newlib12-devel-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libatomic1-12.2.1+git416-150000.1.7.1 * gcc12-c++-12.2.1+git416-150000.1.7.1 * libgomp1-debuginfo-12.2.1+git416-150000.1.7.1 * liblsan0-12.2.1+git416-150000.1.7.1 * libstdc++6-locale-12.2.1+git416-150000.1.7.1 * libubsan1-12.2.1+git416-150000.1.7.1 * libgfortran5-12.2.1+git416-150000.1.7.1 * libgfortran5-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-12.2.1+git416-150000.1.7.1 * cpp12-12.2.1+git416-150000.1.7.1 * libtsan2-12.2.1+git416-150000.1.7.1 * cpp12-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-12.2.1+git416-150000.1.7.1 * libquadmath0-12.2.1+git416-150000.1.7.1 * gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-12.2.1+git416-150000.1.7.1 * gcc12-fortran-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-c++-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-12.2.1+git416-150000.1.7.1 * liblsan0-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-PIE-12.2.1+git416-150000.1.7.1 * libasan8-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-12.2.1+git416-150000.1.7.1 * libatomic1-debuginfo-12.2.1+git416-150000.1.7.1 * libquadmath0-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-locale-12.2.1+git416-150000.1.7.1 * libtsan2-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-12.2.1+git416-150000.1.7.1 * gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libobjc4-12.2.1+git416-150000.1.7.1 * libobjc4-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * gcc12-info-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * gcc12-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-12.2.1+git416-150000.1.7.1 * gcc12-c++-32bit-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-newlib12-devel-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Manager Proxy 4.2 (x86_64) * libatomic1-12.2.1+git416-150000.1.7.1 * libgomp1-debuginfo-12.2.1+git416-150000.1.7.1 * liblsan0-12.2.1+git416-150000.1.7.1 * libstdc++6-locale-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-32bit-12.2.1+git416-150000.1.7.1 * libubsan1-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-12.2.1+git416-150000.1.7.1 * libgfortran5-12.2.1+git416-150000.1.7.1 * libgfortran5-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-12.2.1+git416-150000.1.7.1 * libitm1-32bit-12.2.1+git416-150000.1.7.1 * libtsan2-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-12.2.1+git416-150000.1.7.1 * libquadmath0-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-12.2.1+git416-150000.1.7.1 * libitm1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-12.2.1+git416-150000.1.7.1 * libgcc_s1-12.2.1+git416-150000.1.7.1 * liblsan0-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-12.2.1+git416-150000.1.7.1 * libasan8-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libtsan2-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-32bit-12.2.1+git416-150000.1.7.1 * libobjc4-12.2.1+git416-150000.1.7.1 * libasan8-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libatomic1-12.2.1+git416-150000.1.7.1 * libgomp1-debuginfo-12.2.1+git416-150000.1.7.1 * liblsan0-12.2.1+git416-150000.1.7.1 * libstdc++6-locale-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-32bit-12.2.1+git416-150000.1.7.1 * libubsan1-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-12.2.1+git416-150000.1.7.1 * libgfortran5-12.2.1+git416-150000.1.7.1 * libgfortran5-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-12.2.1+git416-150000.1.7.1 * libitm1-32bit-12.2.1+git416-150000.1.7.1 * libtsan2-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-12.2.1+git416-150000.1.7.1 * libquadmath0-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-12.2.1+git416-150000.1.7.1 * libitm1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-12.2.1+git416-150000.1.7.1 * libgcc_s1-12.2.1+git416-150000.1.7.1 * liblsan0-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-12.2.1+git416-150000.1.7.1 * libasan8-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libtsan2-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-32bit-12.2.1+git416-150000.1.7.1 * libobjc4-12.2.1+git416-150000.1.7.1 * libasan8-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libatomic1-12.2.1+git416-150000.1.7.1 * libgomp1-debuginfo-12.2.1+git416-150000.1.7.1 * liblsan0-12.2.1+git416-150000.1.7.1 * libstdc++6-locale-12.2.1+git416-150000.1.7.1 * libubsan1-12.2.1+git416-150000.1.7.1 * libgfortran5-12.2.1+git416-150000.1.7.1 * libgfortran5-debuginfo-12.2.1+git416-150000.1.7.1 * libtsan2-12.2.1+git416-150000.1.7.1 * libubsan1-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-12.2.1+git416-150000.1.7.1 * libgcc_s1-12.2.1+git416-150000.1.7.1 * liblsan0-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-12.2.1+git416-150000.1.7.1 * libasan8-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-12.2.1+git416-150000.1.7.1 * libatomic1-debuginfo-12.2.1+git416-150000.1.7.1 * libtsan2-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-12.2.1+git416-150000.1.7.1 * libobjc4-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Manager Server 4.2 (ppc64le x86_64) * libquadmath0-debuginfo-12.2.1+git416-150000.1.7.1 * libquadmath0-12.2.1+git416-150000.1.7.1 * SUSE Manager Server 4.2 (x86_64) * libstdc++6-pp-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libatomic1-12.2.1+git416-150000.1.7.1 * gcc12-c++-12.2.1+git416-150000.1.7.1 * libgomp1-debuginfo-12.2.1+git416-150000.1.7.1 * liblsan0-12.2.1+git416-150000.1.7.1 * libstdc++6-locale-12.2.1+git416-150000.1.7.1 * libubsan1-12.2.1+git416-150000.1.7.1 * libgfortran5-12.2.1+git416-150000.1.7.1 * libgfortran5-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-12.2.1+git416-150000.1.7.1 * cpp12-12.2.1+git416-150000.1.7.1 * libtsan2-12.2.1+git416-150000.1.7.1 * cpp12-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-12.2.1+git416-150000.1.7.1 * gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-12.2.1+git416-150000.1.7.1 * gcc12-fortran-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-c++-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-12.2.1+git416-150000.1.7.1 * liblsan0-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-PIE-12.2.1+git416-150000.1.7.1 * libasan8-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-12.2.1+git416-150000.1.7.1 * libatomic1-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-locale-12.2.1+git416-150000.1.7.1 * libtsan2-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-12.2.1+git416-150000.1.7.1 * gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libobjc4-12.2.1+git416-150000.1.7.1 * libobjc4-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Enterprise Storage 7.1 (noarch) * gcc12-info-12.2.1+git416-150000.1.7.1 * SUSE Enterprise Storage 7.1 (aarch64) * libhwasan0-debuginfo-12.2.1+git416-150000.1.7.1 * libhwasan0-12.2.1+git416-150000.1.7.1 * SUSE Enterprise Storage 7.1 (x86_64) * gcc12-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libquadmath0-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-12.2.1+git416-150000.1.7.1 * gcc12-c++-32bit-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-newlib12-devel-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libatomic1-12.2.1+git416-150000.1.7.1 * gcc12-c++-12.2.1+git416-150000.1.7.1 * libgomp1-debuginfo-12.2.1+git416-150000.1.7.1 * liblsan0-12.2.1+git416-150000.1.7.1 * libstdc++6-locale-12.2.1+git416-150000.1.7.1 * libubsan1-12.2.1+git416-150000.1.7.1 * libgfortran5-12.2.1+git416-150000.1.7.1 * libgfortran5-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-12.2.1+git416-150000.1.7.1 * cpp12-12.2.1+git416-150000.1.7.1 * libtsan2-12.2.1+git416-150000.1.7.1 * cpp12-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-12.2.1+git416-150000.1.7.1 * gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-12.2.1+git416-150000.1.7.1 * gcc12-fortran-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-c++-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-12.2.1+git416-150000.1.7.1 * liblsan0-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-PIE-12.2.1+git416-150000.1.7.1 * libasan8-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-12.2.1+git416-150000.1.7.1 * libatomic1-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-locale-12.2.1+git416-150000.1.7.1 * libtsan2-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-12.2.1+git416-150000.1.7.1 * gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libobjc4-12.2.1+git416-150000.1.7.1 * libobjc4-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Enterprise Storage 7 (noarch) * gcc12-info-12.2.1+git416-150000.1.7.1 * SUSE Enterprise Storage 7 (aarch64) * libhwasan0-debuginfo-12.2.1+git416-150000.1.7.1 * libhwasan0-12.2.1+git416-150000.1.7.1 * SUSE Enterprise Storage 7 (x86_64) * gcc12-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libquadmath0-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-12.2.1+git416-150000.1.7.1 * libitm1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-12.2.1+git416-150000.1.7.1 * gcc12-c++-32bit-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-newlib12-devel-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE CaaS Platform 4.0 (x86_64) * gcc12-32bit-12.2.1+git416-150000.1.7.1 * libatomic1-12.2.1+git416-150000.1.7.1 * gcc12-c++-12.2.1+git416-150000.1.7.1 * libgomp1-debuginfo-12.2.1+git416-150000.1.7.1 * liblsan0-12.2.1+git416-150000.1.7.1 * libstdc++6-locale-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-32bit-12.2.1+git416-150000.1.7.1 * libubsan1-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-12.2.1+git416-150000.1.7.1 * libgfortran5-12.2.1+git416-150000.1.7.1 * libgfortran5-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-pp-12.2.1+git416-150000.1.7.1 * libitm1-32bit-12.2.1+git416-150000.1.7.1 * cpp12-12.2.1+git416-150000.1.7.1 * libtsan2-12.2.1+git416-150000.1.7.1 * cpp12-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-debuginfo-12.2.1+git416-150000.1.7.1 * libasan8-12.2.1+git416-150000.1.7.1 * libquadmath0-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-12.2.1+git416-150000.1.7.1 * libubsan1-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-12.2.1+git416-150000.1.7.1 * libitm1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-12.2.1+git416-150000.1.7.1 * gcc12-fortran-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-c++-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-12.2.1+git416-150000.1.7.1 * liblsan0-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libgcc_s1-32bit-12.2.1+git416-150000.1.7.1 * libobjc4-12.2.1+git416-150000.1.7.1 * gcc12-PIE-12.2.1+git416-150000.1.7.1 * gcc12-c++-32bit-12.2.1+git416-150000.1.7.1 * libasan8-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * cross-nvptx-gcc12-debuginfo-12.2.1+git416-150000.1.7.1 * libitm1-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libubsan1-32bit-12.2.1+git416-150000.1.7.1 * cross-nvptx-newlib12-devel-12.2.1+git416-150000.1.7.1 * libatomic1-debuginfo-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-12.2.1+git416-150000.1.7.1 * gcc12-locale-12.2.1+git416-150000.1.7.1 * libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libquadmath0-debuginfo-12.2.1+git416-150000.1.7.1 * libtsan2-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-12.2.1+git416-150000.1.7.1 * libatomic1-32bit-12.2.1+git416-150000.1.7.1 * libgfortran5-32bit-12.2.1+git416-150000.1.7.1 * libstdc++6-devel-gcc12-12.2.1+git416-150000.1.7.1 * gcc12-debugsource-12.2.1+git416-150000.1.7.1 * libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * gcc12-fortran-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-12.2.1+git416-150000.1.7.1 * libasan8-32bit-debuginfo-12.2.1+git416-150000.1.7.1 * libobjc4-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE CaaS Platform 4.0 (noarch) * gcc12-info-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libgcc_s1-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libgcc_s1-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libgcc_s1-12.2.1+git416-150000.1.7.1 * libstdc++6-debuginfo-12.2.1+git416-150000.1.7.1 * libstdc++6-12.2.1+git416-150000.1.7.1 * libgcc_s1-debuginfo-12.2.1+git416-150000.1.7.1 ## References: * https://jira.suse.com/browse/PED-2030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 17 08:01:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 09:01:55 +0100 (CET) Subject: SUSE-IU-2023:158-1: Security update of suse-sles-15-sp3-chost-byos-v20230313-hvm-ssd-x86_64 Message-ID: <20230317080155.2E736F46D@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20230313-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:158-1 Image Tags : suse-sles-15-sp3-chost-byos-v20230313-hvm-ssd-x86_64:20230313 Image Release : Severity : important Type : security References : 1027519 1065729 1065729 1071995 1103388 1104120 1106523 1121365 1121410 1151927 1156395 1156395 1157049 1168806 1170160 1170160 1177460 1178168 1180422 1180482 1182066 1182482 1182482 1183533 1184350 1185697 1186749 1187948 1189297 1190091 1190969 1191375 1192761 1194038 1194338 1195175 1196332 1196332 1198331 1198472 1199282 1199467 1199657 1200110 1200723 1200845 1201455 1201469 1201689 1202436 1202436 1203144 1203183 1203652 1203693 1203740 1203746 1203857 1203960 1204017 1204142 1204171 1204215 1204228 1204241 1204250 1204328 1204364 1204414 1204423 1204446 1204502 1204585 1204614 1204636 1204693 1204693 1204760 1204779 1204780 1204791 1204810 1204827 1204850 1204868 1204934 1204957 1204963 1204967 1204989 1205000 1205126 1205128 1205130 1205149 1205209 1205220 1205244 1205256 1205264 1205329 1205330 1205385 1205386 1205428 1205473 1205495 1205496 1205514 1205567 1205601 1205617 1205646 1205671 1205695 1205700 1205705 1205709 1205753 1205796 1205797 1205946 1205984 1205985 1205986 1205987 1205988 1205989 1206028 1206032 1206037 1206071 1206072 1206073 1206075 1206077 1206113 1206114 1206174 1206175 1206176 1206177 1206178 1206179 1206207 1206212 1206212 1206309 1206337 1206344 1206389 1206393 1206394 1206395 1206397 1206398 1206399 1206412 1206504 1206504 1206515 1206546 1206579 1206602 1206622 1206634 1206635 1206636 1206637 1206640 1206641 1206642 1206643 1206644 1206645 1206646 1206647 1206648 1206649 1206663 1206664 1206667 1206677 1206738 1206784 1206841 1206854 1206855 1206857 1206858 1206859 1206860 1206866 1206867 1206868 1206873 1206875 1206876 1206877 1206878 1206880 1206881 1206882 1206883 1206884 1206885 1206886 1206887 1206888 1206889 1206890 1206891 1206893 1206896 1206904 1207034 1207036 1207082 1207125 1207134 1207162 1207186 1207198 1207218 1207237 1207294 1207396 1207471 1207497 1207508 1207533 1207534 1207536 1207538 1207753 1207769 1207878 1208067 1208143 1208443 CVE-2019-19083 CVE-2020-25659 CVE-2020-36242 CVE-2021-20251 CVE-2021-28153 CVE-2022-23491 CVE-2022-23824 CVE-2022-2602 CVE-2022-28693 CVE-2022-29900 CVE-2022-29901 CVE-2022-3094 CVE-2022-3105 CVE-2022-3106 CVE-2022-3107 CVE-2022-3108 CVE-2022-3111 CVE-2022-3112 CVE-2022-3115 CVE-2022-3435 CVE-2022-3491 CVE-2022-3520 CVE-2022-3564 CVE-2022-3567 CVE-2022-3591 CVE-2022-3606 CVE-2022-3628 CVE-2022-3635 CVE-2022-3643 CVE-2022-3705 CVE-2022-3707 CVE-2022-37966 CVE-2022-37967 CVE-2022-38023 CVE-2022-38023 CVE-2022-3903 CVE-2022-40897 CVE-2022-4095 CVE-2022-4129 CVE-2022-4139 CVE-2022-4141 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-42896 CVE-2022-42898 CVE-2022-4292 CVE-2022-4293 CVE-2022-42969 CVE-2022-4304 CVE-2022-43552 CVE-2022-4378 CVE-2022-43945 CVE-2022-4415 CVE-2022-4450 CVE-2022-45061 CVE-2022-45934 CVE-2022-4662 CVE-2022-46908 CVE-2022-47520 CVE-2022-47629 CVE-2022-47929 CVE-2022-48303 CVE-2022-4904 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0179 CVE-2023-0215 CVE-2023-0266 CVE-2023-0286 CVE-2023-0288 CVE-2023-0361 CVE-2023-0433 CVE-2023-22809 CVE-2023-23454 CVE-2023-23455 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20230313-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2022-1 Released: Wed Sep 26 09:48:09 2018 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1103388,1104120,1106523 This update fixes the following issues: hwdata: - Update to version 0.314: + Updated pci, usb and vendor ids. spacewalk-backend: - Channels to be actually un-subscribed from the assigned systems when being removed using spacewalk-remove-channel tool. (bsc#1104120) - Take only text files from /srv/salt to make spacewalk-debug smaller. (bsc#1103388) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1022-1 Released: Wed Apr 24 13:46:51 2019 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1121410 This update for hwdata fixes the following issues: Update to version 0.320 (bsc#1121410): - Updated the pci, usb and vendor ids vendor and product databases. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1261-1 Released: Tue May 12 18:40:18 2020 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1168806 This update for hwdata fixes the following issues: Update from version 0.320 to version 0.324 (bsc#1168806) - Updated pci, usb and vendor ids. - Replace pciutils-ids package providing compatibility symbolic link ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:421-1 Released: Wed Feb 10 12:05:23 2021 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1180422,1180482 This update for hwdata fixes the following issues: - Added merge-pciids.pl to fully duplicate behavior of pciutils-ids (bsc#1180422, bsc#1180482) - Updated pci, usb and vendor ids. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:880-1 Released: Fri Mar 19 04:14:38 2021 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1170160,1182482 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1182482, bsc#1170160, jsc#SLE-13791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1950-1 Released: Thu Jun 10 14:42:00 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1170160,1182482,1185697 This update for hwdata fixes the following issues: - Update to version 0.347: + Updated pci, usb and vendor ids. (bsc#1185697) - Update to version 0.346: + Updated pci, usb and vendor ids. (bsc#1182482, jsc#SLE-13791, bsc#1170160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2447-1 Released: Thu Jul 22 08:26:29 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1186749,1187948 This update for hwdata fixes the following issue: - Version 0.349: Updated pci, usb and vendor ids (bsc#1187948). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2973-1 Released: Tue Sep 7 16:56:08 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1190091 This update for hwdata fixes the following issue: - Update pci, usb and vendor ids (bsc#1190091) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3832-1 Released: Wed Dec 1 14:51:19 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1191375 This update for hwdata fixes the following issue: - Update to version 0.353 (bsc#1191375) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:100-1 Released: Tue Jan 18 05:20:03 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1194338 This update for hwdata fixes the following issues: - Update hwdata from version 0.353 to 0.355 which includes updated pci, usb and vendor ids (bsc#1194338) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1204-1 Released: Thu Apr 14 12:15:55 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1196332 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1703-1 Released: Tue May 17 12:13:36 2022 Summary: Recommended update for hwdata Type: recommended Severity: important References: 1196332 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3135-1 Released: Wed Sep 7 08:39:31 2022 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1200110 This update for hwdata fixes the following issue: - Update pci, usb and vendor ids to version 0.360 (bsc#1200110) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4063-1 Released: Fri Nov 18 09:07:50 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4616-1 Released: Fri Dec 23 10:55:46 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1071995,1156395,1184350,1189297,1192761,1199657,1200845,1201455,1201469,1203144,1203746,1203960,1204017,1204142,1204215,1204228,1204241,1204328,1204414,1204446,1204636,1204693,1204780,1204791,1204810,1204827,1204850,1204868,1204934,1204957,1204963,1204967,1205128,1205130,1205220,1205264,1205329,1205330,1205428,1205473,1205514,1205567,1205617,1205671,1205700,1205705,1205709,1205753,1205796,1205984,1205985,1205986,1205987,1205988,1205989,1206032,1206037,1206207,CVE-2022-2602,CVE-2022-28693,CVE-2022-29900,CVE-2022-29901,CVE-2022-3567,CVE-2022-3628,CVE-2022-3635,CVE-2022-3707,CVE-2022-3903,CVE-2022-4095,CVE-2022-4129,CVE-2022-4139,CVE-2022-41850,CVE-2022-41858,CVE-2022-42895,CVE-2022-42896,CVE-2022-4378,CVE-2022-43945,CVE-2022-45934 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). The following non-security bugs were fixed: - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: wm5102: Revert 'ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe' (git-fixes). - ASoC: wm5110: Revert 'ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe' (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - ASoC: wm8997: Revert 'ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe' (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573) - Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes). - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: remove unused function (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support (git-fixes). - KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1 (git-fixes). - KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT) (git-fixes). - KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when apicv is globally disabled (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes). - KVM: s390: Fix handle_sske page fault handling (git-fixes). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes). - KVM: s390: get rid of register asm usage (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: s390: reduce number of IO pins to 1 (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - NFS: Refactor nfs_instantiate() for dentry referencing callers (bsc#1204215). - NFSv3: use nfs_add_or_obtain() to create and reference inodes (bsc#1204215). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Fix typo (bsc#1204446). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Support for create interrupt v3 (bsc#1204446). - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - RDMA/core/sa_query: Remove unused argument (git-fixes) - RDMA/hns: Fix spelling mistakes of original (git-fixes) - RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes) - RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes) - RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes) - RDMA/rxe: Fix memory leak in error path code (git-fixes) - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - USB: serial: option: remove old LARA-R6 PID. - Xen/gntdev: do not ignore kernel unmapping error (git-fixes). - add another bug reference to some hyperv changes (bsc#1205617). - arm/xen: Do not probe xenbus as part of an early initcall (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes) - arm64: dts: juno: Add thermal critical trip points (git-fixes) - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - blk-crypto: fix check for too-large dun_bytes (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (git-fixes). - block: Add a helper to validate the block size (git-fixes). - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1204328). - block: ataflop: fix breakage introduced at blk-mq refactoring (git-fixes). - block: ataflop: more blk-mq refactoring fixes (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: limit request dispatch loop duration (git-fixes). - block: nbd: add sanity check for first_minor (git-fixes). - block: use 'unsigned long' for blk_validate_block_size() (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989). - ceph: do not access the kiocb after aio requests (bsc#1205984). - ceph: fix fscache invalidation (bsc#1205985). - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205988). - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1205986). - ceph: request Fw caps before updating the mtime in ceph_write_iter (bsc#1205987). - cifs: skip extra NULL byte in filenames (bsc#1204791). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm verity fec: fix misaligned RS roots IO (git-fixes). - dm writecache: fix writing beyond end of underlying device when shrinking (git-fixes). - dm writecache: return the exact table values that were set (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix request-based DM to not bounce through indirect dm_submit_bio (git-fixes). - dm: remove special-casing of bio-based immutable singleton target on NVMe (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes). - drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes). - drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes). - drivers: hv: Fix missing error code in vmbus_connect() (git-fixes). - drivers: hv: vmbus: Fix call msleep using < 20ms (git-fixes). - drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes). - drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes). - drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes). - drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205330). - fuse: fix readdir cache race (bsc#1205329). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv: hyperv.h: Remove unused inline functions (git-fixes). - hv_netvsc: Add a comment clarifying batching logic (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes). - hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Validate number of allocated sub-channels (git-fixes). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - iwlwifi: dbg: disable ini debug in 9000 family and below (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: remove new member of usbip_device (git-fixes). - kabi: fix transport_add_device change (git-fixes). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - loop: Check for overflow while configuring loop (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md: Replace snprintf with scnprintf (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: vim2m: initialize the media device earlier (git-fixes). - media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - nbd: Fix use-after-free in pid_show (git-fixes). - nbd: fix possible overflow for 'first_minor' in nbd_dev_add() (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - nbd: handle device refs for DESTROY_ON_DISCONNECT properly (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes). - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nfsd: set the server_scope during service startup (bsc#1203746). - null_blk: Fail zone append to conventional zones (git-fixes). - null_blk: synchronization fix for zoned device (git-fixes). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: Add MAC passthrough support to new device (git-fixes). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - r8152: use new helper tcp_v6_gso_csum_prep (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - rndis_host: increase sleep time in the query-response loop (git-fixes). - rtc: mt6397: fix alarm register overwrite (git-fixes). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - s390/cpcmd: fix inline assembly register clobbering (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/disassembler: increase ebpf disasm buffer size (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205428 LTC#200501). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203144 LTC#199881). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes). - s390/ptrace: return -ENOSYS when invalid syscall is supplied (git-fixes). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390/vtime: fix inline assembly clobber list (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - s390/zcrypt: fix zcard and zqueue hot-unplug memleak (git-fixes). - s390: Remove arch_has_random, arch_has_random_seed (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (git-fixes). - s390: fix nospec table alignments (git-fixes). - s390: mark __cpacf_query() as __always_inline (git-fixes). - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes). - scsi: drivers: base: Propagate errors through the transport component (git-fixes). - scsi: drivers: base: Support atomic version of attribute_container_device_trigger (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729 bsc#1204810 ltc#200162). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes). - scsi: storvsc: Miscellaneous code cleanups (git-fixes). - scsi: storvsc: Parameterize number hardware queues (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes). - scsi: storvsc: Update error logging (git-fixes). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - staging: greybus: light: fix a couple double frees (git-fixes). - swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Fix null pointer exception (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup. - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - usbip: add sysfs_lock to synchronize sysfs code paths (git-fixes). - usbip: stub-dev synchronize sysfs code paths (git-fixes). - usbip: stub_dev: remake locking for kABI (git-fixes). - usbip: synchronize event handler with sysfs code paths (git-fixes). - usbip: usbip_event: use global lock (git-fixes). - usbip: vudc synchronize sysfs code paths (git-fixes). - usbip: vudc_sysfs: use global lock (git-fixes). - use __netdev_notify_peers in hyperv (git-fixes). - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' (bsc#1200845) - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - vmlinux.lds.h: Fix placement of '.data..decrypted' section (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (bsc#1204967). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery (git-fixes). - x86/xen: Distribute switch variables for initialization (git-fixes). - x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes). - xen-blkback: prevent premature module unload (git-fixes). - xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes). - xen/balloon: fix balloon kthread freezing (git-fixes). - xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes). - xen/balloon: fix cancelled balloon action (git-fixes). - xen/balloon: use a kernel thread instead a workqueue (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/gntdev: Prevent leaking grants (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen/privcmd: Corrected error handling path (git-fixes). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes). - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status (git-fixes). - xen: Fix XenStore initialisation for XS_LOCAL (git-fixes). - xen: Fix event channel callback via INTX/GSI (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xenbus: req->body should be updated before req->state (git-fixes). - xenbus: req->err should be updated before req->state (git-fixes). - xfs: Lower CIL flush limit for large logs (git-fixes). - xfs: Throttle commits on delayed background CIL push (git-fixes). - xfs: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - xfs: check owner of dir3 blocks (git-fixes). - xfs: factor common AIL item deletion code (git-fixes). - xfs: open code insert range extent split helper (git-fixes). - xfs: rework collapse range into an atomic operation (git-fixes). - xfs: rework insert range into an atomic operation (git-fixes). - xfs: tail updates only need to occur when LSN changes (git-fixes). - xfs: trylock underlying buffer on dquot flush (git-fixes). - xfs: xfs_buf_corruption_error should take __this_address (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4618-1 Released: Fri Dec 23 13:02:31 2022 Summary: Recommended update for catatonit Type: recommended Severity: moderate References: This update for catatonit fixes the following issues: Update to catatonit v0.1.7: - This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). Update to catatonit v0.1.6: - which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4631-1 Released: Wed Dec 28 09:29:15 2022 Summary: Security update for vim Type: security Severity: important References: 1204779,1205797,1206028,1206071,1206072,1206075,1206077,CVE-2022-3491,CVE-2022-3520,CVE-2022-3591,CVE-2022-3705,CVE-2022-4141,CVE-2022-4292,CVE-2022-4293 This update for vim fixes the following issues: Updated to version 9.0.1040: - CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028). - CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071). - CVE-2022-3591: vim: Use After Free (bsc#1206072). - CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075). - CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077). - CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797). - CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:14-1 Released: Mon Jan 2 19:06:03 2023 Summary: Security update for samba Type: security Severity: important References: 1205385,1205386,1205946,1206504,CVE-2022-37966,CVE-2022-37967,CVE-2022-38023 This update for samba fixes the following issues: Update to 4.15.13 - CVE-2022-37966 rc4-hmac Kerberos session keys issued to modern servers (bsc#1205385). - CVE-2022-37967 Kerberos constrained delegation ticket forgery possible against Samba AD DC (bsc#1205386). - CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided (bsc#1206504). - Fixed issue with bind start up (bsc#1205946). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:46-1 Released: Mon Jan 9 10:35:21 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:115-1 Released: Fri Jan 20 10:23:51 2023 Summary: Security update for sudo Type: security Severity: important References: 1207082,CVE-2023-22809 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:139-1 Released: Wed Jan 25 14:41:55 2023 Summary: Security update for python-certifi Type: security Severity: important References: 1206212,CVE-2022-23491 This update for python-certifi fixes the following issues: - remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle certs (bsc#1206212 CVE-2022-23491) - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 - Add removeTrustCor.patch ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:143-1 Released: Thu Jan 26 06:41:22 2023 Summary: Recommended update for bind Type: recommended Severity: moderate References: 1201689 This update for bind fixes the following issues: - Add systemd drop-in directory for named service (bsc#1201689) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:152-1 Released: Thu Jan 26 11:37:27 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1151927,1156395,1157049,1190969,1203183,1203693,1203740,1204171,1204250,1204614,1204693,1204760,1204989,1205149,1205256,1205495,1205496,1205601,1205695,1206073,1206113,1206114,1206174,1206175,1206176,1206177,1206178,1206179,1206344,1206389,1206393,1206394,1206395,1206397,1206398,1206399,1206515,1206602,1206634,1206635,1206636,1206637,1206640,1206641,1206642,1206643,1206644,1206645,1206646,1206647,1206648,1206649,1206663,1206664,1206784,1206841,1206854,1206855,1206857,1206858,1206859,1206860,1206873,1206875,1206876,1206877,1206878,1206880,1206881,1206882,1206883,1206884,1206885,1206886,1206887,1206888,1206889,1206890,1206891,1206893,1206896,1206904,1207036,1207125,1207134,1207186,1207198,1207218,1207237,CVE-2019-19083,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3112,CVE-2022-3115,CVE-2022-3435,CVE-2022-3564,CVE-2022-3643,CVE-2022-42328,CVE-2022-42329,CVE-2022-4662,CVE-2022-47520,CVE-2022-47929,CVE-2023-0266,CVE-2023-23454,CVE-202 3-23455 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-0266: Fixed a use-after-free bug led by a missing lock in ALSA. (bsc#1207134) - CVE-2022-47929: Fixed a NULL pointer dereference bug in the traffic control subsystem which allowed an unprivileged user to trigger a denial of service via a crafted traffic control configuration. (bsc#1207237) - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036) - CVE-2023-23455: Fixed a bug that could allow attackers to cause a denial of service because of type confusion in atm_tc_enqueue. (bsc#1207125) - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393) - CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515) - CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399) - CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2019-19083: Fixed a memory leaks in clock_source_create that could allow attackers to cause a denial of service (bsc#1157049). - CVE-2022-42328: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Fixed a bug which could allow guests to trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394) - CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398) - CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397) The following non-security bugs were fixed: - afs: Fix some tracing details (git-fixes). - arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes) - arm64: dts: allwinner: H5: Add PMU node (git-fixes) - arm64: dts: allwinner: H6: Add PMU mode (git-fixes) - arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes) - arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes) - arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes) - arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes) - arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes) - arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes). - arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes) - arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator (git-fixes) - block: Do not reread partition table on exclusively open device (bsc#1190969). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1207198). - ceph: do not update snapshot context when there is no new snapshot (bsc#1207218). - cuse: prevent clone (bsc#1206177). - drbd: destroy workqueue when drbd device was freed (git-fixes). - drbd: remove usage of list iterator variable after loop (git-fixes). - drbd: use after free in drbd_create_device() (git-fixes). - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). - ext4: avoid race conditions when remounting with options that change dax (bsc#1206860). - ext4: avoid resizing to a partial cluster size (bsc#1206880). - ext4: choose hardlimit when softlimit is larger than hardlimit in ext4_statfs_project() (bsc#1206854). - ext4: continue to expand file system when the target size does not reach (bsc#1206882). - ext4: convert BUG_ON's to WARN_ON's in mballoc.c (bsc#1206859). - ext4: correct max_inline_xattr_value_size computing (bsc#1206878). - ext4: correct the error path of ext4_write_inline_data_end() (bsc#1206875). - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). - ext4: Detect already used quota file early (bsc#1206873). - ext4: fix a data race at inode->i_disksize (bsc#1206855). - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). - ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). - ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). - ext4: Fixup pages without buffers (bsc#1205495). - ext4: iomap that extends beyond EOF should be marked dirty (bsc#1206637). - ext4: make ext4_lazyinit_thread freezable (bsc#1206885). - ext4: mark block bitmap corrupted when found instead of BUGON (bsc#1206857). - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). - ext4: use matching invalidatepage in ext4_writepage (bsc#1206858). - fs: nfsd: fix kconfig dependency warning for NFSD_V4 (git-fixes). - fuse: do not check refcount after stealing page (bsc#1206174). - fuse: fix the ->direct_IO() treatment of iov_iter (bsc#1206176). - fuse: fix use after free in fuse_read_interrupt() (bsc#1206178). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206179). - fuse: update attr_version counter on fuse_notify_inval_inode() (bsc#1206175). - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: check empty report_list in bigben_probe() (git-fixes, bsc#1206784). - HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784). - ibmveth: Always stop tx queues during close (bsc#1065729). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - lib/notifier-error-inject: fix error when writing -errno to debugfs file (bsc#1206634). - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (bsc#1206634). - lockd: lockd server-side shouldn't set fl_ops (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mm, page_alloc: avoid expensive reclaim when compaction may not succeed (bsc#1204250). - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). - mm/filemap.c: clear page error before actual read (bsc#1206635). - mm/memcg: optimize memory.numa_stat like memory.stat (bsc#1206663). - module: avoid *goto*s in module_sig_check() (git-fixes). - module: lockdep: Suppress suspicious RCU usage warning (git-fixes). - module: merge repetitive strings in module_sig_check() (git-fixes). - module: Remove accidental change of module_enable_x() (git-fixes). - module: set MODULE_STATE_GOING state when a module fails to load (git-fixes). - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). - net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). - net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes). - net: usb: cdc_ncm: do not spew notifications (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFS: Fix memory leaks (git-fixes). - NFS: Fix memory leaks in nfs_pageio_stop_mirroring() (git-fixes). - NFS: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes). - NFS: Handle missing attributes in OPEN reply (bsc#1203740). - NFS: nfs_find_open_context() may only select open files (git-fixes). - NFS: nfs_xdr_status should record the procedure name (git-fixes). - NFS: nfs4clinet: check the return value of kstrdup() (git-fixes). - NFS: we do not support removing system.nfs4_acl (git-fixes). - NFS: Zero-stateid SETATTR should first return delegation (git-fixes). - NFS4: Fix kmemleak when allocate slot failed (git-fixes). - NFS4: Fix oops when copy_file_range is attempted with NFS4.0 source (git-fixes). - NFSD: Clone should commit src file metadata too (git-fixes). - NFSD: do not call nfsd_file_put from client states seqfile display (git-fixes). - NFSD: fix error handling in NFSv4.0 callbacks (git-fixes). - NFSD: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes). - NFSD: Fix svc_xprt refcnt leak when setup callback client failed (git-fixes). - NFSD: Keep existing listeners on portlist error (git-fixes). - NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes). - NFSD: safer handling of corrupted c_type (git-fixes). - NFSv4 expose nfs_parse_server_name function (git-fixes). - NFSv4 only print the label when its queried (git-fixes). - NFSv4 remove zero number of fs_locations entries error check (git-fixes). - NFSv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix a pNFS layout related use-after-free race when freeing the inode (git-fixes). - NFSv4: Fix races between open and dentry revalidation (git-fixes). - NFSv4: Protect the state recovery thread against direct reclaim (git-fixes). - NFSv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (git-fixes). - NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes). - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - NFSv4.2: error out when relink swapfile (git-fixes). - NFSv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes). - NFSv4/pNFS: Always return layout stats on layout return for flexfiles (git-fixes). - NFSv4/pNFS: Fix a use-after-free bug in open (git-fixes). - NFSv4/pNFS: Try to return invalid layout in pnfs_layout_process() (git-fixes). - powerpc: Ensure that swiotlb buffer is allocated from low memory (bsc#1156395). - powerpc: Force inlining of cpu_has_feature() to avoid build failure (bsc#1065729). - powerpc: improve handling of unrecoverable system reset (bsc#1065729). - powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() (bsc#1065729). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729). - powerpc/book3s/mm: Update Oops message to print the correct translation in use (bsc#1156395). - powerpc/boot: Fixup device-tree on little endian (bsc#1065729). - powerpc/crashkernel: Take 'mem=' option into account (bsc#1065729). - powerpc/eeh: Only dump stack once if an MMIO loop is detected (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/powernv: Avoid re-registration of imc debugfs directory (bsc#1156395). - powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number (bsc#1065729). - powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729). - powerpc/pseries: Stop calling printk in rtas_stop_self() (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/pseries/cmm: Implement release() function for sysfs device (bsc#1065729). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV (bsc#1065729). - powerpc/xive: Add a check for memory allocation failure (git-fixes). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - quota: Check next/prev free block number after reading from quota file (bsc#1206640). - rpc: fix gss_svc_init cleanup on failure (git-fixes). - rpc: fix NULL dereference on kmalloc failure (git-fixes). - rtc: pcf85063: Fix reading alarm (git-fixes). - s390/boot: add secure boot trailer (bsc#1205256 LTC#1205256). - sbitmap: fix lockup while swapping (bsc#1206602). - sched/psi: Fix sampling error and rare div0 crashes with cgroups and high uptime (bsc#1206841). - scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). - scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). - scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). - scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). - scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). - scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). - scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). - scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - sctp: sysctl: make extra pointers netns aware (bsc#1204760). - string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). - SUNRPC: check that domain table is empty at module unload (git-fixes). - SUNRPC: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - SUNRPC: Do not start a timer on an already queued rpc task (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - SUNRPC: Fix potential leaks in sunrpc_cache_unhash() (git-fixes). - SUNRPC: Fix socket waits for write buffer space (git-fixes). - SUNRPC: Handle 0 length opaque XDR object data properly (git-fixes). - SUNRPC: Mitigate cond_resched() in xprt_transmit() (git-fixes). - SUNRPC: Move simple_get_bytes and simple_get_netobj into private header (git-fixes). - SUNRPC: stop printk reading past end of string (git-fixes). - svcrdma: Fix another Receive buffer leak (git-fixes). - svcrdma: Fix backchannel return code (git-fixes). - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - tracing: Free buffers when a used dynamic event is removed (git-fixes). - tracing: Verify if trace array exists before destroying it (git-fixes). - tracing/dynevent: Delete all matched events (git-fixes). - udf_get_extendedattr() had no boundary checks (bsc#1206648). - udf: Avoid accessing uninitialized data on failed inode read (bsc#1206642). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Fix free space reporting for metadata and virtual partitions (bsc#1206641). - udf: Fix iocharset=utf8 mount option (bsc#1206647). - udf: Fix NULL pointer dereference in udf_symlink function (bsc#1206646). - udf: fix silent AED tagLocation corruption (bsc#1206645). - udf: fix the problem that the disc content is not displayed (bsc#1206644). - udf: Limit sparing table size (bsc#1206643). - usb: host: xhci-hub: fix extra endianness conversion (git-fixes). - usbnet: move new members to end (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:157-1 Released: Thu Jan 26 15:54:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:161-1 Released: Thu Jan 26 18:23:16 2023 Summary: Security update for python-py Type: security Severity: moderate References: 1204364,CVE-2022-42969 This update for python-py fixes the following issues: - CVE-2022-42969: Fixed an excessive resource consumption that could be triggered when interacting with a Subversion repository containing crated data (bsc#1204364). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:162-1 Released: Thu Jan 26 18:24:19 2023 Summary: Security update for samba Type: security Severity: important References: 1206504,1206546,CVE-2021-20251,CVE-2022-38023 This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:170-1 Released: Thu Jan 26 18:30:17 2023 Summary: Security update for xen Type: security Severity: important References: 1027519,1205209,CVE-2022-23824 This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative security issues (bsc#1205209). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:174-1 Released: Thu Jan 26 20:52:38 2023 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:176-1 Released: Thu Jan 26 20:56:20 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1206738 This update for permissions fixes the following issues: Update to version 20181225: * Backport postfix permissions to SLE 15 SP2 (bsc#1206738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:179-1 Released: Thu Jan 26 21:54:30 2023 Summary: Recommended update for tar Type: recommended Severity: low References: 1202436 This update for tar fixes the following issue: - Fix hang when unpacking test tarball (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:198-1 Released: Fri Jan 27 14:26:54 2023 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:211-1 Released: Mon Jan 30 17:26:10 2023 Summary: Security update for vim Type: security Severity: moderate References: 1206866,1206867,1206868,1207162,1207396,CVE-2023-0049,CVE-2023-0051,CVE-2023-0054,CVE-2023-0288,CVE-2023-0433 This update for vim fixes the following issues: - Updated to version 9.0.1234: - CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash (bsc#1207396). - CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash (bsc#1207162). - CVE-2023-0054: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1206868). - CVE-2023-0051: Fixed an out of bounds memory access that could cause a crash (bsc#1206867). - CVE-2023-0049: Fixed an out of bounds memory access that could cause a crash (bsc#1206866). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:223-1 Released: Wed Feb 1 09:36:03 2023 Summary: Security update for python-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:310-1 Released: Tue Feb 7 17:35:34 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:409-1 Released: Tue Feb 14 16:41:09 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1195175,1204502,1206677,1207034,1207497,1207508,1207769,1207878,CVE-2022-3606,CVE-2023-0179 The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3606: Fixed a null pointer dereference inside the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF (bnc#1204502). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). The following non-security bugs were fixed: - KVM: VMX: fix crash cleanup when KVM wasn't used (bsc#1207508). - RDMA/core: Fix ib block iterator counter overflow (bsc#1207878). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - blktrace: ensure our debugfs dir exists (git-fixes). - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: fix flush with external metadata device (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm integrity: select CRYPTO_SKCIPHER (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm space maps: do not reset space map allocation cursor when committing (git-fixes). - dm table: Remove BUG_ON(in_interrupt()) (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm verity: fix require_signatures module_param permissions (git-fixes). - dm verity: skip verity work if I/O error when system is shutting down (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - kabi/severities: add mlx5 internal symbols - loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes). - loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix max value for 'first_minor' (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - nbd: make the config put is called before the notifying the waiter (git-fixes). - nbd: restore default timeout when setting it to zero (git-fixes). - net/mlx5: Allocate individual capability (bsc#1195175). - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - net/mlx5: Fix flow counters SF bulk query len (bsc#1195175). - net/mlx5: Reduce flow counters bulk query buffer size for SFs (bsc#1195175). - net/mlx5: Reorganize current and maximal capabilities to be per-type (bsc#1195175). - net/mlx5: Use order-0 allocations for EQs (bsc#1195175). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - rbd: work around -Wuninitialized warning (git-fixes). - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (git-fixes). - scsi: NCR5380: Add disconnect_mask module parameter (git-fixes). - scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes). - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (git-fixes). - scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: bnx2fc: Return failure if io_req is already in ABTS processing (git-fixes). - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO (git-fixes). - scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes). - scsi: core: Do not start concurrent async scan on same host (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - scsi: core: Fix capacity set to zero after offlinining device (git-fixes). - scsi: core: Fix hang of freezing queue between blocking and running device (git-fixes). - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: core: free sgtables in case command setup fails (git-fixes). - scsi: core: sysfs: Fix hang when device state is set via sysfs (git-fixes). - scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (git-fixes). - scsi: cxlflash: Fix error return code in cxlflash_probe() (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes). - scsi: fnic: fix use after free (git-fixes). - scsi: hisi_sas: Check sas_port before using it (git-fixes). - scsi: hisi_sas: Do not reset phy timer to wait for stray phy up (git-fixes). - scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq (git-fixes). - scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw() (git-fixes). - scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (git-fixes). - scsi: iscsi: Do not destroy session if there are outstanding connections (git-fixes). - scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes). - scsi: iscsi: Do not send data to unbound connection (git-fixes). - scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj (git-fixes). - scsi: iscsi: Fix shost->max_id use (git-fixes). - scsi: iscsi: Report unbind session event when the target has been removed (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libfc: Fix a format specifier (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes). - scsi: libsas: Add LUN number check in .slave_alloc callback (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() (git-fixes). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: megaraid_sas: Fix resource leak in case of probe failure (git-fixes). - scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs (git-fixes). - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: mpt3sas: Block PCI config access from userspace during reset (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (git-fixes). - scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm: Balance pm_only counter of request queue during system resume (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Add check to synchronize abort and flush (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: qedf: Return SUCCESS if stale rport is encountered (git-fixes). - scsi: qedi: Fix failed disconnect handling (git-fixes). - scsi: qedi: Fix list_del corruption while removing active I/O (git-fixes). - scsi: qedi: Fix null ref during abort handling (git-fixes). - scsi: qedi: Protect active command list to avoid list corruption (git-fixes). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: num_tgts must be >= 0 (git-fixes). - scsi: scsi_dh_alua: Check for negative result value (git-fixes). - scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() (git-fixes). - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes). - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes). - scsi: scsi_transport_spi: Fix function pointer check (git-fixes). - scsi: scsi_transport_spi: Set RQF_PM for domain validation commands (git-fixes). - scsi: sd: Free scsi_disk device via put_device() (git-fixes). - scsi: sd: Suppress spurious errors when WRITE SAME is being disabled (git-fixes). - scsi: ses: Fix unsigned comparison with less than zero (git-fixes). - scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes). - scsi: sr: Return appropriate error code when disk is ejected (git-fixes). - scsi: sr: Return correct event when media event code is 3 (git-fixes). - scsi: st: Fix a use after free in st_open() (git-fixes). - scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() (git-fixes). - scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes). - scsi: ufs: Clean up completed request without interrupt notification (git-fixes). - scsi: ufs: Fix a race condition in the tracing code (git-fixes). - scsi: ufs: Fix error handing during hibern8 enter (git-fixes). - scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes). - scsi: ufs: Fix interrupt error message for shared interrupts (git-fixes). - scsi: ufs: Fix irq return code (git-fixes). - scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes). - scsi: ufs: Fix tm request when non-fatal error happens (git-fixes). - scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() (git-fixes). - scsi: ufs: Fix up auto hibern8 enablement (git-fixes). - scsi: ufs: Fix wrong print message in dev_err() (git-fixes). - scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes). - scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (git-fixes). - scsi: ufs: Make ufshcd_add_command_trace() easier to read (git-fixes). - scsi: ufs: fix potential bug which ends in system hang (git-fixes). - scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() (git-fixes). - scsi: virtio_scsi: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - scsi: vmw_pvscsi: Set correct residual data length (git-fixes). - scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:427-1 Released: Wed Feb 15 17:40:08 2023 Summary: Security update for bind Type: security Severity: important References: 1207471,CVE-2022-3094 This update for bind fixes the following issues: - CVE-2022-3094: Fixed memory exhaustion due to UPDATE message flooding (bsc#1207471). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:486-1 Released: Thu Feb 23 10:38:13 2023 Summary: Security update for c-ares Type: security Severity: important References: 1208067,CVE-2022-4904 This update for c-ares fixes the following issues: Updated to version 1.19.0: - CVE-2022-4904: Fixed missing string length check in config_sortlist() (bsc#1208067). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:549-1 Released: Mon Feb 27 17:35:07 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1205244,1208443,CVE-2022-45061 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:604-1 Released: Thu Mar 2 15:51:55 2023 Summary: Security update for python-cryptography, python-cryptography-vectors Type: security Severity: important References: 1178168,1182066,1198331,1199282,CVE-2020-25659,CVE-2020-36242 This update for python-cryptography, python-cryptography-vectors fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - CVE-2020-36242: Fixed a bug where certain sequences of update() calls could result in integer overflow (bsc#1182066). - CVE-2020-25659: Fixed Bleichenbacher vulnerabilities (bsc#1178168). - update to 3.3.2 (bsc#1198331) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:610-1 Released: Fri Mar 3 12:06:49 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1208143,CVE-2023-0361 This update for gnutls fixes the following issues: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:713-1 Released: Mon Mar 13 10:25:04 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: This update for suse-build-key fixes the following issues: This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise 15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch to mid of 2023. (jsc#PED-2777) - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories). - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories). - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages. - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem: New RSA 4096 key for the SUSE registry registry.suse.com, installed as suse-container-key-2023.pem and suse-container-key-2023.asc - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem: New PTF container signing key for registry.suse.com/ptf/ space. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - bind-utils-9.16.6-150300.22.27.1 updated - ca-certificates-mozilla-2.60-150200.27.1 updated - catatonit-0.1.7-150300.10.3.1 updated - curl-7.66.0-150200.4.45.1 updated - hwdata-0.365-150000.3.54.1 added - kernel-default-5.3.18-150300.59.112.1 updated - krb5-1.19.2-150300.10.1 updated - libbind9-1600-9.16.6-150300.22.27.1 updated - libblkid1-2.36.2-150300.4.32.1 updated - libcares2-1.19.0-150000.3.20.1 updated - libcurl4-7.66.0-150200.4.45.1 updated - libdns1605-9.16.6-150300.22.27.1 updated - libfdisk1-2.36.2-150300.4.32.1 updated - libglib-2_0-0-2.62.6-150200.3.10.1 updated - libgnutls30-3.6.7-150200.14.25.2 updated - libirs1601-9.16.6-150300.22.27.1 updated - libisc1606-9.16.6-150300.22.27.1 updated - libisccc1600-9.16.6-150300.22.27.1 updated - libisccfg1600-9.16.6-150300.22.27.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libmount1-2.36.2-150300.4.32.1 updated - libns1604-9.16.6-150300.22.27.1 updated - libopenssl1_1-1.1.1d-150200.11.57.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libpython3_6m1_0-3.6.15-150300.10.40.1 updated - librelp0-1.2.15-1.15 added - libsmartcols1-2.36.2-150300.4.32.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsystemd0-246.16-150300.7.57.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-246.16-150300.7.57.1 updated - libuuid1-2.36.2-150300.4.32.1 updated - libxml2-2-2.9.7-150000.3.54.1 updated - libz1-1.2.11-150000.3.39.1 updated - openssl-1_1-1.1.1d-150200.11.57.1 updated - permissions-20181225-150200.23.23.1 updated - procps-3.3.15-150000.7.28.1 updated - python3-base-3.6.15-150300.10.40.1 updated - python3-bind-9.16.6-150300.22.27.1 updated - python3-certifi-2018.1.18-150000.3.3.1 updated - python3-cryptography-3.3.2-150200.16.1 updated - python3-py-1.10.0-150100.5.12.1 updated - python3-setuptools-40.5.0-150100.6.6.1 updated - python3-3.6.15-150300.10.40.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - samba-client-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 updated - samba-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 added - sle-module-basesystem-release-15.3-47.1 added - sle-module-containers-release-15.3-47.1 added - sle-module-public-cloud-release-15.3-47.1 added - sle-module-server-applications-release-15.3-47.1 added - sudo-1.9.5p2-150300.3.19.1 updated - suse-build-key-12.0-150000.8.31.1 updated - systemd-sysvinit-246.16-150300.7.57.1 updated - systemd-246.16-150300.7.57.1 updated - tar-1.34-150000.3.31.1 updated - timezone-2022g-150000.75.18.1 updated - udev-246.16-150300.7.57.1 updated - util-linux-systemd-2.36.2-150300.4.32.1 updated - util-linux-2.36.2-150300.4.32.1 updated - vim-data-common-9.0.1234-150000.5.34.1 updated - vim-9.0.1234-150000.5.34.1 updated - xen-libs-4.14.5_10-150300.3.45.1 updated - xen-tools-domU-4.14.5_10-150300.3.45.1 updated - klogd-1.4.1-11.2 removed - pciutils-ids-20200324-3.6.1 removed - vlan-1.9-1.27 removed From sle-updates at lists.suse.com Fri Mar 17 08:02:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 09:02:11 +0100 (CET) Subject: SUSE-IU-2023:159-1: Security update of sles-15-sp3-chost-byos-v20230313-x86-64 Message-ID: <20230317080211.03517F46D@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp3-chost-byos-v20230313-x86-64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:159-1 Image Tags : sles-15-sp3-chost-byos-v20230313-x86-64:20230313 Image Release : Severity : important Type : security References : 1027519 1065729 1065729 1071995 1103388 1104120 1106523 1121365 1121410 1151927 1156395 1156395 1157049 1168806 1170160 1170160 1177460 1180422 1180482 1182482 1182482 1183533 1184350 1185697 1186749 1187948 1189297 1190091 1190969 1191375 1191468 1191468 1192761 1194038 1194338 1195175 1195391 1195838 1195838 1196332 1196332 1198472 1199467 1199657 1200110 1200723 1200845 1201455 1201469 1201689 1202436 1202436 1203144 1203183 1203652 1203693 1203740 1203746 1203857 1203960 1204017 1204142 1204171 1204215 1204228 1204241 1204250 1204328 1204414 1204423 1204446 1204502 1204585 1204614 1204636 1204693 1204693 1204760 1204779 1204780 1204791 1204810 1204827 1204850 1204868 1204934 1204957 1204963 1204967 1204989 1205000 1205126 1205128 1205130 1205149 1205209 1205220 1205244 1205256 1205264 1205329 1205330 1205385 1205386 1205428 1205473 1205495 1205496 1205514 1205567 1205601 1205617 1205646 1205671 1205695 1205700 1205705 1205709 1205753 1205796 1205797 1205946 1205984 1205985 1205986 1205987 1205988 1205989 1206028 1206032 1206037 1206071 1206072 1206073 1206075 1206077 1206113 1206114 1206174 1206175 1206176 1206177 1206178 1206179 1206207 1206212 1206309 1206337 1206344 1206389 1206393 1206394 1206395 1206397 1206398 1206399 1206412 1206504 1206504 1206515 1206546 1206579 1206602 1206622 1206634 1206635 1206636 1206637 1206640 1206641 1206642 1206643 1206644 1206645 1206646 1206647 1206648 1206649 1206663 1206664 1206667 1206677 1206738 1206784 1206841 1206854 1206855 1206857 1206858 1206859 1206860 1206866 1206867 1206868 1206873 1206875 1206876 1206877 1206878 1206880 1206881 1206882 1206883 1206884 1206885 1206886 1206887 1206888 1206889 1206890 1206891 1206893 1206896 1206904 1207034 1207036 1207082 1207125 1207134 1207162 1207186 1207198 1207218 1207237 1207294 1207396 1207471 1207497 1207508 1207533 1207534 1207536 1207538 1207753 1207769 1207878 1208067 1208143 1208443 1208723 1208723 CVE-2019-19083 CVE-2021-20251 CVE-2021-28153 CVE-2021-38297 CVE-2021-38297 CVE-2022-23806 CVE-2022-23806 CVE-2022-23824 CVE-2022-2602 CVE-2022-28693 CVE-2022-29900 CVE-2022-29901 CVE-2022-3094 CVE-2022-3105 CVE-2022-3106 CVE-2022-3107 CVE-2022-3108 CVE-2022-3111 CVE-2022-3112 CVE-2022-3115 CVE-2022-3435 CVE-2022-3491 CVE-2022-3520 CVE-2022-3564 CVE-2022-3567 CVE-2022-3591 CVE-2022-3606 CVE-2022-3628 CVE-2022-3635 CVE-2022-3643 CVE-2022-3705 CVE-2022-3707 CVE-2022-37966 CVE-2022-37967 CVE-2022-38023 CVE-2022-38023 CVE-2022-3903 CVE-2022-40897 CVE-2022-4095 CVE-2022-4129 CVE-2022-4139 CVE-2022-4141 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-42896 CVE-2022-42898 CVE-2022-4292 CVE-2022-4293 CVE-2022-4304 CVE-2022-43552 CVE-2022-4378 CVE-2022-43945 CVE-2022-4415 CVE-2022-4450 CVE-2022-45061 CVE-2022-45934 CVE-2022-4662 CVE-2022-46908 CVE-2022-47520 CVE-2022-47629 CVE-2022-47929 CVE-2022-48303 CVE-2022-4904 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0179 CVE-2023-0215 CVE-2023-0266 CVE-2023-0286 CVE-2023-0288 CVE-2023-0361 CVE-2023-0433 CVE-2023-22809 CVE-2023-23454 CVE-2023-23455 ----------------------------------------------------------------- The container sles-15-sp3-chost-byos-v20230313-x86-64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2022-1 Released: Wed Sep 26 09:48:09 2018 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1103388,1104120,1106523 This update fixes the following issues: hwdata: - Update to version 0.314: + Updated pci, usb and vendor ids. spacewalk-backend: - Channels to be actually un-subscribed from the assigned systems when being removed using spacewalk-remove-channel tool. (bsc#1104120) - Take only text files from /srv/salt to make spacewalk-debug smaller. (bsc#1103388) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1022-1 Released: Wed Apr 24 13:46:51 2019 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1121410 This update for hwdata fixes the following issues: Update to version 0.320 (bsc#1121410): - Updated the pci, usb and vendor ids vendor and product databases. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1261-1 Released: Tue May 12 18:40:18 2020 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1168806 This update for hwdata fixes the following issues: Update from version 0.320 to version 0.324 (bsc#1168806) - Updated pci, usb and vendor ids. - Replace pciutils-ids package providing compatibility symbolic link ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:421-1 Released: Wed Feb 10 12:05:23 2021 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1180422,1180482 This update for hwdata fixes the following issues: - Added merge-pciids.pl to fully duplicate behavior of pciutils-ids (bsc#1180422, bsc#1180482) - Updated pci, usb and vendor ids. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:880-1 Released: Fri Mar 19 04:14:38 2021 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1170160,1182482 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1182482, bsc#1170160, jsc#SLE-13791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1950-1 Released: Thu Jun 10 14:42:00 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1170160,1182482,1185697 This update for hwdata fixes the following issues: - Update to version 0.347: + Updated pci, usb and vendor ids. (bsc#1185697) - Update to version 0.346: + Updated pci, usb and vendor ids. (bsc#1182482, jsc#SLE-13791, bsc#1170160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2447-1 Released: Thu Jul 22 08:26:29 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1186749,1187948 This update for hwdata fixes the following issue: - Version 0.349: Updated pci, usb and vendor ids (bsc#1187948). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2973-1 Released: Tue Sep 7 16:56:08 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1190091 This update for hwdata fixes the following issue: - Update pci, usb and vendor ids (bsc#1190091) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3832-1 Released: Wed Dec 1 14:51:19 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1191375 This update for hwdata fixes the following issue: - Update to version 0.353 (bsc#1191375) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:100-1 Released: Tue Jan 18 05:20:03 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1194338 This update for hwdata fixes the following issues: - Update hwdata from version 0.353 to 0.355 which includes updated pci, usb and vendor ids (bsc#1194338) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1204-1 Released: Thu Apr 14 12:15:55 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1196332 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1703-1 Released: Tue May 17 12:13:36 2022 Summary: Recommended update for hwdata Type: recommended Severity: important References: 1196332 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3135-1 Released: Wed Sep 7 08:39:31 2022 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1200110 This update for hwdata fixes the following issue: - Update pci, usb and vendor ids to version 0.360 (bsc#1200110) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4063-1 Released: Fri Nov 18 09:07:50 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4616-1 Released: Fri Dec 23 10:55:46 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1071995,1156395,1184350,1189297,1192761,1199657,1200845,1201455,1201469,1203144,1203746,1203960,1204017,1204142,1204215,1204228,1204241,1204328,1204414,1204446,1204636,1204693,1204780,1204791,1204810,1204827,1204850,1204868,1204934,1204957,1204963,1204967,1205128,1205130,1205220,1205264,1205329,1205330,1205428,1205473,1205514,1205567,1205617,1205671,1205700,1205705,1205709,1205753,1205796,1205984,1205985,1205986,1205987,1205988,1205989,1206032,1206037,1206207,CVE-2022-2602,CVE-2022-28693,CVE-2022-29900,CVE-2022-29901,CVE-2022-3567,CVE-2022-3628,CVE-2022-3635,CVE-2022-3707,CVE-2022-3903,CVE-2022-4095,CVE-2022-4129,CVE-2022-4139,CVE-2022-41850,CVE-2022-41858,CVE-2022-42895,CVE-2022-42896,CVE-2022-4378,CVE-2022-43945,CVE-2022-45934 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). The following non-security bugs were fixed: - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: wm5102: Revert 'ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe' (git-fixes). - ASoC: wm5110: Revert 'ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe' (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - ASoC: wm8997: Revert 'ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe' (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573) - Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes). - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: remove unused function (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support (git-fixes). - KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1 (git-fixes). - KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT) (git-fixes). - KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when apicv is globally disabled (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes). - KVM: s390: Fix handle_sske page fault handling (git-fixes). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes). - KVM: s390: get rid of register asm usage (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: s390: reduce number of IO pins to 1 (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - NFS: Refactor nfs_instantiate() for dentry referencing callers (bsc#1204215). - NFSv3: use nfs_add_or_obtain() to create and reference inodes (bsc#1204215). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Fix typo (bsc#1204446). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Support for create interrupt v3 (bsc#1204446). - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - RDMA/core/sa_query: Remove unused argument (git-fixes) - RDMA/hns: Fix spelling mistakes of original (git-fixes) - RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes) - RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes) - RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes) - RDMA/rxe: Fix memory leak in error path code (git-fixes) - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - USB: serial: option: remove old LARA-R6 PID. - Xen/gntdev: do not ignore kernel unmapping error (git-fixes). - add another bug reference to some hyperv changes (bsc#1205617). - arm/xen: Do not probe xenbus as part of an early initcall (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes) - arm64: dts: juno: Add thermal critical trip points (git-fixes) - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - blk-crypto: fix check for too-large dun_bytes (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (git-fixes). - block: Add a helper to validate the block size (git-fixes). - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1204328). - block: ataflop: fix breakage introduced at blk-mq refactoring (git-fixes). - block: ataflop: more blk-mq refactoring fixes (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: limit request dispatch loop duration (git-fixes). - block: nbd: add sanity check for first_minor (git-fixes). - block: use 'unsigned long' for blk_validate_block_size() (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989). - ceph: do not access the kiocb after aio requests (bsc#1205984). - ceph: fix fscache invalidation (bsc#1205985). - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205988). - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1205986). - ceph: request Fw caps before updating the mtime in ceph_write_iter (bsc#1205987). - cifs: skip extra NULL byte in filenames (bsc#1204791). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm verity fec: fix misaligned RS roots IO (git-fixes). - dm writecache: fix writing beyond end of underlying device when shrinking (git-fixes). - dm writecache: return the exact table values that were set (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix request-based DM to not bounce through indirect dm_submit_bio (git-fixes). - dm: remove special-casing of bio-based immutable singleton target on NVMe (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes). - drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes). - drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes). - drivers: hv: Fix missing error code in vmbus_connect() (git-fixes). - drivers: hv: vmbus: Fix call msleep using < 20ms (git-fixes). - drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes). - drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes). - drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes). - drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205330). - fuse: fix readdir cache race (bsc#1205329). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv: hyperv.h: Remove unused inline functions (git-fixes). - hv_netvsc: Add a comment clarifying batching logic (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes). - hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Validate number of allocated sub-channels (git-fixes). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - iwlwifi: dbg: disable ini debug in 9000 family and below (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: remove new member of usbip_device (git-fixes). - kabi: fix transport_add_device change (git-fixes). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - loop: Check for overflow while configuring loop (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md: Replace snprintf with scnprintf (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: vim2m: initialize the media device earlier (git-fixes). - media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - nbd: Fix use-after-free in pid_show (git-fixes). - nbd: fix possible overflow for 'first_minor' in nbd_dev_add() (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - nbd: handle device refs for DESTROY_ON_DISCONNECT properly (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes). - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nfsd: set the server_scope during service startup (bsc#1203746). - null_blk: Fail zone append to conventional zones (git-fixes). - null_blk: synchronization fix for zoned device (git-fixes). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: Add MAC passthrough support to new device (git-fixes). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - r8152: use new helper tcp_v6_gso_csum_prep (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - rndis_host: increase sleep time in the query-response loop (git-fixes). - rtc: mt6397: fix alarm register overwrite (git-fixes). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - s390/cpcmd: fix inline assembly register clobbering (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/disassembler: increase ebpf disasm buffer size (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205428 LTC#200501). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203144 LTC#199881). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes). - s390/ptrace: return -ENOSYS when invalid syscall is supplied (git-fixes). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390/vtime: fix inline assembly clobber list (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - s390/zcrypt: fix zcard and zqueue hot-unplug memleak (git-fixes). - s390: Remove arch_has_random, arch_has_random_seed (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (git-fixes). - s390: fix nospec table alignments (git-fixes). - s390: mark __cpacf_query() as __always_inline (git-fixes). - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes). - scsi: drivers: base: Propagate errors through the transport component (git-fixes). - scsi: drivers: base: Support atomic version of attribute_container_device_trigger (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729 bsc#1204810 ltc#200162). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes). - scsi: storvsc: Miscellaneous code cleanups (git-fixes). - scsi: storvsc: Parameterize number hardware queues (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes). - scsi: storvsc: Update error logging (git-fixes). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - staging: greybus: light: fix a couple double frees (git-fixes). - swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Fix null pointer exception (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup. - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - usbip: add sysfs_lock to synchronize sysfs code paths (git-fixes). - usbip: stub-dev synchronize sysfs code paths (git-fixes). - usbip: stub_dev: remake locking for kABI (git-fixes). - usbip: synchronize event handler with sysfs code paths (git-fixes). - usbip: usbip_event: use global lock (git-fixes). - usbip: vudc synchronize sysfs code paths (git-fixes). - usbip: vudc_sysfs: use global lock (git-fixes). - use __netdev_notify_peers in hyperv (git-fixes). - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' (bsc#1200845) - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - vmlinux.lds.h: Fix placement of '.data..decrypted' section (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (bsc#1204967). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery (git-fixes). - x86/xen: Distribute switch variables for initialization (git-fixes). - x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes). - xen-blkback: prevent premature module unload (git-fixes). - xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes). - xen/balloon: fix balloon kthread freezing (git-fixes). - xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes). - xen/balloon: fix cancelled balloon action (git-fixes). - xen/balloon: use a kernel thread instead a workqueue (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/gntdev: Prevent leaking grants (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen/privcmd: Corrected error handling path (git-fixes). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes). - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status (git-fixes). - xen: Fix XenStore initialisation for XS_LOCAL (git-fixes). - xen: Fix event channel callback via INTX/GSI (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xenbus: req->body should be updated before req->state (git-fixes). - xenbus: req->err should be updated before req->state (git-fixes). - xfs: Lower CIL flush limit for large logs (git-fixes). - xfs: Throttle commits on delayed background CIL push (git-fixes). - xfs: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - xfs: check owner of dir3 blocks (git-fixes). - xfs: factor common AIL item deletion code (git-fixes). - xfs: open code insert range extent split helper (git-fixes). - xfs: rework collapse range into an atomic operation (git-fixes). - xfs: rework insert range into an atomic operation (git-fixes). - xfs: tail updates only need to occur when LSN changes (git-fixes). - xfs: trylock underlying buffer on dquot flush (git-fixes). - xfs: xfs_buf_corruption_error should take __this_address (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4618-1 Released: Fri Dec 23 13:02:31 2022 Summary: Recommended update for catatonit Type: recommended Severity: moderate References: This update for catatonit fixes the following issues: Update to catatonit v0.1.7: - This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). Update to catatonit v0.1.6: - which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4631-1 Released: Wed Dec 28 09:29:15 2022 Summary: Security update for vim Type: security Severity: important References: 1204779,1205797,1206028,1206071,1206072,1206075,1206077,CVE-2022-3491,CVE-2022-3520,CVE-2022-3591,CVE-2022-3705,CVE-2022-4141,CVE-2022-4292,CVE-2022-4293 This update for vim fixes the following issues: Updated to version 9.0.1040: - CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028). - CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071). - CVE-2022-3591: vim: Use After Free (bsc#1206072). - CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075). - CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077). - CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797). - CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:14-1 Released: Mon Jan 2 19:06:03 2023 Summary: Security update for samba Type: security Severity: important References: 1205385,1205386,1205946,1206504,CVE-2022-37966,CVE-2022-37967,CVE-2022-38023 This update for samba fixes the following issues: Update to 4.15.13 - CVE-2022-37966 rc4-hmac Kerberos session keys issued to modern servers (bsc#1205385). - CVE-2022-37967 Kerberos constrained delegation ticket forgery possible against Samba AD DC (bsc#1205386). - CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided (bsc#1206504). - Fixed issue with bind start up (bsc#1205946). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:46-1 Released: Mon Jan 9 10:35:21 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:115-1 Released: Fri Jan 20 10:23:51 2023 Summary: Security update for sudo Type: security Severity: important References: 1207082,CVE-2023-22809 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:143-1 Released: Thu Jan 26 06:41:22 2023 Summary: Recommended update for bind Type: recommended Severity: moderate References: 1201689 This update for bind fixes the following issues: - Add systemd drop-in directory for named service (bsc#1201689) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:152-1 Released: Thu Jan 26 11:37:27 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1151927,1156395,1157049,1190969,1203183,1203693,1203740,1204171,1204250,1204614,1204693,1204760,1204989,1205149,1205256,1205495,1205496,1205601,1205695,1206073,1206113,1206114,1206174,1206175,1206176,1206177,1206178,1206179,1206344,1206389,1206393,1206394,1206395,1206397,1206398,1206399,1206515,1206602,1206634,1206635,1206636,1206637,1206640,1206641,1206642,1206643,1206644,1206645,1206646,1206647,1206648,1206649,1206663,1206664,1206784,1206841,1206854,1206855,1206857,1206858,1206859,1206860,1206873,1206875,1206876,1206877,1206878,1206880,1206881,1206882,1206883,1206884,1206885,1206886,1206887,1206888,1206889,1206890,1206891,1206893,1206896,1206904,1207036,1207125,1207134,1207186,1207198,1207218,1207237,CVE-2019-19083,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3112,CVE-2022-3115,CVE-2022-3435,CVE-2022-3564,CVE-2022-3643,CVE-2022-42328,CVE-2022-42329,CVE-2022-4662,CVE-2022-47520,CVE-2022-47929,CVE-2023-0266,CVE-2023-23454,CVE-202 3-23455 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-0266: Fixed a use-after-free bug led by a missing lock in ALSA. (bsc#1207134) - CVE-2022-47929: Fixed a NULL pointer dereference bug in the traffic control subsystem which allowed an unprivileged user to trigger a denial of service via a crafted traffic control configuration. (bsc#1207237) - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036) - CVE-2023-23455: Fixed a bug that could allow attackers to cause a denial of service because of type confusion in atm_tc_enqueue. (bsc#1207125) - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393) - CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515) - CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399) - CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2019-19083: Fixed a memory leaks in clock_source_create that could allow attackers to cause a denial of service (bsc#1157049). - CVE-2022-42328: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Fixed a bug which could allow guests to trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394) - CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398) - CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397) The following non-security bugs were fixed: - afs: Fix some tracing details (git-fixes). - arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes) - arm64: dts: allwinner: H5: Add PMU node (git-fixes) - arm64: dts: allwinner: H6: Add PMU mode (git-fixes) - arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes) - arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes) - arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes) - arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes) - arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes) - arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes). - arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes) - arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator (git-fixes) - block: Do not reread partition table on exclusively open device (bsc#1190969). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1207198). - ceph: do not update snapshot context when there is no new snapshot (bsc#1207218). - cuse: prevent clone (bsc#1206177). - drbd: destroy workqueue when drbd device was freed (git-fixes). - drbd: remove usage of list iterator variable after loop (git-fixes). - drbd: use after free in drbd_create_device() (git-fixes). - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). - ext4: avoid race conditions when remounting with options that change dax (bsc#1206860). - ext4: avoid resizing to a partial cluster size (bsc#1206880). - ext4: choose hardlimit when softlimit is larger than hardlimit in ext4_statfs_project() (bsc#1206854). - ext4: continue to expand file system when the target size does not reach (bsc#1206882). - ext4: convert BUG_ON's to WARN_ON's in mballoc.c (bsc#1206859). - ext4: correct max_inline_xattr_value_size computing (bsc#1206878). - ext4: correct the error path of ext4_write_inline_data_end() (bsc#1206875). - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). - ext4: Detect already used quota file early (bsc#1206873). - ext4: fix a data race at inode->i_disksize (bsc#1206855). - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). - ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). - ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). - ext4: Fixup pages without buffers (bsc#1205495). - ext4: iomap that extends beyond EOF should be marked dirty (bsc#1206637). - ext4: make ext4_lazyinit_thread freezable (bsc#1206885). - ext4: mark block bitmap corrupted when found instead of BUGON (bsc#1206857). - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). - ext4: use matching invalidatepage in ext4_writepage (bsc#1206858). - fs: nfsd: fix kconfig dependency warning for NFSD_V4 (git-fixes). - fuse: do not check refcount after stealing page (bsc#1206174). - fuse: fix the ->direct_IO() treatment of iov_iter (bsc#1206176). - fuse: fix use after free in fuse_read_interrupt() (bsc#1206178). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206179). - fuse: update attr_version counter on fuse_notify_inval_inode() (bsc#1206175). - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: check empty report_list in bigben_probe() (git-fixes, bsc#1206784). - HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784). - ibmveth: Always stop tx queues during close (bsc#1065729). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - lib/notifier-error-inject: fix error when writing -errno to debugfs file (bsc#1206634). - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (bsc#1206634). - lockd: lockd server-side shouldn't set fl_ops (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mm, page_alloc: avoid expensive reclaim when compaction may not succeed (bsc#1204250). - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). - mm/filemap.c: clear page error before actual read (bsc#1206635). - mm/memcg: optimize memory.numa_stat like memory.stat (bsc#1206663). - module: avoid *goto*s in module_sig_check() (git-fixes). - module: lockdep: Suppress suspicious RCU usage warning (git-fixes). - module: merge repetitive strings in module_sig_check() (git-fixes). - module: Remove accidental change of module_enable_x() (git-fixes). - module: set MODULE_STATE_GOING state when a module fails to load (git-fixes). - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). - net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). - net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes). - net: usb: cdc_ncm: do not spew notifications (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFS: Fix memory leaks (git-fixes). - NFS: Fix memory leaks in nfs_pageio_stop_mirroring() (git-fixes). - NFS: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes). - NFS: Handle missing attributes in OPEN reply (bsc#1203740). - NFS: nfs_find_open_context() may only select open files (git-fixes). - NFS: nfs_xdr_status should record the procedure name (git-fixes). - NFS: nfs4clinet: check the return value of kstrdup() (git-fixes). - NFS: we do not support removing system.nfs4_acl (git-fixes). - NFS: Zero-stateid SETATTR should first return delegation (git-fixes). - NFS4: Fix kmemleak when allocate slot failed (git-fixes). - NFS4: Fix oops when copy_file_range is attempted with NFS4.0 source (git-fixes). - NFSD: Clone should commit src file metadata too (git-fixes). - NFSD: do not call nfsd_file_put from client states seqfile display (git-fixes). - NFSD: fix error handling in NFSv4.0 callbacks (git-fixes). - NFSD: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes). - NFSD: Fix svc_xprt refcnt leak when setup callback client failed (git-fixes). - NFSD: Keep existing listeners on portlist error (git-fixes). - NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes). - NFSD: safer handling of corrupted c_type (git-fixes). - NFSv4 expose nfs_parse_server_name function (git-fixes). - NFSv4 only print the label when its queried (git-fixes). - NFSv4 remove zero number of fs_locations entries error check (git-fixes). - NFSv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix a pNFS layout related use-after-free race when freeing the inode (git-fixes). - NFSv4: Fix races between open and dentry revalidation (git-fixes). - NFSv4: Protect the state recovery thread against direct reclaim (git-fixes). - NFSv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (git-fixes). - NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes). - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - NFSv4.2: error out when relink swapfile (git-fixes). - NFSv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes). - NFSv4/pNFS: Always return layout stats on layout return for flexfiles (git-fixes). - NFSv4/pNFS: Fix a use-after-free bug in open (git-fixes). - NFSv4/pNFS: Try to return invalid layout in pnfs_layout_process() (git-fixes). - powerpc: Ensure that swiotlb buffer is allocated from low memory (bsc#1156395). - powerpc: Force inlining of cpu_has_feature() to avoid build failure (bsc#1065729). - powerpc: improve handling of unrecoverable system reset (bsc#1065729). - powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() (bsc#1065729). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729). - powerpc/book3s/mm: Update Oops message to print the correct translation in use (bsc#1156395). - powerpc/boot: Fixup device-tree on little endian (bsc#1065729). - powerpc/crashkernel: Take 'mem=' option into account (bsc#1065729). - powerpc/eeh: Only dump stack once if an MMIO loop is detected (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/powernv: Avoid re-registration of imc debugfs directory (bsc#1156395). - powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number (bsc#1065729). - powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729). - powerpc/pseries: Stop calling printk in rtas_stop_self() (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/pseries/cmm: Implement release() function for sysfs device (bsc#1065729). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV (bsc#1065729). - powerpc/xive: Add a check for memory allocation failure (git-fixes). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - quota: Check next/prev free block number after reading from quota file (bsc#1206640). - rpc: fix gss_svc_init cleanup on failure (git-fixes). - rpc: fix NULL dereference on kmalloc failure (git-fixes). - rtc: pcf85063: Fix reading alarm (git-fixes). - s390/boot: add secure boot trailer (bsc#1205256 LTC#1205256). - sbitmap: fix lockup while swapping (bsc#1206602). - sched/psi: Fix sampling error and rare div0 crashes with cgroups and high uptime (bsc#1206841). - scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). - scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). - scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). - scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). - scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). - scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). - scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). - scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - sctp: sysctl: make extra pointers netns aware (bsc#1204760). - string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). - SUNRPC: check that domain table is empty at module unload (git-fixes). - SUNRPC: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - SUNRPC: Do not start a timer on an already queued rpc task (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - SUNRPC: Fix potential leaks in sunrpc_cache_unhash() (git-fixes). - SUNRPC: Fix socket waits for write buffer space (git-fixes). - SUNRPC: Handle 0 length opaque XDR object data properly (git-fixes). - SUNRPC: Mitigate cond_resched() in xprt_transmit() (git-fixes). - SUNRPC: Move simple_get_bytes and simple_get_netobj into private header (git-fixes). - SUNRPC: stop printk reading past end of string (git-fixes). - svcrdma: Fix another Receive buffer leak (git-fixes). - svcrdma: Fix backchannel return code (git-fixes). - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - tracing: Free buffers when a used dynamic event is removed (git-fixes). - tracing: Verify if trace array exists before destroying it (git-fixes). - tracing/dynevent: Delete all matched events (git-fixes). - udf_get_extendedattr() had no boundary checks (bsc#1206648). - udf: Avoid accessing uninitialized data on failed inode read (bsc#1206642). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Fix free space reporting for metadata and virtual partitions (bsc#1206641). - udf: Fix iocharset=utf8 mount option (bsc#1206647). - udf: Fix NULL pointer dereference in udf_symlink function (bsc#1206646). - udf: fix silent AED tagLocation corruption (bsc#1206645). - udf: fix the problem that the disc content is not displayed (bsc#1206644). - udf: Limit sparing table size (bsc#1206643). - usb: host: xhci-hub: fix extra endianness conversion (git-fixes). - usbnet: move new members to end (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:157-1 Released: Thu Jan 26 15:54:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:162-1 Released: Thu Jan 26 18:24:19 2023 Summary: Security update for samba Type: security Severity: important References: 1206504,1206546,CVE-2021-20251,CVE-2022-38023 This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:170-1 Released: Thu Jan 26 18:30:17 2023 Summary: Security update for xen Type: security Severity: important References: 1027519,1205209,CVE-2022-23824 This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative security issues (bsc#1205209). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:174-1 Released: Thu Jan 26 20:52:38 2023 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:176-1 Released: Thu Jan 26 20:56:20 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1206738 This update for permissions fixes the following issues: Update to version 20181225: * Backport postfix permissions to SLE 15 SP2 (bsc#1206738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:179-1 Released: Thu Jan 26 21:54:30 2023 Summary: Recommended update for tar Type: recommended Severity: low References: 1202436 This update for tar fixes the following issue: - Fix hang when unpacking test tarball (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:198-1 Released: Fri Jan 27 14:26:54 2023 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:211-1 Released: Mon Jan 30 17:26:10 2023 Summary: Security update for vim Type: security Severity: moderate References: 1206866,1206867,1206868,1207162,1207396,CVE-2023-0049,CVE-2023-0051,CVE-2023-0054,CVE-2023-0288,CVE-2023-0433 This update for vim fixes the following issues: - Updated to version 9.0.1234: - CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash (bsc#1207396). - CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash (bsc#1207162). - CVE-2023-0054: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1206868). - CVE-2023-0051: Fixed an out of bounds memory access that could cause a crash (bsc#1206867). - CVE-2023-0049: Fixed an out of bounds memory access that could cause a crash (bsc#1206866). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:223-1 Released: Wed Feb 1 09:36:03 2023 Summary: Security update for python-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:310-1 Released: Tue Feb 7 17:35:34 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:334-1 Released: Thu Feb 9 13:49:43 2023 Summary: Recommended update for google-osconfig-agent Type: recommended Severity: moderate References: This update for google-osconfig-agent fixes the following issues: - Provide the latest version for SLE-15-SP4 too. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:409-1 Released: Tue Feb 14 16:41:09 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1195175,1204502,1206677,1207034,1207497,1207508,1207769,1207878,CVE-2022-3606,CVE-2023-0179 The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3606: Fixed a null pointer dereference inside the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF (bnc#1204502). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). The following non-security bugs were fixed: - KVM: VMX: fix crash cleanup when KVM wasn't used (bsc#1207508). - RDMA/core: Fix ib block iterator counter overflow (bsc#1207878). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - blktrace: ensure our debugfs dir exists (git-fixes). - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: fix flush with external metadata device (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm integrity: select CRYPTO_SKCIPHER (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm space maps: do not reset space map allocation cursor when committing (git-fixes). - dm table: Remove BUG_ON(in_interrupt()) (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm verity: fix require_signatures module_param permissions (git-fixes). - dm verity: skip verity work if I/O error when system is shutting down (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - kabi/severities: add mlx5 internal symbols - loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes). - loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix max value for 'first_minor' (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - nbd: make the config put is called before the notifying the waiter (git-fixes). - nbd: restore default timeout when setting it to zero (git-fixes). - net/mlx5: Allocate individual capability (bsc#1195175). - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - net/mlx5: Fix flow counters SF bulk query len (bsc#1195175). - net/mlx5: Reduce flow counters bulk query buffer size for SFs (bsc#1195175). - net/mlx5: Reorganize current and maximal capabilities to be per-type (bsc#1195175). - net/mlx5: Use order-0 allocations for EQs (bsc#1195175). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - rbd: work around -Wuninitialized warning (git-fixes). - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (git-fixes). - scsi: NCR5380: Add disconnect_mask module parameter (git-fixes). - scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes). - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (git-fixes). - scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: bnx2fc: Return failure if io_req is already in ABTS processing (git-fixes). - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO (git-fixes). - scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes). - scsi: core: Do not start concurrent async scan on same host (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - scsi: core: Fix capacity set to zero after offlinining device (git-fixes). - scsi: core: Fix hang of freezing queue between blocking and running device (git-fixes). - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: core: free sgtables in case command setup fails (git-fixes). - scsi: core: sysfs: Fix hang when device state is set via sysfs (git-fixes). - scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (git-fixes). - scsi: cxlflash: Fix error return code in cxlflash_probe() (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes). - scsi: fnic: fix use after free (git-fixes). - scsi: hisi_sas: Check sas_port before using it (git-fixes). - scsi: hisi_sas: Do not reset phy timer to wait for stray phy up (git-fixes). - scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq (git-fixes). - scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw() (git-fixes). - scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (git-fixes). - scsi: iscsi: Do not destroy session if there are outstanding connections (git-fixes). - scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes). - scsi: iscsi: Do not send data to unbound connection (git-fixes). - scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj (git-fixes). - scsi: iscsi: Fix shost->max_id use (git-fixes). - scsi: iscsi: Report unbind session event when the target has been removed (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libfc: Fix a format specifier (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes). - scsi: libsas: Add LUN number check in .slave_alloc callback (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() (git-fixes). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: megaraid_sas: Fix resource leak in case of probe failure (git-fixes). - scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs (git-fixes). - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: mpt3sas: Block PCI config access from userspace during reset (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (git-fixes). - scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm: Balance pm_only counter of request queue during system resume (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Add check to synchronize abort and flush (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: qedf: Return SUCCESS if stale rport is encountered (git-fixes). - scsi: qedi: Fix failed disconnect handling (git-fixes). - scsi: qedi: Fix list_del corruption while removing active I/O (git-fixes). - scsi: qedi: Fix null ref during abort handling (git-fixes). - scsi: qedi: Protect active command list to avoid list corruption (git-fixes). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: num_tgts must be >= 0 (git-fixes). - scsi: scsi_dh_alua: Check for negative result value (git-fixes). - scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() (git-fixes). - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes). - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes). - scsi: scsi_transport_spi: Fix function pointer check (git-fixes). - scsi: scsi_transport_spi: Set RQF_PM for domain validation commands (git-fixes). - scsi: sd: Free scsi_disk device via put_device() (git-fixes). - scsi: sd: Suppress spurious errors when WRITE SAME is being disabled (git-fixes). - scsi: ses: Fix unsigned comparison with less than zero (git-fixes). - scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes). - scsi: sr: Return appropriate error code when disk is ejected (git-fixes). - scsi: sr: Return correct event when media event code is 3 (git-fixes). - scsi: st: Fix a use after free in st_open() (git-fixes). - scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() (git-fixes). - scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes). - scsi: ufs: Clean up completed request without interrupt notification (git-fixes). - scsi: ufs: Fix a race condition in the tracing code (git-fixes). - scsi: ufs: Fix error handing during hibern8 enter (git-fixes). - scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes). - scsi: ufs: Fix interrupt error message for shared interrupts (git-fixes). - scsi: ufs: Fix irq return code (git-fixes). - scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes). - scsi: ufs: Fix tm request when non-fatal error happens (git-fixes). - scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() (git-fixes). - scsi: ufs: Fix up auto hibern8 enablement (git-fixes). - scsi: ufs: Fix wrong print message in dev_err() (git-fixes). - scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes). - scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (git-fixes). - scsi: ufs: Make ufshcd_add_command_trace() easier to read (git-fixes). - scsi: ufs: fix potential bug which ends in system hang (git-fixes). - scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() (git-fixes). - scsi: virtio_scsi: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - scsi: vmw_pvscsi: Set correct residual data length (git-fixes). - scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:427-1 Released: Wed Feb 15 17:40:08 2023 Summary: Security update for bind Type: security Severity: important References: 1207471,CVE-2022-3094 This update for bind fixes the following issues: - CVE-2022-3094: Fixed memory exhaustion due to UPDATE message flooding (bsc#1207471). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:486-1 Released: Thu Feb 23 10:38:13 2023 Summary: Security update for c-ares Type: security Severity: important References: 1208067,CVE-2022-4904 This update for c-ares fixes the following issues: Updated to version 1.19.0: - CVE-2022-4904: Fixed missing string length check in config_sortlist() (bsc#1208067). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:549-1 Released: Mon Feb 27 17:35:07 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1205244,1208443,CVE-2022-45061 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:600-1 Released: Thu Mar 2 14:52:36 2023 Summary: Security update for google-guest-agent Type: security Severity: important References: 1191468,1195391,1195838,1208723,CVE-2021-38297,CVE-2022-23806 This update for google-guest-agent fixes the following issues: Updated to version 20230222.00 and bumped go API version to 1.18 to address the following (bsc#1208723): - CVE-2021-38297: Fixed data overwrite when passing large arguments to GOARCH=wasm GOOS=js (bsc#1191468). - CVE-2022-23806: Fixed Curve.IsOnCurve to incorrectly return true (bsc#1195838). Bugfixes: - Avoid bashism in post-install scripts (bsc#1195391). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:602-1 Released: Thu Mar 2 14:53:51 2023 Summary: Security update for google-osconfig-agent Type: security Severity: important References: 1191468,1195838,1208723,CVE-2021-38297,CVE-2022-23806 This update for google-osconfig-agent fixes the following issues: Updated to version 20230222.00 and bumped go API version to 1.18 to address the following (bsc#1208723): - CVE-2021-38297: Fixed data overwrite when passing large arguments to GOARCH=wasm GOOS=js (bsc#1191468). - CVE-2022-23806: Fixed Curve.IsOnCurve to incorrectly return true (bsc#1195838). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:610-1 Released: Fri Mar 3 12:06:49 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1208143,CVE-2023-0361 This update for gnutls fixes the following issues: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:713-1 Released: Mon Mar 13 10:25:04 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: This update for suse-build-key fixes the following issues: This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise 15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch to mid of 2023. (jsc#PED-2777) - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories). - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories). - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages. - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem: New RSA 4096 key for the SUSE registry registry.suse.com, installed as suse-container-key-2023.pem and suse-container-key-2023.asc - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem: New PTF container signing key for registry.suse.com/ptf/ space. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - bind-utils-9.16.6-150300.22.27.1 updated - ca-certificates-mozilla-2.60-150200.27.1 updated - catatonit-0.1.7-150300.10.3.1 updated - curl-7.66.0-150200.4.45.1 updated - google-guest-agent-20230221.00-150000.1.34.1 updated - google-osconfig-agent-20230222.00-150000.1.27.1 updated - hwdata-0.365-150000.3.54.1 added - kernel-default-5.3.18-150300.59.112.1 updated - krb5-1.19.2-150300.10.1 updated - libbind9-1600-9.16.6-150300.22.27.1 updated - libblkid1-2.36.2-150300.4.32.1 updated - libcares2-1.19.0-150000.3.20.1 updated - libcurl4-7.66.0-150200.4.45.1 updated - libdns1605-9.16.6-150300.22.27.1 updated - libfdisk1-2.36.2-150300.4.32.1 updated - libglib-2_0-0-2.62.6-150200.3.10.1 updated - libgnutls30-3.6.7-150200.14.25.2 updated - libirs1601-9.16.6-150300.22.27.1 updated - libisc1606-9.16.6-150300.22.27.1 updated - libisccc1600-9.16.6-150300.22.27.1 updated - libisccfg1600-9.16.6-150300.22.27.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libmount1-2.36.2-150300.4.32.1 updated - libns1604-9.16.6-150300.22.27.1 updated - libopenssl1_1-1.1.1d-150200.11.57.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libpython3_6m1_0-3.6.15-150300.10.40.1 updated - librelp0-1.2.15-1.15 added - libsmartcols1-2.36.2-150300.4.32.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsystemd0-246.16-150300.7.57.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-246.16-150300.7.57.1 updated - libuuid1-2.36.2-150300.4.32.1 updated - libxml2-2-2.9.7-150000.3.54.1 updated - libz1-1.2.11-150000.3.39.1 updated - openssl-1_1-1.1.1d-150200.11.57.1 updated - permissions-20181225-150200.23.23.1 updated - procps-3.3.15-150000.7.28.1 updated - python3-base-3.6.15-150300.10.40.1 updated - python3-bind-9.16.6-150300.22.27.1 updated - python3-setuptools-40.5.0-150100.6.6.1 updated - python3-3.6.15-150300.10.40.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - samba-client-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 updated - samba-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 added - sle-module-basesystem-release-15.3-47.1 added - sle-module-containers-release-15.3-47.1 added - sle-module-public-cloud-release-15.3-47.1 added - sle-module-server-applications-release-15.3-47.1 added - sudo-1.9.5p2-150300.3.19.1 updated - suse-build-key-12.0-150000.8.31.1 updated - systemd-sysvinit-246.16-150300.7.57.1 updated - systemd-246.16-150300.7.57.1 updated - tar-1.34-150000.3.31.1 updated - timezone-2022g-150000.75.18.1 updated - udev-246.16-150300.7.57.1 updated - util-linux-systemd-2.36.2-150300.4.32.1 updated - util-linux-2.36.2-150300.4.32.1 updated - vim-data-common-9.0.1234-150000.5.34.1 updated - vim-9.0.1234-150000.5.34.1 updated - xen-libs-4.14.5_10-150300.3.45.1 updated - klogd-1.4.1-11.2 removed - pciutils-ids-20200324-3.6.1 removed - vlan-1.9-1.27 removed From sle-updates at lists.suse.com Fri Mar 17 08:04:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 09:04:09 +0100 (CET) Subject: SUSE-CU-2023:690-1: Recommended update of suse/389-ds Message-ID: <20230317080409.5B504F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:690-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-19.35 , suse/389-ds:latest Container Release : 19.35 Severity : important Type : recommended References : 1207294 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated From sle-updates at lists.suse.com Fri Mar 17 08:04:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 09:04:28 +0100 (CET) Subject: SUSE-CU-2023:692-1: Recommended update of bci/bci-micro Message-ID: <20230317080428.C4033F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:692-1 Container Tags : bci/bci-micro:15.4 , bci/bci-micro:15.4.18.2 , bci/bci-micro:latest Container Release : 18.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated From sle-updates at lists.suse.com Fri Mar 17 08:05:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 09:05:24 +0100 (CET) Subject: SUSE-CU-2023:693-1: Recommended update of suse/pcp Message-ID: <20230317080524.DACFFF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:693-1 Container Tags : suse/pcp:5 , suse/pcp:5-12.54 , suse/pcp:5.2 , suse/pcp:5.2-12.54 , suse/pcp:5.2.5 , suse/pcp:5.2.5-12.54 , suse/pcp:latest Container Release : 12.54 Severity : important Type : recommended References : 1186511 1197796 1199558 1202853 1207294 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:665-1 Released: Wed Mar 8 11:05:36 2023 Summary: Recommended update for pcp Type: recommended Severity: moderate References: 1186511,1197796,1199558 This update for pcp fixes the following issues: - Workaround intermittent build-time package preun failures by dropping PMDA Remove script invocation (bsc#1197796) - Adjust systemd service types and remove deprecated KillMode=none (bsc#1186511) - Upgrade to 5.2.5 - Client tools and utilities: + pcp-dstat: correct the sample count logic, was off-by-one + pcp-dstat: fix csv output with timestamps (no special chars) - PMDA additions, enhancements and bug fixes: + pmdazfs: new Linux ZFS metrics + pmdasockets: new Linux ss(1) metrics + pmdahacluster: new HA metrics (Pacemaker, Corosync, DRBD and SBD) + pmdabcc: netproc module: count kernel calls, not packets + pmdalinux: add hinv.cpu.thermal_throttle metrics + pmdalinux: add missing help text for new metrics, drop dups - Server-side utilities and log management scripts: + pmproxy: fix quoting of /series/metrics matched names + pmlogger: fix permissions mismatch for pmlogger tmp dir + pmlogger: fix incorrect reporting of pmcd state changes + pmie_check: explicity set a umask appropriate for pmieconf + pmlogger_check: explicity set a umask appropriate for pmlogconf + pmlogger_check: skip .NeedRewrite processing with -K + pmpost: increase timestamp resolution + pmpost: fix NOTICES file ownership changes + rc scripts: add optional logging + systemd: remove Wants=pmcd from pmlogger and pmie - libpcp, libpcp_pmda, libpcp_mmv, libpcp_web and language bindings + libpcp: redo the interp.c time_caliper changes + libpcp_web: add timer driven webgroup garbage collector + libpcp_pmda: add new function pmdaCachePurgeCallback - Misc build, infrastructure and packaging updates: + libpcp_web: fix minor memory leak on an error path (covscan) + build: fixes to ensure PCP_TMPFILE_DIR not used during the build - Security Enhanced Linux: + selinux: enable netcheck rawip_socket if icmp_socket unavailable + selinux: additional rules needed for pmie/pmlogger in fedora - Documentation and QA infrastructure: + docs: add pointers to readthedocs.io now that books live there + pcp-dstat: optionally install a man page symlink for dstat + docs: pmproxy(1) man page corrections and additions - Upgrade to 5.2.3 - Client tools and utilities: + pcp-htop: minimal version of htop with PCP backend platform + pcp-atop: add per-process network statistics + pcp-atop: result instance indexing performance optimization + pcp-atop: always restore original state of process accounting + pcp2elasticsearch: add guard around maximum long integer size + pmlogsummary: fix indom lookup for dynamic instance domains + pmseries: provide sum() and avg() query functions + pmseries: persist canonical query expressions to Redis + pmseries: fix HMSET calls when querying timeseries expression + pmseries: fix for failing queries with disjuncted qualifiers + pmseries: fix segfault in func call with globbed metric.name - Server-side utilities and log management scripts: + pmproxy: support fabricated SIDs in /series/instances requests + pmproxy: support fabricated SIDs in /series/metrics requests + pmlogger_check: add pmlc connection timeout checking current volume + pmlogctl,pmiectl: ignore saved control files after an upgrade + pmlogconf: add missing mssql template header + pmlogconf: add logger configuration files for the htop command + pmieconf: add a rule to detect and report OOM kills + pmieconf: cleanup old, no-longer-used tool integrations + pmieconf: ensure all automated invocations use the -c switch + pmieconf: fix default generated config file path + pmie_check: remove a tempfile once finished with it - PMDA additions, enhancements and bug fixes: + pmdaapache: fix buffer size to allow for multiple reads of the stream + pmdabcc: added new netproc module with per-process network metrics + pmdaproc: allow to use acct.control.enable_acct as reference counting + pmdalinux: added network.all.* metrics for physical interfaces + pmdalinux: fix case of waitio counters from /proc/stat going backwards + pmdalinux: minor tweaks to use integer math over floating point + dbpmda: send inst profile prior to instances level label requests - libpcp, libpcp_pmda, libpcp_mmv, libpcp_web and language bindings + libpcp: performance improvements for archives with dynamic indoms + libpcp: send instance profile for instances level labels requests + libpcp: make pmLookupName take a (const char **) namelist + libpcp_web: set pmseries source to all-zeroes for expressions + libpcp_web: handle fabricated SIDs in /series/values REST API + python api: fix fetchgroup max_insts size with multiple indoms - Misc build, infrastructure and packaging updates: - Security Enhanced Linux: + selinux: use matching autoconf guard for rawip_socket class - Documentation and QA infrastructure: + docs: update pmdabpftrace man page and README + docs: improvements in diagrams + docs: theme_overrides.css added for readthedocs content + docs: pmseries(1) chapter added in Users and Administrators Guide + docs: add quotes to curl calls with * in pmwebapi query strings + docs: update pmseries schema to describe expression keys - Fix a few rpmlint errors (to at least get below the 1000 mark)(bsc#1199558): + make libpcp-devel require libpcp_gui: the devel package installs a symlink pointing to that library, so anything willing to link it would fail + Call fdupes over /var/lib/pcp/testsuite + W: macro-in-comment: escape the relevant macros using %% + Filter out W: potential-bashisms for pcp-testsuite. - Own %{_datadir}/zsh and %{_datadir}/zsh/site-functions: we have no guaranteed owner of these directories in the buildroot. - Remove sysconfig dependencies, this is not the equivalent of the initscripts package and completly unneeded here; - Add missing hostname requires; - also buildrequire pkgconfig(systemd) to make sure configure detects systemd - Replace ancient RPM variables by modern equivalents. - Drop support for ancient SUSE and ancient Fedora. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:709-1 Released: Fri Mar 10 16:04:41 2023 Summary: Recommended update for console-setup Type: recommended Severity: moderate References: 1202853 This update for console-setup and kbd fixes the following issue: - Fix Caps_Lock mapping for us.map and others (bsc#1202853) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - rpm-ndb-4.14.3-150300.55.1 updated - kbd-legacy-2.4.0-150400.5.3.1 updated - kbd-2.4.0-150400.5.3.1 updated - pcp-conf-5.2.5-150400.5.3.11 updated - libpcp3-5.2.5-150400.5.3.11 updated - libpcp_web1-5.2.5-150400.5.3.11 updated - libpcp_trace2-5.2.5-150400.5.3.11 updated - libpcp_mmv1-5.2.5-150400.5.3.11 updated - libpcp_import1-5.2.5-150400.5.3.11 updated - libpcp_gui2-5.2.5-150400.5.3.11 updated - pcp-5.2.5-150400.5.3.11 updated - container:bci-bci-init-15.4-15.4-25.26 updated - libnl-config-3.3.0-1.29 removed - libnl3-200-3.3.0-1.29 removed - sysconfig-0.85.9-150200.12.1 removed - sysconfig-netconfig-0.85.9-150200.12.1 removed - wicked-0.6.70-150400.3.3.1 removed - wicked-service-0.6.70-150400.3.3.1 removed From sle-updates at lists.suse.com Fri Mar 17 08:06:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 09:06:00 +0100 (CET) Subject: SUSE-CU-2023:694-1: Security update of bci/python Message-ID: <20230317080600.42663F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:694-1 Container Tags : bci/python:3 , bci/python:3-11.31 , bci/python:3.10 , bci/python:3.10-11.31 , bci/python:latest Container Release : 11.31 Severity : important Type : security References : 1208471 831629 CVE-2015-20107 CVE-2022-37454 CVE-2022-42919 CVE-2022-45061 CVE-2023-24329 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:748-1 Released: Wed Mar 15 20:34:06 2023 Summary: Security update for python310 Type: security Severity: important References: 1208471,831629,CVE-2015-20107,CVE-2022-37454,CVE-2022-42919,CVE-2022-45061,CVE-2023-24329 This update for python310 fixes the following issues: - CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). Update to 3.10.10: - Add provides for readline and sqlite3 to the main Python package. - Disable NIS for new products, it's deprecated and gets removed Update to 3.10.9: - python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server lo This is done by changing the http.server BaseHTTPRequestHandler .log_message method to replace control characters with a \xHH hex escape before printin - Avoid publishing list of active per-interpreter audit hooks via the gc module - The IDNA codec decoder used on DNS hostnames by socket or asyncio related name resolution functions no longer involves a quadratic algorithm. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name. - Update bundled libexpat to 2.5.0 - Port XKCP???s fix for the buffer overflows in SHA-3 (CVE-2022-37454). - On Linux the multiprocessing module returns to using filesystem backed unix domain sockets for communication with the forkserver process instead of the Linux abstract socket namespace. Only code that chooses to use the ???forkserver??? start method is affected Abstract sockets have no permissions and could allow any user on the system in the same network namespace (often the whole system) to inject code into the multiprocessing forkserver process. This was a potential privilege escalation. Filesystem based socket permissions restrict this to the forkserver process user as was the default in Python 3.8 and earlier This prevents Linux CVE-2022-42919 - Fix a reference bug in _imp.create_builtin() after the creation of the first sub-interpreter for modules builtins and sys. Patch by Victor Stinner. - Fixed a bug that was causing a buffer overflow if the tokenizer copies a line missing the newline caracter from a file that is as long as the available tokenizer buffer. Patch by Pablo galindo - Update faulthandler to emit an error message with the proper unexpected signal number. Patch by Dong-hee Na. - Fix subscription of types.GenericAlias instances containing bare generic types: for example tuple[A, T][int], where A is a generic type, and T is a type variable. - Fix detection of MAC addresses for uuid on certain OSs. Patch by Chaim Sanders - Print exception class name instead of its string representation when raising errors from ctypes calls. - Allow pdb to locate source for frozen modules in the standard library. - Raise ValueError instead of SystemError when methods of uninitialized io.IncrementalNewlineDecoder objects are called. Patch by Oren Milman. - Fix a possible assertion failure in io.FileIO when the opener returns an invalid file descriptor. - Also escape s in the http.server BaseHTTPRequestHandler.log_message so that it is technically possible to parse the line and reconstruct what the original data was. Without this a xHH is ambiguious as to if it is a hex replacement we put in or the characters r???x??? came through in the original request line. - asyncio.get_event_loop() now only emits a deprecation warning when a new event loop was created implicitly. It no longer emits a deprecation warning if the current event loop was set. - Fix bug when calling trace.CoverageResults with valid infile. - Fix a bug in handling class cleanups in unittest.TestCase. Now addClassCleanup() uses separate lists for different TestCase subclasses, and doClassCleanups() only cleans up the particular class. - Release the GIL when calling termios APIs to avoid blocking threads. - Fix ast.increment_lineno() to also cover ast.TypeIgnore when changing line numbers. - Fixed bug where inspect.signature() reported incorrect arguments for decorated methods. - Fix SystemError in ctypes when exception was not set during __initsubclass__. - Fix statistics.NormalDist pickle with 0 and 1 protocols. - Update the bundled copy of pip to version 22.3.1. - Apply bugfixes from importlib_metadata 4.11.4, namely: In PathDistribution._name_from_stem, avoid including parts of the extension in the result. In PathDistribution._normalized_name, ensure names loaded from the stem of the filename are also normalized, ensuring duplicate entry points by packages varying only by non-normalized name are hidden. - Clean up refleak on failed module initialisation in _zoneinfo - Clean up refleaks on failed module initialisation in in _pickle - Clean up refleak on failed module initialisation in _io. - Fix memory leak in math.dist() when both points don???t have the same dimension. Patch by Kumar Aditya. - Fix argument typechecks in _overlapped.WSAConnect() and _overlapped.Overlapped.WSASendTo() functions. - Fix internal error in the re module which in very rare circumstances prevented compilation of a regular expression containing a conditional expression without the ???else??? branch. - Fix asyncio.StreamWriter.drain() to call protocol.connection_lost callback only once on Windows. - Add a mutex to unittest.mock.NonCallableMock to protect concurrent access to mock attributes. - Fix hang on Windows in subprocess.wait_closed() in asyncio with ProactorEventLoop. Patch by Kumar Aditya. - Fix infinite loop in unittest when a self-referencing chained exception is raised - tkinter.Text.count() raises now an exception for options starting with ???-??? instead of silently ignoring them. - On uname_result, restored expectation that _fields and _asdict would include all six properties including processor. - Update the bundled copies of pip and setuptools to versions 22.3 and 65.5.0 respectively. - Fix bug in urllib.parse.urlparse() that causes certain port numbers containing whitespace, underscores, plus and minus signs, or non-ASCII digits to be incorrectly accepted. - Allow venv to pass along PYTHON* variables to ensurepip and pip when they do not impact path resolution - On macOS, fix a crash in syslog.syslog() in multi-threaded applications. On macOS, the libc syslog() function is not thread-safe, so syslog.syslog() no longer releases the GIL to call it. Patch by Victor Stinner. - Allow BUILTINS to be a valid field name for frozen dataclasses. - Make sure patch.dict() can be applied on async functions. - To avoid apparent memory leaks when asyncio.open_connection() raises, break reference cycles generated by local exception and future instances (which has exception instance as its member var). Patch by Dong Uk, Kang. - Prevent error when activating venv in nested fish instances. - Restrict use of sockets instead of pipes for stdin of subprocesses created by asyncio to AIX platform only. - shutil.copytree() now applies the ignore_dangling_symlinks argument recursively. - Fix IndexError in argparse.ArgumentParser when a store_true action is given an explicit argument. - Document that calling variadic functions with ctypes requires special care on macOS/arm64 (and possibly other platforms). - Skip test_normalization() of test_unicodedata if it fails to download NormalizationTest.txt file from pythontest.net. Patch by Victor Stinner. - Some C API tests were moved into the new Lib/test/test_capi/ directory. - Fix -Wimplicit-int, -Wstrict-prototypes, and -Wimplicit-function-declaration compiler warnings in configure checks. - Fix -Wimplicit-int compiler warning in configure check for PTHREAD_SCOPE_SYSTEM. - Specify the full path to the source location for make docclean (needed for cross-builds). - Fix NO_MISALIGNED_ACCESSES being not defined for the SHA3 extension when HAVE_ALIGNED_REQUIRED is set. Allowing builds on hardware that unaligned memory accesses are not allowed. - Fix handling of module docstrings in Tools/i18n/pygettext.py. - Add invalid-json.patch fixing invalid JSON in Doc/howto/logging-cookbook.rst (somehow similar to gh#python/cpython#102582). The following package changes have been done: - libpython3_10-1_0-3.10.10-150400.4.22.1 updated - python310-base-3.10.10-150400.4.22.1 updated - python310-3.10.10-150400.4.22.1 updated - python310-devel-3.10.10-150400.4.22.1 updated - container:sles15-image-15.0.0-27.14.39 updated From sle-updates at lists.suse.com Fri Mar 17 08:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 08:30:04 -0000 Subject: SUSE-SU-2023:0794-1: critical: Security update for python-PyJWT Message-ID: <167904180463.29002.2398339623597087568@smelt2.suse.de> # Security update for python-PyJWT Announcement ID: SUSE-SU-2023:0794-1 Rating: critical References: * #1176785 * #1199282 * #1199756 Cross-References: * CVE-2022-29217 CVSS scores: * CVE-2022-29217 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-29217 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability, contains four features and has two fixes can now be installed. ## Description: This update for python-PyJWT fixes the following issues: * CVE-2022-29217: Fixed Key confusion through non-blocklisted public key formats (bsc#1199756). * Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Update to 2.4.0 (bsc#1199756) * Explicit check the key for ECAlgorithm * Don't use implicit optionals * documentation fix: show correct scope * fix: Update copyright information * Don't mutate options dictionary in .decode_complete() * Add support for Python 3.10 * api_jwk: Add PyJWKSet. **getitem** * Update usage.rst * Docs: mention performance reasons for reusing RSAPrivateKey when encoding * Fixed typo in usage.rst * Add detached payload support for JWS encoding and decoding * Replace various string interpolations with f-strings by ## Patch Instructions: To install this SUSE Critical update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-794=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-794=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-794=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-794=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-794=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-794=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-794=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-794=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-794=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-794=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-794=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-794=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-794=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-794=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-794=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python3-PyJWT-2.4.0-150200.3.6.2 * Basesystem Module 15-SP4 (noarch) * python3-PyJWT-2.4.0-150200.3.6.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * python3-PyJWT-2.4.0-150200.3.6.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * python3-PyJWT-2.4.0-150200.3.6.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * python3-PyJWT-2.4.0-150200.3.6.2 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * python3-PyJWT-2.4.0-150200.3.6.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * python3-PyJWT-2.4.0-150200.3.6.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * python3-PyJWT-2.4.0-150200.3.6.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * python3-PyJWT-2.4.0-150200.3.6.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * python3-PyJWT-2.4.0-150200.3.6.2 * SUSE Manager Proxy 4.2 (noarch) * python3-PyJWT-2.4.0-150200.3.6.2 * SUSE Manager Retail Branch Server 4.2 (noarch) * python3-PyJWT-2.4.0-150200.3.6.2 * SUSE Manager Server 4.2 (noarch) * python3-PyJWT-2.4.0-150200.3.6.2 * SUSE Enterprise Storage 7.1 (noarch) * python3-PyJWT-2.4.0-150200.3.6.2 * SUSE Enterprise Storage 7 (noarch) * python3-PyJWT-2.4.0-150200.3.6.2 ## References: * https://www.suse.com/security/cve/CVE-2022-29217.html * https://bugzilla.suse.com/show_bug.cgi?id=1176785 * https://bugzilla.suse.com/show_bug.cgi?id=1199282 * https://bugzilla.suse.com/show_bug.cgi?id=1199756 * https://jira.suse.com/browse/ECO-3105 * https://jira.suse.com/browse/PM-2352 * https://jira.suse.com/browse/PM-3243 * https://jira.suse.com/browse/SLE-24629 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 17 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 08:30:07 -0000 Subject: SUSE-RU-2023:0793-1: moderate: Recommended update for purge-kernels-service Message-ID: <167904180722.29002.7555175620442113581@smelt2.suse.de> # Recommended update for purge-kernels-service Announcement ID: SUSE-RU-2023:0793-1 Rating: moderate References: * #1198668 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for purge-kernels-service fixes the following issues: * Change systemd service type to 'exec' (bsc#1198668) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-793=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-793=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-793=1 ## Package List: * openSUSE Leap 15.4 (noarch) * purge-kernels-service-0-150200.8.6.1 * Basesystem Module 15-SP4 (noarch) * purge-kernels-service-0-150200.8.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * purge-kernels-service-0-150200.8.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1198668 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 17 08:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 08:30:10 -0000 Subject: SUSE-RU-2023:0792-1: moderate: Recommended update for gnome-shell Message-ID: <167904181005.29002.2702518120170078321@smelt2.suse.de> # Recommended update for gnome-shell Announcement ID: SUSE-RU-2023:0792-1 Rating: moderate References: * #1205518 * #1207323 Affected Products: * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for gnome-shell fixes the following issues: * Fix for warning messages not showing in login screen (bsc#1207323) * Fix GNOME graphical session startup issues (bsc#1205518) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-792=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-792=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-792=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * gnome-extensions-debuginfo-41.9-150400.3.8.1 * gnome-shell-calendar-41.9-150400.3.8.1 * gnome-shell-debugsource-41.9-150400.3.8.1 * gnome-shell-calendar-debuginfo-41.9-150400.3.8.1 * gnome-shell-debuginfo-41.9-150400.3.8.1 * gnome-extensions-41.9-150400.3.8.1 * gnome-shell-41.9-150400.3.8.1 * gnome-shell-devel-41.9-150400.3.8.1 * openSUSE Leap 15.4 (noarch) * gnome-shell-lang-41.9-150400.3.8.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * gnome-extensions-debuginfo-41.9-150400.3.8.1 * gnome-shell-debugsource-41.9-150400.3.8.1 * gnome-shell-debuginfo-41.9-150400.3.8.1 * gnome-extensions-41.9-150400.3.8.1 * gnome-shell-41.9-150400.3.8.1 * gnome-shell-devel-41.9-150400.3.8.1 * Desktop Applications Module 15-SP4 (noarch) * gnome-shell-lang-41.9-150400.3.8.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * gnome-shell-debuginfo-41.9-150400.3.8.1 * gnome-shell-calendar-41.9-150400.3.8.1 * gnome-shell-debugsource-41.9-150400.3.8.1 * gnome-shell-calendar-debuginfo-41.9-150400.3.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1205518 * https://bugzilla.suse.com/show_bug.cgi?id=1207323 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 17 08:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 08:30:10 -0000 Subject: SUSE-OU-2023:0791-1: moderate: Optional update for golang-github-prometheus-node_exporter Message-ID: <167904181098.29002.14016025320136614304@smelt2.suse.de> # Optional update for golang-github-prometheus-node_exporter Announcement ID: SUSE-OU-2023:0791-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for golang-github-prometheus-node_exporter fixes the following issues: * Move package for SUSE Linux Enterprise Micro to the correct codestream * No source changes ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-791=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2023-791=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-791=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-791=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-node_exporter-1.3.0-150100.3.20.2 * SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64) * golang-github-prometheus-node_exporter-1.3.0-150100.3.20.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-node_exporter-1.3.0-150100.3.20.2 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * golang-github-prometheus-node_exporter-1.3.0-150100.3.20.2 ## References: * https://jira.suse.com/browse/MSC-595 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 17 08:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 08:30:13 -0000 Subject: SUSE-RU-2023:0790-1: important: Recommended update for kexec-tools Message-ID: <167904181304.29002.5626756624894493503@smelt2.suse.de> # Recommended update for kexec-tools Announcement ID: SUSE-RU-2023:0790-1 Rating: important References: * #1203410 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for kexec-tools fixes the following issues: * Remove ram_top restriction (bsc#1203410) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-790=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-790=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-790=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-790=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-790=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * kexec-tools-2.0.20-150400.16.3.1 * kexec-tools-debuginfo-2.0.20-150400.16.3.1 * kexec-tools-debugsource-2.0.20-150400.16.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kexec-tools-2.0.20-150400.16.3.1 * kexec-tools-debuginfo-2.0.20-150400.16.3.1 * kexec-tools-debugsource-2.0.20-150400.16.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kexec-tools-2.0.20-150400.16.3.1 * kexec-tools-debuginfo-2.0.20-150400.16.3.1 * kexec-tools-debugsource-2.0.20-150400.16.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kexec-tools-2.0.20-150400.16.3.1 * kexec-tools-debuginfo-2.0.20-150400.16.3.1 * kexec-tools-debugsource-2.0.20-150400.16.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kexec-tools-2.0.20-150400.16.3.1 * kexec-tools-debuginfo-2.0.20-150400.16.3.1 * kexec-tools-debugsource-2.0.20-150400.16.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1203410 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 17 08:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 08:30:20 -0000 Subject: SUSE-FU-2023:0789-1: important: Feature update for lapack Message-ID: <167904182036.29002.14182186867044669487@smelt2.suse.de> # Feature update for lapack Announcement ID: SUSE-FU-2023:0789-1 Rating: important References: * #1087426 * #1166619 * #1184786 * #1207358 * #1207563 * #1207989 Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that contains one feature and has six feature fixes can now be installed. ## Description: This update for lapack fixes the following issues: Version update from 3.5.0 to 3.9.0 (jsc#PED-3628): * As a configurable option, add tmglib code to the LAPACK library and enable TMG in LAPACKE as the header files provide its API (bsc#1207989, bsc#1087426) * Build deprecated functions to avoid breaking the ABI (bsc#1207989) * Make library links in the alternatives directory architecture dependent. This avoids conflicts when both 32-bit and 64-bit versions are installed (bsc#1207563) * Fix conflicts with openblas (bsc#1207358) * Fix build failures with GCC 10 (bsc#1166619) * For the full list of changes and features implemented by this update please consult the release notes at: * https://netlib.org/lapack/lapack-3.9.0.html * https://netlib.org/lapack/lapack-3.8.0.html * https://netlib.org/lapack/lapack-3.7.0.html * https://netlib.org/lapack/lapack-3.6.0.html ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-789=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-789=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-789=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-789=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-789=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-789=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-789=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-789=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-789=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-789=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-789=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-789=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-789=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-789=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-789=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-789=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-789=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-789=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-789=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * liblapack3-debuginfo-3.9.0-150000.4.13.2 * libblas3-3.9.0-150000.4.13.2 * lapacke-devel-3.9.0-150000.4.13.2 * lapack-debugsource-3.9.0-150000.4.13.2 * libblas3-debuginfo-3.9.0-150000.4.13.2 * liblapacke3-3.9.0-150000.4.13.2 * liblapacke3-debuginfo-3.9.0-150000.4.13.2 * blas-devel-3.9.0-150000.4.13.2 * lapacke-devel-static-3.9.0-150000.4.13.2 * liblapack3-3.9.0-150000.4.13.2 * blas-devel-static-3.9.0-150000.4.13.2 * lapack-devel-static-3.9.0-150000.4.13.2 * lapack-devel-3.9.0-150000.4.13.2 * openSUSE Leap 15.4 (x86_64) * lapack-devel-32bit-3.9.0-150000.4.13.2 * liblapacke3-32bit-3.9.0-150000.4.13.2 * lapacke-devel-32bit-3.9.0-150000.4.13.2 * liblapack3-32bit-3.9.0-150000.4.13.2 * blas-devel-32bit-3.9.0-150000.4.13.2 * liblapacke3-32bit-debuginfo-3.9.0-150000.4.13.2 * liblapack3-32bit-debuginfo-3.9.0-150000.4.13.2 * libblas3-32bit-3.9.0-150000.4.13.2 * libblas3-32bit-debuginfo-3.9.0-150000.4.13.2 * openSUSE Leap 15.4 (noarch) * lapack-man-3.9.0-150000.4.13.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * liblapack3-debuginfo-3.9.0-150000.4.13.2 * libblas3-3.9.0-150000.4.13.2 * libblas3-debuginfo-3.9.0-150000.4.13.2 * lapack-debugsource-3.9.0-150000.4.13.2 * blas-devel-3.9.0-150000.4.13.2 * liblapack3-3.9.0-150000.4.13.2 * lapack-devel-3.9.0-150000.4.13.2 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libcblas3-3.9.0-150000.4.13.2 * lapacke-devel-3.9.0-150000.4.13.2 * lapack-debugsource-3.9.0-150000.4.13.2 * liblapacke3-3.9.0-150000.4.13.2 * liblapacke3-debuginfo-3.9.0-150000.4.13.2 * libcblas3-debuginfo-3.9.0-150000.4.13.2 * cblas-devel-3.9.0-150000.4.13.2 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * liblapack3-debuginfo-3.9.0-150000.4.13.2 * libblas3-3.9.0-150000.4.13.2 * libblas3-debuginfo-3.9.0-150000.4.13.2 * lapack-debugsource-3.9.0-150000.4.13.2 * liblapacke3-3.9.0-150000.4.13.2 * liblapacke3-debuginfo-3.9.0-150000.4.13.2 * blas-devel-3.9.0-150000.4.13.2 * liblapack3-3.9.0-150000.4.13.2 * lapack-devel-3.9.0-150000.4.13.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * liblapack3-debuginfo-3.9.0-150000.4.13.2 * libblas3-3.9.0-150000.4.13.2 * libblas3-debuginfo-3.9.0-150000.4.13.2 * lapack-debugsource-3.9.0-150000.4.13.2 * liblapacke3-3.9.0-150000.4.13.2 * liblapacke3-debuginfo-3.9.0-150000.4.13.2 * blas-devel-3.9.0-150000.4.13.2 * liblapack3-3.9.0-150000.4.13.2 * lapack-devel-3.9.0-150000.4.13.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * liblapack3-debuginfo-3.9.0-150000.4.13.2 * libblas3-3.9.0-150000.4.13.2 * libblas3-debuginfo-3.9.0-150000.4.13.2 * lapack-debugsource-3.9.0-150000.4.13.2 * liblapacke3-3.9.0-150000.4.13.2 * liblapacke3-debuginfo-3.9.0-150000.4.13.2 * blas-devel-3.9.0-150000.4.13.2 * liblapack3-3.9.0-150000.4.13.2 * lapack-devel-3.9.0-150000.4.13.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * liblapack3-debuginfo-3.9.0-150000.4.13.2 * libblas3-3.9.0-150000.4.13.2 * libblas3-debuginfo-3.9.0-150000.4.13.2 * lapack-debugsource-3.9.0-150000.4.13.2 * liblapacke3-3.9.0-150000.4.13.2 * liblapacke3-debuginfo-3.9.0-150000.4.13.2 * blas-devel-3.9.0-150000.4.13.2 * liblapack3-3.9.0-150000.4.13.2 * lapack-devel-3.9.0-150000.4.13.2 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * liblapack3-debuginfo-3.9.0-150000.4.13.2 * libblas3-3.9.0-150000.4.13.2 * libblas3-debuginfo-3.9.0-150000.4.13.2 * lapack-debugsource-3.9.0-150000.4.13.2 * liblapacke3-3.9.0-150000.4.13.2 * liblapacke3-debuginfo-3.9.0-150000.4.13.2 * blas-devel-3.9.0-150000.4.13.2 * liblapack3-3.9.0-150000.4.13.2 * lapack-devel-3.9.0-150000.4.13.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * liblapack3-debuginfo-3.9.0-150000.4.13.2 * libblas3-3.9.0-150000.4.13.2 * libblas3-debuginfo-3.9.0-150000.4.13.2 * lapack-debugsource-3.9.0-150000.4.13.2 * liblapacke3-3.9.0-150000.4.13.2 * liblapacke3-debuginfo-3.9.0-150000.4.13.2 * blas-devel-3.9.0-150000.4.13.2 * liblapack3-3.9.0-150000.4.13.2 * lapack-devel-3.9.0-150000.4.13.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * liblapack3-debuginfo-3.9.0-150000.4.13.2 * libblas3-3.9.0-150000.4.13.2 * libblas3-debuginfo-3.9.0-150000.4.13.2 * lapack-debugsource-3.9.0-150000.4.13.2 * liblapacke3-3.9.0-150000.4.13.2 * liblapacke3-debuginfo-3.9.0-150000.4.13.2 * blas-devel-3.9.0-150000.4.13.2 * liblapack3-3.9.0-150000.4.13.2 * lapack-devel-3.9.0-150000.4.13.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * liblapack3-debuginfo-3.9.0-150000.4.13.2 * libblas3-3.9.0-150000.4.13.2 * libblas3-debuginfo-3.9.0-150000.4.13.2 * lapack-debugsource-3.9.0-150000.4.13.2 * liblapacke3-3.9.0-150000.4.13.2 * liblapacke3-debuginfo-3.9.0-150000.4.13.2 * blas-devel-3.9.0-150000.4.13.2 * liblapack3-3.9.0-150000.4.13.2 * lapack-devel-3.9.0-150000.4.13.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * liblapack3-debuginfo-3.9.0-150000.4.13.2 * libblas3-3.9.0-150000.4.13.2 * libblas3-debuginfo-3.9.0-150000.4.13.2 * lapack-debugsource-3.9.0-150000.4.13.2 * liblapacke3-3.9.0-150000.4.13.2 * liblapacke3-debuginfo-3.9.0-150000.4.13.2 * blas-devel-3.9.0-150000.4.13.2 * liblapack3-3.9.0-150000.4.13.2 * lapack-devel-3.9.0-150000.4.13.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * liblapack3-debuginfo-3.9.0-150000.4.13.2 * libblas3-3.9.0-150000.4.13.2 * libblas3-debuginfo-3.9.0-150000.4.13.2 * lapack-debugsource-3.9.0-150000.4.13.2 * liblapacke3-3.9.0-150000.4.13.2 * liblapacke3-debuginfo-3.9.0-150000.4.13.2 * blas-devel-3.9.0-150000.4.13.2 * liblapack3-3.9.0-150000.4.13.2 * lapack-devel-3.9.0-150000.4.13.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * liblapack3-debuginfo-3.9.0-150000.4.13.2 * libblas3-3.9.0-150000.4.13.2 * libblas3-debuginfo-3.9.0-150000.4.13.2 * lapack-debugsource-3.9.0-150000.4.13.2 * liblapacke3-3.9.0-150000.4.13.2 * liblapacke3-debuginfo-3.9.0-150000.4.13.2 * blas-devel-3.9.0-150000.4.13.2 * liblapack3-3.9.0-150000.4.13.2 * lapack-devel-3.9.0-150000.4.13.2 * SUSE Manager Proxy 4.2 (x86_64) * liblapack3-debuginfo-3.9.0-150000.4.13.2 * libblas3-3.9.0-150000.4.13.2 * libblas3-debuginfo-3.9.0-150000.4.13.2 * lapack-debugsource-3.9.0-150000.4.13.2 * blas-devel-3.9.0-150000.4.13.2 * liblapack3-3.9.0-150000.4.13.2 * lapack-devel-3.9.0-150000.4.13.2 * SUSE Manager Retail Branch Server 4.2 (x86_64) * liblapack3-debuginfo-3.9.0-150000.4.13.2 * libblas3-3.9.0-150000.4.13.2 * libblas3-debuginfo-3.9.0-150000.4.13.2 * lapack-debugsource-3.9.0-150000.4.13.2 * blas-devel-3.9.0-150000.4.13.2 * liblapack3-3.9.0-150000.4.13.2 * lapack-devel-3.9.0-150000.4.13.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * liblapack3-debuginfo-3.9.0-150000.4.13.2 * libblas3-3.9.0-150000.4.13.2 * libblas3-debuginfo-3.9.0-150000.4.13.2 * lapack-debugsource-3.9.0-150000.4.13.2 * blas-devel-3.9.0-150000.4.13.2 * liblapack3-3.9.0-150000.4.13.2 * lapack-devel-3.9.0-150000.4.13.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * liblapack3-debuginfo-3.9.0-150000.4.13.2 * libblas3-3.9.0-150000.4.13.2 * libblas3-debuginfo-3.9.0-150000.4.13.2 * lapack-debugsource-3.9.0-150000.4.13.2 * liblapacke3-3.9.0-150000.4.13.2 * liblapacke3-debuginfo-3.9.0-150000.4.13.2 * blas-devel-3.9.0-150000.4.13.2 * liblapack3-3.9.0-150000.4.13.2 * lapack-devel-3.9.0-150000.4.13.2 * SUSE Enterprise Storage 7 (aarch64 x86_64) * liblapack3-debuginfo-3.9.0-150000.4.13.2 * libblas3-3.9.0-150000.4.13.2 * libblas3-debuginfo-3.9.0-150000.4.13.2 * lapack-debugsource-3.9.0-150000.4.13.2 * liblapacke3-3.9.0-150000.4.13.2 * liblapacke3-debuginfo-3.9.0-150000.4.13.2 * blas-devel-3.9.0-150000.4.13.2 * liblapack3-3.9.0-150000.4.13.2 * lapack-devel-3.9.0-150000.4.13.2 * SUSE CaaS Platform 4.0 (x86_64) * liblapack3-debuginfo-3.9.0-150000.4.13.2 * libblas3-3.9.0-150000.4.13.2 * libblas3-debuginfo-3.9.0-150000.4.13.2 * lapack-debugsource-3.9.0-150000.4.13.2 * liblapacke3-3.9.0-150000.4.13.2 * liblapacke3-debuginfo-3.9.0-150000.4.13.2 * blas-devel-3.9.0-150000.4.13.2 * liblapack3-3.9.0-150000.4.13.2 * lapack-devel-3.9.0-150000.4.13.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1087426 * https://bugzilla.suse.com/show_bug.cgi?id=1166619 * https://bugzilla.suse.com/show_bug.cgi?id=1184786 * https://bugzilla.suse.com/show_bug.cgi?id=1207358 * https://bugzilla.suse.com/show_bug.cgi?id=1207563 * https://bugzilla.suse.com/show_bug.cgi?id=1207989 * https://jira.suse.com/browse/PED-3628 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 17 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 12:30:03 -0000 Subject: SUSE-SU-2023:0795-1: moderate: Security update for docker Message-ID: <167905620376.2491.5210829940575394288@smelt2.suse.de> # Security update for docker Announcement ID: SUSE-SU-2023:0795-1 Rating: moderate References: * #1205375 * #1206065 Cross-References: * CVE-2022-36109 CVSS scores: * CVE-2022-36109 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2022-36109 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for docker fixes the following issues: Docker was updated to 20.10.23-ce. See upstream changelog at https://docs.docker.com/engine/release-notes/#201023 Docker was updated to 20.10.21-ce (bsc#1206065) See upstream changelog at https://docs.docker.com/engine/release-notes/#201021 Security issues fixed: * CVE-2022-36109: Fixed supplementary group permissions bypass (bsc#1205375) * Fix wrong After: in docker.service, fixes bsc#1188447 * Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux. * Allow to install container-selinux instead of apparmor-parser. * Change to using systemd-sysusers ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-795=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-795=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-795=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-795=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-795=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-795=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-795=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-795=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-795=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-795=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-795=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-795=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-795=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-795=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-795=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-795=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-795=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-795=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-795=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-795=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * docker-20.10.23_ce-150000.175.1 * docker-debuginfo-20.10.23_ce-150000.175.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * docker-20.10.23_ce-150000.175.1 * docker-debuginfo-20.10.23_ce-150000.175.1 * openSUSE Leap 15.4 (noarch) * docker-fish-completion-20.10.23_ce-150000.175.1 * docker-bash-completion-20.10.23_ce-150000.175.1 * docker-zsh-completion-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * docker-20.10.23_ce-150000.175.1 * docker-debuginfo-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * docker-20.10.23_ce-150000.175.1 * docker-debuginfo-20.10.23_ce-150000.175.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * docker-20.10.23_ce-150000.175.1 * docker-debuginfo-20.10.23_ce-150000.175.1 * Containers Module 15-SP4 (noarch) * docker-bash-completion-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * docker-20.10.23_ce-150000.175.1 * docker-debuginfo-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * docker-bash-completion-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * docker-20.10.23_ce-150000.175.1 * docker-debuginfo-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * docker-bash-completion-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * docker-20.10.23_ce-150000.175.1 * docker-debuginfo-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * docker-fish-completion-20.10.23_ce-150000.175.1 * docker-bash-completion-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * docker-20.10.23_ce-150000.175.1 * docker-debuginfo-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * docker-fish-completion-20.10.23_ce-150000.175.1 * docker-bash-completion-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * docker-20.10.23_ce-150000.175.1 * docker-debuginfo-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * docker-bash-completion-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * docker-20.10.23_ce-150000.175.1 * docker-debuginfo-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * docker-bash-completion-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * docker-20.10.23_ce-150000.175.1 * docker-debuginfo-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * docker-fish-completion-20.10.23_ce-150000.175.1 * docker-bash-completion-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * docker-20.10.23_ce-150000.175.1 * docker-debuginfo-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * docker-bash-completion-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * docker-20.10.23_ce-150000.175.1 * docker-debuginfo-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * docker-bash-completion-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * docker-20.10.23_ce-150000.175.1 * docker-debuginfo-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * docker-fish-completion-20.10.23_ce-150000.175.1 * docker-bash-completion-20.10.23_ce-150000.175.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * docker-20.10.23_ce-150000.175.1 * docker-debuginfo-20.10.23_ce-150000.175.1 * SUSE Enterprise Storage 7.1 (noarch) * docker-fish-completion-20.10.23_ce-150000.175.1 * docker-bash-completion-20.10.23_ce-150000.175.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * docker-20.10.23_ce-150000.175.1 * docker-debuginfo-20.10.23_ce-150000.175.1 * SUSE Enterprise Storage 7 (noarch) * docker-bash-completion-20.10.23_ce-150000.175.1 * SUSE CaaS Platform 4.0 (x86_64) * docker-20.10.23_ce-150000.175.1 * docker-debuginfo-20.10.23_ce-150000.175.1 * SUSE CaaS Platform 4.0 (noarch) * docker-bash-completion-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * docker-20.10.23_ce-150000.175.1 * docker-debuginfo-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * docker-20.10.23_ce-150000.175.1 * docker-debuginfo-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * docker-20.10.23_ce-150000.175.1 * docker-debuginfo-20.10.23_ce-150000.175.1 ## References: * https://www.suse.com/security/cve/CVE-2022-36109.html * https://bugzilla.suse.com/show_bug.cgi?id=1205375 * https://bugzilla.suse.com/show_bug.cgi?id=1206065 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Mar 17 15:48:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 16:48:25 +0100 (CET) Subject: SUSE-IU-2023:164-1: Security update of suse-sles-15-sp3-chost-byos-v20230313-x86_64-gen2 Message-ID: <20230317154825.7CA78F46D@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20230313-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:164-1 Image Tags : suse-sles-15-sp3-chost-byos-v20230313-x86_64-gen2:20230313 Image Release : Severity : important Type : security References : 1027519 1065729 1065729 1071995 1103388 1104120 1106523 1121365 1121410 1151927 1156395 1156395 1157049 1168806 1170160 1170160 1177460 1178168 1180422 1180482 1182066 1182482 1182482 1183533 1184350 1185697 1186749 1187948 1189297 1190091 1190969 1191375 1192761 1194038 1194338 1195175 1196332 1196332 1198331 1198472 1199282 1199467 1199657 1200110 1200723 1200845 1201455 1201469 1201689 1202436 1202436 1203144 1203183 1203652 1203693 1203740 1203746 1203857 1203960 1204017 1204142 1204171 1204215 1204228 1204241 1204250 1204328 1204364 1204414 1204423 1204446 1204502 1204585 1204614 1204636 1204693 1204693 1204760 1204779 1204780 1204791 1204810 1204827 1204850 1204868 1204934 1204957 1204963 1204967 1204989 1205000 1205126 1205128 1205130 1205149 1205209 1205220 1205244 1205256 1205264 1205329 1205330 1205385 1205386 1205428 1205473 1205495 1205496 1205514 1205567 1205601 1205617 1205646 1205671 1205695 1205700 1205705 1205709 1205753 1205796 1205797 1205946 1205984 1205985 1205986 1205987 1205988 1205989 1206028 1206032 1206037 1206071 1206072 1206073 1206075 1206077 1206113 1206114 1206174 1206175 1206176 1206177 1206178 1206179 1206207 1206212 1206212 1206309 1206337 1206344 1206389 1206393 1206394 1206395 1206397 1206398 1206399 1206412 1206504 1206504 1206515 1206546 1206579 1206602 1206622 1206634 1206635 1206636 1206637 1206640 1206641 1206642 1206643 1206644 1206645 1206646 1206647 1206648 1206649 1206663 1206664 1206667 1206677 1206738 1206784 1206841 1206854 1206855 1206857 1206858 1206859 1206860 1206866 1206867 1206868 1206873 1206875 1206876 1206877 1206878 1206880 1206881 1206882 1206883 1206884 1206885 1206886 1206887 1206888 1206889 1206890 1206891 1206893 1206896 1206904 1207034 1207036 1207082 1207125 1207134 1207162 1207186 1207198 1207218 1207237 1207294 1207396 1207471 1207497 1207508 1207533 1207534 1207536 1207538 1207753 1207769 1207878 1208067 1208143 1208443 CVE-2019-19083 CVE-2020-25659 CVE-2020-36242 CVE-2021-20251 CVE-2021-28153 CVE-2022-23491 CVE-2022-23824 CVE-2022-2602 CVE-2022-28693 CVE-2022-29900 CVE-2022-29901 CVE-2022-3094 CVE-2022-3105 CVE-2022-3106 CVE-2022-3107 CVE-2022-3108 CVE-2022-3111 CVE-2022-3112 CVE-2022-3115 CVE-2022-3435 CVE-2022-3491 CVE-2022-3520 CVE-2022-3564 CVE-2022-3567 CVE-2022-3591 CVE-2022-3606 CVE-2022-3628 CVE-2022-3635 CVE-2022-3643 CVE-2022-3705 CVE-2022-3707 CVE-2022-37966 CVE-2022-37967 CVE-2022-38023 CVE-2022-38023 CVE-2022-3903 CVE-2022-40897 CVE-2022-4095 CVE-2022-4129 CVE-2022-4139 CVE-2022-4141 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-42896 CVE-2022-42898 CVE-2022-4292 CVE-2022-4293 CVE-2022-42969 CVE-2022-4304 CVE-2022-43552 CVE-2022-4378 CVE-2022-43945 CVE-2022-4415 CVE-2022-4450 CVE-2022-45061 CVE-2022-45934 CVE-2022-4662 CVE-2022-46908 CVE-2022-47520 CVE-2022-47629 CVE-2022-47929 CVE-2022-48303 CVE-2022-4904 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0179 CVE-2023-0215 CVE-2023-0266 CVE-2023-0286 CVE-2023-0288 CVE-2023-0361 CVE-2023-0433 CVE-2023-22809 CVE-2023-23454 CVE-2023-23455 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20230313-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2022-1 Released: Wed Sep 26 09:48:09 2018 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1103388,1104120,1106523 This update fixes the following issues: hwdata: - Update to version 0.314: + Updated pci, usb and vendor ids. spacewalk-backend: - Channels to be actually un-subscribed from the assigned systems when being removed using spacewalk-remove-channel tool. (bsc#1104120) - Take only text files from /srv/salt to make spacewalk-debug smaller. (bsc#1103388) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1022-1 Released: Wed Apr 24 13:46:51 2019 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1121410 This update for hwdata fixes the following issues: Update to version 0.320 (bsc#1121410): - Updated the pci, usb and vendor ids vendor and product databases. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1261-1 Released: Tue May 12 18:40:18 2020 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1168806 This update for hwdata fixes the following issues: Update from version 0.320 to version 0.324 (bsc#1168806) - Updated pci, usb and vendor ids. - Replace pciutils-ids package providing compatibility symbolic link ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:421-1 Released: Wed Feb 10 12:05:23 2021 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1180422,1180482 This update for hwdata fixes the following issues: - Added merge-pciids.pl to fully duplicate behavior of pciutils-ids (bsc#1180422, bsc#1180482) - Updated pci, usb and vendor ids. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:880-1 Released: Fri Mar 19 04:14:38 2021 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1170160,1182482 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1182482, bsc#1170160, jsc#SLE-13791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1950-1 Released: Thu Jun 10 14:42:00 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1170160,1182482,1185697 This update for hwdata fixes the following issues: - Update to version 0.347: + Updated pci, usb and vendor ids. (bsc#1185697) - Update to version 0.346: + Updated pci, usb and vendor ids. (bsc#1182482, jsc#SLE-13791, bsc#1170160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2447-1 Released: Thu Jul 22 08:26:29 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1186749,1187948 This update for hwdata fixes the following issue: - Version 0.349: Updated pci, usb and vendor ids (bsc#1187948). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2973-1 Released: Tue Sep 7 16:56:08 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1190091 This update for hwdata fixes the following issue: - Update pci, usb and vendor ids (bsc#1190091) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3832-1 Released: Wed Dec 1 14:51:19 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1191375 This update for hwdata fixes the following issue: - Update to version 0.353 (bsc#1191375) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:100-1 Released: Tue Jan 18 05:20:03 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1194338 This update for hwdata fixes the following issues: - Update hwdata from version 0.353 to 0.355 which includes updated pci, usb and vendor ids (bsc#1194338) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1204-1 Released: Thu Apr 14 12:15:55 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1196332 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1703-1 Released: Tue May 17 12:13:36 2022 Summary: Recommended update for hwdata Type: recommended Severity: important References: 1196332 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3135-1 Released: Wed Sep 7 08:39:31 2022 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1200110 This update for hwdata fixes the following issue: - Update pci, usb and vendor ids to version 0.360 (bsc#1200110) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4063-1 Released: Fri Nov 18 09:07:50 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4616-1 Released: Fri Dec 23 10:55:46 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1071995,1156395,1184350,1189297,1192761,1199657,1200845,1201455,1201469,1203144,1203746,1203960,1204017,1204142,1204215,1204228,1204241,1204328,1204414,1204446,1204636,1204693,1204780,1204791,1204810,1204827,1204850,1204868,1204934,1204957,1204963,1204967,1205128,1205130,1205220,1205264,1205329,1205330,1205428,1205473,1205514,1205567,1205617,1205671,1205700,1205705,1205709,1205753,1205796,1205984,1205985,1205986,1205987,1205988,1205989,1206032,1206037,1206207,CVE-2022-2602,CVE-2022-28693,CVE-2022-29900,CVE-2022-29901,CVE-2022-3567,CVE-2022-3628,CVE-2022-3635,CVE-2022-3707,CVE-2022-3903,CVE-2022-4095,CVE-2022-4129,CVE-2022-4139,CVE-2022-41850,CVE-2022-41858,CVE-2022-42895,CVE-2022-42896,CVE-2022-4378,CVE-2022-43945,CVE-2022-45934 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). The following non-security bugs were fixed: - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: wm5102: Revert 'ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe' (git-fixes). - ASoC: wm5110: Revert 'ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe' (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - ASoC: wm8997: Revert 'ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe' (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573) - Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes). - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: remove unused function (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support (git-fixes). - KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1 (git-fixes). - KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT) (git-fixes). - KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when apicv is globally disabled (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes). - KVM: s390: Fix handle_sske page fault handling (git-fixes). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes). - KVM: s390: get rid of register asm usage (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: s390: reduce number of IO pins to 1 (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - NFS: Refactor nfs_instantiate() for dentry referencing callers (bsc#1204215). - NFSv3: use nfs_add_or_obtain() to create and reference inodes (bsc#1204215). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Fix typo (bsc#1204446). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Support for create interrupt v3 (bsc#1204446). - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - RDMA/core/sa_query: Remove unused argument (git-fixes) - RDMA/hns: Fix spelling mistakes of original (git-fixes) - RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes) - RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes) - RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes) - RDMA/rxe: Fix memory leak in error path code (git-fixes) - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - USB: serial: option: remove old LARA-R6 PID. - Xen/gntdev: do not ignore kernel unmapping error (git-fixes). - add another bug reference to some hyperv changes (bsc#1205617). - arm/xen: Do not probe xenbus as part of an early initcall (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes) - arm64: dts: juno: Add thermal critical trip points (git-fixes) - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - blk-crypto: fix check for too-large dun_bytes (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (git-fixes). - block: Add a helper to validate the block size (git-fixes). - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1204328). - block: ataflop: fix breakage introduced at blk-mq refactoring (git-fixes). - block: ataflop: more blk-mq refactoring fixes (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: limit request dispatch loop duration (git-fixes). - block: nbd: add sanity check for first_minor (git-fixes). - block: use 'unsigned long' for blk_validate_block_size() (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989). - ceph: do not access the kiocb after aio requests (bsc#1205984). - ceph: fix fscache invalidation (bsc#1205985). - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205988). - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1205986). - ceph: request Fw caps before updating the mtime in ceph_write_iter (bsc#1205987). - cifs: skip extra NULL byte in filenames (bsc#1204791). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm verity fec: fix misaligned RS roots IO (git-fixes). - dm writecache: fix writing beyond end of underlying device when shrinking (git-fixes). - dm writecache: return the exact table values that were set (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix request-based DM to not bounce through indirect dm_submit_bio (git-fixes). - dm: remove special-casing of bio-based immutable singleton target on NVMe (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes). - drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes). - drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes). - drivers: hv: Fix missing error code in vmbus_connect() (git-fixes). - drivers: hv: vmbus: Fix call msleep using < 20ms (git-fixes). - drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes). - drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes). - drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes). - drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205330). - fuse: fix readdir cache race (bsc#1205329). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv: hyperv.h: Remove unused inline functions (git-fixes). - hv_netvsc: Add a comment clarifying batching logic (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes). - hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Validate number of allocated sub-channels (git-fixes). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - iwlwifi: dbg: disable ini debug in 9000 family and below (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: remove new member of usbip_device (git-fixes). - kabi: fix transport_add_device change (git-fixes). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - loop: Check for overflow while configuring loop (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md: Replace snprintf with scnprintf (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: vim2m: initialize the media device earlier (git-fixes). - media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - nbd: Fix use-after-free in pid_show (git-fixes). - nbd: fix possible overflow for 'first_minor' in nbd_dev_add() (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - nbd: handle device refs for DESTROY_ON_DISCONNECT properly (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes). - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nfsd: set the server_scope during service startup (bsc#1203746). - null_blk: Fail zone append to conventional zones (git-fixes). - null_blk: synchronization fix for zoned device (git-fixes). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: Add MAC passthrough support to new device (git-fixes). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - r8152: use new helper tcp_v6_gso_csum_prep (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - rndis_host: increase sleep time in the query-response loop (git-fixes). - rtc: mt6397: fix alarm register overwrite (git-fixes). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - s390/cpcmd: fix inline assembly register clobbering (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/disassembler: increase ebpf disasm buffer size (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205428 LTC#200501). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203144 LTC#199881). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes). - s390/ptrace: return -ENOSYS when invalid syscall is supplied (git-fixes). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390/vtime: fix inline assembly clobber list (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - s390/zcrypt: fix zcard and zqueue hot-unplug memleak (git-fixes). - s390: Remove arch_has_random, arch_has_random_seed (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (git-fixes). - s390: fix nospec table alignments (git-fixes). - s390: mark __cpacf_query() as __always_inline (git-fixes). - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes). - scsi: drivers: base: Propagate errors through the transport component (git-fixes). - scsi: drivers: base: Support atomic version of attribute_container_device_trigger (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729 bsc#1204810 ltc#200162). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes). - scsi: storvsc: Miscellaneous code cleanups (git-fixes). - scsi: storvsc: Parameterize number hardware queues (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes). - scsi: storvsc: Update error logging (git-fixes). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - staging: greybus: light: fix a couple double frees (git-fixes). - swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Fix null pointer exception (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup. - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - usbip: add sysfs_lock to synchronize sysfs code paths (git-fixes). - usbip: stub-dev synchronize sysfs code paths (git-fixes). - usbip: stub_dev: remake locking for kABI (git-fixes). - usbip: synchronize event handler with sysfs code paths (git-fixes). - usbip: usbip_event: use global lock (git-fixes). - usbip: vudc synchronize sysfs code paths (git-fixes). - usbip: vudc_sysfs: use global lock (git-fixes). - use __netdev_notify_peers in hyperv (git-fixes). - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' (bsc#1200845) - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - vmlinux.lds.h: Fix placement of '.data..decrypted' section (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (bsc#1204967). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery (git-fixes). - x86/xen: Distribute switch variables for initialization (git-fixes). - x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes). - xen-blkback: prevent premature module unload (git-fixes). - xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes). - xen/balloon: fix balloon kthread freezing (git-fixes). - xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes). - xen/balloon: fix cancelled balloon action (git-fixes). - xen/balloon: use a kernel thread instead a workqueue (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/gntdev: Prevent leaking grants (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen/privcmd: Corrected error handling path (git-fixes). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes). - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status (git-fixes). - xen: Fix XenStore initialisation for XS_LOCAL (git-fixes). - xen: Fix event channel callback via INTX/GSI (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xenbus: req->body should be updated before req->state (git-fixes). - xenbus: req->err should be updated before req->state (git-fixes). - xfs: Lower CIL flush limit for large logs (git-fixes). - xfs: Throttle commits on delayed background CIL push (git-fixes). - xfs: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - xfs: check owner of dir3 blocks (git-fixes). - xfs: factor common AIL item deletion code (git-fixes). - xfs: open code insert range extent split helper (git-fixes). - xfs: rework collapse range into an atomic operation (git-fixes). - xfs: rework insert range into an atomic operation (git-fixes). - xfs: tail updates only need to occur when LSN changes (git-fixes). - xfs: trylock underlying buffer on dquot flush (git-fixes). - xfs: xfs_buf_corruption_error should take __this_address (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4618-1 Released: Fri Dec 23 13:02:31 2022 Summary: Recommended update for catatonit Type: recommended Severity: moderate References: This update for catatonit fixes the following issues: Update to catatonit v0.1.7: - This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). Update to catatonit v0.1.6: - which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4631-1 Released: Wed Dec 28 09:29:15 2022 Summary: Security update for vim Type: security Severity: important References: 1204779,1205797,1206028,1206071,1206072,1206075,1206077,CVE-2022-3491,CVE-2022-3520,CVE-2022-3591,CVE-2022-3705,CVE-2022-4141,CVE-2022-4292,CVE-2022-4293 This update for vim fixes the following issues: Updated to version 9.0.1040: - CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028). - CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071). - CVE-2022-3591: vim: Use After Free (bsc#1206072). - CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075). - CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077). - CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797). - CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:14-1 Released: Mon Jan 2 19:06:03 2023 Summary: Security update for samba Type: security Severity: important References: 1205385,1205386,1205946,1206504,CVE-2022-37966,CVE-2022-37967,CVE-2022-38023 This update for samba fixes the following issues: Update to 4.15.13 - CVE-2022-37966 rc4-hmac Kerberos session keys issued to modern servers (bsc#1205385). - CVE-2022-37967 Kerberos constrained delegation ticket forgery possible against Samba AD DC (bsc#1205386). - CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided (bsc#1206504). - Fixed issue with bind start up (bsc#1205946). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:46-1 Released: Mon Jan 9 10:35:21 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:115-1 Released: Fri Jan 20 10:23:51 2023 Summary: Security update for sudo Type: security Severity: important References: 1207082,CVE-2023-22809 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:139-1 Released: Wed Jan 25 14:41:55 2023 Summary: Security update for python-certifi Type: security Severity: important References: 1206212,CVE-2022-23491 This update for python-certifi fixes the following issues: - remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle certs (bsc#1206212 CVE-2022-23491) - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 - Add removeTrustCor.patch ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:143-1 Released: Thu Jan 26 06:41:22 2023 Summary: Recommended update for bind Type: recommended Severity: moderate References: 1201689 This update for bind fixes the following issues: - Add systemd drop-in directory for named service (bsc#1201689) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:152-1 Released: Thu Jan 26 11:37:27 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1151927,1156395,1157049,1190969,1203183,1203693,1203740,1204171,1204250,1204614,1204693,1204760,1204989,1205149,1205256,1205495,1205496,1205601,1205695,1206073,1206113,1206114,1206174,1206175,1206176,1206177,1206178,1206179,1206344,1206389,1206393,1206394,1206395,1206397,1206398,1206399,1206515,1206602,1206634,1206635,1206636,1206637,1206640,1206641,1206642,1206643,1206644,1206645,1206646,1206647,1206648,1206649,1206663,1206664,1206784,1206841,1206854,1206855,1206857,1206858,1206859,1206860,1206873,1206875,1206876,1206877,1206878,1206880,1206881,1206882,1206883,1206884,1206885,1206886,1206887,1206888,1206889,1206890,1206891,1206893,1206896,1206904,1207036,1207125,1207134,1207186,1207198,1207218,1207237,CVE-2019-19083,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3112,CVE-2022-3115,CVE-2022-3435,CVE-2022-3564,CVE-2022-3643,CVE-2022-42328,CVE-2022-42329,CVE-2022-4662,CVE-2022-47520,CVE-2022-47929,CVE-2023-0266,CVE-2023-23454,CVE-202 3-23455 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-0266: Fixed a use-after-free bug led by a missing lock in ALSA. (bsc#1207134) - CVE-2022-47929: Fixed a NULL pointer dereference bug in the traffic control subsystem which allowed an unprivileged user to trigger a denial of service via a crafted traffic control configuration. (bsc#1207237) - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036) - CVE-2023-23455: Fixed a bug that could allow attackers to cause a denial of service because of type confusion in atm_tc_enqueue. (bsc#1207125) - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393) - CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515) - CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399) - CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2019-19083: Fixed a memory leaks in clock_source_create that could allow attackers to cause a denial of service (bsc#1157049). - CVE-2022-42328: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Fixed a bug which could allow guests to trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394) - CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398) - CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397) The following non-security bugs were fixed: - afs: Fix some tracing details (git-fixes). - arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes) - arm64: dts: allwinner: H5: Add PMU node (git-fixes) - arm64: dts: allwinner: H6: Add PMU mode (git-fixes) - arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes) - arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes) - arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes) - arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes) - arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes) - arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes). - arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes) - arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator (git-fixes) - block: Do not reread partition table on exclusively open device (bsc#1190969). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1207198). - ceph: do not update snapshot context when there is no new snapshot (bsc#1207218). - cuse: prevent clone (bsc#1206177). - drbd: destroy workqueue when drbd device was freed (git-fixes). - drbd: remove usage of list iterator variable after loop (git-fixes). - drbd: use after free in drbd_create_device() (git-fixes). - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). - ext4: avoid race conditions when remounting with options that change dax (bsc#1206860). - ext4: avoid resizing to a partial cluster size (bsc#1206880). - ext4: choose hardlimit when softlimit is larger than hardlimit in ext4_statfs_project() (bsc#1206854). - ext4: continue to expand file system when the target size does not reach (bsc#1206882). - ext4: convert BUG_ON's to WARN_ON's in mballoc.c (bsc#1206859). - ext4: correct max_inline_xattr_value_size computing (bsc#1206878). - ext4: correct the error path of ext4_write_inline_data_end() (bsc#1206875). - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). - ext4: Detect already used quota file early (bsc#1206873). - ext4: fix a data race at inode->i_disksize (bsc#1206855). - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). - ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). - ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). - ext4: Fixup pages without buffers (bsc#1205495). - ext4: iomap that extends beyond EOF should be marked dirty (bsc#1206637). - ext4: make ext4_lazyinit_thread freezable (bsc#1206885). - ext4: mark block bitmap corrupted when found instead of BUGON (bsc#1206857). - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). - ext4: use matching invalidatepage in ext4_writepage (bsc#1206858). - fs: nfsd: fix kconfig dependency warning for NFSD_V4 (git-fixes). - fuse: do not check refcount after stealing page (bsc#1206174). - fuse: fix the ->direct_IO() treatment of iov_iter (bsc#1206176). - fuse: fix use after free in fuse_read_interrupt() (bsc#1206178). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206179). - fuse: update attr_version counter on fuse_notify_inval_inode() (bsc#1206175). - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: check empty report_list in bigben_probe() (git-fixes, bsc#1206784). - HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784). - ibmveth: Always stop tx queues during close (bsc#1065729). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - lib/notifier-error-inject: fix error when writing -errno to debugfs file (bsc#1206634). - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (bsc#1206634). - lockd: lockd server-side shouldn't set fl_ops (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mm, page_alloc: avoid expensive reclaim when compaction may not succeed (bsc#1204250). - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). - mm/filemap.c: clear page error before actual read (bsc#1206635). - mm/memcg: optimize memory.numa_stat like memory.stat (bsc#1206663). - module: avoid *goto*s in module_sig_check() (git-fixes). - module: lockdep: Suppress suspicious RCU usage warning (git-fixes). - module: merge repetitive strings in module_sig_check() (git-fixes). - module: Remove accidental change of module_enable_x() (git-fixes). - module: set MODULE_STATE_GOING state when a module fails to load (git-fixes). - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). - net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). - net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes). - net: usb: cdc_ncm: do not spew notifications (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFS: Fix memory leaks (git-fixes). - NFS: Fix memory leaks in nfs_pageio_stop_mirroring() (git-fixes). - NFS: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes). - NFS: Handle missing attributes in OPEN reply (bsc#1203740). - NFS: nfs_find_open_context() may only select open files (git-fixes). - NFS: nfs_xdr_status should record the procedure name (git-fixes). - NFS: nfs4clinet: check the return value of kstrdup() (git-fixes). - NFS: we do not support removing system.nfs4_acl (git-fixes). - NFS: Zero-stateid SETATTR should first return delegation (git-fixes). - NFS4: Fix kmemleak when allocate slot failed (git-fixes). - NFS4: Fix oops when copy_file_range is attempted with NFS4.0 source (git-fixes). - NFSD: Clone should commit src file metadata too (git-fixes). - NFSD: do not call nfsd_file_put from client states seqfile display (git-fixes). - NFSD: fix error handling in NFSv4.0 callbacks (git-fixes). - NFSD: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes). - NFSD: Fix svc_xprt refcnt leak when setup callback client failed (git-fixes). - NFSD: Keep existing listeners on portlist error (git-fixes). - NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes). - NFSD: safer handling of corrupted c_type (git-fixes). - NFSv4 expose nfs_parse_server_name function (git-fixes). - NFSv4 only print the label when its queried (git-fixes). - NFSv4 remove zero number of fs_locations entries error check (git-fixes). - NFSv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix a pNFS layout related use-after-free race when freeing the inode (git-fixes). - NFSv4: Fix races between open and dentry revalidation (git-fixes). - NFSv4: Protect the state recovery thread against direct reclaim (git-fixes). - NFSv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (git-fixes). - NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes). - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - NFSv4.2: error out when relink swapfile (git-fixes). - NFSv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes). - NFSv4/pNFS: Always return layout stats on layout return for flexfiles (git-fixes). - NFSv4/pNFS: Fix a use-after-free bug in open (git-fixes). - NFSv4/pNFS: Try to return invalid layout in pnfs_layout_process() (git-fixes). - powerpc: Ensure that swiotlb buffer is allocated from low memory (bsc#1156395). - powerpc: Force inlining of cpu_has_feature() to avoid build failure (bsc#1065729). - powerpc: improve handling of unrecoverable system reset (bsc#1065729). - powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() (bsc#1065729). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729). - powerpc/book3s/mm: Update Oops message to print the correct translation in use (bsc#1156395). - powerpc/boot: Fixup device-tree on little endian (bsc#1065729). - powerpc/crashkernel: Take 'mem=' option into account (bsc#1065729). - powerpc/eeh: Only dump stack once if an MMIO loop is detected (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/powernv: Avoid re-registration of imc debugfs directory (bsc#1156395). - powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number (bsc#1065729). - powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729). - powerpc/pseries: Stop calling printk in rtas_stop_self() (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/pseries/cmm: Implement release() function for sysfs device (bsc#1065729). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV (bsc#1065729). - powerpc/xive: Add a check for memory allocation failure (git-fixes). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - quota: Check next/prev free block number after reading from quota file (bsc#1206640). - rpc: fix gss_svc_init cleanup on failure (git-fixes). - rpc: fix NULL dereference on kmalloc failure (git-fixes). - rtc: pcf85063: Fix reading alarm (git-fixes). - s390/boot: add secure boot trailer (bsc#1205256 LTC#1205256). - sbitmap: fix lockup while swapping (bsc#1206602). - sched/psi: Fix sampling error and rare div0 crashes with cgroups and high uptime (bsc#1206841). - scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). - scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). - scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). - scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). - scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). - scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). - scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). - scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - sctp: sysctl: make extra pointers netns aware (bsc#1204760). - string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). - SUNRPC: check that domain table is empty at module unload (git-fixes). - SUNRPC: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - SUNRPC: Do not start a timer on an already queued rpc task (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - SUNRPC: Fix potential leaks in sunrpc_cache_unhash() (git-fixes). - SUNRPC: Fix socket waits for write buffer space (git-fixes). - SUNRPC: Handle 0 length opaque XDR object data properly (git-fixes). - SUNRPC: Mitigate cond_resched() in xprt_transmit() (git-fixes). - SUNRPC: Move simple_get_bytes and simple_get_netobj into private header (git-fixes). - SUNRPC: stop printk reading past end of string (git-fixes). - svcrdma: Fix another Receive buffer leak (git-fixes). - svcrdma: Fix backchannel return code (git-fixes). - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - tracing: Free buffers when a used dynamic event is removed (git-fixes). - tracing: Verify if trace array exists before destroying it (git-fixes). - tracing/dynevent: Delete all matched events (git-fixes). - udf_get_extendedattr() had no boundary checks (bsc#1206648). - udf: Avoid accessing uninitialized data on failed inode read (bsc#1206642). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Fix free space reporting for metadata and virtual partitions (bsc#1206641). - udf: Fix iocharset=utf8 mount option (bsc#1206647). - udf: Fix NULL pointer dereference in udf_symlink function (bsc#1206646). - udf: fix silent AED tagLocation corruption (bsc#1206645). - udf: fix the problem that the disc content is not displayed (bsc#1206644). - udf: Limit sparing table size (bsc#1206643). - usb: host: xhci-hub: fix extra endianness conversion (git-fixes). - usbnet: move new members to end (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:157-1 Released: Thu Jan 26 15:54:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:161-1 Released: Thu Jan 26 18:23:16 2023 Summary: Security update for python-py Type: security Severity: moderate References: 1204364,CVE-2022-42969 This update for python-py fixes the following issues: - CVE-2022-42969: Fixed an excessive resource consumption that could be triggered when interacting with a Subversion repository containing crated data (bsc#1204364). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:162-1 Released: Thu Jan 26 18:24:19 2023 Summary: Security update for samba Type: security Severity: important References: 1206504,1206546,CVE-2021-20251,CVE-2022-38023 This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:170-1 Released: Thu Jan 26 18:30:17 2023 Summary: Security update for xen Type: security Severity: important References: 1027519,1205209,CVE-2022-23824 This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative security issues (bsc#1205209). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:174-1 Released: Thu Jan 26 20:52:38 2023 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:176-1 Released: Thu Jan 26 20:56:20 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1206738 This update for permissions fixes the following issues: Update to version 20181225: * Backport postfix permissions to SLE 15 SP2 (bsc#1206738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:179-1 Released: Thu Jan 26 21:54:30 2023 Summary: Recommended update for tar Type: recommended Severity: low References: 1202436 This update for tar fixes the following issue: - Fix hang when unpacking test tarball (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:198-1 Released: Fri Jan 27 14:26:54 2023 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:211-1 Released: Mon Jan 30 17:26:10 2023 Summary: Security update for vim Type: security Severity: moderate References: 1206866,1206867,1206868,1207162,1207396,CVE-2023-0049,CVE-2023-0051,CVE-2023-0054,CVE-2023-0288,CVE-2023-0433 This update for vim fixes the following issues: - Updated to version 9.0.1234: - CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash (bsc#1207396). - CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash (bsc#1207162). - CVE-2023-0054: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1206868). - CVE-2023-0051: Fixed an out of bounds memory access that could cause a crash (bsc#1206867). - CVE-2023-0049: Fixed an out of bounds memory access that could cause a crash (bsc#1206866). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:223-1 Released: Wed Feb 1 09:36:03 2023 Summary: Security update for python-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:310-1 Released: Tue Feb 7 17:35:34 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:335-1 Released: Thu Feb 9 13:51:13 2023 Summary: Recommended update for hyper-v Type: recommended Severity: moderate References: This update for hyper-v fixes the following issues: - Provide the latest version for SLE-15-SP4 too. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:409-1 Released: Tue Feb 14 16:41:09 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1195175,1204502,1206677,1207034,1207497,1207508,1207769,1207878,CVE-2022-3606,CVE-2023-0179 The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3606: Fixed a null pointer dereference inside the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF (bnc#1204502). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). The following non-security bugs were fixed: - KVM: VMX: fix crash cleanup when KVM wasn't used (bsc#1207508). - RDMA/core: Fix ib block iterator counter overflow (bsc#1207878). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - blktrace: ensure our debugfs dir exists (git-fixes). - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: fix flush with external metadata device (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm integrity: select CRYPTO_SKCIPHER (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm space maps: do not reset space map allocation cursor when committing (git-fixes). - dm table: Remove BUG_ON(in_interrupt()) (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm verity: fix require_signatures module_param permissions (git-fixes). - dm verity: skip verity work if I/O error when system is shutting down (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - kabi/severities: add mlx5 internal symbols - loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes). - loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix max value for 'first_minor' (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - nbd: make the config put is called before the notifying the waiter (git-fixes). - nbd: restore default timeout when setting it to zero (git-fixes). - net/mlx5: Allocate individual capability (bsc#1195175). - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - net/mlx5: Fix flow counters SF bulk query len (bsc#1195175). - net/mlx5: Reduce flow counters bulk query buffer size for SFs (bsc#1195175). - net/mlx5: Reorganize current and maximal capabilities to be per-type (bsc#1195175). - net/mlx5: Use order-0 allocations for EQs (bsc#1195175). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - rbd: work around -Wuninitialized warning (git-fixes). - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (git-fixes). - scsi: NCR5380: Add disconnect_mask module parameter (git-fixes). - scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes). - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (git-fixes). - scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: bnx2fc: Return failure if io_req is already in ABTS processing (git-fixes). - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO (git-fixes). - scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes). - scsi: core: Do not start concurrent async scan on same host (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - scsi: core: Fix capacity set to zero after offlinining device (git-fixes). - scsi: core: Fix hang of freezing queue between blocking and running device (git-fixes). - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: core: free sgtables in case command setup fails (git-fixes). - scsi: core: sysfs: Fix hang when device state is set via sysfs (git-fixes). - scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (git-fixes). - scsi: cxlflash: Fix error return code in cxlflash_probe() (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes). - scsi: fnic: fix use after free (git-fixes). - scsi: hisi_sas: Check sas_port before using it (git-fixes). - scsi: hisi_sas: Do not reset phy timer to wait for stray phy up (git-fixes). - scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq (git-fixes). - scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw() (git-fixes). - scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (git-fixes). - scsi: iscsi: Do not destroy session if there are outstanding connections (git-fixes). - scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes). - scsi: iscsi: Do not send data to unbound connection (git-fixes). - scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj (git-fixes). - scsi: iscsi: Fix shost->max_id use (git-fixes). - scsi: iscsi: Report unbind session event when the target has been removed (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libfc: Fix a format specifier (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes). - scsi: libsas: Add LUN number check in .slave_alloc callback (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() (git-fixes). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: megaraid_sas: Fix resource leak in case of probe failure (git-fixes). - scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs (git-fixes). - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: mpt3sas: Block PCI config access from userspace during reset (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (git-fixes). - scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm: Balance pm_only counter of request queue during system resume (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Add check to synchronize abort and flush (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: qedf: Return SUCCESS if stale rport is encountered (git-fixes). - scsi: qedi: Fix failed disconnect handling (git-fixes). - scsi: qedi: Fix list_del corruption while removing active I/O (git-fixes). - scsi: qedi: Fix null ref during abort handling (git-fixes). - scsi: qedi: Protect active command list to avoid list corruption (git-fixes). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: num_tgts must be >= 0 (git-fixes). - scsi: scsi_dh_alua: Check for negative result value (git-fixes). - scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() (git-fixes). - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes). - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes). - scsi: scsi_transport_spi: Fix function pointer check (git-fixes). - scsi: scsi_transport_spi: Set RQF_PM for domain validation commands (git-fixes). - scsi: sd: Free scsi_disk device via put_device() (git-fixes). - scsi: sd: Suppress spurious errors when WRITE SAME is being disabled (git-fixes). - scsi: ses: Fix unsigned comparison with less than zero (git-fixes). - scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes). - scsi: sr: Return appropriate error code when disk is ejected (git-fixes). - scsi: sr: Return correct event when media event code is 3 (git-fixes). - scsi: st: Fix a use after free in st_open() (git-fixes). - scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() (git-fixes). - scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes). - scsi: ufs: Clean up completed request without interrupt notification (git-fixes). - scsi: ufs: Fix a race condition in the tracing code (git-fixes). - scsi: ufs: Fix error handing during hibern8 enter (git-fixes). - scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes). - scsi: ufs: Fix interrupt error message for shared interrupts (git-fixes). - scsi: ufs: Fix irq return code (git-fixes). - scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes). - scsi: ufs: Fix tm request when non-fatal error happens (git-fixes). - scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() (git-fixes). - scsi: ufs: Fix up auto hibern8 enablement (git-fixes). - scsi: ufs: Fix wrong print message in dev_err() (git-fixes). - scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes). - scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (git-fixes). - scsi: ufs: Make ufshcd_add_command_trace() easier to read (git-fixes). - scsi: ufs: fix potential bug which ends in system hang (git-fixes). - scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() (git-fixes). - scsi: virtio_scsi: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - scsi: vmw_pvscsi: Set correct residual data length (git-fixes). - scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:427-1 Released: Wed Feb 15 17:40:08 2023 Summary: Security update for bind Type: security Severity: important References: 1207471,CVE-2022-3094 This update for bind fixes the following issues: - CVE-2022-3094: Fixed memory exhaustion due to UPDATE message flooding (bsc#1207471). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:486-1 Released: Thu Feb 23 10:38:13 2023 Summary: Security update for c-ares Type: security Severity: important References: 1208067,CVE-2022-4904 This update for c-ares fixes the following issues: Updated to version 1.19.0: - CVE-2022-4904: Fixed missing string length check in config_sortlist() (bsc#1208067). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:549-1 Released: Mon Feb 27 17:35:07 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1205244,1208443,CVE-2022-45061 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:604-1 Released: Thu Mar 2 15:51:55 2023 Summary: Security update for python-cryptography, python-cryptography-vectors Type: security Severity: important References: 1178168,1182066,1198331,1199282,CVE-2020-25659,CVE-2020-36242 This update for python-cryptography, python-cryptography-vectors fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - CVE-2020-36242: Fixed a bug where certain sequences of update() calls could result in integer overflow (bsc#1182066). - CVE-2020-25659: Fixed Bleichenbacher vulnerabilities (bsc#1178168). - update to 3.3.2 (bsc#1198331) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:610-1 Released: Fri Mar 3 12:06:49 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1208143,CVE-2023-0361 This update for gnutls fixes the following issues: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:713-1 Released: Mon Mar 13 10:25:04 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: This update for suse-build-key fixes the following issues: This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise 15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch to mid of 2023. (jsc#PED-2777) - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories). - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories). - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages. - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem: New RSA 4096 key for the SUSE registry registry.suse.com, installed as suse-container-key-2023.pem and suse-container-key-2023.asc - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem: New PTF container signing key for registry.suse.com/ptf/ space. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) The following package changes have been done: - bind-utils-9.16.6-150300.22.27.1 updated - ca-certificates-mozilla-2.60-150200.27.1 updated - catatonit-0.1.7-150300.10.3.1 updated - curl-7.66.0-150200.4.45.1 updated - hwdata-0.365-150000.3.54.1 added - hyper-v-8-150200.14.8.1 updated - kernel-default-5.3.18-150300.59.112.1 updated - krb5-1.19.2-150300.10.1 updated - libbind9-1600-9.16.6-150300.22.27.1 updated - libblkid1-2.36.2-150300.4.32.1 updated - libcares2-1.19.0-150000.3.20.1 updated - libcurl4-7.66.0-150200.4.45.1 updated - libdns1605-9.16.6-150300.22.27.1 updated - libfdisk1-2.36.2-150300.4.32.1 updated - libglib-2_0-0-2.62.6-150200.3.10.1 updated - libgnutls30-3.6.7-150200.14.25.2 updated - libirs1601-9.16.6-150300.22.27.1 updated - libisc1606-9.16.6-150300.22.27.1 updated - libisccc1600-9.16.6-150300.22.27.1 updated - libisccfg1600-9.16.6-150300.22.27.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libmount1-2.36.2-150300.4.32.1 updated - libns1604-9.16.6-150300.22.27.1 updated - libopenssl1_1-1.1.1d-150200.11.57.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libpython3_6m1_0-3.6.15-150300.10.40.1 updated - librelp0-1.2.15-1.15 added - libsmartcols1-2.36.2-150300.4.32.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsystemd0-246.16-150300.7.57.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-246.16-150300.7.57.1 updated - libuuid1-2.36.2-150300.4.32.1 updated - libxml2-2-2.9.7-150000.3.54.1 updated - libz1-1.2.11-150000.3.39.1 updated - openssl-1_1-1.1.1d-150200.11.57.1 updated - permissions-20181225-150200.23.23.1 updated - procps-3.3.15-150000.7.28.1 updated - python3-base-3.6.15-150300.10.40.1 updated - python3-bind-9.16.6-150300.22.27.1 updated - python3-certifi-2018.1.18-150000.3.3.1 updated - python3-cryptography-3.3.2-150200.16.1 updated - python3-py-1.10.0-150100.5.12.1 updated - python3-setuptools-40.5.0-150100.6.6.1 updated - python3-3.6.15-150300.10.40.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - samba-client-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 updated - samba-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 added - sle-module-basesystem-release-15.3-47.1 added - sle-module-containers-release-15.3-47.1 added - sle-module-public-cloud-release-15.3-47.1 added - sle-module-server-applications-release-15.3-47.1 added - sudo-1.9.5p2-150300.3.19.1 updated - suse-build-key-12.0-150000.8.31.1 updated - systemd-sysvinit-246.16-150300.7.57.1 updated - systemd-246.16-150300.7.57.1 updated - tar-1.34-150000.3.31.1 updated - timezone-2022g-150000.75.18.1 updated - udev-246.16-150300.7.57.1 updated - util-linux-systemd-2.36.2-150300.4.32.1 updated - util-linux-2.36.2-150300.4.32.1 updated - vim-data-common-9.0.1234-150000.5.34.1 updated - vim-9.0.1234-150000.5.34.1 updated - xen-libs-4.14.5_10-150300.3.45.1 updated - klogd-1.4.1-11.2 removed - pciutils-ids-20200324-3.6.1 removed - vlan-1.9-1.27 removed From sle-updates at lists.suse.com Fri Mar 17 15:50:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 16:50:46 +0100 (CET) Subject: SUSE-CU-2023:697-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20230317155046.6F2AAF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:697-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.93 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.93 Severity : important Type : security References : 1207780 1208828 1208957 1208959 CVE-2023-0512 CVE-2023-1127 CVE-2023-1170 CVE-2023-1175 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:781-1 Released: Thu Mar 16 19:07:00 2023 Summary: Security update for vim Type: security Severity: important References: 1207780,1208828,1208957,1208959,CVE-2023-0512,CVE-2023-1127,CVE-2023-1170,CVE-2023-1175 This update for vim fixes the following issues: - CVE-2023-0512: Fixed a divide By Zero (bsc#1207780). - CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957). - CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Updated to version 9.0 with patch level 1386. - https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 The following package changes have been done: - libstdc++6-12.2.1+git416-150000.1.7.1 updated - vim-data-common-9.0.1386-150000.5.37.1 updated - vim-9.0.1386-150000.5.37.1 updated From sle-updates at lists.suse.com Fri Mar 17 15:53:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 16:53:48 +0100 (CET) Subject: SUSE-CU-2023:698-1: Recommended update of suse/sle15 Message-ID: <20230317155348.2AC96F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:698-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.746 Container Release : 6.2.746 Severity : important Type : recommended References : 1178233 1203248 1203249 1203715 1204548 1204956 1205570 1205636 1206949 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:787-1 Released: Thu Mar 16 19:37:18 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libsolv-tools-0.7.23-150100.4.9.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libzypp-17.31.8-150100.3.92.1 updated - zypper-1.14.59-150100.3.67.2 updated From sle-updates at lists.suse.com Fri Mar 17 15:56:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 16:56:01 +0100 (CET) Subject: SUSE-CU-2023:699-1: Recommended update of suse/sle15 Message-ID: <20230317155601.4DF88F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:699-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.274 Container Release : 9.5.274 Severity : important Type : recommended References : 1178233 1203248 1203249 1203715 1204548 1204956 1205570 1205636 1206949 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:786-1 Released: Thu Mar 16 19:36:09 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libsolv-tools-0.7.23-150200.15.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libzypp-17.31.8-150200.50.1 updated - zypper-1.14.59-150200.42.2 updated From sle-updates at lists.suse.com Fri Mar 17 15:57:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 16:57:43 +0100 (CET) Subject: SUSE-CU-2023:700-1: Recommended update of suse/sle15 Message-ID: <20230317155743.EE806F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:700-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.113 , suse/sle15:15.3 , suse/sle15:15.3.17.20.113 Container Release : 17.20.113 Severity : important Type : recommended References : 1178233 1203248 1203249 1203715 1204548 1204956 1205570 1205636 1206949 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:786-1 Released: Thu Mar 16 19:36:09 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libsolv-tools-0.7.23-150200.15.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libzypp-17.31.8-150200.50.1 updated - zypper-1.14.59-150200.42.2 updated From sle-updates at lists.suse.com Fri Mar 17 15:58:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 16:58:26 +0100 (CET) Subject: SUSE-CU-2023:701-1: Recommended update of suse/389-ds Message-ID: <20230317155826.1275FF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:701-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-20.5 , suse/389-ds:latest Container Release : 20.5 Severity : moderate Type : recommended References : 1208924 1208925 1208926 1208998 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:782-1 Released: Thu Mar 16 19:08:34 2023 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1208924,1208925,1208926 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:783-1 Released: Thu Mar 16 19:09:03 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1208998 This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. The following package changes have been done: - libgcrypt20-1.9.4-150400.6.8.1 updated - libgcrypt20-hmac-1.9.4-150400.6.8.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150400.7.28.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.28.1 updated - openssl-1_1-1.1.1l-150400.7.28.1 updated - container:sles15-image-15.0.0-27.14.41 updated From sle-updates at lists.suse.com Fri Mar 17 15:58:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 16:58:34 +0100 (CET) Subject: SUSE-CU-2023:702-1: Recommended update of suse/registry Message-ID: <20230317155834.D5FC1F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:702-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-6.6 , suse/registry:latest Container Release : 6.6 Severity : moderate Type : recommended References : 1208998 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:783-1 Released: Thu Mar 16 19:09:03 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1208998 This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150400.7.28.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - openssl-1_1-1.1.1l-150400.7.28.1 updated - container:micro-image-15.4.0-18.2 updated From sle-updates at lists.suse.com Fri Mar 17 15:59:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 16:59:28 +0100 (CET) Subject: SUSE-CU-2023:703-1: Recommended update of bci/dotnet-sdk Message-ID: <20230317155928.03661F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:703-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-32.4 , bci/dotnet-sdk:6.0.15 , bci/dotnet-sdk:6.0.15-32.4 Container Release : 32.4 Severity : moderate Type : recommended References : 1208924 1208925 1208926 1208998 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:782-1 Released: Thu Mar 16 19:08:34 2023 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1208924,1208925,1208926 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:783-1 Released: Thu Mar 16 19:09:03 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1208998 This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. The following package changes have been done: - libgcrypt20-1.9.4-150400.6.8.1 updated - libgcrypt20-hmac-1.9.4-150400.6.8.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150400.7.28.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.28.1 updated - container:sles15-image-15.0.0-27.14.41 updated From sle-updates at lists.suse.com Fri Mar 17 15:59:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 16:59:31 +0100 (CET) Subject: SUSE-CU-2023:704-1: Recommended update of bci/dotnet-sdk Message-ID: <20230317155931.B1A19F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:704-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-10.4 , bci/dotnet-sdk:7.0.4 , bci/dotnet-sdk:7.0.4-10.4 , bci/dotnet-sdk:latest Container Release : 10.4 Severity : moderate Type : recommended References : 1208924 1208925 1208926 1208998 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:782-1 Released: Thu Mar 16 19:08:34 2023 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1208924,1208925,1208926 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:783-1 Released: Thu Mar 16 19:09:03 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1208998 This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. The following package changes have been done: - libgcrypt20-1.9.4-150400.6.8.1 updated - libgcrypt20-hmac-1.9.4-150400.6.8.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150400.7.28.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.28.1 updated - container:sles15-image-15.0.0-27.14.41 updated From sle-updates at lists.suse.com Fri Mar 17 16:00:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 17:00:18 +0100 (CET) Subject: SUSE-CU-2023:705-1: Recommended update of bci/dotnet-runtime Message-ID: <20230317160018.73092F479@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:705-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-29.4 , bci/dotnet-runtime:6.0.15 , bci/dotnet-runtime:6.0.15-29.4 Container Release : 29.4 Severity : moderate Type : recommended References : 1208924 1208925 1208926 1208998 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:782-1 Released: Thu Mar 16 19:08:34 2023 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1208924,1208925,1208926 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:783-1 Released: Thu Mar 16 19:09:03 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1208998 This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. The following package changes have been done: - libgcrypt20-1.9.4-150400.6.8.1 updated - libgcrypt20-hmac-1.9.4-150400.6.8.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150400.7.28.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.28.1 updated - container:sles15-image-15.0.0-27.14.41 updated From sle-updates at lists.suse.com Fri Mar 17 16:00:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 17:00:22 +0100 (CET) Subject: SUSE-CU-2023:706-1: Recommended update of bci/dotnet-runtime Message-ID: <20230317160022.042EAF479@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:706-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-10.4 , bci/dotnet-runtime:7.0.4 , bci/dotnet-runtime:7.0.4-10.4 , bci/dotnet-runtime:latest Container Release : 10.4 Severity : moderate Type : recommended References : 1208924 1208925 1208926 1208998 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:782-1 Released: Thu Mar 16 19:08:34 2023 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1208924,1208925,1208926 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:783-1 Released: Thu Mar 16 19:09:03 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1208998 This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. The following package changes have been done: - libgcrypt20-1.9.4-150400.6.8.1 updated - libgcrypt20-hmac-1.9.4-150400.6.8.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150400.7.28.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.28.1 updated - container:sles15-image-15.0.0-27.14.41 updated From sle-updates at lists.suse.com Fri Mar 17 16:01:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 17:01:03 +0100 (CET) Subject: SUSE-CU-2023:707-1: Recommended update of bci/golang Message-ID: <20230317160103.2837EF479@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:707-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-20.4 Container Release : 20.4 Severity : moderate Type : recommended References : 1208924 1208925 1208926 1208998 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:782-1 Released: Thu Mar 16 19:08:34 2023 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1208924,1208925,1208926 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:783-1 Released: Thu Mar 16 19:09:03 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1208998 This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. The following package changes have been done: - libgcrypt20-1.9.4-150400.6.8.1 updated - libgcrypt20-hmac-1.9.4-150400.6.8.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150400.7.28.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.28.1 updated - libatomic1-12.2.1+git416-150000.1.7.1 updated - libgomp1-12.2.1+git416-150000.1.7.1 updated - libitm1-12.2.1+git416-150000.1.7.1 updated - liblsan0-12.2.1+git416-150000.1.7.1 updated - container:sles15-image-15.0.0-27.14.41 updated From sle-updates at lists.suse.com Fri Mar 17 16:01:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 17:01:49 +0100 (CET) Subject: SUSE-CU-2023:708-1: Recommended update of bci/bci-init Message-ID: <20230317160149.0C212F479@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:708-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.26.5 , bci/bci-init:latest Container Release : 26.5 Severity : moderate Type : recommended References : 1208924 1208925 1208926 1208998 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:782-1 Released: Thu Mar 16 19:08:34 2023 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1208924,1208925,1208926 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:783-1 Released: Thu Mar 16 19:09:03 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1208998 This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. The following package changes have been done: - libgcrypt20-1.9.4-150400.6.8.1 updated - libgcrypt20-hmac-1.9.4-150400.6.8.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150400.7.28.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.28.1 updated - container:sles15-image-15.0.0-27.14.41 updated From sle-updates at lists.suse.com Fri Mar 17 16:02:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 17:02:04 +0100 (CET) Subject: SUSE-CU-2023:709-1: Recommended update of bci/bci-minimal Message-ID: <20230317160204.76D05F479@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:709-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.18.6 , bci/bci-minimal:latest Container Release : 18.6 Severity : moderate Type : recommended References : 1208924 1208925 1208926 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:782-1 Released: Thu Mar 16 19:08:34 2023 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1208924,1208925,1208926 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libgcrypt20-1.9.4-150400.6.8.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - container:micro-image-15.4.0-18.2 updated From sle-updates at lists.suse.com Fri Mar 17 16:02:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 17:02:49 +0100 (CET) Subject: SUSE-CU-2023:710-1: Recommended update of bci/nodejs Message-ID: <20230317160249.B43B6F479@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:710-1 Container Tags : bci/node:14 , bci/node:14-37.4 , bci/nodejs:14 , bci/nodejs:14-37.4 Container Release : 37.4 Severity : moderate Type : recommended References : 1208924 1208925 1208926 1208998 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:782-1 Released: Thu Mar 16 19:08:34 2023 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1208924,1208925,1208926 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:783-1 Released: Thu Mar 16 19:09:03 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1208998 This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. The following package changes have been done: - libgcrypt20-1.9.4-150400.6.8.1 updated - libgcrypt20-hmac-1.9.4-150400.6.8.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150400.7.28.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.28.1 updated - container:sles15-image-15.0.0-27.14.41 updated From sle-updates at lists.suse.com Fri Mar 17 16:03:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 17:03:26 +0100 (CET) Subject: SUSE-CU-2023:711-1: Recommended update of bci/nodejs Message-ID: <20230317160326.2546AF479@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:711-1 Container Tags : bci/node:16 , bci/node:16-15.4 , bci/nodejs:16 , bci/nodejs:16-15.4 Container Release : 15.4 Severity : moderate Type : recommended References : 1208924 1208925 1208926 1208998 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:782-1 Released: Thu Mar 16 19:08:34 2023 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1208924,1208925,1208926 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:783-1 Released: Thu Mar 16 19:09:03 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1208998 This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. The following package changes have been done: - libgcrypt20-1.9.4-150400.6.8.1 updated - libgcrypt20-hmac-1.9.4-150400.6.8.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150400.7.28.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.28.1 updated - container:sles15-image-15.0.0-27.14.41 updated From sle-updates at lists.suse.com Fri Mar 17 16:04:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Mar 2023 17:04:21 +0100 (CET) Subject: SUSE-CU-2023:712-1: Security update of bci/openjdk-devel Message-ID: <20230317160421.66C29F479@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:712-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-39.12 Container Release : 39.12 Severity : critical Type : security References : 1047218 1062631 1120360 1133997 1134001 1145693 1171696 1172961 1173600 1177180 1177488 1177568 1179926 1180215 1182284 1182708 1182748 1182754 1184356 1184357 1184755 1186328 1187446 1188468 1188469 1188529 1190660 1190663 1193795 1195108 1195557 1198279 1198404 1198739 1198833 1201081 1201316 1201317 1203154 1203515 1203516 1203672 1203673 1203674 1203868 1204173 1204284 1204918 1205138 1205142 1205647 1206018 1206400 1206401 1206549 1207246 1207248 1208924 1208925 1208926 1208998 CVE-2019-17566 CVE-2020-11022 CVE-2020-11023 CVE-2020-11979 CVE-2020-11987 CVE-2020-11988 CVE-2020-13956 CVE-2020-15522 CVE-2020-1945 CVE-2020-26945 CVE-2020-28052 CVE-2020-2875 CVE-2020-2933 CVE-2020-2934 CVE-2020-8908 CVE-2021-2471 CVE-2021-26291 CVE-2021-27807 CVE-2021-27906 CVE-2021-29425 CVE-2021-33813 CVE-2021-36373 CVE-2021-36374 CVE-2021-37533 CVE-2021-42550 CVE-2021-43980 CVE-2022-2047 CVE-2022-2048 CVE-2022-23437 CVE-2022-24839 CVE-2022-28366 CVE-2022-29599 CVE-2022-37865 CVE-2022-37866 CVE-2022-38398 CVE-2022-38648 CVE-2022-38752 CVE-2022-40146 CVE-2022-40149 CVE-2022-40150 CVE-2022-42252 CVE-2022-42889 CVE-2022-45685 CVE-2022-45693 CVE-2023-21835 CVE-2023-21843 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:732-1 Released: Tue Mar 14 18:06:09 2023 Summary: Recommended update for jsoup, jsr-305 Type: recommended Severity: low References: This update for jsoup, jsr-305 fixes the following issues: - Redistribute packages to fix dependency inconsistencies in some products. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:752-1 Released: Thu Mar 16 08:40:03 2023 Summary: Security update for java-11-openjdk Type: security Severity: moderate References: 1206549,1207246,1207248,CVE-2023-21835,CVE-2023-21843 This update for java-11-openjdk fixes the following issues: - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246). Bugfixes: - Remove broken accessibility sub-package (bsc#1206549). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:775-1 Released: Thu Mar 16 15:58:55 2023 Summary: Feature for updating the Java stack Type: feature Severity: critical References: 1047218,1062631,1120360,1133997,1134001,1145693,1171696,1172961,1173600,1177180,1177488,1177568,1179926,1180215,1182284,1182708,1182748,1182754,1184356,1184357,1184755,1186328,1187446,1188468,1188469,1188529,1190660,1190663,1193795,1195108,1195557,1198279,1198404,1198739,1198833,1201081,1201316,1201317,1203154,1203515,1203516,1203672,1203673,1203674,1203868,1204173,1204284,1204918,1205138,1205142,1205647,1206018,1206400,1206401,CVE-2019-17566,CVE-2020-11022,CVE-2020-11023,CVE-2020-11979,CVE-2020-11987,CVE-2020-11988,CVE-2020-13956,CVE-2020-15522,CVE-2020-1945,CVE-2020-26945,CVE-2020-28052,CVE-2020-2875,CVE-2020-2933,CVE-2020-2934,CVE-2020-8908,CVE-2021-2471,CVE-2021-26291,CVE-2021-27807,CVE-2021-27906,CVE-2021-29425,CVE-2021-33813,CVE-2021-36373,CVE-2021-36374,CVE-2021-37533,CVE-2021-42550,CVE-2021-43980,CVE-2022-2047,CVE-2022-2048,CVE-2022-23437,CVE-2022-24839,CVE-2022-28366,CVE-2022-29599,CVE-2022-37865,CVE-2022-37866,CVE-2022-38398,CVE-2022-38648,CVE-2022-38752,CVE-20 22-40146,CVE-2022-40149,CVE-2022-40150,CVE-2022-42252,CVE-2022-42889,CVE-2022-45685,CVE-2022-45693 This feature update for the Java stack provides: ant: - Update ant from version 1.10.7 to version 1.10.12. (jsc#SLE-23217) * CVE-2021-36374: Excessive memory allocation when reading a crafted ZIP archive or a derived formats. (bsc#1188469) * CVE-2021-36373: Excessive memory allocation when reading a crafted TAR archive. (bsc#1188468) * Do not follow redirects if the 'followRedirects' attribute is set to 'false'. * Make sure setting build.compiler to the fully qualified classname that corresponds to extJavac or modern has the same effect as using the shorter alias names. * Prevent potential deadlocks in org.apache.tools.ant.IntrospectionHelper. * Avoid file name canonicalization when possible. * Upgraded AntUnit to 1.4.1. * CVE-2020-11979: Fixed an insecure temporary file vulnerability. (bnc#1177180) * CVE-2020-1945: insecure temporary file vulnerability. (bsc#1171696) * sshexec, sshsession and scp now support a new sshConfig parameter. It specifies the SSH configuration file (typically ${user.home}/.ssh/config) defining the username and keyfile to be used per host. * Add rhino to the ant-apache-bsf optional tasks. (bsc#1134001) * Remove jakarta-commons-* dependencies and use apache-commons-logging and apache-commons-net in optional tasks. (bsc#1133997) * Use xml-commons-apis-bootstrap as jar in classpath instead of the common xml-apis jar. * Do not build against the log4j12 packages, use the new reload4j ant-antlr: - Update ant-antlr from version 1.10.7 to version 1.10.12. (jsc#SLE-23217) * CVE-2021-36374: Excessive memory allocation when reading a crafted ZIP archive or a derived formats. (bsc#1188469) * CVE-2021-36373: Excessive memory allocation when reading a crafted TAR archive. (bsc#1188468) * Do not follow redirects if the 'followRedirects' attribute is set to 'false'. * Make sure setting build.compiler to the fully qualified classname that corresponds to extJavac or modern has the same effect as using the shorter alias names. * Prevent potential deadlocks in org.apache.tools.ant.IntrospectionHelper. * Avoid file name canonicalization when possible. * Upgraded AntUnit to 1.4.1. * CVE-2020-11979: Fixed an insecure temporary file vulnerability. (bnc#1177180) * CVE-2020-1945: insecure temporary file vulnerability. (bsc#1171696) * sshexec, sshsession and scp now support a new sshConfig parameter. It specifies the SSH configuration file (typically ${user.home}/.ssh/config) defining the username and keyfile to be used per host. * Add rhino to the ant-apache-bsf optional tasks. (bsc#1134001) * Remove jakarta-commons-* dependencies and use apache-commons-logging and apache-commons-net in optional tasks. (bsc#1133997) * Use xml-commons-apis-bootstrap as jar in classpath instead of the common xml-apis jar. * Do not build against the log4j12 packages, use the new reload4j ant-contrib: - Fix build with apache-ivy 2.5.1 (jsc#SLE-23217) ant-junit: - Update ant-junit from version 1.10.7 to version 1.10.12. (jsc#SLE-23217) * CVE-2021-36374: Excessive memory allocation when reading a crafted ZIP archive or a derived formats. (bsc#1188469) * CVE-2021-36373: Excessive memory allocation when reading a crafted TAR archive. (bsc#1188468) * Do not follow redirects if the 'followRedirects' attribute is set to 'false'. * Make sure setting build.compiler to the fully qualified classname that corresponds to extJavac or modern has the same effect as using the shorter alias names. * Prevent potential deadlocks in org.apache.tools.ant.IntrospectionHelper. * Avoid file name canonicalization when possible. * Upgraded AntUnit to 1.4.1. * CVE-2020-11979: Fixed an insecure temporary file vulnerability. (bnc#1177180) * CVE-2020-1945: insecure temporary file vulnerability. (bsc#1171696) * sshexec, sshsession and scp now support a new sshConfig parameter. It specifies the SSH configuration file (typically ${user.home}/.ssh/config) defining the username and keyfile to be used per host. * Add rhino to the ant-apache-bsf optional tasks. (bsc#1134001) * Remove jakarta-commons-* dependencies and use apache-commons-logging and apache-commons-net in optional tasks. (bsc#1133997) * Use xml-commons-apis-bootstrap as jar in classpath instead of the common xml-apis jar. * Do not build against the log4j12 packages, use the new reload4j ant-junit5: - Update ant-junit5 from version 1.10.7 to version 1.10.12. (jsc#SLE-23217) * CVE-2021-36374: Excessive memory allocation when reading a crafted ZIP archive or a derived formats. (bsc#1188469) * CVE-2021-36373: Excessive memory allocation when reading a crafted TAR archive. (bsc#1188468) * Do not follow redirects if the 'followRedirects' attribute is set to 'false'. * Make sure setting build.compiler to the fully qualified classname that corresponds to extJavac or modern has the same effect as using the shorter alias names. * Prevent potential deadlocks in org.apache.tools.ant.IntrospectionHelper. * Avoid file name canonicalization when possible. * Upgraded AntUnit to 1.4.1. * CVE-2020-11979: Fixed an insecure temporary file vulnerability. (bnc#1177180) * CVE-2020-1945: insecure temporary file vulnerability. (bsc#1171696) * sshexec, sshsession and scp now support a new sshConfig parameter. It specifies the SSH configuration file (typically ${user.home}/.ssh/config) defining the username and keyfile to be used per host. * Add rhino to the ant-apache-bsf optional tasks. (bsc#1134001) * Remove jakarta-commons-* dependencies and use apache-commons-logging and apache-commons-net in optional tasks. (bsc#1133997) * Use xml-commons-apis-bootstrap as jar in classpath instead of the common xml-apis jar. - Do not build against the log4j12 packages, use the new reload4j antlr: - Build antlr-manual package without examples files. (bsc#1120360) antlr3: - Build with source and target levels 8 (jsc#SLE-23217) antlr4: - Update antlr4 from version 4.7.2 to version 4.9.3. (jsc#SLE-23217) * The libantlr4-runtime-devel now requires utfcpp-devel * For more details check: https://github.com/antlr/antlr4/compare/4.7.2...4.9.3 aopalliance: - Build with source and target levels 8 (jsc#SLE-23217) apache-commons-beanutils: - Provide apache-commons-beanutils 1.9.4 and solve installation issues. (jsc#SLE-23217) - There are no source changes. apache-commons-cli: - Update apache-commons-cli from version 1.4 to version 1.5.0. (jsc#SLE-23217) * Replace deprecated FindBugs with SpotBugs * Replace CLIRR with JApiCmp. * Update Java from version 5 to 7 * Remove deprecated sudo setting * Bump junit:junit to 4.13.2 * Bump commons-parent to 52 * Bump maven-pmd-plugin to 3.15.0 * Bump actions/checkout to v2.3.5 * Bump actions/setup-java to v2 * Bump maven-antrun-plugin to 3.0.0 * Bump maven-checkstyle-plugin to 3.1.2 * Bump checkstyle to 9.0.1 * Bump actions/cache to 2.1.6 * Bump commons.animal-sniffer.version to 1.20 * Bump maven-bundle-plugin to 5.1.2 * Bump biz.aQute.bndlib.version to 6.0.0 * Bump spotbugs to 4.4.2 * Bump spotbugs-maven-plugin to 4.4.2.2 * Add OSGi manifest to the build files. * Set java source/target levels to 6 apache-commons-codec: - Update apache-commons-codec from version 1.11 to version 1.15. (jsc#SLE-23217) * Do not alias the artifact to itself * Base16Codec and Base16Input/OutputStream. * Hex encode/decode with existing arrays. * Base32/Base64 Input/OutputStream: Added strict decoding property to control handling of trailing bits. Default lenient mode discards them without error. Strict mode raise an exception. * Update tests from JUnit to 4.13. * Update actions/checkout to v2.3.2 * Update actions/setup-java to v1.4.1. * MurmurHash3: Deprecate hash64 methods and hash methods accepting a String that use the default encoding. * Allow repeat calls to MurmurHash3.IncrementalHash32.end() to generate the same value. * Add RandomAccessFile digest methods * Add Path APIs to org.apache.commons.codec.digest.DigestUtils similar to File APIs. * Add SHA-512/224 and SHA-512/256 to DigestUtils for Java 9 and up. * Deprecate Charset constants in org.apache.commons.codec.Charsets in favor of java.nio.charset.StandardCharsets. * Reject any decode request for a value that is impossible to encode to for Base32/Base64. * MurmurHash2 for 32-bit or 64-bit value. * MurmurHash3 for 32-bit or 128-bit value. * Update from Java 6 to Java 7. * Add Percent-Encoding Codec (described in RFC3986 and RFC7578) * Add SHA-3 methods in DigestUtils. apache-commons-collections4: - Build with source and target levels 8 (jsc#SLE-23217) apache-commons-collections: - Do not use a dummy pom that only declares dependencies for the testframework artifact apache-commons-compress: - Remove support for pack200 which depends on old asm3. (jsc#SLE-23217) apache-commons-configuration: - Build with source and target levels 8 (jsc#SLE-23217) apache-commons-csv: - Provide apache-commons-csv version 1.9.0 (jsc#SLE-23217) apache-commons-daemon: - Update apache-commons-daemon from version 1.0.15 to version 1.2.4. (jsc#SLE-23217) * Build with source/target levels 8 * Ensure that log messages written to stdout and stderr are not lost during start-up. * Enable the service to start if the Options value is not present in the registry. * jsvc. Don't fail if the CAP_DAC_READ_SEARCH capability is not available. Fall back to using argv[0] rather than /proc/self/exe to determine the path for the current binary. * Improved JRE/JDK detection to support increased range of both JVM versions and vendors * Correct multiple issues related to enabling a service to interact with the desktop. Provide a better error message if this option is used with an invalid user, install the service with the option enabled if requested and correctly save the setting if it is enabled in the GUI. * Update the list of paths searched for libjvm.so to include the path used by OpenJDK 11. * Add additional debug logging for Java start mode. * Remove incorrect definition 'supported_os' which defined in psupport.m4 file to fix jsvc build error on s390, arm, aarch64, mipsel and mips. * More debug logging in prunsrv.c and javajni.c. * Update arguments.c to support Java 11 --enable-preview. * jsvc and Procrun: ad support for Java native memory tracking. * Procrun. Add a new command, print, that outputs the command to (re-)configure the service with the current settings. This is intended to be used to save settings such as before an upgrade. * Update: Update Commons-Parent to version 49. * Add AArch64 support to src/native/unix/support/apsupport.m4. * Procrun. When running in jre mode, if the standard Java registry entries for JavaHome and RuntimeLib are not present, attempt to use the Procrun JavaHome key to find the runtime library. * Procrun. Add an option to configure the service to use the 'Automatic (Delayed Start)' startup mode. * jsvc. Include the full path to the jsvc executable in the debug log. * Remove support for building Procrun for the Itanium platform. apache-commons-dbcp: - Provide apache-commons-dbcp version 2.1.1 and solve installation issues. (jsc#SLE-23217) - There are no source changes. apache-commons-digester: - Build with source and target levels 8 (jsc#SLE-23217) apache-commons-el: - Build with source and target levels 8 (jsc#SLE-23217) apache-commons-exec: - Build with source and target levels 8 (jsc#SLE-23217) apache-commons-fileupload: - Build with source and target levels 8 (jsc#SLE-23217) apache-commons-io: - Update apache-commons-io from version 2.6 to version 2.11.0. (jsc#SLE-23217) * CVE-2021-29425: Limited path traversal in Apache Commons IO (bsc#1184755) * Java 8 or later is required * This update provides several fixes and enhancements. For a full overview please, visit: https://commons.apache.org/proper/commons-io/changes-report.html apache-commons-jexl: - Build with source and target levels 8 (jsc#SLE-23217) apache-commons-lang3: - Update apache-commons-lang3 from version 3.8.1 to version 3.12.0. (jsc#SLE-23217) * Remove the junit bom dependency as it breaks the build of other packages like log4j. * Fix component version in default.properties to 3.12 * Add BooleanUtils.booleanValues(). * Add BooleanUtils.primitiveValues(). * Add StringUtils.containsAnyIgnoreCase(CharSequence, CharSequence...). * Add StopWatch.getStopTime(). * Add fluent-style ArraySorter. * Add and use LocaleUtils.toLocale(Locale) to avoid NPEs. * Add FailableShortSupplier, handy for JDBC APIs. * Add JavaVersion.JAVA_17. * Add missing boolean[] join method. * Add StringUtils.substringBefore(String, int). * Add Range.INTEGER. * Add DurationUtils. * Introduce the use of @Nonnull, and @Nullable, and the Objects class as a helper tool. * Add and use true and false String constants. * Add and use ObjectUtils.requireNonEmpty(). * Correct implementation of RandomUtils.nextLong(long, long). * Restore handling of collections for non-JSON ToStringStyle. * ContextedException Javadoc add missing semicolon. * Resolve JUnit pioneer transitive dependencies using JUnit BOM. * NumberUtilsTest - incorrect types in min/max tests. * Improve StringUtils.stripAccents conversion of remaining accents. * StringUtils.countMatches - clarify Javadoc. * Remove redundant argument from substring call. * BigDecimal is created when you pass it the min and max values. * TypeUtils.isAssignable returns wrong result for GenericArrayType and ParameterizedType. * testGetAllFields and testGetFieldsWithAnnotation sometimes fail. * TypeUtils. containsTypeVariables does not support GenericArrayType. * Refine StringUtils.lastIndexOfIgnoreCase. * Refine StringUtils.abbreviate. * Refine StringUtils.isNumericSpace. * Refine StringUtils.deleteWhitespace. * MethodUtils.invokeMethod NullPointerException in case of null in args list. * Fix 2 digit week year formatting. * Add and use ThreadUtils.sleep(Duration). * Add and use ThreadUtils.join(Thread, Duration). * Add ObjectUtils.wait(Duration). * ArrayUtils.toPrimitive(Object) does not support boolean and other types. * Processor.java: check enum equality with == instead of .equals() method. * Use own validator ObjectUtils.anyNull to check null String input. * Add ArrayUtils.isSameLength() to compare more array types. * Added the Locks class as a convenient possibility to deal with locked objects. * Add to Functions: FailableBooleanSupplier, FailableIntSupplier, FailableLongSupplier, FailableDoubleSupplier... * Add ArrayUtils.get(T[], index, T) to provide an out-of-bounds default value. * Add JavaVersion enum constants for Java 14, 15 and 16. * Use Java 8 lambdas and Map operations. * Change removeLastFieldSeparator to use endsWith. * Change a Pattern to a static final field, for not letting it compile each time the function invoked. * Add ImmutablePair factory methods left() and right(). * Add ObjectUtils.toString(Object, Supplier). * Add org.apache.commons.lang3.StringUtils.substringAfter(String, int). * Add org.apache.commons.lang3.StringUtils.substringAfterLast(String, int). * Use StandardCharsets.UTF_8. * Use Collections.singletonList insteadof Arrays.asList when there be only one element. * Change array style from `int a[]` to `int[] a`. * Change from addAll to constructors for some List. * Simplify if as some conditions are covered by others. * Fixed Javadocs for setTestRecursive(). * ToStringBuilder.reflectionToString - Wrong JSON format when object has a List of Enum. * Make org.apache.commons.lang3.CharSequenceUtils.toCharArray(CharSequence) public. * Update actions/cache from v2 to v2.1.4. * Update actions/checkout from v2.3.1 to v2.3.4. * Update actions/setup-java from v1.4.0 to v1.4.2. * Update biz.aQute.bndlib from 5.1.1 to 5.3.0. * Update com.puppycrawl.tools:checkstyle to 8.34. * Update commons.jacoco.version 0.8.5 to 0.8.6 (Fixes Java 15 builds). * Update commons.japicmp.version to 0.15.2. * Update jmh.version from 1.21 to 1.27. * Update junit-bom from 5.7.0 to 5.7.1. * Update junit-jupiter to 5.7.0. * Update junit-pioneer to 1.3.0. * Update maven-checkstyle-plugin to 3.1.2. * Update maven-pmd-plugin from 3.13.0 to 3.14.0. * Update maven-surefire-plugin 2.22.2 -> 3.0.0-M5. * Update org.apache.commons:commons-parent to 51. * Update org.easymock:easymock to 4.2. * Update org.hamcrest:hamcrest 2.1 -> 2.2. * Update org.junit.jupiter:junit-jupiter to 5.6.2. * Update spotbugs to 4.2.1. * Update spotbugs-maven-plugin from 4.0.0 to 4.2.0. * Add ExceptionUtils.throwableOfType(Throwable, Class) and friends. * Add EMPTY_ARRAY constants to classes in org.apache.commons.lang3.tuple. * Add null-safe StringUtils APIs to wrap String#getBytes([Charset|String]). * Add zero arg constructor for org.apache.commons.lang3.NotImplementedException. * Add ArrayUtils.addFirst() methods. * Add Range.fit(T) to fit a value into a range. * Added Functions.as*, and tests thereof, as suggested by Peter Verhas * Add getters for lhs and rhs objects in DiffResult. * Generify builder classes Diffable, DiffBuilder, and DiffResult. * Add ClassLoaderUtils with toString() implementations. * Add null-safe APIs as StringUtils.toRootLowerCase(String) and StringUtils.toRootUpperCase(String). * Add org.apache.commons.lang3.time.Calendars. * Add EnumUtils getEnum() methods with default values. * Added indexesOf methods and simplified removeAllOccurences. * Add support of lambda value evaluation for defaulting methods. * Add factory methods to Pair classes with Map.Entry input. * Add StopWatch convenience APIs to format times and create a simple instance. * Allow a StopWatch to carry an optional message. * Add ComparableUtils. * Add org.apache.commons.lang3.SystemUtils.getUserName(). * Add ObjectToStringComparator. * Add org.apache.commons.lang3.arch.Processor.Arch.getLabel(). * Add IS_JAVA_14 and IS_JAVA_15 to org.apache.commons.lang3.SystemUtils. * ObjectUtils: Get first non-null supplier value. * Added the Streams class, and Functions.stream() as an accessor thereof. * Make test more stable by wrapping assertions in hashset. * Use synchronize on a set created with Collections.synchronizedSet before iterating. * StringUtils.unwrap incorrect throw StringIndexOutOfBoundsException. * StringIndexOutOfBoundsException in StringUtils.replaceIgnoreCase. * StringUtils.removeIgnoreCase('?a', 'a') throws IndexOutOfBoundsException. * StringUtils abbreviate returns String of length greater than maxWidth. * Deprecate org.apache.commons.lang3.ArrayUtils.removeAllOccurences(*) for org.apache.commons.lang3.ArrayUtils.removeAllOccurrences(*). * Requires jdk >= 1.8 * Add more SystemUtils.IS_JAVA_XX variants * Adding the Functions class * Add @FunctionalInterface to ThreadPredicate and ThreadGroupPredicate * Add isEmpty method to ObjectUtils * null-safe StringUtils.valueOf(char[]) to delegate to String.valueOf(char[]). * Add API org.apache.commons.lang3.SystemUtils.isJavaVersionAtMost(JavaVersion) * Consolidate the StringUtils equals and equalsIgnoreCase * Add OSGi manifest apache-commons-logging: - Do not build against the log4j12 packages, use the new reload4j (jsc#SLE-23217) apache-commons-math: - Provide apache-commons-math version 3.6.1 (jsc#SLE-23217) apache-commons-net: - Update from version 3.6 to version 3.9.0 (jsc#SLE-23217) * CVE-2021-37533: FTP client trusts the host from PASV response by default (bsc#1206018) * Build with source and target levels 8 apache-commons-ognl: - Provide apache-commons-ognl version 4.0-20191021git51cf8f4. (jsc#SLE-23217) apache-commons-parent: - Update apache-commons-parent from version 47 to version 52. (jsc#SLE-23217) * For a full changelog, please visit: https://github.com/apache/commons-parent/compare/commons-parent-47...rel/commons-parent-52 apache-commons-pool2: - Provide apache-commons-pool2 2.4.2 and solve installation issues. (jsc#SLE-23217) - There are no source changes. apache-commons-text: - Provide apache-commons-text version 1.10.0 (jsc#SLE-23217) * CVE-2022-42889: code execution when processing untrusted input due to insecure interpolation defaults. (bsc#1204284) * This is a new dependency of maven-javadoc-plugin. * Build with ant in order to avoid build cycles. apache-ivy: - Upgrade from version 2.4.0 to version 2.5.1. (jsc#SLE-23217) * CVE-2022-37866: path traversal via user-supplied pattern (bsc#1205142) * CVE-2022-37865: apache-ivy: Apache Ivy allow create/overwrite any file on the system. (bsc#1205138) * Breaking: + Removed old `fr\jayasoft\ivy\ant\antlib.xml` AntLib definition file. * Force building with JDK < 14, since it imports statically a class removed in JDK14. * Change dependencies for the httpclient to httpcomponents-client instead of apache-commons-httpclient. apache-logging-parent: - Update apache-logging-parent from version 2 to version 5. (jsc#SLE-23217) * Do not require maven-local, since it can be handled by javapackages-local apache-parent: - Check upstream source signature apache-pdfbox: - Update apache-pdfbox from version 1.8.16 to version 2.0.23. (jsc#SLE-23217) * CVE-2021-27807: infinite loop while loading a crafted PDF file. (bsc#1184356) * CVE-2021-27906: OutOfMemory-Exception while loading a crafted PDF file. (bsc#1184357) * Fix build with bouncycastle 1.71 and the new bcutil artifact * Build with source/target levels 8 * Package all resources in pdfbox module * Improve document signing * Allow reuse of subsetted fonts by inverting the ToUnicode CMap * Improve performance in signature validation * Add more checks to PDFXrefStreamParser and reduce memory footprint * Use StringBuilder for key in PDDeviceN.toRGBWithTintTransform() * Don't use RGB loop in PDDeviceN.toRGBWithTintTransform() * Add source signature and keyring * Move from 1.x release line to the 2.x one. This is a ABI change * Generate the ant build system from the maven one and customize it. apache-resource-bundles: - Provide apache-resource-bundles version 2 (jsc#SLE-23217) * This package contains templates for generating necessary license files and notices for all Apache releases. * This is a build dependency of apache-sshd apache-sshd: - Provide apache-sshd version 2.7.0 as dependency of eclipse-jgit (jsc#SLE-23217) apiguardian: - Build with source and target levels 8 (jsc#SLE-23217) aqute-bnd: - Update aqute-bnd from version 3.5.0 to version 5.2.0. (jsc#SLE-23217) * ant plugin is in separate artifact. * Produce bytecode compatible with Java 8 * Port to OSGI 7.0.0 * Require aqute-bndlib args4j: - Build with source and target levels 8 (jsc#SLE-23217) asm3: - Build with source and target levels 8 (jsc#SLE-23217) atinject: - Update atinject from version 1+20100611git1f74ea7 to version 1+20160610git1f74ea7. (jsc#SLE-23217) * Alias to the new jakarta name * Fetch the sources using a source service * Do not use the upstream build.sh, but use it to write a necessary part directly to the spec file * Build with source/target levels 8 * Fix build with javadoc 17. auto: - Update auto from version 1.3 to version 1.6.1. (jsc#SLE-23217) * Provide the auto-value-annotations artifact needed by google-errorprone * Provide auto-service-annotations and fix dependencies issues. avalon-framework: - Do not build against the log4j12 packages, use the new reload4j. (jsc#SLE-23217) avalon-logkit: - Do not build against the log4j12 packages, use the new reload4j. (jsc#SLE-23217) - Do not build the org.apache.log.output.lf5 package aws-sdk-java: - Build with java source and target levels 8. (jsc#SLE-23217) - Build against the standalone JavaEE modules unconditionally - Double the maximum memory for javadoc to avoid out-of-memory on certain architectures - Force generating javadoc with maven-javadoc-plugin, since the xmvn javadoc mojo doesn't work here. axis: - Require glassfish-activation-api in order to prevent missing APIs when running the ant task. (jsc#SLE-23217) - Unify the dependency on glassfish-activation-api instead of jaf and gnu-jaf. (jsc#SLE-23217) - On systems where the JavaEE modules exist, allow building against newer versions of APIs (jsc#SLE-23217) - Alias relevant artifacts to org.apache.axis (jsc#SLE-23217) - Do not build against the log4j12 packages, use the new reload4j (jsc#SLE-23217) - Require Java >= 1.8 (jsc#SLE-23217) base64coder: - Provide base64coder 20101219 and solve installation issues. (jsc#SLE-23217) - There are no source changes. beust-jcommander: - Provide beust-jcommander 1.71 and solve installation issues. (jsc#SLE-23217) - There are no source changes. bnd-maven-plugin: - Update bnd-maven-plugin from version 3.5.2 to version 5.2.0. (jsc#SLE-23217) * Produce bytecode compatible with Java 8 * Port to OSGI 7.0.0 * Require maven-mapping bouncycastle: - Update bouncycastle from version 1.64 to version 1.71. (jsc#SLE-23217) * Relevant fixes - CVE-2020-28052: OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password. (bsc#1180215) - CVE-2020-15522: Timing issue within the EC math library. (bsc#1186328) - Blake 3 output limit is enforced. - The PKCS12 KeyStore was relying on default precedence for its key Cipher implementation so was sometimes failing if used from the keytool. The KeyStore class now makes sure it uses the correct Cipher implementation. - ASN.1: More robust handling of high tag numbers and definite-length forms. - BCJSSE: Don't log sensitive system property values (GH#976). - The IES AlgorithmParameters object has been re-written to properly support all the variations of IESParameterSpec. - PGPPublicKey.getBitStrength() now properly recognises EdDSA keys. - In line with GPG the PGP API now attempts to preserve comments containing non-ascii UTF8 characters. - An accidental partial dependency on Java 1.7 has been removed from the TLS API. - Lightweight and JCA conversion of Ed25519 keys in the PGP API could drop the leading byte as it was zero. This has been fixed. - Marker packets appearing at the start of PGP public key rings could cause parsing failure. This has been fixed. - ESTService could fail for some valid Content-Type headers. This has been fixed. - CertificateFactory.generateCertificates()/generateCRLs() would throw an exception if extra data was found at the end of a PEM file even if valid objects had been found. Extra data is now ignored providing at least one object found. - PGP ArmoredInputStream now fails earlier on malformed headers. - Ed25519 keys being passed in via OpenSSH key spec are now validated in the KeyFactory. - Blowfish keys are now range checked on cipher construction. - The BasicConstraintsValidation class in the BC cert path validation tools has improved conformance to RFC 5280. - Fix various conversions and interoperability for XDH and EdDSA between BC and SunEC providers. - TLS: Prevent attempts to use KeyUpdate mechanism in versions before TLS 1.3. - Some BigIntegers utility methods would fail for BigInteger.ZERO. This has been fixed. - PGPUtil.isKeyRing() was not detecting secret sub-keys in its input. This has been fixed. - BCJSSE: Lock against multiple writers - a possible synchronization issue has been removed. - Certificates/CRLs with short signatures could cause an exception in toString() in the BC X509 Certificate implmentation - In line with latest changes in the JVM, SignatureSpis which don't require parameters now return null on engineGetParameters() - The RSA KeyFactory now always preferentially produces RSAPrivateCrtKey where it can on requests for a KeySpec based on an RSAPrivateKey - CMSTypedStream$FullReaderStream now handles zero length reads correctly - CMS with Ed448 using a direct signature was using id-shake256-len rather than id-shake256. - Use of GCMParameterSpec could cause an AccessControlException under some circumstances. - DTLS: Fixed high-latency HelloVerifyRequest handshakes. - An encoding bug for rightEncoded() in KMAC has been fixed. - For a few values the cSHAKE implementation would add unnecessary pad bytes where the N and S strings produced encoded data that was block aligned. - DLExternal would encode using DER encoding for tagged SETs. - ChaCha20Poly1305 could fail for large (>~2GB) files. - ChaCha20Poly1305 could fail for small updates when used via the provider. - Properties.getPropertyValue could ignore system property when other local overrides set. - The entropy gathering thread was not running in daemon mode, meaning there could be a delay in an application shutting down due to it. - A recent change in Java 11 could cause an exception with the BC Provider's implementation of PSS. - BCJSSE: TrustManager now tolerates having no trusted certificates. - BCJSSE: Choice of credentials and signing algorithm now respect the peer's signature_algorithms extension properly. * Additional Features and Functionality - Missing PGP CRC checksums can now be optionally ignored using setDetectMissingCRC() (default false) on ArmoredInputStream. - PGPSecretKey.copyWithNewPassword() now has a variant which uses USAGE_SHA1 for key protection if a PGPDigestCalculator is passed in. - PGP ASCII armored data now skips '\t', '\v', and '\f'. - PKCS12 files with duplicate localKeyId attributes on certificates will now have the incorrect attributes filtered out, rather than the duplicate causing an exception. - PGPObjectFactory will now ignore packets representing unrecognised signature versions in the input stream. - The X.509 extension generator will now accumulate some duplicate X.509 extensions into a single extension where it is possible to do so. - Removed support for maxXofLen in Kangaroo digest. - Ignore marker packets in PGP Public and Secret key ring collection. - An implementation of LEA has been added to the low-level API. - Access, recovery, and direct use for PGP session keys has been added to the OpenPGP API for processing encrypted data. - A PGPCanonicalizedDataGenerator has been added which converts input into canonicalized literal data for text and UTF-8 mode. - A getUserKeyingMaterial() method has been added to the KeyAgreeRecipientInformation class. - ASN.1: Tagged objects (and parsers) now support all tag classes. Special code for ApplicationSpecific has been deprecated and re-implemented in terms of TaggedObject. - ASN.1: Improved support for nested tagging. - ASN.1: Added support for GraphicString, ObjectDescriptor, RelativeOID. - ASN.1: Added support for constructed BitString encodings, including efficient parsing for large values. - TLS: Added support for external PSK handshakes. - TLS: Check policy restrictions on key size when determining cipher suite support. - A performance issue in KeccakDigest due to left over debug code has been identified and dealt with. - BKS key stores can now be used for collecting protected keys (note: any attempt to store such a store will cause an exception). - A method for recovering user keying material has been added to KeyAgreeRecipientInformation. - Support has been added to the CMS API for SHA-3 based PLAIN-ECDSA. - The low level BcDefaultDigestProvider now supports the SHAKEfamily of algorithms and the SM3 alogirthm. - PGPKeyRingGenerator now supports creation of key-rings with direct-key identified keys. - The PQC NIST candidate, signature algorithm SPHINCS+ has been added to the low-level API. - ArmoredInputStream now explicitly checks for a '\n' if in crLF mode. - Direct support for NotationDataOccurances, Exportable,Revocable, IntendedRecipientFingerPrints, and AEAD algorithm preferences has been added to PGPSignatureSubpacketVector. - Further support has been added for keys described using S-Expressions in GPG 2.2.X. - Support for OpenPGP Session Keys from the (draft) Stateless OpenPGP CLI has been added. - Additional checks have been added for PGP marker packets in the parsing of PGP objects. - A CMSSignedData.addDigestAlgorithm() has been added to allow for adding additional digest algorithm identifiers to CMS SignedData structures when required. - Support has been added to CMS for the LMS/HSS signature algorithm. - The system property 'org.bouncycastle.jsse.client.assumeOriginalHostName' (default false) has been added for dealing with SNI problems related to the host name not being propagate by the JVM. - The JcePKCSPBEOutputEncryptorBuilder now supports SCRYPT with ciphers that do not have algorithm parameters (e.g. AESKWP). - Support is now added for certificates using ETSI TS 103 097, 'Intelligent Transport Systems (ITS)' in the bcpkix package. - Added support for OpenPGP regular expression signature packets. - added support for OpenPGP PolicyURI signature packets. - A utility method has been added to PGPSecretKeyRing to allow for inserting or replacing a PGPPublicKey. - The NIST PQC Finalist, Classic McEliece has been added to the low level API and the BCPQC provider. - The NIST PQC Alternate Candidate, SPHINCS+ has been added to the BCPQC provider. - The NIST PQC Alternate Candidate, FrodoKEM has been added to the low level API and the BCPQC provider. - The NIST PQC Finalist, SABER has been added to the low level API and the BCPQC provider. - KMAC128, KMAC256 has been added to the BC provider (empty customization string). - TupleHash128, TupleHash256 has been added to the BC provider (empty customization string). - ParallelHash128, ParallelHash256 has been added to the BC provider (empty customization string, block size 1024 bits). - Two new properties: 'org.bouncycastle.rsa.max_size' (default 15360) and 'org.bouncycastle.ec.fp_max_size' (default 1042) have been added to cap the maximum size of RSA and EC keys. - RSA modulus are now checked to be provably composite using the enhanced MR probable prime test. - Imported EC Fp basis values are now validated against the MR prime number test before use. The certainty level of the prime test can be determined by 'org.bouncycastle.ec.fp_certainty' (default 100). - The BC entropy thread now has a specific name: 'BC-ENTROPY-GATHERER'. - Utility methods have been added for joining/merging PGP public keys and signatures. - Blake3-256 has been added to the BC provider. - DTLS: optimisation to delayed handshake hash. - Further additions to the ETSI 102 941 support in the ETSI/ITS package: certification request, signed message generation and verification now supported. - CMSSignedDataGenerator now supports the direct generation of definite-length data. - The NetscapeCertType class now has a hasUsages() method on it for querying usage settings on its bit string. - Support for additional input has been added for deterministic (EC)DSA. - The OpenPGP API provides better support for subkey generation. - BCJSSE: Added boolean system properties 'org.bouncycastle.jsse.client.dh.disableDefaultSuites' and 'org.bouncycastle.jsse.server.dh.disableDefaultSuites'. Default 'false'. Set to 'true' to disable inclusion of DH cipher suites in the default cipher suites for client/server respectively. - GCM-SIV has been added to the lightweight API and the provider. - Blake3 has been added to the lightweight API. - The OpenSSL PEMParser can now be extended to add specialised parsers. - Base32 encoding has now been added, the default alphabet is from RFC 4648. - The KangarooTwelve message digest has been added to the lightweight API. - An implementation of the two FPE algorithms, FF1 and FF3-1 in SP 800-38G has been added to the lightweight API and the JCE provider. - An implementation of ParallelHash has been added to the lightweight API. - An implementation of TupleHash has been added to the lightweight API. - RSA-PSS now supports the use of SHAKE128 and SHAKE256 as the mask generation function and digest. - ECDSA now supports the use of SHAKE128 and SHAKE256. - PGPPBEEncryptedData will now reset the stream if the initial checksum fails so another password can be tried. - Iterators on public and secret key ring collections in PGP now reflect the original order of the public/secret key rings they contain. - KeyAgreeRecipientInformation now has a getOriginator() method for retrieving the underlying orginator information. - PGPSignature now has a getDigestPrefix() method for people wanting exposure to the signature finger print details. - The old BKS-V1 format keystore is now disabled by default. If you need to use BKS-V1 for legacy reasons, it can be re-enabled by adding: org.bouncycastle.bks.enable_v1=true to the java.security file. We would be interested in hearing from anyone that needs to do this. - PLAIN-ECDSA now supports the SHA3 digests. - Some highlevel support for RFC 4998 ERS has been added for ArchiveTimeStamp and EvidenceRecord. The new classes are in the org.bouncycastle.tsp.ers package. - ECIES has now also support SHA256, SHA384, and SHA512. - digestAlgorithms filed in CMS SignedData now includes counter signature digest algorithms where possible. - A new property 'org.bouncycastle.jsse.config' has been added which can be used to configure the BCJSSE provider when it is created using the no-args constructor. - In line with changes in OpenSSL 1.1.0, OpenSSLPBEParametersGenerator can now be configured with a digest. - PGPKeyRingGenerator now includes a method for adding a subkey with a primary key binding signature. - Support for ASN.1 PRIVATE tags has been added. - Performance enhancements to Nokeon, AES, GCM, and SICBlockCipher. - Support for ecoding/decoding McElieceCCA2 keys has been added to the PQC API - BCJSSE: Added support for jdk.tls.maxCertificateChainLength system property (default is 10). - BCJSSE: Added support for jdk.tls.maxHandshakeMessageSize system property (default is 32768). - BCJSSE: Added support for jdk.tls.client.enableCAExtension (default is 'false'). - BCJSSE: Added support for jdk.tls.client.cipherSuites system property. - BCJSSE: Added support for jdk.tls.server.cipherSuites system property. - BCJSSE: Extended ALPN support via standard JSSE API to JDK 8 versions after u251/u252. - BCJSSE: Key managers now support EC credentials for use with TLS 1.3 ECDSA signature schemes (including brainpool). - TLS: Add TLS 1.3 support for brainpool curves per RFC 8734. - BCJSSE: Added support for system property com.sun.net.ssl.requireCloseNotify. Note that we are using a default value of 'true'. - BCJSSE: 'TLSv1.3' is now a supported protocol for both client and server. For now it is only enabled by default for the 'TLSv1.3' SSLContext, but can be explicitly enabled using 'setEnabledProtocols' on an SSLSocket or SSLEngine, or via SSLParameters. - BCJSSE: Session resumption is now also supported for servers in TLS 1.2 and earlier. For now it is disabled by default, and can be enabled by setting the boolean system property org.bouncycastle.jsse.server.enableSessionResumption to 'true'. - The provider RSA-PSS signature names that follow the JCA naming convention. - FIPS mode for the BCJSSE now enforces namedCurves for any presented certificates. - PGPSignatureSubpacketGenerator now supports editing of a pre-existing sub-packet list. - Performance improvement of Argon2 and Noekeon - A setSessionKeyObfuscation() method has been added to PublicKeyKeyEncryptionMethodGenerator to allow turning off of session key obfuscation (default is on, method primarily to get around early version GPG issues with AES-128 keys) - Implemented 'safegcd' constant-time modular inversion (as well as a variable-time variant). It has replaced Fermat inversion in all our EC code, and BigInteger.modInverse in several other places, particularly signers. This improves side-channel protection, and also gives a significant performance boost - Performance of custom binary ECC curves and Edwards Curves has been improved - BCJSSE: New boolean system property 'org.bouncycastle.jsse.keyManager.checkEKU' allows to disable ExtendedKeyUsage restrictions when selecting credentials (although the peer may still complain) - Initial support has been added for 'Composite Keys and Signatures For Use In Internet PKI' using the test OID. Please note there will be further refinements to this as the draft is standardised - The BC EdDSA signature API now supports keys implementing all methods on the EdECKey and XECKey interfaces directly - Further optimization work has been done on GCM - A NewHope based processor, similar to the one for Key Agreement has been added for trying to 'quantum hard' KEM algorithms - PGP clear signed signatures now support SHA-224 - Treating absent vs NULL as equivalent can now be configured by a system property. By default this is not enabled - Mode name checks in Cipher strings should now make sure an improper mode name always results in a NoSuchAlgorithmException - In line with changes in OpenSSL, the OpenSSLPBKDF now uses UTF8 encoding - The qTESLA signature algorithm has been updated to v2.8 (20191108). - BCJSSE: Client-side OCSP stapling now supports status_request_v2 extension. - Support has been added for 'ocsp.enable', 'ocsp.responderURL' and PKIXRevocationChecker for users of Java 8 and later. - Support has been added for 'org.bouncycastle.x509.enableCRLDP' to the PKIX validator. - BCJSSE: Now supports system property 'jsse.enableFFDHE' - BCJSSE: Now supports system properties 'jdk.tls.client.SignatureSchemes' and 'jdk.tls.server.SignatureSchemes'. - Multi-release support has been added for Java 11 XECKeys. - Multi-release support has been added for Java 15 EdECKeys. - The MiscPEMGenerator will now output general PrivateKeyInfo structures. - A new property 'org.bouncycastle.pkcs8.v1_info_only' has been added to make the provider only produce version 1 PKCS8 PrivateKeyInfo structures. - The PKIX CertPathBuilder will now take the target certificate from the target constraints if a specific certificate is given to the selector. - BCJSSE: A range of ARIA and CAMELLIA cipher suites added to supported list. - BCJSSE: Now supports the PSS signature schemes from RFC 8446 (TLS 1.2 onwards). - Performance of the Base64 encoder has been improved. - The PGPPublicKey class will now include direct key signatures when checking for key expiry times. - LMS and HSS (RFC 8554) support has been added to the low level library and the PQC provider. - SipHash128 support has been added to the low level library and the JCE provider. - BCJSSE: BC API now supports explicitly specifying the session to resume. - BCJSSE: Ed25519, Ed448 are now supported when TLS 1.2 or higher is negotiated (except in FIPS mode). - BCJSSE: Added support for extended_master_secret system properties: jdk.tls.allowLegacyMasterSecret, jdk.tls.allowLegacyResumption, jdk.tls.useExtendedMasterSecret. - BCJSSE: Ed25519, Ed448 are now supported when TLS 1.2 or higher is negotiated (except in FIPS mode). - BCJSSE: KeyManager and TrustManager now check algorithm constraints for keys and certificate chains. - BCJSSE: KeyManager selection of server credentials now prefers matching SNI hostname (if any). - BCJSSE: KeyManager may now fallback to imperfect credentials (expired, SNI mismatch). - BCJSSE: Client-side OCSP stapling support (beta version: via status_request extension only, provides jdk.tls.client.enableStatusRequestExtension, and requires CertPathBuilder support). - TLS: DSA in JcaTlsCrypto now falls back to stream signing to work around NoneWithDSA limitations in default provider. * Notes - The deprecated QTESLA implementation has been removed from the BCPQC provider. - The submission update to SPHINCS+ has been added. This changes the generation of signatures - particularly deterministic ones. - While this release should maintain source code compatibility, developers making use of some parts of the ASN.1 library will find that some classes need recompiling. Apologies for the inconvenience. - There is a small API change in the PKIX package to the DigestAlgorithmIdentifierFinder interface as a find() method that takes an ASN1ObjectIdentifier has been added to it. For people wishing to extend their own implementations, see DefaultDigestAlgorithmIdentifierFinder for a sample implementation. - A version of the bcmail API supporting Jakarta Mail has now been added (see bcjmail jar). - Some work has been done on moving out code that does not need to be in the provider jar. This has reduced the size of the provider jar and should also make it easier for developers to patch the classes involved as they no longer need to be signed. bcpkix and bctls are both dependent on the new bcutil jar. - The qTESLA update breaks compatibility with previous versions. Private keys now include a hash of the public key at the end, and signatures are no longer interoperable with previous versions. - Add build dependencies on mvn(jakarta.activation:jakarta.activation-api) and mvn(jakarta.mail:jakarta.mail-api) - Remove unneeded script bouncycastle_getpoms.sh from sources - Build against the standalone JavaEE modules unconditionally - Build with source/target levels 8 - Add glassfish-activation-api dependency so that we can build with JDK that does not contain the JavaEE modules - Add bouncycastle_getpoms.sh to get pom files from Maven repos - Add OSGi manifests to the distributed jars so that they can be used from eclipse (default enabled protocols). bsf: - Provide bsf 2.4.0 and solve installation issues. (jsc#SLE-23217) - There are no source changes. bsh2: - Provide bsh2 2.0.0.b6 and solve installation issues. (jsc#SLE-23217) - There are no source changes. cal10n: - Update cal10n from version 0.7.7 to version 0.8.1.10. (jsc#SLE-23217) * Fetch sources using source service from ch.qos git * Upgrade to the 10th commit after 0.8.1 calling it 0.8.1.10 * Add the cal10n-ant-task to built artifacts * This release adds JSR-269 support. In other words, verification of bundles can be performed at compilation time. See the related documentation for more details. * Fix issue with Eclipse not finding existing resources. Eclipse will find bundles located under 'src/main/resources' but still fail to find bundles located under 'src/test/resources/'. * When reading in bundles, the verify method in MessageKeyVerifier now uses the locale passed as parameter instead of always Locale.FR. * Update build.xml-0.7.7.tar.xz to build.xml-0.8.1.tar.xz with references to version 0.8.1 to build correctly versioned jar files. cbi-plugins: - Build only on architectures where eclipse is supported. (jsc#SLE-23217) - Do not build against the legacy version of guava any more. (jsc#SLE-23217) - Fix build with newer auto version by adding the auto-value-annotations artifact to the dependencies cdi-api: - Update cdi-api from version 1.2 to version 2.0.2. (jsc#SLE-23217) * Build with java source and target levels 8 * Remove dependency on glassfish-el cglib: - Update cglib from version 3.2.4 to version 3.3.0. (jsc#SLE-23217) * Remove links between artifacts and their parent since we are not building with maven * Don't inject true in cglib pom, as 3.3.0 already provides that option and it makes the POM xml incorrect. checker-qual: - Provide checker-qual version 3.22.0. (jsc#SLE-23217) * Checker Qual contains annotations (type qualifiers) that a programmer writes to specify Java code for type-checking by the Checker Framework. * This is a dependency of Guava classmate: - Provide classmate version 1.5.1 (jsc#SLE-23217) codemodel: - Provide codemodel version 2.6 (jsc#SLE-23217) codenarc: - Do not generate test stubs by gmavenplus-plugin, since we are not building or running tests during build. - Build with source and target levels 8 (jsc#SLE-23217) concurrentlinkedhashmap-lru: - Provide concurrentlinkedhashmap-lru version 1.3.2 (jsc#SLE-23217) decentxml: - Build with source and target levels 8 (jsc#SLE-23217) dom4j: - Build against the standalone JavaEE modules unconditionally. (jsc#SLE-23217) - Add alias to the new artifact coordinates org.dom4j:dom4j. (jsc#SLE-23217) - Add jaxb-api dependency for relevant distribution versions so that we can build with JDKs that do not include the JavaEE modules. (jsc#SLE-23217) ecj: - Update ecj from version 4.12 to version 4.18. (jsc#SLE-23217) * the encoding needs to be set for all JDK versions * Upgrade to eclipse 4.18 ecj * Switch java14api to java15api to be compatible to JDK 15 * Switch to JDK 11 for build a JDK 8 is not supported anymore by ecj * Switch java10api to java14api to be compatible to JDK 14 eclipse: - Update eclipse from version 4.9.0 to version 4.15. (jsc#SLE-23217) * Force building with Java 11, since tycho is not knowing about any Java >= 15 * Add support for riscv64 * Allow building with objectweb-asm 9.x * Do not require Java10 APIs artifact when building with java 11 * Fix unresolved symbols when trying to load libkeystorelinuxnative.so on platforms that have it * Build only on 64-bit architectures, since 32-bit support was dropped upstream * Fix build with gcc 10 * Build against jgit, since jgit-bootstrap does not exist * The dependencies of felix-scr changed. So stop linking xpp3 and kxml and link osgi.cmpn as symlink plugins. * Filter out the *SUNWprivate_1.1* symbols from requires eclipse-ecf: - Update eclipse-ecffrom version 3.14.1 to version 3.14.8. (jsc#SLE-23217) * Build against jgit, since jgit-bootstrap does not exist * Allow building with objectweb-asm 9.x * Force building with Java 11, since tycho is not knowing about any Java >= 15 eclipse-egit: - Update eclipse-egit from version 5.1.3 to version 5.11.0. (jsc#SLE-23217) * Needed because of change of eclipse-jgit to 5.11.0 * Force building with Java 11, since tycho is not knowing about any Java >= 15 * Build only on 64-bit architectures, since 32-bit support was dropped upstream eclipse-emf: - Update eclipse-emf from version 2.15.0~gitd1e5fdd to version 2.22.0. (jsc#SLE-23217) * Build against jgit, since jgit-bootstrap does not exist * Force building with Java 11, since tycho is not knowing about any Java >= 15 * Build only on 64-bit architectures, since 32-bit support was dropped upstream eclipse-jgit: - Update eclipse-jgit from version 5.1.3 to version 5.11.0. (jsc#SLE-23217) * Fix build against apache-sshd 2.7.0 * Restore java 8 compatibility when building with java 9+ * Split the build into two spec files instead of multibuild. One produces the maven artifacts, the jgit command-line and the other produces eclipse features. eclipse-license: - Update eclipse-license from version 2.0.1 to version 2.0.2. (jsc#SLE-23217) * Build only on architectures where eclipse is supported * Force building with Java 11, since tycho is not knowing about any Java >= 15 * Update the eclipse-license2 feature to 2.0.0 eclipse-swt: - Provide eclipse-swt version 4.9.0 for i586 architecture. (jsc#SLE-23217) ed25519-java: - Provide ed25519-java version 0.3.0. (jsc#SLE-23217) ee4j: - Provide ee4j veersion 1.0.7 exec-maven-plugin: - Update exec-maven-plugin from version 1.6.0 to version 3.0.0. (jsc#SLE-23217) extra166y: - Build with source and target levels 8 (jsc#SLE-23217) ezmorph: - Do not build against the log4j12 packages. (jsc#SLE-23217) - Build with source and target levels 8. (jsc#SLE-23217) felix-bundlerepository: - Provide felix-bundlerepository version 2.0.10. (jsc#SLE-23217) felix-gogo-command: - Remove forcing of maven.compiler.release, since it is not needed anymore. (jsc#SLE-23217) felix-gogo-runtime: - Rewrite the build system to ant so that is it possible to eventually avoid build cycles with maven-plugin-bundle built against felix-bundlerepository. (jsc#SLE-23217) felix-osgi-compendium: - Build with source and target levels 8 (jsc#SLE-23217) felix-osgi-foundation: - Build with source and target levels 8 (jsc#SLE-23217) felix-osgi-obr: - Provide felix-osgi-obr version 1.0.2. (jsc#SLE-23217) felix-scr: - Update felix-scr from version 2.0.14 to version 2.1.16. (jsc#SLE-23217) * Drop dependencies on kxml and xpp, use the system SAX implementation instead * Do not embed dependencies, use import-package instead felix-shell: - Rewrite the build system to ant so that is it possible to eventually avoid build cycles with maven-plugin-bundle built against felix-bundlerepository. (jsc#SLE-23217) - Build against OSGi R7 APIs felix-utils: - Update felix-utils from version 1.10.4 to version 1.11.4. (jsc#SLE-23217) * Migrate away from the old felix-osgi implementation fmpp: - Build with source and target levels 8 (jsc#SLE-23217) freemarker: - Update freemarker from version 2.3.28 to version 2.3.31. (jsc#SLE-23217) * Fix build with javacc 7.0.11 * Package the manual. Add build dependency on docbook5-xsl-stylesheets * On supported platforms, avoid building with OpenJ9, in order to prevent build cycles geronimo-specs: - Set version for the specs comming from tag 1_1_1 in order to avoid unexpanded version macros in pom files. - On supported platforms, avoid building with OpenJ9, in order to prevent build cycles. glassfish-activation: - Provide glassfish-activation version 1.2.0. (jsc#SLE-23217) glassfish-annotation-api: - Build with source and target levels 8 (jsc#SLE-23217) glassfish-dtd-parser: - Provide glassfish-dtd-parser version 1.4 (jsc#SLE-23217) glassfish-fastinfoset: - Provide glassfish-fastinfoset version 1.2.15. (jsc#SLE-23217) glassfish-jaxb-api: - Provide glassfish-activation version 2.4.0. (jsc#SLE-23217) glassfish-jaxb: - Provide glassfish-jaxb version 2.3.1. (jsc#SLE-23217) glassfish-jax-rs-api: - Change the tarball location, since the old location does not work anymore glassfish-jsp: - Build with source and target levels 8 (jsc#SLE-23217) glassfish-servlet-api: - Provide glassfish-servlet-api 3.1.0 and solve installation issues. (jsc#SLE-23217) - There are no source changes. glassfish-transaction-api: - Build with target source and target levels 8. (jsc#SLE-23217) - Specify specMode=javaee to be able to use newer spec-version-maven-plugin. gmavenplus-plugin: - Update gmavenplus-plugin from version 1.5 to version 1.13.1. (jsc#SLE-23217) * Relevant fixes: + Using bindAllProjectProperties and bindSessionUserOverrideProperties together can cause an NPE. + Certain AST transformations had classloader issues because 1.12.0 was no longer setting the context classloader. + The classloader project dependencies are loaded onto is reused between modules, so each module was a superset of all modules that preceded it. Also, the console, execute, and shell mojos didn't pass the classloader to use into the instantiated GroovyConsole/GroovyShell, so it accidentally was using the plugin classloader, even when configured to use PROJECT_ONLY classpath. Potentially breaking changes: This should be a non-breaking change (except for unusual situations that were relying on the previous incorrect behavior). However, since it's a significant change, there's a version bump for highlighitng the potential issue. + Disable system exits by default, to avoid potential thread safety issues. * Potentially breaking changes: changes the default of not allowing System.exits to allowing them. * Enhancements: + Add support for targetting Java 10, 11, 13, 14, 15, 17, 18. + Update Ant from 1.10.8 to 1.10.11. + Update Jansi to 2.x. + Change JDK compatibility check to also account for Java 16. + Some tweaks for Groovy 4 (most notably, invokedynamic is enabled by default for Groovy 4 and cannot be disabled). + New parameter (attachGroovyDocAnnotation) to enable attaching GroovyDoc annotation. + New parameter (parallelParsing) to enable parallel parsing (enabled by default with Groovy 4). + Remove previewFeatures parameter from stub generation goals, since it's not used there. + Ability to override classes used to generate GroovyDoc (#91) + Ability to override GStringTemplates used for GroovyDoc (#105) + Ability to bind overridden properties (by binding project properties and/or session user properties) (#72) + Ability to load a script when launching GroovyConsole (#165) + Change default GroovyDoc jar artifact type to javadoc, so its extension gets set to 'jar' by the artifact handler instead of 'groovydoc' by the default handler logic which uses the type for the extension in the case of unknown types (#151). + Add skipBytecodeCheck property and parameter, so if a Java version comes out the plugin doesn't recognize, you can use it without having to wait for an update. + Use groovy.ant.AntBuilder instead of groovy.util.AntBuilder (if available). + Support Java preview features (#125) + New goals to create GroovyDoc jars (#124) + Use the new 'groovy.console.ui.Console' package, if available, fall back to 'groovy.ui.Console' + [36] - Allow script files to be executed as filenames as well as URLs (see Significant changes of note for an example) + [41] - Verify Groovy version supports target bytecode (See Potentially breaking changes for a description) + [46] - Remove scriptExtensions config option + [31/58] - Goals not consistantly named / IntelliJ improperly adding stub directories to sources + [61] - You can now skip Groovydoc generation with new skipGroovyDoc property (Thanks rvenutolo!) + [45] - GROOVY-7423 (JEP 118) Support (requires Groovy 2.5.0-alpha-1 or newer and enabled with new parameters boolean property) * Potentially breaking changes: + 46 will break your build if you are using scriptExtensions. But the fix is simple, just the delete the configuration option and GMavenPlus will automatically do the right thing. + 41 will break your build if you were passing an invalid target bytecode. GMavenPlus will no longer allow Groovy to silently default to 1.4 or 1.5. It will verify that the bytecode is supported by your Groovy version (that is, the option exists in org.codehaus.groovy.control.CompilerConfiguration), and fail if it isn't. + 58 will require renaming goals testGenerateStubs to generateTestStubs and testCompile to compileTests. IntelliJ has hard-coded the goal names in their plugin, and these names will make IntelliJ work with both GMaven and GMavenPlus. + In order to support using the latest Maven plugins (and to make GMavenPlus easier to maintain), GMavenPlus now requires Java 6 or newer and Maven 3.0.1 or newer (previously was Java 5 or newer and Maven 2.2.1 or newer). + testStubsOutputDirectory and stubsOutputDirectory inadvertently got renamed to outputDirectory, which conflicts with the configuration in the compile and compileTests goals. You may need to setup separate executions with separate configurations for each if you need to set that configuration option. + The Jansi upgrade should generally be compatible, but could cause issues with scripts that were using Jansi 1.x specific classes. + If you were using the previewFeatures parameter without also including a compilation goal that would make that config valid, the build will fail because it's no longer a valid parameter. The fix would be to move that configuration to the appropriate execution(s). + GroovyDoc jars and test GroovyDoc jars will now be of type 'javadoc' and have extension 'jar'. Rather than type and extension 'groovydoc'. If you do not wish to transition to this new behavior, set the new artifactType or testArtifactType property to 'groovydoc' to revert to the previous behavior. Notes: while the artifact type of GroovyDoc jars has changed, the Maven classifier has not. It remains 'groovydoc', and you can still override that, just as before. + maven.groovydoc.skip property was renamed to skipGroovydoc so it matches the pattern of the other properties and won't seem to imply it's a property for a standard Maven plugin. + Using groovy.ant.AntBuilder instead of groovy.util.AntBuilder (when available on classpath). + Bundling Ant 1.10.7 instead of 1.10.5. + Bundling Ivy 2.5.0 instead of 2.4.0. + If you were using useSharedClasspath before, you will need to replace it with new values. Please, check the docuemntation for the full details. + Another notable difference is that when using this new configuration parameter in compile, compileTests, generateStubs, or generateTestStubs goals, now also uses the configurator to add the project dependencies to the classpath with the plugin's dependencies. Previously, this only happened in the goals other than the ones mentioned. + corrects an inadvertent breaking change made in 1.6.0 Please, check the documentation the full list of changes. + In addition, unused parameters have been removed: * addSources * -> skipTests * -> testSources * addStubSources * -> skipTests * -> sources * -> testSources * addTestSources * -> outputDirectory * -> skipTests * -> sources * addTestStubSources * -> sources * -> testSources * compile * -> skipTests * -> testSources * compileTests * -> sources * console * -> skipTests * execute * -> skipTests * generateStubs * -> skipTests * -> testSources * generateTestStubs * -> sources * groovydoc * -> skipTests * -> testSources * -> testGroovyDocOutputDirectory * groovydocTests * -> skipTests * -> sources * removeStubs * -> skipTests * -> sources * -> testSources * removeTestStubs * -> sources * -> testSources * shell * -> skipTests + Lastly, addTestStubSources and removeTestStubs now respect the skipTests flag, for consistency. * Notes: + Now officially requires Java 7 instead of 6. This is not a breaking change, however, since this was actually already required because of plexus-classworlds. This just wasn't discovered until an enforcer rule was added to check bytecode versions of dependencies. gmetrics: - Do not generate test stubs by gmavenplus-plugin, since we are not building or running tests during build. (jsc#SLE-23217) google-errorprone-annotations: - Provide google-errorprone-annotations 2.11.0. (jsc#SLE-23217) * This is a new dependency of Guava google-gson: - Update google-gson to version 2.8.9. (jsc#SLE-24261) * Make OSGi bundle's dependency on sun.misc optional. * Deprecate Gson.excluder() exposing internal Excluder class. * Prevent Java deserialization of internal classes. * Improve number strategy implementation. * Fix LongSerializationPolicy null handling being inconsistent with Gson. * Support arbitrary Number implementation for Object and Number deserialization. * Bump proguard-maven-plugin from 2.4.0 to 2.5.1. * Fix RuntimeTypeAdapterFactory depending on internal Streams class. * Build with Java >= 9 in order to produce a modular jar by compiling the module-info.java sources with all other classes built with release 8 and still compatible with Java 8 google-guice: - Avoid using xmvn-resolve and xmvn-install in order to avoid build cycles with new dependencies in dependent packages - Build only the NO_AOP version of the guice.jar and alias accordingly so that it provides both (jsc#SLE-23217) - Build with source/target 8 so that the default override from the interface can be used - Build javadoc with source level 8 - Do not build against the compatibility guava20 (jsc#SLE-23217) google-http-java-client: - Build with source and target levels 8 (jsc#SLE-23217) google-oauth-java-client: - Build with source and target levels 8 (jsc#SLE-23217) gpars: - Do not force building with java <= 15, since we now can run gradle-bootstrap with Java 17 too. (jsc#SLE-23217) - Build against the org.jboss.netty:netty artifact, since the compat versions are not existing any more - Build with source and target levels 8 gradle-bootstrap: - Update gradle-bootstrap from version 2.4.16 to version 2.4.21. (jsc#SLE-23217) * Regenerate to account for changes in gradle and groovy packages * Modify the launcher so that gradle-bootstrap can work with Java 17 * Adapt to the change in jline/jansi dependencies of gradle * The org.jboss.netty:netty artifact does not exist any more under compatibility versions * Regenerate to account for maven-resolver upgrade to 1.7.3 and the new added maven-resolver-named-locks artifact * Regenerate to account for aqute-bnd upgrade to 5.1.1 and related changes in other libraries * Regenerate to account for guava upgrade to 30.1.1 * Regenerate to account for groovy upgrade to 2.4.21 gradle: - Allow actually build gradle using Java 16+ - Modify the launcher so that gradle can work with Java 17 - Do not force building with java <= 15, since we now can run gradle-bootstrap with Java 17 too. (jsc#SLE-23217) - Build against jansi 2.x - Remove the jansi-native and hawtjni-runtime dependencies, since jansi 2.x does not depend on them - Fix build with maven-resolver 1.7.x - Remove from build dependencies some artifacts that are not needed - Add osgi-compendium to the dependencies, since newer qute-bnd uses it - Do not build against the legacy guava20 package any more - Port gradle 4.4.1 to guava 30.1.1 - Set source level to 1.8, since guava 30 uses default functions in interfaces, which is Java 8+ feature groovy: - Solve illegal reflective access with Java 16+ - Do not force building with java <= 15, since we now can run gradle-bootstrap with Java 17 too. (jsc#SLE-23217) - Add the content of org.gradle.jvmargs to to the forked jvm in root compileJava task - Fixes build with Java 17 - Port to build against jansi 2.4.0 - Build the whole with java source and target levels 8 - Resolve parameter ambiguities with recent Java versions - Remove a bogus dependency on old asm3 groovy18: - Fix build against jansi 2.4.0 - Port to use jline 2.x instead of 1.x - Do not fork the groovyc and java tasks in the ant build.xml file, so that the ANT_OPTS are propagated to the tasks - Fix build with jdk17 - Build with source and target levels 8. (jsc#SLE-23217) - Cast to Collection to help compiler to resolve ambiguities with new JDKs - Remove dependency on the old asm3 guava20: - Build with java source and target levels 8. (jsc#SLE-23217) - Add bundle manifest to the guava jar so that it might be usable from eclipse guava: - Update Guava from version 25.0 to version 30.1.1. (jsc#SLE-23217) * CVE-2020-8908: A temp directory creation vulnerability allows an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). (bsc#1179926) * Remove parent reference from ALL distributed pom files hamcrest: - Build with source/target levels 8 - Fix build with jdk17 hawtjni-maven-plugin: - Update hawtjni-maven-pluginfrom version 1.17 to version 1.18. (jsc#SLE-23217) * Build with java source and target levels 8 * Use commons-lang3 instead of the old commons-lang hawtjni-runtime: - Update hawtjni-runtime from version 1.17 to version 1.18. (jsc#SLE-23217) * Build with java source and target levels 8 * Use commons-lang3 instead of the old commons-lang * Use in the path of hawtjni-generator the asm-all.jar that is not modular. This solves some problems with ASM version mismatch. http-builder: - Build with source and target levels 8. (jsc#SLE-23217) - Do not require gmavenplus-plugin, since it is only necessary to generate test stubs, but we do not run tests during build httpcomponents-client: - Update httpcomponents-client from version 4.5.6 to version 4.5.12. (jsc#SLE-23217) * Build with source/target levels 8 httpcomponents-core: - Update httpcomponents-core from version 4.4.10 to version 4.4.13. (jsc#SLE-23217) * Build with source/target levels 8 icu4j: - Update icu4j from version 63.1 to version 71.1. (jsc#SLE-23217) * Remove build-dependency on java-javadoc, since it is not necessary with this version. * Updates to CLDR 41 locale data with various additions and corrections. * Adds phrase-based line breaking for Japanese. Existing line breaking methods follow standards and conventions for body text but do not work well for short Japanese text, such as in titles and headings. This new feature is optimized for these use cases. * Adds support for Hindi written in Latin letters (hi_Latn). The CLDR data for this increasingly popular locale has been significantly revised and expanded. Note that based on user expectations, hi_Latn incorporates a large amount of English, and can also be referred to as 'Hinglish'. * ICU 71 and CLDR 41 are minor releases, mostly focused on bug fixes and small enhancements. * Updates to the time zone data version 2022a. Note that pre-1970 data for a number of time zones has been removed, as has been the case in the upstream tzdata release since 2021b. * Unicode 13 (ICU-20893, same as in ICU 66) * CLDR 37 + New language at Modern coverage: Nigerian Pidgin + New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese + Unicode 13 root collation data and Chinese data for collation and transliteration * DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier (ICU-20442) * Various other improvements for ECMA-402 conformance * Number skeletons have a new 'concise' form that can be used in MessageFormat strings (ICU-20418) * Currency formatting options for formal and other currency display name variants (ICU-20854) * ListFormatter: new public API to select the style and type * Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272) * LocaleMatcher: New option to ignore one-way matches, and other tweaks to the code and data isorelax: - Build with java target and source version 1.8 (jsc#SLE-23217) istack-commons: - Provide istack-commons version 3.0.7 (jsc#SLE-23217) j2objc-annotations: - Provide j2objc-annotations version 2.2 (jsc#SLE-23217) * This is a new dependency of Guava jackson-modules-base: - Provide jackson-modules-base version 2.13.3 (jsc#SLE-23217) jackson-parent: - Update jackson-parent from version 2.10 to version 2.13. (jsc#SLE-23217) * Add 'mvnw' wrapper * 'JsonSubType.Type' should accept array of names * Jackson version alignment with Gradle 6 * Add '@JsonIncludeProperties' * Add '@JsonTypeInfo(use=DEDUCTION)' * Ability to use '@JsonAnyGetter' on fields * Add '@JsonKey' annotation * Allow repeated calls to 'SimpleObjectIdResolver.bindItem()' for same mapping * Add 'namespace' property for '@JsonProperty' (for XML module) * Add target 'ElementType.ANNOTATION_TYPE' for '@JsonEnumDefaultValue' (was missing for some reason) * 'JsonPattern.Value.pattern' retained as '', never (accidentally) exposed as 'null' * Remove `jackson-annotations` baseline dependency, version * Upgrade to oss-parent 43 (jacoco, javadoc plugin versions) * Remove managed junit version (due to [jackson-bom#43]), promoted higher up on parent pom stack (to 'jackson-base') * JDK baseline now JDK 8 jackson: - Remove all dependencies on asm3 - Build with java source and target levels 1.8 (jsc#SLE-23217) - Do not hardcode source and target levels, so that they can be overriden on command-line - Set classpath correctly so that the project builds with standalone JavaEE modules too jakarta-activation: - Provide jakarta-activation version 2.1.0. (jsc#SLE-23217) * Required by bouncycastle-jmail. jakarta-commons-discovery: - Distribute commons-discovery as maven artifact - Build with source and target levels 8 - Added build support for Enterprise Linux. jakarta-commons-modeler: - Update jakarta-commons-modeler from version 2.0 to version 2.0.1. (jsc#SLE-23217) * Build with java source and target levels 8 * Modeler 2.0.1 is binary and source compatible with Modeler 2.0 jakarta-mail: - Provide jakarta-mail version 2.1.0. (jsc#SLE-23217) * Requrired by bouncycastle-jmail. jakarta-taglibs-standard: - Provide jakarta-taglibs-standard 1.1.1 and solve installation issues. (jsc#SLE-23217) - There are no source changes. jandex: - Provide jandex version 2.4.2. (jsc#SLE-23217) janino: - Update janino from version 2.7.8 to version 3.1.6. (jsc#SLE-23217) * Build with source and target levels 8 * Require javapackages-tools * Provide commons-compiler subpackage that is needed by gradle jansi-native: - Build with source and target levels 8 (jsc#SLE-23217) jansi: - Update jansi from version 1.17.1 to version 2.4.0. (jsc#SLE-23217) * Build with source and target levels 8 * Give a possibility to load the native libjansi.so from system * Make the jansi package archful since it installs a native library and jni jar * Do not depend on jansi-native and hawtjni-runtime * Integrates jansi-native libraries jarjar: - Filter out the distributionManagement section from pom files, since we use aliases and not relocations - Drop maven2-plugin. (jsc#SLE-23217) jatl: - Build with source and target levels 8 (jsc#SLE-23217) javacc-maven-plugin: - Build with source and target levels 8 (jsc#SLE-23217) javacc: - Update javacc from version 7.0.4 to version 7.0.11. (jsc#SLE-23217) * The following changes are not upward compatible with the previous 7.0.5 version but have a very little impact on existing grammars. Main advantage is to prepare a more smooth upgrade with the upcoming javacc-8.0.0 major release. * C++ generation: renaming the option TOKEN_EXTENDS by TOKEN_SUPER_CLASS * C++ generation: renaming the option TOKEN_INCLUDES by TOKEN_INCLUDE * C++ generation: renaming the option PARSER_INCLUDES by PARSER_INCLUDE * C++ generation: renaming the option TOKEN_MANAGER_INCLUDES by TOKEN_MANAGER_INCLUDE * Add support for Java7 language features. * Allow empty type parameters in Java code of grammar files. * LookaheadSuccess creation performance improved. * Removing IDE specific files. * Declare trace_indent only if debug parser is enabled. * CPPParser.jj grammar added to grammars. * Build with Maven is working again. * WARNING: Required Java Platform: Standard Edition 7.0: known under Eclipse as JavaSE-1.7 * Build with source/target levels 8 java-cup: - Update java-cup from version 11a to version 11b. (jsc#SLE-23217) * Regenerate the generated files with newer flex * Fetch sources using source service java-cup-bootstrap: - Update java-cup-bootstrap from version 11a to version 11b. (jsc#SLE-23217) * Regenerate the generated files with newer flex * Fetch sources using source service javaewah: - Build with source and target levels 8 (jsc#SLE-23217) javamail: - Add alias to com.sun.mail:jakarta.mail needed by ant-javamail - Remove all parents, since this package is not built with maven - Assure that every dependency has a version, or at least 'any' and fixes use with gradle. (jsc#SLE-23217) - Build against the standalone JavaEE modules unconditionally - Build with source/target levels 8 - Add glassfish-activation-api dependency for relevant distribution versions to make buildable with JDK that does not contain the JavaEE modules javapackages-meta: - Fix requires not to have to redo the package on each javapackages-tools update. (jsc#SLE-23217) javapackages-tools: - Update javapackages-tools from version 5.3.0 to version 5.3.1. (jsc#SLE-23217) * Let maven_depmap.py generate metadata with dependencies under certain circumstances * Fix the python subpackage generation with python-rpm-macro * Support python subpackages for each flavor * Replace old nose with pytest gh#fedora-java/javapackages#86 * when building extra flavor, BuildRequire javapackages-filesystem: /etc/java is being cleaned out of the filesystems package. javaparser: - Update javaparser from version 3.3.5 to version 3.24.2. (jsc#SLE-23217) * Upgrade needed to be able to upgrade jctools and make them not depend hard on Java 8. For the full changelog, please refer to the official documentation. javassist: - Update javassist from version 3.23.1 to version 3.29.0. (jsc#SLE-23217) * Requires java >= 1.8 * Add OSGi manifest to the javassist.jar * For the full changelog, please check the official documentation. jboss-interceptors-1.2-api: - Build with source and target levels 8 (jsc#SLE-23217) jboss-websocket-1.0-api: - Build with source and target levels 8 (jsc#SLE-23217) jcache: - Provide jcache version 1.1.0 (jsc#SLE-23217) jcifs: - Build with source and target levels 8 (jsc#SLE-23217) jcip-annotations: - Provide jcip-annotations 1.0 and solve installation issues. (jsc#SLE-23217) - There are no source changes. jcsp: - Build with source and target levels 8 (jsc#SLE-23217) jctools: - Update jctools from version 2.1.2 to version 3.3.0. (jsc#SLE-23217) * Build with java source and target levels 8 * API Changes: * Removed MpscLinkedQueue7 and MpscLinkedQueue8 and consolidated into parent. This removes the need for the builder method on MpscLinkedQueue. * Deprecated QueueFactory and spec package classes. These are not used by any users and are only used for testing internally. * Removed some internal classes and reduced visibility of internal utilities where practical. The @InternalAPI tagging annotation is also used more extensively to discourage dependency. * XADD unbounded mpsc/mpmc queue: highly scalable linked array queues * New blocking consumer MPSC * Enhancements: * Xadd queues consumers can help producers * Update to latest JCStress * New features: * MpscBlockingConsumerArrayQueue * After long incubation and following a user request we move counters into core * Merging some experimental utils and we add a 'PaddedAtomicLong' * MpscBlockingConsumerArrayQueue::offerIfBelowThreshold is added jdependency: - Build with source and target levels 8 (jsc#SLE-23217) jdepend: - Update jdepend from version 2.9.1 to version 2.10. (jsc#SLE-23217) * Specify the source/target levels 8 on ant invocation * Official release that includes support for Java 8 constants * Updated license from BSD-3 Clause to MIT (as per LICENSE.md file). jdom: - Update jdom from version 1.1.1 to version 1.1.6. (jsc#SLE-23217) * CVE-2021-33813: XXE issue in SAXBuilder can cause a denial of service via a crafted HTTP request (bsc#1187446) * Remove unneeded dependency on glassfish-jaxb-api * Build against the standalone JavaEE modules unconditionally * Build with source/target levels 8 * Build against standalone jaxb-api on distributions that have JDK without the JavaEE modules * Alias the xom artifact to the new com.io7m.xom groupId * Update jaxen to version 1.1.6 * Increase java stack size to avoid overflow jdom2: - Update jdom2 from version 2.0.6 to version 2.0.6.1. (jsc#SLE-23217) * CVE-2021-33813: Fixed XXE issue in SAXBuilder that can cause a denial of service via a crafted HTTP request. (bsc#1187446) * Build with java-devel >= 1.7 jettison: - Update from version 1.3.7 to version 1.5.3 (jsc#SLE-23217) - CVE-2022-45685: Fixed stack overflow on malformed input. (bsc#1206400) - CVE-2022-45693: Fixed stack overflow when creating a JSON from a HashMap. (bsc#1206401) - CVE-2022-40149: Fixed stack overflow on malformed JSONs. (bsc#1203515) - CVE-2022-40150: Fixed infinite loop on non-terminated comments. (bsc#1203516) - Introducing new static methods to set the recursion depth limit - Incorrect recursion depth check in JSONTokener - Build with source and target levels 8 jetty-minimal: - Update jetty-minimal from version 9.4.43.v20210629 to version 9.4.48.v20220622 (jsc#SLE-23217) * CVE-2022-2047: Invalid URI parsing may produce invalid HttpURI.authority. (bsc#1201317) * CVE-2022-2048: Invalid HTTP/2 requests can lead to denial of service (bsc#1201316) * Make importing of package sun.misc optional since not all jdk versions export it * Build with java source and target levels 8 * Fix javadoc generation on JDK >= 13 * Option --write-module-graph produces wrong .dot file * ArrayTrie getBest fails to match the empty string entry in certain cases * For the full set of changes, please check the official documentation. jetty-websocket: - Update jetty-websocket from version 9.4.43.v20210629 to version 9.4.48.v20220622 (jsc#SLE-23217) * CVE-2022-2047: Invalid URI parsing may produce invalid HttpURI.authority. (bsc#1201317) * CVE-2022-2048: Invalid HTTP/2 requests can lead to denial of service (bsc#1201316) * Make importing of package sun.misc optional since not all jdk versions export it * Build with java source and target levels 8 * Fix javadoc generation on JDK >= 13 * Option --write-module-graph produces wrong .dot file * Make importing of package sun.misc optional since not all jdk versions export it jeuclid: - Update jeuclid from version 3.1.3 to version 3.1.9. (jsc#SLE-23217) * Build with source and target levels 8 * This version includes several changes and improvements. For the full overview please check the changelog. jflex: - Update jflex from version 1.4.3 to version 1.8.2. (jsc#SLE-23217) * Build against the standalone JavaEE modules unconditionally * Build against standalone glassfish-annotation-api for relevant distribution versions that have JDK that does not contain the JavaEE modules * Fix build with recent java-cup * Build the bootstrap package using ant with a generated build.xml * Build the non-bootstrap package using maven, since its dependency auto is already built with maven * Do not process auto-value-annotations in bootstrap build jflex-bootstrap: - Update jflex-bootstrap from version 1.4.3 to version 1.8.2. (jsc#SLE-23217) * Build against the standalone JavaEE modules unconditionally * Build against standalone glassfish-annotation-api for relevant distribution versions that have JDK that does not contain the JavaEE modules * Fix build with recent java-cup * Build the bootstrap package using ant with a generated build.xml * Build the non-bootstrap package using maven, since its dependency auto is already built with maven * Do not process auto-value-annotations in bootstrap build jformatstring: - Build with source and target levels 8 (jsc#SLE-23217) jgit: - Provide jgit version 5.11.0. (jsc#SLE-23217) * Fix build against apache-sshd 2.7.0 * Restore java 8 compatibility when building with java 9+ * Split the build into two spec files instead of multibuild. One produces the maven artifacts, the jgit command-line and the other produces eclipse features. jhighlight: - Build with source and target levels 8 (jsc#SLE-23217) jing-trang: - Update jing-trang from version 20151127 to version 20181222. (jsc#SLE-23217) * Avoid building old saxon validator in order to avoid dependency on old saxon6 * Do not use xmvn-tools, since this is a ring package * Package maven metadata * Use testng in build process * Require com.github.relaxng:relaxngDatatype >= 2011.1 * Require xml-resolver:xml-resolver jline: - Build with source and target levels 8 (jsc#SLE-23217) - Remove dependency on jansi-native and hawtjni-runtime - Fix jline build against jansi 2.4.x jline1: - Build with source and target levels 8 (jsc#SLE-23217) jna: - Update jna from version 5.4.0 to version 5.5.0. (jsc#SLE-23217) * Build with java source/target levels 8 * Features: * Add CoreFoundation, IOKit, and DiskArbitration mappings in c.s.j.p.mac. * c.s.j.p.mac.SystemB now extends c.s.j.p.unix.LibCAPI. * Add additional OSGi headers for the JNA bundle to support 32bit ARM (hardfloat) * Include Win32 COM utils (c.s.j.p.win32.com.util and c.s.j.p.win32.com.annotation) in OSGI bundle joda-convert: - Build with java source and target levels 8. (jsc#SLE-23217) - Do not use the legacy guava20 any more joda-time: - Build with source and target levels 8 (jsc#SLE-23217) jsch-agent-proxy: - Build with source and target levels 8 (jsc#SLE-23217) jsch: - Build with source and target levels 8 (jsc#SLE-23217) json-lib: - Do not build against the log4j12 packages - Build with source and target levels 8 (jsc#SLE-23217) - Do not depend on the old asm3 - Fix build with jdk17 - Specify source and target levels 8 for maven-antrun-plugin and for groovyc ant task jsonp: - Build with java source and target levels 8. (jsc#SLE-23217) - Build against standalone annotation api jsr-311: - Build with source and target levels 8 (jsc#SLE-23217) jtidy: - Build with java source and target levels 8. (jsc#SLE-23217) - Rewamp and simplify the build system junit: - Update junit from version 4.12 to version 4.13.2. (jsc#SLE-23217) * CVE-2020-1945: insecure temporary file vulnerability (bsc#1171696) * Build with source/target levels 8 junit5: - Update from version 5.5.2 to version 5.8.2. (jsc#SLE-23217) * This is a bugfix update. For the complete overview please check the documentation. jython: - Change dependencies to Python 3. (jsc#SLE-23217) - Build with java source and tartget level 1.8 jzlib: - Build with source and target levels 8 (jsc#SLE-23217) kryo: - Provide kryo 4.0.2 and solve installation issues. (jsc#SLE-23217) - There are no source changes. kxml: - Fetch the sources using https instead of http protocol. (bsc#1182284) - Specify java source and target levels 1.8 libreadline-java: - Provide libreadline-java 0.8.0 and solve installation issues. (jsc#SLE-23217) - There are no source changes. log4j: - Add dependency on standalone javax.activation-api that is not included in newer JDKs. (jsc#SLE-23217) logback: - Update logback from version 1.2.8 to version 1.2.11. (jsc#SLE-23217) * CVE-2021-42550: remote code execution through JNDI call from within its configuration file. (bsc#1193795) * Hardened logback's JNDI lookup mechanism to only honor requests in the java: namespace. All other types of requests are ignored. * SMTPAppender was hardened. * Temporarily removed DB support for security reasons. * Removed Groovy configuration support. As logging is so pervasive and configuration with Groovy is probably too powerful, this feature is unlikely to be reinstated for security reasons. * Set project.build.sourceEncoding property to ISO-8859-1 to avoid the new maven-resources-plugin chocking on trying to filter in UTF-8 encoding JKS (binary) resources * Do not build against the log4j12 packages lucene: - Update lucene from version 7.1.0 to version 8.5.0. (jsc#SLE-23217) * Do not abort compilation on html5 errors with javadoc 17 * Upgrade forbiddenapis to version 2.7; upgrade Groovy to 2.4.17. * Upgrade ecj to 3.19.0 to fix sporadic precommit javadoc issues * This update includes several API changes, runtime behavior, bugfixes and new features. For a full overview, please check the official documentation. maven: - Update maven from version 3.6.3 to version 3.8.5. (jsc#SLE-23217) * CVE-2021-26291: block repositories using http by default. (bsc#1188529) * CVE-2020-13956: incorrect handling of malformed URI authority component. (bsc#1177488) * Upgrade Maven Wagon to 3.5.1 * Upgrade Maven JAR Plugin to 3.2.2 * Upgrade Maven Parent to 35 * Upgrade Maven Resolver to 1.6.3 * Upgrade Maven Shared Utils to 3.3.4 * Upgrade Plexus Utils to 3.3.0 * Upgrade Plexus Interpolation to 1.26 * Upgrade Plexus Cipher and Sec Dispatcher to 2.0 * Upgrade Sisu Inject/Plexus to 0.3.5 * Upgrade SLF4J to 1.7.32 * Upgrade Jansi to 2.4.0 * Upgrade Guice to 4.2.2 * Fix syntax error with qdox 2.0.1 and method declarations containing the new keyword 'record' as name of variables * Fix build with modello-2.0.0 * Remove using of alternatives, since the symlinks are in a separate package that one can decide not to install and this is the only provider for mvn and mvnDebug links * Use libalternatives instead of update-alternatives. * Remove dependency on cglib and aopalliance, since the no_aop version of guice does not really depend on them * Fix build with the API incompatible maven-resolver 1.7.3 * Link the new maven-resolver-named-locks artifact too * Add upstream signing key and verify source signature * Do not build against the compatibility version guava20 any more, but use the default guava package * This update includes several bugfixes and new features. For a full overview, please check the official documentation. maven2: - Fix build with modello 2.0.0. (jsc#SLE-23217) - Build with source and target levels 8 maven-antrun-plugin: - Update maven-antrun-plugin from version 1.8 to version 3.0.0. (jsc#SLE-23217) * Removal of tasks (use target instead), sourceRoot and testSourceRoot parameters * Compatibility with new JDK versions * Build with java source and target levels 8 maven-archiver: - Build with source and target levels 8 (jsc#SLE-23217) maven-artifact-resolver: - Build with source and target levels 8 (jsc#SLE-23217) maven-artifact-transfer: - Update maven-artifact-transfer from version 0.11.0 to version 0.13.1. (jsc#SLE-23217) * Remove the old org.sonatype.aether dependencies, since we don't need maven 3.0.x * Build with source and target levels 8 * Do not use the legacy guava20 any more * Fix build against newer maven maven-assembly-plugin: - Update maven-assembly-plugin from version 3.2.0 to version 3.3.0. (jsc#SLE-23217) * Add Documentation for duplicateBehaviour option * Allow to override UID/GID for files stored in TAR * Apply try-with-resources * Use HTTPS instead of HTTP to resolve dependencies * Support concatenation of files maven-clean-plugin: - Build with source and target levels 8 (jsc#SLE-23217) maven-common-artifact-filters: - Build with source and target levels 8 (jsc#SLE-23217) maven-compiler-plugin: - Update maven-compiler-plugin from version 3.8.1 to version 3.10.1. (jsc#SLE-23217) * Remove deprecated mojos * Add flag to enable-preview java compiler feature * Add a boolean to generate missing package-info classes by default * Check jar files when determining if dependencies changed * Compile module descriptors with TestCompilerMojo * Changed dependency detection maven-dependency-analyzer: - Build with source and target levels 8. (jsc#SLE-23217) - Do not build against the legacy guava20 any more maven-dependency-plugin: - Update maven-dependency-plugin from version 3.1.1 to version 3.1.2. (jsc#SLE-23217) * Add a TOC to ease navigating to each goal usage * Add note on dependecy:tree -Dverbose support in 3.0+ * Perform transformation to artifact keys just once * Remove @param for a parameter which does not exists. * Remove newline and trailing space from log line. * Replace CapturingLog class with Mockito usage * Rewrite go-offline so it resembles resolve-plugins * Switch to asfMavenTlpPlgnBuild * Update ASM so it works with Java 13 * Upgrade maven-artifact-transfer to 0.11.0 * Upgrade maven-common-artifact-filters to 3.1.0 * Upgrade maven-dependency-analyzer to 1.11.1 * Upgrade maven-plugins parent to version 32 * Upgrade maven-shared-utils 3.2.1 * Upgrade parent POM from 32 to 33 * Upgrade plexus-archiver to 4.1.0 * Upgrade plexus-io to 3.1.0 * Upgrade plexus-utils to 3.3.0 * Use https for sigs, hashes and KEYS * Use sha512 checksums instead of sha1 maven-dependency-tree: - Update maven-dependency-tree from version 3.0 to version 3.0.1. (jsc#SLE-23217) * Build with java source and target levels 8 * Do not build against the legacy guava20 any more * Fixed JavaDoc issue for JDK 8 * maven-dependency-tree removes optional flag from managed dependencies * Change characters used to diplay trees to make relationships clearer * Pass source+target to m-invoker-p, easiest way to override default values of maven-compiler-plugin * Upgrade org.codehaus.plexus:plexus-component-metadata to 1.7.1 maven-doxia: - Fix build with modello 2.0.0 (jsc#SLE-23217) - Do not build against the log4j12 packages. (jsc#SLE-23217) - Fix the version of the log4j that doxia-module-fo needs at runtime. (jsc#SLE-23217) - Do not build against the legacy guava20 any more. (jsc#SLE-23217) maven-doxia-sitetools: - Fix build with modello 2.0.0 (jsc#SLE-23217) - Build with source and target levels 8 (jsc#SLE-23217) - Do not build against the legacy guava20 any more. (jsc#SLE-23217) maven-enforcer: - Build with source and target levels 8 (jsc#SLE-23217) maven-file-management: - Build with java source and target levels 8 (jsc#SLE-23217) - Fix build with modello 2.0.0 maven-filtering: - Update maven-filtering from version 3.1.1 to version 3.2.0 (jsc#SLE-23217) * Allow using a different encoding when filtering properties files * Upgrade plexus-interpolation to 1.25 * Upgrade maven-shared-utils to 3.2.1 * Upgrade plexus-utils to 3.1.0 * Upgrade parent to 32 * Upgrade maven-surefire/failsafe-plugin to 2.21.0 for JDK 10 * Upgrade maven-artifact-transfer to version 0.9.1 * Upgrade JUnit to 4.12 * Upgrade plexus-interpolation to 1.25 * Build with java source and target levels 8 * Do not build against legacy guava20 any more maven-install-plugin: - Update maven-install-plugin from version 2.5.2 to version 3.0.0. (jsc#SLE-23217) * Upgrade plexus-utils to 3.2.0 * Upgrade maven-plugins parent version 32 * Upgrade maven-plugin-testing-harness to 1.3 * Upgrade maven-shared-utils to 3.2.1 * Upgrade maven-shared-components parent to version 33 * Upgrade of commons-io to 2.5. maven-invoker: - Update maven-invoker from version 3.0.1 to version 3.1.0. (jsc#SLE-23217) * Build with java source and target levels 8 * Fixes build with maven-shared-utils 3.3.3 * Upgrade maven-shared-utils to 3.2.1 * Upgrade parent to 31 * Upgrade to JDK 7 minimum * Refactored to use maven-shared-utils instead of plexus-utils. * Remove hardcoded versions for plexus-component-annotations/plexus-component-metadata maven-jar-plugin: - Update maven-jar-plugin from version 3.2.0 to version 3.2.2. (jsc#SLE-23217) * Upgrade Maven Archiver to 3.5.2 * Upgrade Plexus Utils to 3.3.1 * Upgrade plexus-archiver 3.7.0 * Upgrade JUnit to 4.12 * Upgrade maven-plugins parent to version 32 * Build with java source and target levels 8 * Don't log a warning when jar will be empty and creation is forced * Reproducible Builds: make entries in output jar files reproducible (order + timestamp) maven-javadoc-plugin: - Update maven-javadoc-plugin from versionn 3.1.1. to version 3.3.2. (jsc#SLE-23217) * Fix build with modello 2.0.0 * Use the same encoding when writing and getting the stale data * Fixes build with utf-8 sources on non utf-8 platforms * Do not build against the legacy guava20 package anymore maven-mapping: - Provide maven-mapping version 3.0.0. (jsc#SLE-23217) * Required by bnd-maven-plugin maven-plugin-build-helper: - Update maven-plugin-build-helper from version 1.9.1 to version 3.2.0. (jsc#SLE-23217) * Set a property based on the maven.build.timestamp * rootlocation does not correctly work * Add profile to avoid showing warnings for maven plugin plugin goals not supported in m2e * Site: Properly showing 'value' tag on regex-properties usage page * Integration test reserve-ports-with-urls fails on windows maven-plugin-bundle: - Fix building with the new maven-reporting-api . (jsc#SLE-23217) - Build with the osgi bundle repository by default maven-plugin-testing: - Fix build against newer maven. (jsc#SLE-23217) - Do not build against the legacy guava20 package any more - Build with source and target levels 8 maven-plugin-tools: - Fix build with modello 2.0.0. (jsc#SLE-23217) - Do not force building with java-1_8_0-openjdk, since the package builds just fine with higher versions. - Do not build against the legacy guava20 package any more maven-remote-resources-plugin: - Update maven-remote-resources-plugin from version 1.5 to version 1.7.0. (jsc#SLE-23217) * use reproducible project.build.outputTimestamp * use sha512 checksums instead of sha1 * use https for sigs, hashes and KEYS * Upgrade plexus-utils from 3.0.24 to 3.1.0 * Upgrade plexus-interpolation to 1.25 * Upgrade JUnit to 4.12 * Upgrade parent to 32 * Upgrade maven-filtering to 3.1.1 * Upgrade plexus-resources from 1.0-alpha-7 to 1.0.1 * Avoid overwrite of the destination file if the produced contents is the same * Remove unused dependency maven-monitor * Upgrade to maven-plugins parent version 27 * Upgrade maven-plugin-testing-harness to 1.3 * Updated plexus-archiver * Build with source and target levels 8 maven-reporting-api: - Update maven-reporting-api from version 3.0 to version 3.1.0. (jsc#SLE-23217) * Build with source and target levels 8 * make build Reproducible * Upgrade to Doxia 1.11.1 maven-resolver: - Update maven-resolver from version 1.4.1 to version 1.7.3. (jsc#SLE-23217) * Build against the standalone JavaEE modules unconditionally * Remove the javax.annotation:javax.annotation-api dependency on distribution versions that do not incorporate the JavaEE modules * Add the glassfish-annotation-api jar to the build classpath * Upgrade Sisu Components to 0.3.4 * Upgrade SLF4J to 1.7.30 * Update mockito-core to 2.28.2 * Update Wagon Provider API to 3.4.0 * Update HttpComponents * Update Plexus Components * Remove synchronization in TrackingFileManager * Move GlobalSyncContextFactory to a separate module * Migrate from maven-bundle-plugin to bnd-maven-plugin * Support SHA-256 and SHA-512 as checksums * Upgrade Redisson to 3.15.6 * Change of API and incompatible with maven-resolver < 1.7 maven-resources-plugin: - Update maven-resources-plugin from version 3.1.0 to version 3.2.0. (jsc#SLE-23217) * ISO8859-1 properties files get changed into UTF-8 when filtered * Upgrade plexus-interpolation 1.26 * Add m2e lifecycle Metadata to plugin * make build Reproducible * Upgrade maven-plugins parent to version 32 * Upgrade plexus-utils 3.3.0 * Make Maven 3.1.0 the minimum version * Update to maven-filtering 3.2.0 * Build with java source and target levels 8 maven-shared-incremental: - Build with source and target levels 8 (jsc#SLE-23217) maven-shared-io: - Build with source and target levels 8 (jsc#SLE-23217) maven-shared-utils: - Update maven-shared-utils from version 3.2.1 to 3.3.3. (jsc#SLE-23217) * Commandline class shell injection vulnerabilities (bsc#1198833, CVE-2022-29599) * Build with source and target levels 8 * make build Reproducible * Upgrade maven-shared-parent to 32 * Upgrade parent to 31 maven-source-plugin: - Build with source and target levels 8 (jsc#SLE-23217) maven-surefire: - Build with source and target levels 8 (jsc#SLE-23217) - Update generate-tarball.sh to use https URL (bsc#1182708) maven-verifier: - Build with source and target levels 8 (jsc#SLE-23217) maven-wagon: - Provide maven-wagon 3.2.0 and solve installation issues. (jsc#SLE-23217) - There are no source changes. minlog: - Provide minlog 1.3.0 and solve installation issues. (jsc#SLE-23217) - There are no source changes. modello-maven-plugin: - Update modello-maven-plugin from version 1.10.0 to version 2.0.0. (jsc#SLE-23217) * Add Modello 2.0.0 model XSD * Build with java source and target levels 8 * Bump actions/cache to 2.1.6 * Bump actions/checkout to 2.3.4 * Bump actions/setup-java to 2.3.1 * Bump checkstyle to 9.3 * Bump jackson-bom to 2.13.1 * Bump jaxb-api to 2.3.1 * Bump jsoup to 1.14.3 * Bump junit to 4.13.1 * Bump maven-assembly-plugin to 3.3.0 * Bump maven-checkstyle-plugin to 3.1.1 * Bump maven-clean-plugin to 3.1.0 * Bump maven-compiler-plugin to 3.9.0 * Bump maven-dependency-plugin to 3.2.0 * Bump maven-enforcer-plugin to 3.0.0-M3 * Bump maven-gpg-plugin to 3.0.1 * Bump maven-jar-plugin to 3.2.2 * Bump maven-javadoc-plugin to 3.3.2 * Bump maven-jxr-plugin to 3.1.1 * Bump maven-pmd-plugin to 3.15.0 * Bump maven-project-info-reports-plugin to 3.1.2 * Bump maven-release-plugin to 3.0.0-M5 * Bump maven-resources-plugin to 3.2.0 * Bump maven-scm-publish-plugin to 3.1.0 * Bump maven-shared-resources to 4 * Bump maven-site-plugin to 3.10.0 * Bump maven-surefire-plugin to 2.22.2 * Bump maven-surefire-report-plugin to 2.22.2 * Bump maven-verifier-plugin to 1.1 * Bump mavenPluginTools to 3.6.4 * Bump org.eclipse.sisu.plexus to 0.3.5 * Bump persistence-api to 1.0.2 * Bump plexus-compiler-api to 2.9.0 * Bump plexus-compiler-javac to 2.9.0 * Bump plexus-utils to 3.4.1 * Bump plexus-velocity to 1.3 * Bump release-drafter/release-drafter to 5.18.0 * Bump snakeyaml to 1.30 * Bump stax2-api to 4.2.1 * Bump taglist-maven-plugin to 3.0.0 * Bump woodstox-core to 6.2.8 * Bump xercesImpl to 2.12.1 * Bump xercesImpl to 2.12.2 in /modello-plugins/modello-plugin-jsonschema * Bump xercesImpl to 2.12.2 in /modello-plugins/modello-plugin-xsd * Bump xml-apis to 2.0.2 * Bump xmlunit to 1.6 * Bump xmlunit-core to 2.9.0 * Depend on the jackson and jsonschema plugins too * Manage xdoc anchor name conflicts (2 classes with same anchor) * Migrate from codehaus:wstx to com.fasterxml.woodstox:woodstox-core 6.2.4 * Require Maven 3.1.1 * Security upgrade org.jsoup:jsoup to 1.14.2 modello: - Update modello from version 1.10.0 to version 2.0.0. (jsc#SLE-23217) * New features and improvements + Add Modello 2.0.0 model XSD + Manage xdoc anchor name conflicts (2 classes with same anchor) + Drop unnecessary check for identical branches + Require Maven 3.1.1 + Use a caching writer to avoid overwriting identical files + Migrate from codehaus:wstx to com.fasterxml.woodstox:woodstox-core 6.2.4 + Make location handling more memory efficient + Xpp3 extended writer + Refactor some old java APIs usage + Add a new field fileComment * Bug Fixes + Fix javaSource default value + Fix modello-plugin-snakeyaml * Dependency updates + Bump actions/cache to 2.1.6 + Bump actions/checkout from 2 to 2.3.4 + Bump actions/setup-java to 2.3.1 + Bump checkstyle to 9.3 + Bump jackson-bom to 2.13.1 + Bump jaxb-api from 2.1 to 2.3.1 + Bump jsoup from 1.14.2 to 1.14.3 + Bump junit from 4.12 to 4.13.1 + Bump junit from 4.12 to 4.13.1 in /modello-maven-plugin/src/it/maven-model + Bump maven-assembly-plugin from 3.2.0 to 3.3.0 + Bump maven-checkstyle-plugin from 2.15 to 3.1.1 + Bump maven-clean-plugin from 3.0.0 to 3.1.0 + Bump maven-compiler-plugin to 3.9.0 + Bump maven-dependency-plugin to 3.2.0 + Bump maven-enforcer-plugin from to 3.0.0-M3 + Bump maven-gpg-plugin from 1.6 to 3.0.1 + Bump maven-jar-plugin from 3.2.0 to 3.2.2 + Bump maven-javadoc-plugin to 3.3.2 + Bump maven-jxr-plugin from to 3.1.1 + Bump maven-pmd-plugin to 3.15.0 + Bump maven-project-info-reports-plugin from 3.1.1 to 3.1.2 + Bump maven-release-plugin from 3.0.0-M4 to 3.0.0-M5 + Bump maven-resources-plugin from 3.0.1 to 3.2.0 + Bump maven-scm-publish-plugin from 3.0.0 to 3.1.0 + Bump maven-shared-resources from 3 to 4 + Bump maven-site-plugin to 3.10.0 + Bump maven-surefire-plugin to 2.22.2 + Bump maven-surefire-report-plugin to 2.22.2 + Bump maven-verifier-plugin from 1.0 to 1.1 + Bump mavenPluginTools to 3.6.4 + Bump org.eclipse.sisu.plexus from 0.3.4 to 0.3.5 + Bump persistence-api from 1.0 to 1.0.2 + Bump plexus-compiler-api to 2.9.0 + Bump plexus-compiler-javac to 2.9.0 + Bump plexus-utils from 3.2.0 to 3.4.1 + Bump plexus-velocity from 1.2 to 1.3 + Bump release-drafter/release-drafter to 5.18.0 + Bump snakeyaml to 1.30 + Bump stax2-api from 4.2 to 4.2.1 + Bump taglist-maven-plugin to 3.0.0 + Bump woodstox-core to 6.2.8 + Bump xercesImpl from 2.12.1 to 2.12.2 in /modello-plugins/modello-plugin-jsonschema + Bump xercesImpl from 2.12.1 to 2.12.2 in /modello-plugins/modello-plugin-xsd + Bump xml-apis from 1.3.04 to 2.0.2 + Bump xmlunit from 1.2 to 1.6 + Bump xmlunit-core to 2.9.0 + Security upgrade org.jsoup:jsoup from 1.13.1 to 1.14.2 - Build with java source and target levels 8 - Build the jackson and jsonschema plugins too mojo-parent: - Update mojo-parent from version 40 to version 60. (jsc#SLE-23217) msv: - Build with source and target levels 8 (jsc#SLE-23217) multiverse: - Build with source and target levels 8 (jsc#SLE-23217) mx4j: - Build against the standalone JavaEE modules unconditionally (jsc#SLE-23217) - Depend on glassfish-activation-api instead of on gnu-jaf (jsc#SLE-23217) - Do not build against the log4j12 packages, use the new reload4j (jsc#SLE-23217) - Require for build gnu-jaf instead of a virtual jaf provider in order to avoid build cycles (jsc#SLE-23217) - On supported platforms, avoid building with OpenJ9, in order to prevent build cycles (jsc#SLE-23217) mybatis-parent: - Provide mybatis-parent version 31 (jsc#SLE-23217) mybatis: - Provide mybatis version 3.5.6 (jsc#SLE-23217) * CVE-2020-26945: remote code execution due to mishandles deserialization of object streams (bsc#1177568) mysql-connector-java: - Update mysql-connector-java from version 5.1.47 to version 8.0.29. (jsc#SLE-23217) * CVE-2021-2471: mysql-connector-java: unauthorized access (bsc#1195557) * CVE-2020-2875, CVE-2020-2933, CVE-2020-2934: Vulnerability in the MySQL Connectors product of Oracle MySQL (bsc#1173600) * Historically, MySQL has used utf8 as an alias for utf8mb3. Since release 8.0.29, utf8mb3 has become a recognized (though deprecated) character set on its own for MySQL Server. Therefore, Connector/J has added utf8mb3 to its character set mapping, and users are encouraged to update to Connector/J 8.0.29 to avoid potential issues when working with MySQL Server 8.0.29 or later. * A new connection property socksProxyRemoteDns has been added, which, when set to true, makes the SocksProxySocketFactory execute its own connect() implementation that passes the unresolved InetSocketAddress of a MySQL Server host to the created proxy socket, instead of having the address resolved locally. * The code for prepared statements has been refactored to make the code simpler and the logic for binding more consistent between ServerPreparedStatement and ClientPreparedStatement. * Connector/J now supports Fast Identity Online (FIDO) Authentication. See Connecting Using Fast Identity Online (FIDO) Authentication for details. * Do not build against the log4j12 packages, use the new reload4j * This update provide several fixes and enhancements. Please, check the chenges for a full overview. nailgun: - Build with source and target levels 8 (jsc#SLE-23217) native-platform: - Build with source and target levels 8 (jsc#SLE-23217) nekohtml: - Update nekohtml from version 1.9.22 to version 1.9.22.noko2. (jsc#SLE-23217) * CVE-2022-28366: Uncontrolled Resource Consumption in nekohtml. (bsc#1198404) * CVE-2022-24839: Denial of service via crafted Processing Instruction (PI) input. (bsc#1198739) * Use the security patched fork at https://github.com/sparklemotion/nekohtml * Build with source and target levels 8 netty3: - Remove dependency on javax.activation. (jsc#SLE-23217) - Build again against mvn(log4j:log4j). (jsc#SLE-23217) - Use the standalone JavaEE modules unconditionally - Remove the compat versions, since the io.netty:netty artifact coordinates exist only in version 3.x. (jsc#SLE-23217) netty-tcnative: - Update netty-tcnative to version 2.0.36. (jsc#SLE-23217) * Upgrade to OpenSSL 1.1.1i * Update to latest openssl version for static build * Update to LibreSSL 3.1.4 * Update to latest stable libressl release * Cleanup BoringSSL TLSv1.3 support and consistent handle empty ciphers. * Support TLSv1.3 with compiling against boringssl * Return 0 for SSL_OP_NO_TLSv1_3 when TLSv1.3 is not supported. * Allow to load a private key from the OpenSSL engine. * Support KeyManagerFactory if compiled against OpenSSL < 1.0.2 but using OpenSSL >= 1.0.2 at runtime. * Build with java source and target levels 1.8 objectweb-asm: - Update objectweb-asm from version 7.2 to version 9.3. (jsc#SLE-23217) * new Opcodes.V19 constant for Java 19 * new size() method in ByteVector * checkDataFlow option in CheckClassAdapter can now be used without valid maxStack and maxLocals values * New Maven BOM * Build asm as modular jar files to be used as such by java >= 9 * Leave asm-all.jar as a non-modular jar * JDK 18 support * Replace -debug flag in Printer with -nodebug (-debug continues to work) * New V15 constant * Experimental support for PermittedSubtypes and RecordComponent * This update provide several fixes and enhancements. Please, check the chenges for a full overview. objenesis: - Fix build with javadoc 17 (jsc#SLE-23217) opentest4j: - Update opentest4j from version 1.0.0 to version 1.2.0. (jsc#SLE-23217) * Build with java source and target levels 8 * Remove unused dependency on commons-codec * Rename serialized output file for clarity * Create an OSGi compatible MANIFEST.MF oro: - Build with source and target levels 8 (jsc#SLE-23217) osgi-annotation: - Update osgi-annotation from version 6.0.0 to version 7.0.0. (jsc#SLE-23217) * Build with source and target levels 8 osgi-compendium: - Update osgi-compendium from version 6.0.0 to version 7.0.0. (jsc#SLE-23217) * Build with source and target levels 8 osgi-core: - Update osgi-core from version 6.0.0 to version 7.0.0. (jsc#SLE-23217) * Build with source and target levels 8 os-maven-plugin: - Update os-maven-plugin from version 1.2.3 to version 1.7.0. (jsc#SLE-23217) * Build with java source and target levels 8 * Changes: + Added a new property os.detected.arch.bitness + Added detection of RISC-V architecture, riscv + Added an abstraction layer for System property and file system access + Added thread safety information to Maven plugin metadata so that Maven doesn't warn about thread safety anymore + Added detection of z/OS operating system + Added m2e life cycle mapping metadata so os-maven-plugin works better with Eclipse m2e + Added support for MIPS and MIPSEL 32/64-bit architecture mips_32 - if the value is one of: mips, mips32 mips_64 - if the value is mips64 mipsel_32 - if the value is one of: mipsel, mips32el mipsel_64 - if the value is mips64el + Added support for PPCLE 32-bit architecture ppcle_32 - if the value is one of: ppcle, ppc32le + Added support for IA64N and IA64W architecture itanium_32 - if the value is ia64n itanium_64 - if the value is one of: ia64, ia64w (new), itanium64 + Fixed classpath conflicts due to outdated Guava version in transitive dependencies + Fixed incorrect prerequisite paradise: - Build with source and target levels 8 (jsc#SLE-23217) paranamer: - Build with source and target levels 8 (jsc#SLE-23217) parboiled: - Build with source and target levels 1.8 (jsc#SLE-23217) pegdown: - Build with source and target levels 8 (jsc#SLE-23217) picocli: - Update picocli from version 4.0.4 to version 4.6.2. (jsc#SLE-23217) * Full changes from previous versions are in https://github.com/remkop/picocli/blob/v4.6.2/RELEASE-NOTES.md plexus-ant-factory: - Build with source and target levels 8 (jsc#SLE-23217) plexus-archiver: - Do not compile the test build against the legacy guava20 any more. (jsc#SLE-23217) plexus-bsh-factory: - Build with source and target levels 8 (jsc#SLE-23217) plexus-build-api: - Build with source and target levels 8 (jsc#SLE-23217) - Fix an error of tag in javadoc plexus-cipher: - Update plexus-cipher from version 1.7 to version 2.0. (jsc#SLE-23217) * Switch from Sonatype to Plexus * Switch to the Eclipse sisu-maven-plugin * Bump junit from 4.12 to 4.13.1 * Bump plexus from 6.5 to 8 * Fix surefire warnings * This version is needed by maven 3.8.4 and plexus-sec-dispatcher 2.0 plexus-classworlds: - Update plexus-classworlds from version 2.5.2 to version 2.6.0. (jsc#SLE-23217) * Modular java JPMS support plexus-cli: - Do not compile/run tests against the legacy guava20 package. (jsc#SLE-23217) - Build with java source and target levels 8. (jsc#SLE-23217) - Replace raw java.util.List with typed java.util.List interface - The GnuParser and OptionBuilder classes are deprecated in commons-cli since version 1.3 plexus-compiler: - Update plexus-compiler from version 2.8.2 to version 2.11.1. (jsc#SLE-23217) * Plexus testing is a dependency with scope test * Removed: jikes compiler * New features and improvements + add paremeter to configure javac feature --enable-preview + make java 11 as project base but keep javac release 8, we will be able to upgrade ecj and errorprone + Bump plexus-components from 6.5 to 6.6 and upgrade to junit5 + add adopt-openj9 build + Fix AspectJ basics + fix methods of lint and warning + Add new showLint compiler configuration + add jdk distribution to the matrix + Added primitive support for --processor-module-path + Refactor and add unit tests for support for multiple --add-exports custom compiler arguments + Add Maven Compiler Plugin compiler it tests + Close StandardJavaFileManager + Use latest ecj from official Eclipse release * Bug fixes: + [eclipse-compiler] Resort sources to have module-info.java first + Issue #106: Retain error messages from annotation processors + Issue #147: Support module-path for ECJ + Issue #166: Fix maven dependencies + eclipse compiler: set generated source dir even if no annotation processor is configured + CSharp compiler: fix role + Eclipse compiler: close the StandardJavaFileManager + Use plexus annotations rather than doclet to fix javadoc with java11 + fix Java15 build + Update Error prone 2.4 + Rename method, now that EA of JDK 16 is available + Eclipse Compiler Support release specifier instead of source/target + Issue #73: Use configured file encoding for JSR-199 Eclipse compiler * Dependency updates + Bump actions/cache to 2.1.6 + Bump animal-sniffer-maven-plugin to 1.21 + Bump aspectj.version from 1.9.2 to 1.9.6 + Bump assertj-core from 3.21.0 to 3.22.0 + Bump ecj to 3.28.0 + Bump error_prone_core to 2.10.0 + Bump junit to 4.13.2 + Bump junit-jupiter-api from 5.8.1 to 5.8.2 + Bump maven-artifact from 2.0 to 2.2.1 + Bump maven-enforcer-plugin from 3.0.0-M3 to 3.0.0 + Bump maven-invoker-plugin from 3.2.1 to 3.2.2 + Bump maven-settings from 2.0 to 2.2.1 + Bump plexus-component-annotations to 2.1.1 + Bump plexus-components to 6.6 and upgrade to junit5 + Bump release-drafter/release-drafter to 5.18.1 * needed by the latest maven-compiler-plugin * Rewrite the plexus metadata generation in the ant build files plexus-component-api: - Build with source and target levels 8 (jsc#SLE-23217) plexus-component-metadata: - Update plexus-component-metadata from version 2.1.0 to version 2.1.1. (jsc#SLE-23217) * Build using asm >= 7 * Build with java source and target levels 8 plexus-containers: - Update plexus-containers from version 2.1.0 to version 2.1.1. (jsc#SLE-23217) * This is the last version before deprecation * Security upgrade org.jdom:jdom2 from 2.0.6 to 2.0.6.1 * Build with java source and target levels 8 * Upgrade ASM to 9.2 * Requires Java 7 and Maven 3.2.5+ plexus-i18n: - Build with java source and target levels 8 (jsc#SLE-23217) - Do not compile/run tests against the legacy guava20 package (jsc#SLE-23217) plexus-interactivity: - Build with source and target levels 8 (jsc#SLE-23217) plexus-interpolation: - Build with java source and target levels 1.8 plexus-io: - Do not build/run tests against the legacy guava20 package (jsc#SLE-23217) plexus-languages: - Update plexus-languages from version 1.0.3 to version 1.1.1. (jsc#SLE-23217) * Build using java >= 9 * Build as multirelease modular jar * Fix builds with a mix of modular and classic jar files * generate-tarball.sh: use safe temporary directory, avoid accidental deletion of *.jar, *.class in the current working directory. plexus-metadata-generator: - Update plexus-metadata-generator from version 2.1.0 to version 2.1.1 (jsc#SLE-23217) * Build using asm >= 7 * Build with java source and target levels 8 * Do not use the deprecated plexus-cli functions, but port the generator to the recommended replacement plexus-resources: - Build with source and target levels 8 (jsc#SLE-23217) plexus-sec-dispatcher: - Update plexus-sec-dispatcher from version 1.4 to version 2.0. (jsc#SLE-23217) * Fix build with modello-2.0.0 * Changes: + Bump plexus-utils to 3.4.1 + Bump plexus from 6.5 to 8 + Switch from Sonatype to Plexus + Update pom to use modello source 1.4 * needed for maven 3.8.4 and plexus-cipher 2.0 plexus-utils: - Update plexus-utils from version 3.3.0 to version 3.3.1. (jsc#SLE-23217) * Build with source and target levels 8 (jsc#SLE-23217) * Don't ignore valid SCM files * This is the latest version still supporting Java 8 plexus-velocity: - Do not compiler/run the test build against legacy guava20 anymore. (jsc#SLE-23217) - Build with java source and target levels 8. (jsc#SLE-23217) - Simplify the build file and remove tests which depend onapache-commons-lang. (jsc#SLE-23217) qdox: - Update qdox from version 2.0.M9 to version 2.0.1. (jsc#SLE-23217) * Don't use deprecated inputstreamctor option * Add Automatic-Module-Name to the manifest * Generate ant build file from maven pom and build using ant * Update jflex-maven-plugin to 1.8.2 * Changes: * Support Lambda Expression * Add SEALED / NON_SEALED tokens * CodeBlock for Annotation with FieldReference should prefix field with canonical name * Add UnqualifiedClassInstanceCreationExpression * Add reference to grammar documentation and hints to transform it * Support Text Blocks * Support Sealed Classes * Support records * Get interface via javaProjectBuilder.getClassByName reflectasm: - Build with source and target levels 8 (jsc#SLE-23217) regexp: - Build with source and target levels 8 (jsc#SLE-23217) relaxngcc: - Provide relaxngcc version 1.12 (jsc#SLE-23217) relaxngDatatype: - Build with source and target levels 8 (jsc#SLE-23217) reload4j: - Update from version 1.2.19 to version 1.2.20. (jsc#SLE-23217) * Build with source/target levels 8 * For enabled logging statements, the performance of iterating on appenders attached to a logger has been significantly improved. replacer: - Build with source and target levels 8 (jsc#SLE-23217) rhino: - Update rhino from version 1.7R3 to version 1.7.14. (jsc#SLE-23217) sat4j: - Build with source and target levels 8 (jsc#SLE-23217) saxon9: - Build with source and target levels 8 (jsc#SLE-23217) sbt-launcher: - Build with source/target levels 8 (jsc#SLE-23217) - Fix build against ivy 2.5.0 sbt: - Do not depend on hawtjni-runtime and jansi-native anymore (jsc#SLE-23217) - Fix build against maven 3.8.5 - Fix build against apache-ivy 2.5.0 - Override javax.inject:javax:inject artifact coordinates in order to be able to build against newer atinject versions if needed - Fix build with maven-resolver 1.7.3 - Build package as noarch, since it does not have archfull binaries - Build with java 8 scala-pickling: - Build with source and target levels 8 (jsc#SLE-23217) scala: - No longer package /usr/share/mime-info (bsc#1062631) * Drop scala.keys and scala.mime source files. (jsc#SLE-23217) - Fix the scala build to find correctly the jansi.jar file - Make the package that links the jansi.jar file archfull - Bootstrap the build with our own built jar instead of downloading prebuilt binaries from www.scala-lang.org servletapi4: - Provide servletapi4 4.0.4 and solve installation issues. (jsc#SLE-23217) - There are no source changes. signpost-core: - Build with source and target levels 8 (jsc#SLE-23217) sisu: - Update siu from version 0.3.3 to version 0.3.5 (jsc#SLE-23217) * Remove dependency on glassfish-servlet-api * Relax bytecode check in scanner so it can scan up to and including Java14 * Support reproducible builds by sorting generated javax.inject.Named index * Build with java source and target levels 8 * Change to generate maven meta-data using the %%add_maven_depmap so that it can be built before the xmvn-tools slf4j: - Update slf4j from version 1.7.30 to version 1.7.36. (jsc#SLE-23217) * Don't use %%mvn_artifact, but %%add_maven_depmap * In the jcl-over-slf4j module avoid Object to String conversion. * In the log4j-over-slf4j module added empty constructors for ConsoleAppender. * In the slf4j-simple module, SimpleLogger now caters for concurrent access. * Fix build against reload4j * Fix dependencies of the module slf4j-log4j12 * Depend for build on reload4j * Do not use a separate spec file for sources. * slf4j-log4j12 artifact automatically instructs Maven to use the slf4j-reload4j artifact instead. * slf4j releases are now reproducible. * Build with source/target levels 8 * Add symlink to reload4j -> log4j12 for applications that expect that name. snakeyaml: - Update snakeyaml from version 1.31 to version 1.33. (jsc#SLE-23217) * Output error grow the rhn_web_ui.log rapidly (bsc#1204173) * CVE-2022-38752: Uncaught exception in java.base/java.util.ArrayList.hashCode (bsc#1203154) spec-version-maven-plugin: - Update spec-version-maven-plugin from 1.2 version to version 2.1 (jsc#SLE-23217) * Support both the jakarta.* and the javax.* apis * Build with java source and target levels 8 stax2-api: - Build with source and target levels 8 (jsc#SLE-23217) stax-ex: - Provide stax-ex version 1.8 (jsc#SLE-23217) stringtemplate4: - Build with source and target levels 8 (jsc#SLE-23217) string-template-maven-plugin: - Build with source and target levels 8 (jsc#SLE-23217) stringtemplate: tagsoup: - Build with source and target levels 8 (jsc#SLE-23217) template-resolver: - Build with source and target levels 8 (jsc#SLE-23217) tesla-polyglot: - Update tesla-polyglot from version 0.2.1 to version 0.4.5. (jsc#SLE-23217) * Build with source and target levels 8 * Remove upper bound for JDK version to allow Java 11 and newer * polyglot-kotlin - revert automatic source folder setting to koltin * Update xstream version in test resources to avoid security alerts * Avoid assumption about replacement pom file being readable * Upgrade scala-maven-plugin, clojure-maven-plugin and Clojure * polyglot-kotlin: Set source folders to kotlin * Upgrade to kotlin 1.3.60 * Provide a mechanism to override properties of a polyglot build * TeslaModelProcessor.locatePom(File) ignores files ending in.xml * Use platform encoding in ModelReaderSupport * Invoker plugin update * takari parent update * plexus-component-metadata update to 2.1.0 * maven-enforcer-plugin update to 3.0.0-M3 * polyglot-kotlin: Avoid IllegalStateException * polyglot-kotlin: improved support for IntelliJ Idea usage * polyglot-kotlin: kotlin update and numerous improvements to more idiomatic kotlin * polyglot-common: + Execute tasks are now installed with inheritable set to false + The ExecuteContext interface now has default implementations + The ExecuteContext now includes getMavenSession() + the ExecuteContext now includes getLog() to comport with Java bean conventions. The log() operation has been deprecated. + the ExecuteContext now includes getBasedir() to comport with Java bean conventions. The basedir() operation has been deprecated. * polyglot-kotlin: + Updates Kotlin to 1.3.21 + Includes support for Maven's ClassRealm + Includes full support for the entire Maven model + Includes support for execute tasks via as inline lambdas or as external scripts. + Resolves ClassLoader issues that affected integration with IntelliJ IDEA * polyglot-java: fixed depMgt conversion * polyglot-ruby: java9+ support improvement * added polyglot-kotlin * polyglot-scala: + Convenience methods for Dependency (classifier, intransitive, % (scope)) + Support reporting-section in pom + Added default value for pom property modelversion (4.0.0) + Updated used Scala Version (2.11.12) + Made output dir to pom.scala files compilation configurable via system property polyglot.scala.outputdir + Improved support and docs for configuration elements of plugins * Upgrade to latest takari-pom parent * polyglot-yaml: Support for xml attributes * polyglot-yaml: exclude pomFile property from serialization * polyglot-java: Linux support and test fixes * polyglot-java: Moved examples into polyglot-maven-examples * Updated Scala version * Scala warning fixes * polyglot-scala: Scala syntax friendly include preprocessor * Added link to user of yml version * polyglot-scala: Use Zinc server for Scala module * polyglot-scala: Support more valid XML element name chars in dynamic Config * Experimental addition of Java as polyglot language. test-interface: - Build with source and target levels 8 (jsc#SLE-23217) testng: - Update testng from version 6.14.3 to version 7.4.0. (jsc#SLE-23217) * CVE-2020-11022: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (bsc#1190663) * CVE-2020-11023: jquery: Untrusted code execution while passing HTML containing